Documentation
¶
Index ¶
- Constants
- Variables
- func Blocks(mode policy.Mode) bool
- func DecisionForMode(mode policy.Mode) string
- func EffectiveStages(p Plugin, selected []policy.Stage) []policy.Stage
- func SetDecision(event *metrics.EventContext, mode policy.Mode)
- func Throttle(ctx context.Context, delay time.Duration) error
- func Throttles(mode policy.Mode) bool
- func ValidateStages(p Plugin, selected []policy.Stage) error
- type Catalog
- type CatalogEntry
- type CatalogGroup
- type CatalogService
- type ExecInput
- type Executor
- type Field
- type FieldType
- type Plugin
- type PluginError
- type Registry
- type Result
- type RuntimeScope
- type SettingsSchema
- type StageInput
- type StageOutcome
- type StagePlan
Constants ¶
const MaxThrottleDelay = 2 * time.Second
Variables ¶
var ErrDuplicatePlugin = fmt.Errorf("plugin: duplicate registration")
var ErrInvalidModes = fmt.Errorf("plugin: invalid declared modes")
var ErrInvalidStages = fmt.Errorf("plugin: invalid declared stages")
var ErrNoEffectiveStages = fmt.Errorf("plugin: no effective stages")
var ErrStageNotSupported = fmt.Errorf("plugin: stage not supported")
var ErrUnknownPlugin = fmt.Errorf("plugin: unknown plugin")
Functions ¶
func DecisionForMode ¶
func SetDecision ¶
func SetDecision(event *metrics.EventContext, mode policy.Mode)
Types ¶
type Catalog ¶
type Catalog struct {
Groups []CatalogGroup `json:"groups"`
}
Catalog is the full set of available policies grouped by type.
type CatalogEntry ¶
type CatalogEntry struct {
Slug string `json:"slug"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
MandatoryStages []policy.Stage `json:"mandatory_stages"`
SupportedStages []policy.Stage `json:"supported_stages"`
SupportedModes []policy.Mode `json:"supported_modes"`
DefaultMode policy.Mode `json:"default_mode"`
SettingsSchema SettingsSchema `json:"settings_schema"`
}
CatalogEntry describes a single available policy/plugin and the schema needed to configure it.
type CatalogGroup ¶
type CatalogGroup struct {
Type string `json:"type"`
Items []CatalogEntry `json:"items"`
}
CatalogGroup buckets policies by their product category.
type CatalogService ¶
type CatalogService interface {
Catalog() Catalog
}
CatalogService exposes the catalog of available policies. It only reports plugins that are actually registered in the runtime registry, so the endpoint never advertises an unavailable policy.
func NewCatalogService ¶
func NewCatalogService(registry Registry) CatalogService
NewCatalogService builds a catalog service backed by the plugin registry.
type ExecInput ¶
type ExecInput struct {
Stage policy.Stage
Mode policy.Mode
Config policy.PluginConfig
Scope RuntimeScope
Request *infracontext.RequestContext
Response *infracontext.ResponseContext
// Event is the per-invocation metrics sink. It is nil when plugin traces
// are disabled, so plugins must nil-check before using it.
Event *metrics.EventContext
}
ExecInput is the immutable input handed to a plugin for a single stage run.
type Executor ¶
type Executor interface {
RunStage(ctx context.Context, in StageInput) (*StageOutcome, error)
}
type Field ¶
type Field struct {
Key string `json:"key"`
Label string `json:"label"`
Type FieldType `json:"type"`
Description string `json:"description,omitempty"`
Required bool `json:"required,omitempty"`
Default any `json:"default,omitempty"`
Enum []string `json:"enum,omitempty"`
// Fields lists the child fields of an object.
Fields []Field `json:"fields,omitempty"`
// Item describes the element schema of an array.
Item *Field `json:"item,omitempty"`
// KeyOptions lists the well-known keys of a map. Empty means free-form keys.
KeyOptions []string `json:"key_options,omitempty"`
// Value describes the value schema of a map.
