package disk
import "github.com/open-policy-agent/opa/storage/disk"
Package disk provides disk-based implementation of the storage.Store interface.
The disk.Store implementation uses an embedded key-value store to persist policies and data. Policy modules are stored as raw byte strings with one module per key. Data is mapped to the underlying key-value store with the assistance of caller-supplied "partitions". Partitions allow the caller to control the portions of the /data namespace that are mapped to individual keys. Operations that span multiple keys (e.g., a read against the entirety of /data) are more expensive than reads that target a specific key because the storage layer has to reconstruct the object from individual key-value pairs and page all of the data into memory. By supplying partitions that align with lookups in the policies, callers can optimize policy evaluation.
Partitions are specified as a set of storage paths (e.g., {/foo/bar} declares a single partition at /foo/bar). Each partition tells the store that values under the partition path should be mapped to individual keys. Values that fall outside of the partitions are stored at adjacent keys without further splitting. For example, given the partition set {/foo/bar}, /foo/bar/abcd and /foo/bar/efgh are be written to separate keys. All other values under /foo are not split any further (e.g., all values under /foo/baz would be written to a single key). Similarly, values that fall outside of partitions are stored under individual keys at the root (e.g., the full extent of the value at /qux would be stored under one key.) There is support for wildcards in partitions: {/foo/*} will cause /foo/bar/abc and /foo/buz/def to be written to separate keys. Multiple wildcards are supported (/tenants/*/users/*/bindings), and they can also appear at the end of a partition (/users/*).
All keys written by the disk.Store implementation are prefixed as follows:
/<schema_version>/<partition_version>/<type>
The <schema_version> value represents the version of the schema understood by this version of OPA. Currently this is always set to 1. The <partition_version> value represents the version of the partition layout supplied by the caller. Currently this is always set to 1. Currently, the disk.Store implementation only supports _additive_ changes to the partitioning layout, i.e., new partitions can be added as long as they do not overlap with existing unpartitioned data. The <type> value is either "data" or "policies" depending on the value being stored.
The disk.Store implementation attempts to be compatible with the inmem.store implementation however there are some minor differences:
* Writes that add partitioned values implicitly create an object hierarchy containing the value (e.g., `add /foo/bar/abcd` implicitly creates the structure `{"foo": {"bar": {"abcd": ...}}}`). This is unavoidable because of how nested /data values are mapped to key-value pairs.
* Trigger events do not include a set of changed paths because the underlying key-value store does not make them available.
Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended. For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the github.com/open-policy-agent/opa/v1 package instead. See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
Index ¶
Variables ¶
var ErrInvalidPartitionPath = v1.ErrInvalidPartitionPath
Types ¶
type Options ¶
Options contains parameters that configure the disk-based store.
func OptionsFromConfig ¶
OptionsFromConfig parses the passed config, extracts the disk storage settings, validates it, and returns a *Options struct pointer on success.
type Store ¶
Store provides a disk-based implementation of the storage.Store interface.
func New ¶
func New(ctx context.Context, logger logging.Logger, prom prometheus.Registerer, opts Options) (*Store, error)
New returns a new disk-based store based on the provided options.
Source Files ¶
- Version
- v1.4.2 (latest)
- Published
- May 2, 2025
- Platform
- linux/amd64
- Imports
- 4 packages
- Last checked
- 4 hours ago –
Tools for package owners.