storage

package
v0.48.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2025 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const ConfKey = "storage"
View Source 
const MaxPoliciesInBatch = 25

Variables

View Source 
var ErrPolicyIDCollision = errors.New("policy ID collision")

Functions

func BatchLoadPolicy added in v0.35.0 

func BatchLoadPolicy(
	ctx context.Context,
	maxPoliciesInBatch int,
	loadPolicyFn func(context.Context, ...string) ([]*policy.Wrapper, error),
	processPolicyFn func(*policy.Wrapper) error,
	ids ...string,
) error

func RegisterDriver 

func RegisterDriver(name string, cons Constructor)

RegisterDriver registers a storage driver.

func Reload added in v0.15.0 

func Reload(ctx context.Context, rs Reloadable) error

func TestSubscription 

func TestSubscription(s Subscribable) func(*testing.T, time.Duration, ...Event)

TestSubscription is a helper to test subscriptions.

Types

type BinaryStore added in v0.20.0 

type BinaryStore interface {
	Store
	Subscribable
	// GetFirstMatch searches for the given module IDs in order and returns the first one found.
	GetFirstMatch(context.Context, []namer.ModuleID) (*runtimev1.RunnablePolicySet, error)
	// GetAll returns all modules that exist within the policy store
	GetAll(context.Context) ([]*runtimev1.RunnablePolicySet, error)
	// GetAllMatching returns all modules that exist for the provided module IDs
	GetAllMatching(context.Context, []namer.ModuleID) ([]*runtimev1.RunnablePolicySet, error)
}

BinaryStore is implemented by stores that have pre-compiled policies in binary format.

type Conf 

type Conf struct {
	// contains filtered or unexported fields
}

Conf is required configuration for storage. +desc=This section is required. The field driver must be set to indicate which driver to use.

func GetConf added in v0.15.0 

func GetConf() (*Conf, error)

func (*Conf) Key 

func (c *Conf) Key() string

func (*Conf) UnmarshalYAML added in v0.15.0 

func (c *Conf) UnmarshalYAML(unmarshal func(any) error) error

type Constructor 

type Constructor func(context.Context, *config.Wrapper) (Store, error)

Constructor is a constructor function for a storage driver.

func GetDriverConstructor added in v0.27.0 

func GetDriverConstructor(name string) (Constructor, error)

GetDriverConstructor registers a storage driver.

type Event 

type Event struct {
	OldPolicyID *namer.ModuleID
	SchemaFile  string
	Dependents  []namer.ModuleID
	Kind        EventKind
	PolicyID    namer.ModuleID
}

Event is an event detected by the storage layer.

func NewPolicyEvent added in v0.11.0 

func NewPolicyEvent(kind EventKind, policyID namer.ModuleID) Event

NewPolicyEvent creates a new storage event for a policy.

func NewReloadEvent added in v0.21.0 

func NewReloadEvent() Event

NewReloadEvent creates a new reload event.

func NewSchemaEvent added in v0.11.0 

func NewSchemaEvent(kind EventKind, schemaFile string) Event

NewSchemaEvent creates a new storage event for a schema.

func (Event) String 

func (evt Event) String() string

type EventKind 

type EventKind int

EventKind identifies the kind of storage event such as addition or deletion. 

const (
	EventAddOrUpdatePolicy EventKind = iota
	EventDeleteOrDisablePolicy
	EventAddOrUpdateSchema
	EventDeleteSchema
	EventReload
	EventNop
)

type Instrumented added in v0.15.0 

type Instrumented interface {
	RepoStats(context.Context) RepoStats
}

Instrumented stores expose repository stats.

type InvalidPolicyError 

type InvalidPolicyError struct {
	Err     error
	Message string
}

InvalidPolicyError is a custom error to signal that a policy is invalid.

func NewInvalidPolicyError 

func NewInvalidPolicyError(err error, msg string, args ...any) InvalidPolicyError

func (InvalidPolicyError) Error 

func (ipe InvalidPolicyError) Error() string

func (InvalidPolicyError) Unwrap 

func (ipe InvalidPolicyError) Unwrap() error

type InvalidSchemaError added in v0.12.0 

type InvalidSchemaError struct {
	Err     error
	Message string
}

InvalidSchemaError is a custom error to signal that a schema is invalid.

func NewInvalidSchemaError added in v0.12.0 

func NewInvalidSchemaError(err error, msg string, args ...any) InvalidSchemaError

func (InvalidSchemaError) Error added in v0.12.0 

func (ise InvalidSchemaError) Error() string

func (InvalidSchemaError) Unwrap added in v0.12.0 

func (ise InvalidSchemaError) Unwrap() error

type ListPolicyIDsParams added in v0.29.0 

type ListPolicyIDsParams struct {
	NameRegexp      string
	ScopeRegexp     string
	VersionRegexp   string
	IDs             []string
	IncludeDisabled bool
}

type MutableStore 

type MutableStore interface {
	Store
	AddOrUpdate(context.Context, ...policy.Wrapper) error
	AddOrUpdateSchema(context.Context, ...*schemav1.Schema) error
	Disable(context.Context, ...string) (uint32, error)
	Enable(context.Context, ...string) (uint32, error)
	DeleteSchema(context.Context, ...string) (uint32, error)
	Delete(context.Context, ...namer.ModuleID) error
}

