package storage

import "github.com/open-policy-agent/opa/storage"

Package storage exposes the policy engine's storage layer.

Index

Constants 

const (
	// InternalErr indicates an unknown, internal error has occurred.
	InternalErr = "storage_internal_error"

	// NotFoundErr indicates the path used in the storage operation does not
	// locate a document.
	NotFoundErr = "storage_not_found_error"

	// InvalidPatchErr indicates an invalid patch/write was issued. The patch
	// was rejected.
	InvalidPatchErr = "storage_invalid_patch_error"

	// InvalidTransactionErr indicates an invalid operation was performed
	// inside of the transaction.
	InvalidTransactionErr = "storage_invalid_txn_error"

	// TriggersNotSupportedErr indicates the caller attempted to register a
	// trigger against a store that does not support them.
	TriggersNotSupportedErr = "storage_triggers_not_supported_error"

	// WritesNotSupportedErr indicate the caller attempted to perform a write
	// against a store that does not support them.
	WritesNotSupportedErr = "storage_writes_not_supported_error"

	// PolicyNotSupportedErr indicate the caller attempted to perform a policy
	// management operation against a store that does not support them.
	PolicyNotSupportedErr = "storage_policy_not_supported_error"

	// IndexingNotSupportedErr indicate the caller attempted to perform an
	// indexing operation against a store that does not support them.
	IndexingNotSupportedErr = "storage_indexing_not_supported_error"
)
const (
	AddOp     PatchOp = iota
	RemoveOp          = iota
	ReplaceOp         = iota
)

Patch supports add, remove, and replace operations.

Variables 

var WriteParams = TransactionParams{
	Write: true,
}

WriteParams specifies the TransactionParams for a write transaction.

Functions

func IsIndexingNotSupported 

func IsIndexingNotSupported(err error) bool

IsIndexingNotSupported returns true if this error is a IndexingNotSupportedErr.

func IsInvalidPatch 

func IsInvalidPatch(err error) bool

IsInvalidPatch returns true if this error is a InvalidPatchErr.

func IsInvalidTransaction 

func IsInvalidTransaction(err error) bool

IsInvalidTransaction returns true if this error is a InvalidTransactionErr.

func IsNotFound 

func IsNotFound(err error) bool

IsNotFound returns true if this error is a NotFoundErr.

func ReadOne 

func ReadOne(ctx context.Context, store Store, path Path) (interface{}, error)

ReadOne is a convenience function to read a single value from the provided Store. It will create a new Transaction to perform the read with, and clean up after itself should an error occur.

func WriteOne 

func WriteOne(ctx context.Context, store Store, op PatchOp, path Path, value interface{}) error

WriteOne is a convenience function to write a single value to the provided Store. It will create a new Transaction to perform the write with, and clean up after itself should an error occur.

Types

type DataEvent 

type DataEvent struct {
	Path    Path
	Data    interface{}
	Removed bool
}

DataEvent describes a change to a base data document.

type Error 

type Error struct {
	Code    string `json:"code"`
	Message string `json:"message"`
}

Error is the error type returned by the storage layer.

func (*Error) Error 

func (err *Error) Error() string

type Index 

type Index interface {
	Lookup(ctx context.Context, txn Transaction, value interface{}, iter IndexIterator) error
}

Index defines the interface for searching a pre-built index.

type IndexIterator 

type IndexIterator func(*ast.ValueMap) error

IndexIterator defines the interface for iterating over index results.

type Indexing 

type Indexing interface {
	Build(ctx context.Context, txn Transaction, ref ast.Ref) (Index, error)
}

Indexing defines the interface for building an index.

type IndexingNotSupported 

type IndexingNotSupported struct{}

IndexingNotSupported provides default implementations of the Indexing interface which may be used if the backend does not support indexing.

func (IndexingNotSupported) Build 

func (IndexingNotSupported) Build(context.Context, Transaction, ast.Ref) (Index, error)

Build always returns an error indicating indexing is not supported.

type PatchOp 

type PatchOp int

PatchOp is the enumeration of supposed modifications.

type Path 

type Path []string

Path refers to a document in storage.

func MustParsePath 

func MustParsePath(s string) Path

MustParsePath returns a new Path for s. If s cannot be parsed, this function will panic. This is mostly for test purposes.

func NewPathForRef 

func NewPathForRef(ref ast.Ref) (path Path, err error)

NewPathForRef returns a new path for the given ref.

func ParsePath 

func ParsePath(str string) (path Path, ok bool)

ParsePath returns a new path for the given str.

func (Path) Compare 

func (p Path) Compare(other Path) (cmp int)

Compare performs lexigraphical comparison on p and other and returns -1 if p is less than other, 0 if p is equal to other, or 1 if p is greater than other.

func (Path) Equal 

func (p Path) Equal(other Path) bool

Equal returns true if p is the same as other.

func (Path) HasPrefix 

func (p Path) HasPrefix(other Path) bool

HasPrefix returns true if p starts with other.

func (Path) Ref 

func (p Path) Ref(head *ast.Term) (ref ast.Ref)

Ref returns a ref that represents p rooted at head.

