forked from open-policy-agent/opa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinterface.go
190 lines (150 loc) · 6.21 KB
/
interface.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
// Copyright 2016 The OPA Authors. All rights reserved.
// Use of this source code is governed by an Apache2
// license that can be found in the LICENSE file.
package storage
import (
"context"
"github.com/open-policy-agent/opa/ast"
)
// Transaction defines the interface that identifies a consistent snapshot over
// the policy engine's storage layer.
type Transaction interface {
ID() uint64
}
// Store defines the interface for the storage layer's backend.
type Store interface {
Trigger
Policy
Indexing
// NewTransaction is called create a new transaction in the store.
NewTransaction(ctx context.Context, params ...TransactionParams) (Transaction, error)
// Read is called to fetch a document referred to by path.
Read(ctx context.Context, txn Transaction, path Path) (interface{}, error)
// Write is called to modify a document referred to by path.
Write(ctx context.Context, txn Transaction, op PatchOp, path Path, value interface{}) error
// Commit is called to finish the transaction. If Commit returns an error, the
// transaction must be automatically aborted by the Store implementation.
Commit(ctx context.Context, txn Transaction) error
// Abort is called to cancel the transaction.
Abort(ctx context.Context, txn Transaction)
}
// TransactionParams describes a new transaction.
type TransactionParams struct {
// Write indicates if this transaction will perform any write operations.
Write bool
}
// WriteParams specifies the TransactionParams for a write transaction.
var WriteParams = TransactionParams{
Write: true,
}
// PatchOp is the enumeration of supposed modifications.
type PatchOp int
// Patch supports add, remove, and replace operations.
const (
AddOp PatchOp = iota
RemoveOp = iota
ReplaceOp = iota
)
// WritesNotSupported provides a default implementation of the write
// interface which may be used if the backend does not support writes.
type WritesNotSupported struct{}
func (WritesNotSupported) Write(ctx context.Context, txn Transaction, op PatchOp, path Path, value interface{}) error {
return writesNotSupportedError()
}
// Policy defines the interface for policy module storage.
type Policy interface {
ListPolicies(context.Context, Transaction) ([]string, error)
GetPolicy(context.Context, Transaction, string) ([]byte, error)
UpsertPolicy(context.Context, Transaction, string, []byte) error
DeletePolicy(context.Context, Transaction, string) error
}
// PolicyNotSupported provides a default implementation of the policy interface
// which may be used if the backend does not support policy storage.
type PolicyNotSupported struct{}
// ListPolicies always returns a PolicyNotSupportedErr.
func (PolicyNotSupported) ListPolicies(context.Context, Transaction) ([]string, error) {
return nil, policyNotSupportedError()
}
// GetPolicy always returns a PolicyNotSupportedErr.
func (PolicyNotSupported) GetPolicy(context.Context, Transaction, string) ([]byte, error) {
return nil, policyNotSupportedError()
}
// UpsertPolicy always returns a PolicyNotSupportedErr.
func (PolicyNotSupported) UpsertPolicy(context.Context, Transaction, string, []byte) error {
return policyNotSupportedError()
}
// DeletePolicy always returns a PolicyNotSupportedErr.
func (PolicyNotSupported) DeletePolicy(context.Context, Transaction, string) error {
return policyNotSupportedError()
}
// PolicyEvent describes a change to a policy.
type PolicyEvent struct {
ID string
Data []byte
Removed bool
}
// DataEvent describes a change to a base data document.
type DataEvent struct {
Path Path
Data interface{}
Removed bool
}
// TriggerEvent describes the changes that caused the trigger to be invoked.
type TriggerEvent struct {
Policy []PolicyEvent
Data []DataEvent
}
// IsZero returns true if the TriggerEvent indicates no changes occurred. This
// function is primarily for test purposes.
func (e TriggerEvent) IsZero() bool {
return !e.PolicyChanged() && !e.DataChanged()
}
// PolicyChanged returns true if the trigger was caused by a policy change.
func (e TriggerEvent) PolicyChanged() bool {
return len(e.Policy) > 0
}
// DataChanged returns true if the trigger was caused by a data change.
func (e TriggerEvent) DataChanged() bool {
return len(e.Data) > 0
}
// TriggerConfig contains the trigger registration configuration.
type TriggerConfig struct {
// OnCommit is invoked when a transaction is succesfully committed. The
// callback is invoked with a handle to the write transaction that
// successfully committed before other clients see the changes.
OnCommit func(ctx context.Context, txn Transaction, event TriggerEvent)
}
// Trigger defines the interface that stores implement to register for change
// notifications when the store is changed.
type Trigger interface {
Register(ctx context.Context, txn Transaction, config TriggerConfig) (TriggerHandle, error)
}
// TriggersNotSupported provides default implementations of the Trigger
// interface which may be used if the backend does not support triggers.
type TriggersNotSupported struct{}
// Register always returns an error indicating triggers are not supported.
func (TriggersNotSupported) Register(context.Context, Transaction, TriggerConfig) (TriggerHandle, error) {
return nil, triggersNotSupportedError()
}
// TriggerHandle defines the interface that can be used to unregister triggers that have
// been registered on a Store.
type TriggerHandle interface {
Unregister(ctx context.Context, txn Transaction)
}
// IndexIterator defines the interface for iterating over index results.
type IndexIterator func(*ast.ValueMap) error
// Indexing defines the interface for building an index.
type Indexing interface {
Build(ctx context.Context, txn Transaction, ref ast.Ref) (Index, error)
}
// Index defines the interface for searching a pre-built index.
type Index interface {
Lookup(ctx context.Context, txn Transaction, value interface{}, iter IndexIterator) error
}
// IndexingNotSupported provides default implementations of the Indexing
// interface which may be used if the backend does not support indexing.
type IndexingNotSupported struct{}
// Build always returns an error indicating indexing is not supported.
func (IndexingNotSupported) Build(context.Context, Transaction, ast.Ref) (Index, error) {
return nil, indexingNotSupportedError()
}