Documentation
¶
Index ¶
- Variables
- func CreateRegoQueryInput(logger logging.Logger, input Input, options RegoInputOptions) ([]byte, error)
- func NewPrintHook(w io.Writer, policy string) print.Hook
- type Evaluator
- type Input
- type InputRequest
- type InputResponse
- type InputUser
- type LogPrinter
- type OPAEvaluator
- type OPAEvaluatorOptions
- type OPAModuleConfig
- type PartialEvaluator
- type PartialResultsEvaluators
- func (policyEvaluators PartialResultsEvaluators) AddFromConfig(ctx context.Context, logger logging.Logger, opaModuleConfig *OPAModuleConfig, ...) error
- func (partialEvaluators PartialResultsEvaluators) GetEvaluatorFromPolicy(ctx context.Context, policy string, input []byte, options *OPAEvaluatorOptions) (*OPAEvaluator, error)
- type PermissionOnResourceKey
- type PermissionOptions
- type PermissionsOnResourceMap
- type PolicyEvaluationOptions
- type QueryOptions
- type RegoInputOptions
- type RequestFlow
- type ResponseFlow
- type RondConfig
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrMissingRegoModules = fmt.Errorf("no rego module found in directory") ErrRegoModuleReadFailed = fmt.Errorf("failed rego file read") ErrInvalidConfig = fmt.Errorf("invalid rond configuration") ErrEvaluatorCreationFailed = fmt.Errorf("error during evaluator creation") ErrEvaluatorNotFound = fmt.Errorf("evaluator not found") ErrPolicyEvalFailed = fmt.Errorf("policy evaluation failed") ErrPartialPolicyEvalFailed = fmt.Errorf("partial %w", ErrPolicyEvalFailed) ErrResponsePolicyEvalFailed = fmt.Errorf("response %w", ErrPolicyEvalFailed) ErrPolicyNotAllowed = fmt.Errorf("policy not allowed") ErrFailedInputParse = fmt.Errorf("failed input parse") ErrFailedInputEncode = fmt.Errorf("failed input encode") ErrFailedInputRequestParse = fmt.Errorf("failed request body parse") ErrFailedInputRequestDeserialization = fmt.Errorf("failed request body deserialization") ErrRondConfigNotExists = fmt.Errorf("rond config does not exist") )
View Source
var Unknowns = []string{"data.resources"}
Functions ¶
func CreateRegoQueryInput ¶
Types ¶
type Input ¶
type Input struct {
Request InputRequest `json:"request"`
Response InputResponse `json:"response"`
ClientType string `json:"clientType,omitempty"`
User InputUser `json:"user"`
CustomMetadata any `json:"metadata,omitempty"`
}
type InputRequest ¶
type InputResponse ¶
type InputResponse struct {
Body interface{} `json:"body,omitempty"`
}
type InputUser ¶
type InputUser struct {
ID string `json:"id,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
Groups []string `json:"groups,omitempty"`
Bindings []types.Binding `json:"bindings,omitempty"`
Roles []types.Role `json:"roles,omitempty"`
ResourcePermissionsMap PermissionsOnResourceMap `json:"resourcePermissionsMap,omitempty"`
}
type LogPrinter ¶
type OPAEvaluator ¶
type OPAEvaluator struct {
PolicyEvaluator Evaluator
PolicyName string
// contains filtered or unexported fields
}
func (*OPAEvaluator) Evaluate ¶
func (evaluator *OPAEvaluator) Evaluate(logger logging.Logger, options *PolicyEvaluationOptions) (interface{}, error)
func (*OPAEvaluator) PolicyEvaluation ¶
func (evaluator *OPAEvaluator) PolicyEvaluation(logger logging.Logger, options *PolicyEvaluationOptions) (interface{}, primitive.M, error)
type OPAEvaluatorOptions ¶ added in v1.9.0
type OPAEvaluatorOptions struct {
EnablePrintStatements bool
MongoClient custom_builtins.IMongoClient
Logger logging.Logger
}
type OPAModuleConfig ¶
func LoadRegoModule ¶
func LoadRegoModule(rootDirectory string) (*OPAModuleConfig, error)
func (*OPAModuleConfig) CreateQueryEvaluator ¶ added in v1.9.0
func (config *OPAModuleConfig) CreateQueryEvaluator(ctx context.Context, logger logging.Logger, policy string, input []byte, options *OPAEvaluatorOptions) (*OPAEvaluator, error)
type PartialEvaluator ¶
type PartialEvaluator struct {
PartialEvaluator *rego.PartialResult
}
type PartialResultsEvaluators ¶
type PartialResultsEvaluators map[string]PartialEvaluator
func (PartialResultsEvaluators) AddFromConfig ¶ added in v1.9.0
func (policyEvaluators PartialResultsEvaluators) AddFromConfig(ctx context.Context, logger logging.Logger, opaModuleConfig *OPAModuleConfig, rondConfig *RondConfig, options *OPAEvaluatorOptions) error
func (PartialResultsEvaluators) GetEvaluatorFromPolicy ¶
func (partialEvaluators PartialResultsEvaluators) GetEvaluatorFromPolicy(ctx context.Context, policy string, input []byte, options *OPAEvaluatorOptions) (*OPAEvaluator, error)
type PermissionOnResourceKey ¶
type PermissionOnResourceKey string
type PermissionOptions ¶ added in v1.9.0
type PermissionsOnResourceMap ¶
type PermissionsOnResourceMap map[PermissionOnResourceKey]bool
type PolicyEvaluationOptions ¶ added in v1.9.0
type QueryOptions ¶ added in v1.9.0
type QueryOptions struct {
HeaderName string `json:"headerName"`
}
type RegoInputOptions ¶ added in v1.9.0
type RegoInputOptions struct {
EnableResourcePermissionsMapOptimization bool
}
type RequestFlow ¶ added in v1.9.0
type RequestFlow struct {
PolicyName string `json:"policyName"`
GenerateQuery bool `json:"generateQuery"`
QueryOptions QueryOptions `json:"queryOptions"`
PreventBodyLoad bool `json:"preventBodyLoad"`
}
type ResponseFlow ¶ added in v1.9.0
type ResponseFlow struct {
PolicyName string `json:"policyName"`
}
type RondConfig ¶ added in v1.9.0
type RondConfig struct {
RequestFlow RequestFlow `json:"requestFlow"`
ResponseFlow ResponseFlow `json:"responseFlow"`
Options PermissionOptions `json:"options"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.