func (Path) String 

func (p Path) String() string

type Policy 

type Policy interface {
	ListPolicies(context.Context, Transaction) ([]string, error)
	GetPolicy(context.Context, Transaction, string) ([]byte, error)
	UpsertPolicy(context.Context, Transaction, string, []byte) error
	DeletePolicy(context.Context, Transaction, string) error
}

Policy defines the interface for policy module storage.

type PolicyEvent 

type PolicyEvent struct {
	ID      string
	Data    []byte
	Removed bool
}

PolicyEvent describes a change to a policy.

type PolicyNotSupported 

type PolicyNotSupported struct{}

PolicyNotSupported provides a default implementation of the policy interface which may be used if the backend does not support policy storage.

func (PolicyNotSupported) DeletePolicy 

func (PolicyNotSupported) DeletePolicy(context.Context, Transaction, string) error

DeletePolicy always returns a PolicyNotSupportedErr.

func (PolicyNotSupported) GetPolicy 

func (PolicyNotSupported) GetPolicy(context.Context, Transaction, string) ([]byte, error)

GetPolicy always returns a PolicyNotSupportedErr.

func (PolicyNotSupported) ListPolicies 

func (PolicyNotSupported) ListPolicies(context.Context, Transaction) ([]string, error)

ListPolicies always returns a PolicyNotSupportedErr.

func (PolicyNotSupported) UpsertPolicy 

func (PolicyNotSupported) UpsertPolicy(context.Context, Transaction, string, []byte) error

UpsertPolicy always returns a PolicyNotSupportedErr.

type Store 

type Store interface {
	Trigger
	Policy
	Indexing

	// NewTransaction is called create a new transaction in the store.
	NewTransaction(ctx context.Context, params ...TransactionParams) (Transaction, error)

	// Read is called to fetch a document referred to by path.
	Read(ctx context.Context, txn Transaction, path Path) (interface{}, error)

	// Write is called to modify a document referred to by path.
	Write(ctx context.Context, txn Transaction, op PatchOp, path Path, value interface{}) error

	// Commit is called to finish the transaction. If Commit returns an error, the
	// transaction must be automatically aborted by the Store implementation.
	Commit(ctx context.Context, txn Transaction) error

	// Abort is called to cancel the transaction.
	Abort(ctx context.Context, txn Transaction)
}

Store defines the interface for the storage layer's backend.

type Transaction 

type Transaction interface {
	ID() uint64
}

Transaction defines the interface that identifies a consistent snapshot over the policy engine's storage layer.

func NewTransactionOrDie 

func NewTransactionOrDie(ctx context.Context, store Store, params ...TransactionParams) Transaction

NewTransactionOrDie is a helper function to create a new transaction. If the storage layer cannot create a new transaction, this function will panic. This function should only be used for tests.

type TransactionParams 

type TransactionParams struct {

	// Write indicates if this transaction will perform any write operations.
	Write bool
}

TransactionParams describes a new transaction.

type Trigger 

type Trigger interface {
	Register(ctx context.Context, txn Transaction, config TriggerConfig) (TriggerHandle, error)
}

Trigger defines the interface that stores implement to register for change notifications when the store is changed.

type TriggerConfig 

type TriggerConfig struct {

	// OnCommit is invoked when a transaction is succesfully committed. The
	// callback is invoked with a handle to the write transaction that
	// successfully committed before other clients see the changes.
	OnCommit func(ctx context.Context, txn Transaction, event TriggerEvent)
}

TriggerConfig contains the trigger registration configuration.

type TriggerEvent 

type TriggerEvent struct {
	Policy []PolicyEvent
	Data   []DataEvent
}

TriggerEvent describes the changes that caused the trigger to be invoked.

func (TriggerEvent) DataChanged 

func (e TriggerEvent) DataChanged() bool

DataChanged returns true if the trigger was caused by a data change.

func (TriggerEvent) IsZero 

func (e TriggerEvent) IsZero() bool

IsZero returns true if the TriggerEvent indicates no changes occurred. This function is primarily for test purposes.

func (TriggerEvent) PolicyChanged 

func (e TriggerEvent) PolicyChanged() bool

PolicyChanged returns true if the trigger was caused by a policy change.

type TriggerHandle 

type TriggerHandle interface {
	Unregister(ctx context.Context, txn Transaction)
}

TriggerHandle defines the interface that can be used to unregister triggers that have been registered on a Store.

type TriggersNotSupported 

type TriggersNotSupported struct{}

TriggersNotSupported provides default implementations of the Trigger interface which may be used if the backend does not support triggers.

func (TriggersNotSupported) Register 

func (TriggersNotSupported) Register(context.Context, Transaction, TriggerConfig) (TriggerHandle, error)

Register always returns an error indicating triggers are not supported.

type WritesNotSupported 

type WritesNotSupported struct{}

WritesNotSupported provides a default implementation of the write interface which may be used if the backend does not support writes.

func (WritesNotSupported) Write 

func (WritesNotSupported) Write(ctx context.Context, txn Transaction, op PatchOp, path Path, value interface{}) error

Source Files

doc.go errors.go interface.go path.go storage.go

Directories

PathSynopsis
storage/inmemPackage inmem implements an in-memory version of the policy engine's storage layer.
Version
v0.5.4
Published
Aug 7, 2017
Platform
js/wasm
Imports
5 packages
Last checked
17 seconds ago

Tools for package owners.