opa: github.com/open-policy-agent/opa/storage Index | Files | Directories

package storage

import "github.com/open-policy-agent/opa/storage"

Package storage exposes the policy engine's storage layer.

Index

Package Files

doc.go errors.go interface.go path.go storage.go

Constants

const (
    // InternalErr indicates an unknown, internal error has occurred.
    InternalErr = "storage_internal_error"

    // NotFoundErr indicates the path used in the storage operation does not
    // locate a document.
    NotFoundErr = "storage_not_found_error"

    // WriteConflictErr indicates a write on the path enocuntered a conflicting
    // value inside the transaction.
    WriteConflictErr = "storage_write_conflict_error"

    // InvalidPatchErr indicates an invalid patch/write was issued. The patch
    // was rejected.
    InvalidPatchErr = "storage_invalid_patch_error"

    // InvalidTransactionErr indicates an invalid operation was performed
    // inside of the transaction.
    InvalidTransactionErr = "storage_invalid_txn_error"

    // TriggersNotSupportedErr indicates the caller attempted to register a
    // trigger against a store that does not support them.
    TriggersNotSupportedErr = "storage_triggers_not_supported_error"

    // WritesNotSupportedErr indicate the caller attempted to perform a write
    // against a store that does not support them.
    WritesNotSupportedErr = "storage_writes_not_supported_error"

    // PolicyNotSupportedErr indicate the caller attempted to perform a policy
    // management operation against a store that does not support them.
    PolicyNotSupportedErr = "storage_policy_not_supported_error"

    // IndexingNotSupportedErr indicate the caller attempted to perform an
    // indexing operation against a store that does not support them.
    IndexingNotSupportedErr = "storage_indexing_not_supported_error"
)
const (
    AddOp     PatchOp = iota
    RemoveOp          = iota
    ReplaceOp         = iota
)

Patch supports add, remove, and replace operations.

Variables

var WriteParams = TransactionParams{
    Write: true,
}

WriteParams specifies the TransactionParams for a write transaction.

func IsIndexingNotSupported Uses

func IsIndexingNotSupported(err error) bool

IsIndexingNotSupported returns true if this error is a IndexingNotSupportedErr.

func IsInvalidPatch Uses

func IsInvalidPatch(err error) bool

IsInvalidPatch returns true if this error is a InvalidPatchErr.

func IsInvalidTransaction Uses

func IsInvalidTransaction(err error) bool

IsInvalidTransaction returns true if this error is a InvalidTransactionErr.

func IsNotFound Uses

func IsNotFound(err error) bool

IsNotFound returns true if this error is a NotFoundErr.

func IsWriteConflictError Uses

func IsWriteConflictError(err error) bool

IsWriteConflictError returns true if this error a WriteConflictErr.

func MakeDir Uses

func MakeDir(ctx context.Context, store Store, txn Transaction, path Path) (err error)

MakeDir inserts an empty object at path. If the parent path does not exist, MakeDir will create it recursively.

func NonEmpty Uses

func NonEmpty(ctx context.Context, store Store, txn Transaction) func([]string) (bool, error)

NonEmpty returns a function that tests if a path is non-empty. A path is non-empty if a Read on the path returns a value or a Read on any of the path prefixes returns a non-object value.

func ReadOne Uses

func ReadOne(ctx context.Context, store Store, path Path) (interface{}, error)

ReadOne is a convenience function to read a single value from the provided Store. It will create a new Transaction to perform the read with, and clean up after itself should an error occur.

func Txn Uses

func Txn(ctx context.Context, store Store, params TransactionParams, f func(Transaction) error) error

Txn is a convenience function that executes f inside a new transaction opened on the store. If the function returns an error, the transaction is aborted and the error is returned. Otherwise, the transaction is committed and the result of the commit is returned.

func WriteOne Uses

func WriteOne(ctx context.Context, store Store, op PatchOp, path Path, value interface{}) error

WriteOne is a convenience function to write a single value to the provided Store. It will create a new Transaction to perform the write with, and clean up after itself should an error occur.

type Context Uses

type Context struct {
    // contains filtered or unexported fields
}

Context is a simple container for key/value pairs.

func NewContext Uses

func NewContext() *Context

NewContext returns a new context object.