MutableStore is a store that allows mutations.

type Reloadable added in v0.20.0 

type Reloadable interface {
	Reload(context.Context) error
}

Reloadable stores allow reloading their contents.

type RepoStats added in v0.15.0 

type RepoStats struct {
	PolicyCount       map[policy.Kind]int
	AvgRuleCount      map[policy.Kind]float64
	AvgConditionCount map[policy.Kind]float64
	SchemaCount       int
}

type RuleTableStore added in v0.48.0 

type RuleTableStore interface {
	GetRuleTable() (*runtimev1.RuleTable, error)
}

RuleTableStore is implemented by stores that have pre-compiled rule tables.

type SourceStore added in v0.20.0 

type SourceStore interface {
	Store
	// GetFirstMatch searches for the given module IDs in order and returns the first one found.
	GetFirstMatch(context.Context, []namer.ModuleID) (*policy.CompilationUnit, error)
	// GetAll returns all modules that exist within the policy store
	GetAll(context.Context) ([]*policy.CompilationUnit, error)
	// GetAllMatching returns all modules that exist for the provided module IDs
	GetAllMatching(context.Context, []namer.ModuleID) ([]*policy.CompilationUnit, error)
	// GetCompilationUnits gets the compilation units for the given module IDs.
	GetCompilationUnits(context.Context, ...namer.ModuleID) (map[namer.ModuleID]*policy.CompilationUnit, error)
	// GetDependents returns the dependents of the given modules.
	GetDependents(context.Context, ...namer.ModuleID) (map[namer.ModuleID][]namer.ModuleID, error)
	// LoadPolicy loads the given policy from the store
	LoadPolicy(context.Context, ...string) ([]*policy.Wrapper, error)
}

SourceStore is implemented by stores that have policies in their source format (uncompiled).

type Store 

type Store interface {
	// Driver is the name of the storage backend implementation.
	Driver() string
	// InspectPolicies returns inspection results for the policies in the store.
	InspectPolicies(context.Context, ListPolicyIDsParams) (map[string]*responsev1.InspectPoliciesResponse_Result, error)
	// ListPolicyIDs returns the policy IDs in the store.
	ListPolicyIDs(context.Context, ListPolicyIDsParams) ([]string, error)
	// ListSchemaIDs returns the schema ids in the store.
	ListSchemaIDs(context.Context) ([]string, error)
	// LoadSchema loads the given schema from the store.
	LoadSchema(context.Context, string) (io.ReadCloser, error)
	// Source returns metadata for inclusion in audit logs.
	Source() *auditv1.PolicySource
}

Store is the common interface implemented by storage backends.

func New 

func New(ctx context.Context) (Store, error)

New returns a storage driver implementation based on the configured driver.

func NewFromConf added in v0.15.0 

func NewFromConf(ctx context.Context, confWrapper *config.Wrapper) (Store, error)

NewFromConf returns a storage driver implementation based on the provided configuration.

type Subscribable 

type Subscribable interface {
	// Subscribe adds a subscriber to listen for storage notifications.
	Subscribe(Subscriber)
	// Unsubscribe removes a subscriber.
	Unsubscribe(Subscriber)
}

Subscribable is an interface for managing subscriptions to storage events.

type Subscriber 

type Subscriber interface {
	SubscriberID() string
	OnStorageEvent(...Event)
}

Subscriber is the interface implemented by storage subscribers.

type SubscriptionManager 

type SubscriptionManager struct {
	// contains filtered or unexported fields
}

func NewSubscriptionManager 

func NewSubscriptionManager(ctx context.Context) *SubscriptionManager

func (*SubscriptionManager) NotifySubscribers 

func (sm *SubscriptionManager) NotifySubscribers(events ...Event)

Notify sends the events to all subscribers.

func (*SubscriptionManager) Subscribe 

func (sm *SubscriptionManager) Subscribe(s Subscriber)

func (*SubscriptionManager) Unsubscribe 

func (sm *SubscriptionManager) Unsubscribe(s Subscriber)

type Verifiable added in v0.27.0 

type Verifiable interface {
	CheckSchema(ctx context.Context) error
}

Verifiable stores allow querying whether the requirements for the store are met.

Source Files

View all Source files

Directories

Path Synopsis
db
internal
mysql
postgres
sqlite3

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.