policy

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2026 License: MIT Imports: 1 Imported by: 0

Documentation

Overview

Package policy defines the Phase 23 policy interface. Policies run inside the reload pipeline AFTER decode and validation but BEFORE the atomic state swap, so a violation cleanly aborts the reload without breaking the failure-safe contract: the previous *State[T] remains in place and Get() callers see no glitch.

The interface is generic in T so a policy can inspect the strongly typed configuration directly — no map[string]any round-trip.

Heavy policy backends (OPA, CUE) live in the corresponding fastconf/policy/opa and fastconf/policy/cue submodules to keep the core dependency-free.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AnyPolicy 

type AnyPolicy interface {
	Name() string
	EvaluateAny(ctx context.Context, cfg any, reason, tenant string) ([]Violation, error)
}

AnyPolicy is the type-erased shim used by the framework to keep the non-generic options.policies slice. End users never construct AnyPolicy directly — they call fastconf.WithPolicy(p) which uses Adapt under the hood.

func Adapt 

func Adapt[T any](p Policy[T]) AnyPolicy

Adapt converts a typed Policy[T] into the framework-internal AnyPolicy representation. The conversion fails fast at evaluation time if the runtime type does not match T (defensive — the framework always passes *T, so the assertion is a safety net).

type Func 

type Func[T any] struct {
	N  string
	Fn func(context.Context, Input[T]) ([]Violation, error)
}

Func adapts a free function into a Policy.

func (Func[T]) Evaluate 

func (f Func[T]) Evaluate(ctx context.Context, in Input[T]) ([]Violation, error)

func (Func[T]) Name 

func (f Func[T]) Name() string

type Input 

type Input[T any] struct {
	// Config is the freshly decoded, validated, but NOT-yet-published
	// configuration. The pointer is stable for the duration of the
	// Evaluate call.
	Config *T
	// Reason mirrors ReloadCause.Reason ("provider:vault", "watcher", ...).
	Reason string
	// Tenant carries the TenantManager id when applicable.
	Tenant string
}

Input is the typed evaluation context passed to Policy.Evaluate. Fields are read-only — policies MUST NOT mutate Config.

type Policy 

type Policy[T any] interface {
	Name() string
	Evaluate(ctx context.Context, in Input[T]) ([]Violation, error)
}

Policy is the contract every policy backend implements. Evaluate MUST be goroutine-safe and SHOULD return promptly; the manager invokes it inline on the reload goroutine.

type Severity 

type Severity int

Severity classifies a Violation. Manager treats Error as a hard reload failure; Warning is logged and forwarded to AuditSink but does not block the swap. 

const (
	SeverityWarning Severity = iota
	SeverityError
)

type Violation 

type Violation struct {
	Path     string
	Message  string
	Severity Severity
	// Rule is the policy rule id that produced this violation; empty
	// for ad-hoc closures.
	Rule string
}

Violation is a single policy finding.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.