Documentation ¶
Index ¶
- Variables
- func CreateRegoQueryInput(logger logging.Logger, input Input, options RegoInputOptions) ([]byte, error)
- func NewPrintHook(w io.Writer, policy string) print.Hook
- type Evaluator
- type Input
- type InputRequest
- type InputResponse
- type InputUser
- type LogPrinter
- type OPAEvaluator
- type OPAEvaluatorOptions
- type OPAModuleConfig
- type PartialEvaluator
- type PartialResultsEvaluators
- func (policyEvaluators PartialResultsEvaluators) AddFromConfig(ctx context.Context, logger logging.Logger, opaModuleConfig *OPAModuleConfig, ...) error
- func (partialEvaluators PartialResultsEvaluators) GetEvaluatorFromPolicy(ctx context.Context, policy string, input []byte, options *OPAEvaluatorOptions) (*OPAEvaluator, error)
- type PermissionOnResourceKey
- type PermissionOptions
- type PermissionsOnResourceMap
- type PolicyEvaluationOptions
- type QueryOptions
- type RegoInputOptions
- type RequestFlow
- type ResponseFlow
- type RondConfig
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrMissingRegoModules = fmt.Errorf("no rego module found in directory") ErrRegoModuleReadFailed = fmt.Errorf("failed rego file read") ErrInvalidConfig = fmt.Errorf("invalid rond configuration") ErrEvaluatorCreationFailed = fmt.Errorf("error during evaluator creation") ErrEvaluatorNotFound = fmt.Errorf("evaluator not found") ErrPolicyEvalFailed = fmt.Errorf("policy evaluation failed") ErrPartialPolicyEvalFailed = fmt.Errorf("partial %w", ErrPolicyEvalFailed) ErrResponsePolicyEvalFailed = fmt.Errorf("response %w", ErrPolicyEvalFailed) ErrPolicyNotAllowed = fmt.Errorf("policy not allowed") ErrFailedInputParse = fmt.Errorf("failed input parse") ErrFailedInputEncode = fmt.Errorf("failed input encode") ErrFailedInputRequestParse = fmt.Errorf("failed request body parse") ErrFailedInputRequestDeserialization = fmt.Errorf("failed request body deserialization") ErrRondConfigNotExists = fmt.Errorf("rond config does not exist") )
View Source
var Unknowns = []string{"data.resources"}
Functions ¶
func CreateRegoQueryInput ¶
Types ¶
type Input ¶
type Input struct { Request InputRequest `json:"request"` Response InputResponse `json:"response"` ClientType string `json:"clientType,omitempty"` User InputUser `json:"user"` CustomMetadata any `json:"metadata,omitempty"` }
type InputRequest ¶
type InputResponse ¶
type InputResponse struct {
Body interface{} `json:"body,omitempty"`
}
type InputUser ¶
type InputUser struct { ID string `json:"id,omitempty"` Properties map[string]interface{} `json:"properties,omitempty"` Groups []string `json:"groups,omitempty"` Bindings []types.Binding `json:"bindings,omitempty"` Roles []types.Role `json:"roles,omitempty"` ResourcePermissionsMap PermissionsOnResourceMap `json:"resourcePermissionsMap,omitempty"` }
type LogPrinter ¶
type OPAEvaluator ¶
type OPAEvaluator struct { PolicyEvaluator Evaluator PolicyName string // contains filtered or unexported fields }
func (*OPAEvaluator) Evaluate ¶
func (evaluator *OPAEvaluator) Evaluate(logger logging.Logger, options *PolicyEvaluationOptions) (interface{}, error)
func (*OPAEvaluator) PolicyEvaluation ¶
func (evaluator *OPAEvaluator) PolicyEvaluation(logger logging.Logger, options *PolicyEvaluationOptions) (interface{}, primitive.M, error)
type OPAEvaluatorOptions ¶ added in v1.9.0
type OPAEvaluatorOptions struct { EnablePrintStatements bool MongoClient custom_builtins.IMongoClient Logger logging.Logger }
type OPAModuleConfig ¶
func LoadRegoModule ¶
func LoadRegoModule(rootDirectory string) (*OPAModuleConfig, error)
func (*OPAModuleConfig) CreateQueryEvaluator ¶ added in v1.9.0
func (config *OPAModuleConfig) CreateQueryEvaluator(ctx context.Context, logger logging.Logger, policy string, input []byte, options *OPAEvaluatorOptions) (*OPAEvaluator, error)
type PartialEvaluator ¶
type PartialEvaluator struct {
PartialEvaluator *rego.PartialResult
}
type PartialResultsEvaluators ¶
type PartialResultsEvaluators map[string]PartialEvaluator
func (PartialResultsEvaluators) AddFromConfig ¶ added in v1.9.0
func (policyEvaluators PartialResultsEvaluators) AddFromConfig(ctx context.Context, logger logging.Logger, opaModuleConfig *OPAModuleConfig, rondConfig *RondConfig, options *OPAEvaluatorOptions) error
func (PartialResultsEvaluators) GetEvaluatorFromPolicy ¶
func (partialEvaluators PartialResultsEvaluators) GetEvaluatorFromPolicy(ctx context.Context, policy string, input []byte, options *OPAEvaluatorOptions) (*OPAEvaluator, error)
type PermissionOnResourceKey ¶
type PermissionOnResourceKey string
type PermissionOptions ¶ added in v1.9.0
type PermissionsOnResourceMap ¶
type PermissionsOnResourceMap map[PermissionOnResourceKey]bool
type PolicyEvaluationOptions ¶ added in v1.9.0
type QueryOptions ¶ added in v1.9.0
type QueryOptions struct {
HeaderName string `json:"headerName"`
}
type RegoInputOptions ¶ added in v1.9.0
type RegoInputOptions struct {
EnableResourcePermissionsMapOptimization bool
}
type RequestFlow ¶ added in v1.9.0
type RequestFlow struct { PolicyName string `json:"policyName"` GenerateQuery bool `json:"generateQuery"` QueryOptions QueryOptions `json:"queryOptions"` PreventBodyLoad bool `json:"preventBodyLoad"` }
type ResponseFlow ¶ added in v1.9.0
type ResponseFlow struct {
PolicyName string `json:"policyName"`
}
type RondConfig ¶ added in v1.9.0
type RondConfig struct { RequestFlow RequestFlow `json:"requestFlow"` ResponseFlow ResponseFlow `json:"responseFlow"` Options PermissionOptions `json:"options"` }
Click to show internal directories.
Click to hide internal directories.