decisionlogs

package
v1.46.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 22, 2025 License: Apache-2.0 Imports: 33 Imported by: 0

README

Decision Log Replacement

EOPA allows for replacing the built-in decision logs plugin by a custom one:

services:
- name: knownservice
  url: "http://knownservice/prefix"
  response_header_timeout_seconds: 12
decision_logs:
  service: servicefoo

would become

services:
- name: knownservice
  url: "http://knownservice/prefix"
  response_header_timeout_seconds: 12
decision_logs:
  plugin: eopa_dl
plugins:
  eopa_dl:
    output:
      type: service
      service: knownservice
      resource: decisionlogs

Configuring both the default and the replacement logger will cause a failure.

The replacement logger currently supports type: service and type: console, with more to come. Furthermore, type: http will allow for controlling more of the payload format and batching options then type: service. The latter is for compatibility with OPA's DL plugin.

Buffering

The new logger supports three kinds of buffers:

  • unbuffered: responses aren't returned until the DL entry of the decision has successfully been written to a sink.
  • memory: DL entries are buffered in memory
  • disk: DL entries are buffered on disk. This would survive a service restart.

A buffer config looks like this:

buffer:
  type: memory
  max_bytes: 120
  flush_count: 100
  flush_period: 10s
  flush_bytes: 12

(Where the values uses here come from testing, and shouldn't be used in real life.)

TODOs
  • carry over bearer auth, mTLS from services
  • expose more batching options
  • add further sink options
Differences from the default plugin

These may become TODOs if we decide that the deviation isn't acceptable.

  • Console output goes to stdout, whereas with the default plugin, it goes to stderr. All of EOPA's logs to go stderr, so it's actually rather convenient to collect DLs from stdout instead.

Documentation

Index

Constants

View Source 
const DLPluginName = "eopa_dl" // OPA DL plugin

Variables

View Source 
var (
	ErrNoDefaultPlugin = fmt.Errorf("%s cannot be used without OPA's decision logging", DLPluginName)
	ErrNoOutputs       = errors.New("no outputs configured")
)

Functions

func Factory 

func Factory() plugins.Factory

func NewUnknownBufferTypeError 

func NewUnknownBufferTypeError(s string) error

func NewUnknownOutputTypeError 

func NewUnknownOutputTypeError(s string) error

func NewUnknownServiceError 

func NewUnknownServiceError(s string) error

func ResourceKey 

func ResourceKey(input string) string

Types

type Config 

type Config struct {
	Output json.RawMessage `json:"output"`
	Buffer json.RawMessage `json:"buffer"`
	// contains filtered or unexported fields
}

type DropProcessor 

type DropProcessor struct {
	// contains filtered or unexported fields
}

func NewDrop 

func NewDrop(pc *service.ParsedConfig, r *registerer) (*DropProcessor, error)

func (*DropProcessor) Close 

func (*DropProcessor) Close(context.Context) error

func (*DropProcessor) Process 

func (r *DropProcessor) Process(ctx context.Context, m *service.Message) (service.MessageBatch, error)

type Logger 

type Logger struct {
	// contains filtered or unexported fields
}

func (*Logger) Log 

func (p *Logger) Log(ctx context.Context, e logs.EventV1) error

func (*Logger) Reconfigure 

func (p *Logger) Reconfigure(ctx context.Context, config interface{})

func (*Logger) Start 

func (p *Logger) Start(ctx context.Context) error

func (*Logger) Stop 

func (p *Logger) Stop(ctx context.Context)

type MaskProcessor 

type MaskProcessor struct {
	// contains filtered or unexported fields
}

func NewMask 

func NewMask(pc *service.ParsedConfig, r *registerer) (*MaskProcessor, error)

func (*MaskProcessor) Close 

func (*MaskProcessor) Close(context.Context) error

func (*MaskProcessor) Process 

func (r *MaskProcessor) Process(ctx context.Context, m *service.Message) (service.MessageBatch, error)

type OutputProcessors 

type OutputProcessors struct {
	Mask string `json:"mask_decision,omitempty"`
	Drop string `json:"drop_decision,omitempty"`
}

func (*OutputProcessors) Extra 

func (s *OutputProcessors) Extra() []map[string]any

func (*OutputProcessors) NumOutputProcessors 

func (s *OutputProcessors) NumOutputProcessors() (count int)

type Stream 

type Stream interface {
	Consume(context.Context, map[string]any) error
	Run(context.Context) error
	Stop(context.Context) error
}

type UnknownBufferTypeError 

type UnknownBufferTypeError struct {
	// contains filtered or unexported fields
}

func (*UnknownBufferTypeError) Error 

func (e *UnknownBufferTypeError) Error() string

type UnknownOutputTypeError 

type UnknownOutputTypeError struct {
	// contains filtered or unexported fields
}

func (*UnknownOutputTypeError) Error 

func (e *UnknownOutputTypeError) Error() string

type UnknownServiceError 

type UnknownServiceError struct {
	// contains filtered or unexported fields
}

func (*UnknownServiceError) Error 

func (e *UnknownServiceError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.