func (*Context) Get Uses

func (ctx *Context) Get(key interface{}) interface{}

Get returns the key value in the context.

func (*Context) Put Uses

func (ctx *Context) Put(key, value interface{})

Put adds a key/value pair to the context.

type DataEvent Uses

type DataEvent struct {
    Path    Path
    Data    interface{}
    Removed bool
}

DataEvent describes a change to a base data document.

type Error Uses

type Error struct {
    Code    string `json:"code"`
    Message string `json:"message"`
}

Error is the error type returned by the storage layer.

func (*Error) Error Uses

func (err *Error) Error() string

type Index Uses

type Index interface {
    Lookup(ctx context.Context, txn Transaction, value interface{}, iter IndexIterator) error
}

Index defines the interface for searching a pre-built index.

type IndexIterator Uses

type IndexIterator func(*ast.ValueMap) error

IndexIterator defines the interface for iterating over index results.

type Indexing Uses

type Indexing interface {
    Build(ctx context.Context, txn Transaction, ref ast.Ref) (Index, error)
}

Indexing defines the interface for building an index.

type IndexingNotSupported Uses

type IndexingNotSupported struct{}

IndexingNotSupported provides default implementations of the Indexing interface which may be used if the backend does not support indexing.

func (IndexingNotSupported) Build Uses

func (IndexingNotSupported) Build(context.Context, Transaction, ast.Ref) (Index, error)

Build always returns an error indicating indexing is not supported.

type PatchOp Uses

type PatchOp int

PatchOp is the enumeration of supposed modifications.

type Path Uses

type Path []string

Path refers to a document in storage.

func MustParsePath Uses

func MustParsePath(s string) Path

MustParsePath returns a new Path for s. If s cannot be parsed, this function will panic. This is mostly for test purposes.

func NewPathForRef Uses

func NewPathForRef(ref ast.Ref) (path Path, err error)

NewPathForRef returns a new path for the given ref.

func ParsePath Uses

func ParsePath(str string) (path Path, ok bool)

ParsePath returns a new path for the given str.

func ParsePathEscaped Uses

func ParsePathEscaped(str string) (path Path, ok bool)

ParsePathEscaped returns a new path for the given escaped str.

func (Path) Compare Uses

func (p Path) Compare(other Path) (cmp int)

Compare performs lexigraphical comparison on p and other and returns -1 if p is less than other, 0 if p is equal to other, or 1 if p is greater than other.

func (Path) Equal Uses

func (p Path) Equal(other Path) bool

Equal returns true if p is the same as other.

func (Path) HasPrefix Uses

func (p Path) HasPrefix(other Path) bool

HasPrefix returns true if p starts with other.

func (Path) Ref Uses

func (p Path) Ref(head *ast.Term) (ref ast.Ref)

Ref returns a ref that represents p rooted at head.

func (Path) String Uses

func (p Path) String() string

type Policy Uses

type Policy interface {
    ListPolicies(context.Context, Transaction) ([]string, error)
    GetPolicy(context.Context, Transaction, string) ([]byte, error)
    UpsertPolicy(context.Context, Transaction, string, []byte) error
    DeletePolicy(context.Context, Transaction, string) error
}

Policy defines the interface for policy module storage.

type PolicyEvent Uses

type PolicyEvent struct {
    ID      string
    Data    []byte
    Removed bool
}

PolicyEvent describes a change to a policy.

type PolicyNotSupported Uses

type PolicyNotSupported struct{}

PolicyNotSupported provides a default implementation of the policy interface which may be used if the backend does not support policy storage.

func (PolicyNotSupported) DeletePolicy Uses

func (PolicyNotSupported) DeletePolicy(context.Context, Transaction, string) error

DeletePolicy always returns a PolicyNotSupportedErr.

func (PolicyNotSupported) GetPolicy Uses

func (PolicyNotSupported) GetPolicy(context.Context, Transaction, string) ([]byte, error)

GetPolicy always returns a PolicyNotSupportedErr.

func (PolicyNotSupported) ListPolicies Uses

func (PolicyNotSupported) ListPolicies(context.Context, Transaction) ([]string, error)

