/
load.go
88 lines (77 loc) · 2.22 KB
/
load.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
package opa
import (
"context"
"os"
"github.com/michaelboulton/opa-test/pkg/logging"
"github.com/open-policy-agent/opa/sdk"
"github.com/pkg/errors"
)
var logger = logging.Logger
func NewOpa(ctx context.Context, filename string) (*sdk.OPA, error) {
file, err := os.Open(filename)
if err != nil {
return nil, errors.Wrap(err, "opening config file")
}
opa, err := sdk.New(ctx, sdk.Options{
Config: file,
Logger: logger.WithSkip(1),
ConsoleLogger: logger.WithSkip(1),
})
if err != nil {
return nil, errors.Wrap(err, "creating OPA instance")
}
logger.Infof("loaded config from %s", filename)
return opa, nil
}
// Service defines a service
// services:
// - name: acmecorp
// url: https://example.com/service/v1
// credentials:
// bearer:
// token: "bGFza2RqZmxha3NkamZsa2Fqc2Rsa2ZqYWtsc2RqZmtramRmYWxkc2tm"
//
type Service struct {
Name string `json:"name,omitempty"`
URL string `json:"url,omitempty"`
Credentials map[string]interface{} `json:"credentials,omitempty"`
}
// Bundle defines a bundle
// bundles:
// authz:
// service: acmecorp
// resource: somedir/bundle.tar.gz
// persist: true
// polling:
// min_delay_seconds: 10
// max_delay_seconds: 20
// signing:
// keyid: my_global_key
// scope: read
type Bundle struct {
BundleSource *BundleSource `json:"authz,omitempty"`
}
type BundleSource struct {
Service string `json:"service,omitempty"`
Resource string `json:"resource,omitempty"`
Persist bool `json:"persist,omitempty"`
Polling *Polling `json:"polling,omitempty"`
Signing *Signing `json:"signing,omitempty"`
}
type Polling struct {
MinDelaySeconds int `json:"min_delay_seconds,omitempty"`
MaxDelaySeconds int `json:"max_delay_seconds,omitempty"`
}
type Signing struct {
Keyid string `json:"keyid,omitempty"`
Scope string `json:"scope,omitempty"`
}
type DecisionLogs struct {
Console bool `json:"console,omitempty"`
}
// OpaConfig defines the top level OPA config to go to json
type OpaConfig struct {
Services []Service `json:"services,omitempty"`
Bundles map[string]Bundle `json:"bundles,omitempty"`
DecisionLogs DecisionLogs `json:"decision_logs,omitempty"`
}