Documentation
¶
Overview ¶
Package opa provides OPA-based HTTP request authorization middleware.
Index ¶
Constants ¶
const DefaultPolicy = `` /* 145-byte string literal not displayed */
DefaultPolicy allows all requests from localhost and restricts remote access to non-admin paths.
Variables ¶
This section is empty.
Functions ¶
func Middleware ¶
Middleware returns an http.Handler that evaluates OPA policy before delegating to next. The policy must define a boolean "allow" rule under package cachew.authz. If allow is true the request proceeds; otherwise it is rejected with 403.
func RunTests ¶
RunTests compiles the configured policy together with the Rego test module in cfg.Test and executes every test_* rule. It returns the number of tests that passed and an error enumerating any that failed or errored. When cfg.Test is empty it is a no-op. The policy under test is loaded the same way as Middleware, so an empty policy config exercises DefaultPolicy.
Types ¶
type Config ¶
type Config struct {
Policy string `hcl:"policy,optional" help:"Inline Rego policy."`
PolicyFile string `hcl:"policy-file,optional" help:"Path to a Rego policy file."`
Data string `hcl:"data,optional" help:"Inline JSON object loaded as OPA data.*"`
DataFile string `hcl:"data-file,optional" help:"Path to a JSON file loaded as OPA data.*"`
Test string `hcl:"test,optional" help:"Inline Rego test module run against the policy when cachewd starts."`
}
Config for OPA policy evaluation. If neither Policy nor PolicyFile is set, a default policy allowing only GET and HEAD requests is used.
Source Files