ListPolicies always returns a PolicyNotSupportedErr.

func (PolicyNotSupported) UpsertPolicy Uses

func (PolicyNotSupported) UpsertPolicy(context.Context, Transaction, string, []byte) error

UpsertPolicy always returns a PolicyNotSupportedErr.

type Store Uses

type Store interface {
    Trigger
    Policy
    Indexing

    // NewTransaction is called create a new transaction in the store.
    NewTransaction(ctx context.Context, params ...TransactionParams) (Transaction, error)

    // Read is called to fetch a document referred to by path.
    Read(ctx context.Context, txn Transaction, path Path) (interface{}, error)

    // Write is called to modify a document referred to by path.
    Write(ctx context.Context, txn Transaction, op PatchOp, path Path, value interface{}) error

    // Commit is called to finish the transaction. If Commit returns an error, the
    // transaction must be automatically aborted by the Store implementation.
    Commit(ctx context.Context, txn Transaction) error

    // Abort is called to cancel the transaction.
    Abort(ctx context.Context, txn Transaction)
}

Store defines the interface for the storage layer's backend.

type Transaction Uses

type Transaction interface {
    ID() uint64
}

Transaction defines the interface that identifies a consistent snapshot over the policy engine's storage layer.

func NewTransactionOrDie Uses

func NewTransactionOrDie(ctx context.Context, store Store, params ...TransactionParams) Transaction

NewTransactionOrDie is a helper function to create a new transaction. If the storage layer cannot create a new transaction, this function will panic. This function should only be used for tests.

type TransactionParams Uses

type TransactionParams struct {

    // Write indicates if this transaction will perform any write operations.
    Write bool

    // Context contains key/value pairs passed to triggers.
    Context *Context
}

TransactionParams describes a new transaction.

type Trigger Uses

type Trigger interface {
    Register(ctx context.Context, txn Transaction, config TriggerConfig) (TriggerHandle, error)
}

Trigger defines the interface that stores implement to register for change notifications when the store is changed.

type TriggerConfig Uses

type TriggerConfig struct {

    // OnCommit is invoked when a transaction is successfully committed. The
    // callback is invoked with a handle to the write transaction that
    // successfully committed before other clients see the changes.
    OnCommit func(ctx context.Context, txn Transaction, event TriggerEvent)
}

TriggerConfig contains the trigger registration configuration.

type TriggerEvent Uses

type TriggerEvent struct {
    Policy  []PolicyEvent
    Data    []DataEvent
    Context *Context
}

TriggerEvent describes the changes that caused the trigger to be invoked.

func (TriggerEvent) DataChanged Uses

func (e TriggerEvent) DataChanged() bool

DataChanged returns true if the trigger was caused by a data change.

func (TriggerEvent) IsZero Uses

func (e TriggerEvent) IsZero() bool

IsZero returns true if the TriggerEvent indicates no changes occurred. This function is primarily for test purposes.

func (TriggerEvent) PolicyChanged Uses

func (e TriggerEvent) PolicyChanged() bool

PolicyChanged returns true if the trigger was caused by a policy change.

type TriggerHandle Uses

type TriggerHandle interface {
    Unregister(ctx context.Context, txn Transaction)
}

TriggerHandle defines the interface that can be used to unregister triggers that have been registered on a Store.

type TriggersNotSupported Uses

type TriggersNotSupported struct{}

TriggersNotSupported provides default implementations of the Trigger interface which may be used if the backend does not support triggers.

func (TriggersNotSupported) Register Uses

func (TriggersNotSupported) Register(context.Context, Transaction, TriggerConfig) (TriggerHandle, error)

Register always returns an error indicating triggers are not supported.

type WritesNotSupported Uses

type WritesNotSupported struct{}

WritesNotSupported provides a default implementation of the write interface which may be used if the backend does not support writes.

func (WritesNotSupported) Write Uses

func (WritesNotSupported) Write(ctx context.Context, txn Transaction, op PatchOp, path Path, value interface{}) error

Directories

PathSynopsis
inmemPackage inmem implements an in-memory version of the policy engine's storage layer.

Package storage imports 6 packages (graph) and is imported by 87 packages. Updated 2019-08-27. Refresh now. Tools for package owners.