Value *Field `json:"value,omitempty"`
}
Field describes a single settings entry. Containers use ordered child slices (Fields, Item, Value) instead of maps so the frontend can render a stable form layout.
type FieldType ¶
type FieldType string
FieldType enumerates the settings field kinds the admin UI can render. It is a compact, JSON-Schema-like vocabulary tailored to dynamic form generation rather than a full JSON Schema implementation.
const ( FieldTypeString FieldType = "string" FieldTypeInteger FieldType = "integer" FieldTypeNumber FieldType = "number" FieldTypeBoolean FieldType = "boolean" FieldTypeDuration FieldType = "duration" FieldTypeEnum FieldType = "enum" FieldTypeObject FieldType = "object" FieldTypeArray FieldType = "array" FieldTypeMap FieldType = "map" )
type Plugin ¶
type Plugin interface {
Name() string
// MandatoryStages are the stages the plugin always runs on, regardless of
// the policy configuration. They must be a subset of SupportedStages.
MandatoryStages() []policy.Stage
// SupportedStages are every stage the plugin can run on. A policy may opt
// into any subset of these; mandatory stages are always included.
SupportedStages() []policy.Stage
SupportedModes() []policy.Mode
ValidateConfig(settings map[string]any) error
Execute(ctx context.Context, in ExecInput) (*Result, error)
MutatesRequestBody() bool
MutatesResponseBody() bool
MutatesMetadata() bool
}
Plugin is a single unit of request/response processing. Each plugin declares the fixed stages it runs on via Stages; the executor drives it only at those stages and ignores the stage recorded in the policy configuration.
Plugins must treat the request and response contexts as read-only and return every mutation through Result so the executor can apply them deterministically even when a stage runs plugins concurrently.
type PluginError ¶
type PluginError struct {
StatusCode int
Type string
Message string
Headers map[string][]string
Body []byte
}
PluginError is returned by a plugin to reject a request and short-circuit the chain with a specific HTTP status (e.g. rate limit 429, CORS preflight 204).
func AsPluginError ¶
func AsPluginError(err error) (*PluginError, bool)
AsPluginError reports whether err is (or wraps) a *PluginError and returns it.
func (*PluginError) Error ¶
func (e *PluginError) Error() string
type Registry ¶
type Registry interface {
Register(p Plugin) error
Get(name string) (Plugin, bool)
Validate(name string, settings map[string]any) error
ValidateStages(name string, selected []policy.Stage) error
Names() []string
}
func NewRegistry ¶
func NewRegistry() Registry
type Result ¶
type Result struct {
StatusCode int
Body []byte
RequestBody []byte
Headers map[string][]string
StopUpstream bool
}
Result carries the changes a plugin wants the executor to apply. Headers are merged into the response; a StopUpstream result short-circuits the chain and returns Body/StatusCode to the client without contacting the registry.
type RuntimeScope ¶
RuntimeScope is the execution scope derived from the policy and the resolved consumer. It tells a plugin whether the policy applies gateway-wide (Global) or to a single consumer, so stateful plugins can partition their state accordingly. It is derived from the source of truth (Policy.Global plus the resolved consumer), never from request headers, path or credentials.
func (RuntimeScope) Subject ¶
func (s RuntimeScope) Subject() (dimension string, id string, err error)
Subject resolves the partition for this execution: gateway-wide when the policy is global, otherwise the current consumer. It returns the dimension label ("global" or "consumer") and the identifier to key state on.
type SettingsSchema ¶
type SettingsSchema struct {
Fields []Field `json:"fields"`
}
SettingsSchema is the ordered set of top-level settings fields for a policy.
type StageInput ¶
type StageInput struct {
Stage policy.Stage
Policies []*policy.Policy
Plan *StagePlan
Request *infracontext.RequestContext
Response *infracontext.ResponseContext
}
type StageOutcome ¶
type StagePlan ¶
type StagePlan struct {
// contains filtered or unexported fields
}