policyv1alpha

package
v0.3.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 6, 2026 License: Apache-2.0 Imports: 13 Imported by: 45

Documentation

Index

Constants

View Source 
const APIKeySeparator = "_"

Variables

View Source 
var (
	// ErrNotFound is returned when an API key is not found
	ErrNotFound = errors.New("API key not found")

	// ErrConflict is returned when an API Key with the same name/version or key value already exists
	ErrConflict = errors.New("API key already exists")
)

Common storage errors - implementation agnostic

View Source 
var (
	// ErrLazyResourceNotFound is returned when a lazy resource is not found
	ErrLazyResourceNotFound = errors.New("lazy resource not found")

	// ErrLazyResourceConflict is returned when a resource with the same ID already exists
	ErrLazyResourceConflict = errors.New("lazy resource already exists")
)

Common storage errors

Functions

This section is empty.

Types

type APIKey 

type APIKey struct {
	// ID of the API Key
	ID string `json:"id" yaml:"id"`
	// Name of the API key (URL-safe identifier, auto-generated, immutable)
	Name string `json:"name" yaml:"name"`
	// DisplayName is the human-readable name (user-provided, mutable)
	DisplayName string `json:"displayName" yaml:"displayName"`
	// ApiKey API key with apip_ prefix
	APIKey string `json:"apiKey" yaml:"apiKey"`
	// APIId Unique identifier of the API that the key is associated with
	APIId string `json:"apiId" yaml:"apiId"`
	// Operations List of API operations the key will have access to
	Operations string `json:"operations" yaml:"operations"`
	// Status of the API key
	Status APIKeyStatus `json:"status" yaml:"status"`
	// CreatedAt Timestamp when the API key was generated
	CreatedAt time.Time `json:"createdAt" yaml:"createdAt"`
	// CreatedBy User who created the API key
	CreatedBy string `json:"createdBy" yaml:"createdBy"`
	// UpdatedAt Timestamp when the API key was last updated
	UpdatedAt time.Time `json:"updatedAt" yaml:"updatedAt"`
	// ExpiresAt Expiration timestamp (null if no expiration)
	ExpiresAt *time.Time `json:"expiresAt" yaml:"expiresAt"`
	// Source tracking for external key support ("local" | "external")
	Source string `json:"source" yaml:"source"`
	// IndexKey Pre-computed hash for O(1) lookup (external plain text keys only)
	IndexKey string `json:"indexKey" yaml:"indexKey"`
}

type APIKeyStatus 

type APIKeyStatus string

APIKeyStatus Status of the API key 

const (
	Active  APIKeyStatus = "active"
	Expired APIKeyStatus = "expired"
	Revoked APIKeyStatus = "revoked"
)

Defines values for APIKeyStatus.

type APIkeyStore 

type APIkeyStore struct {
	// contains filtered or unexported fields
}

APIkeyStore holds all API keys in memory for fast access

func GetAPIkeyStoreInstance 

func GetAPIkeyStoreInstance() *APIkeyStore

GetAPIkeyStoreInstance provides a shared instance of APIkeyStore

func NewAPIkeyStore 

func NewAPIkeyStore() *APIkeyStore

NewAPIkeyStore creates a new in-memory API key store

func (*APIkeyStore) ClearAll 

func (aks *APIkeyStore) ClearAll() error

ClearAll removes all API keys from the store

func (*APIkeyStore) RemoveAPIKeysByAPI 

func (aks *APIkeyStore) RemoveAPIKeysByAPI(apiId string) error

RemoveAPIKeysByAPI removes all API keys for a specific API

func (*APIkeyStore) RevokeAPIKey 

func (aks *APIkeyStore) RevokeAPIKey(apiId, providedAPIKey string) error

RevokeAPIKey revokes a specific API key by plain text API key value Supports both local keys (with format: key_id) and external keys (any format)

func (*APIkeyStore) StoreAPIKey 

func (aks *APIkeyStore) StoreAPIKey(apiId string, apiKey *APIKey) error

StoreAPIKey stores an API key in the in-memory cache

func (*APIkeyStore) ValidateAPIKey 

func (aks *APIkeyStore) ValidateAPIKey(apiId, apiOperation, operationMethod, providedAPIKey string) (bool, error)

ValidateAPIKey validates the provided API key against the internal APIkey store Supports both local keys (with format: key_id) and external keys (any format)

type Body 

type Body struct {
	// Content is the body payload (may be nil)
	Content []byte

	// EndOfStream indicates if this is the final chunk of body data
	// true = complete body received, false = more chunks may follow
	EndOfStream bool

	// Present indicates if body data is available
	// false = body was not sent or not buffered (e.g., streaming)
	// true = body is available (Content may still be nil for empty bodies)
	Present bool
}

Body represents HTTP request or response body data

type BodyProcessingMode 

type BodyProcessingMode string

BodyProcessingMode defines how a policy processes body content 

const (
	// BodyModeSkip - Don't process body, skip method invocation
	BodyModeSkip BodyProcessingMode = "SKIP"

	// BodyModeBuffer - Process body with full buffering
	// The kernel buffers complete body before invoking OnRequestBody/OnResponseBody
	BodyModeBuffer BodyProcessingMode = "BUFFER"

	// BodyModeStream - Process body in streaming chunks
	// The kernel invokes streaming methods for each chunk (requires StreamingPolicy interface)
	BodyModeStream BodyProcessingMode = "STREAM"
)

type DropHeaderAction added in v0.3.7 

type DropHeaderAction struct {
	Action  string   // Type of the action -> "allow" or "deny"
	Headers []string // Headers list to drop or allow
}

Holds the action and headers list to drop or allow from analytics event

type HeaderProcessingMode 

type HeaderProcessingMode string

HeaderProcessingMode defines how a policy processes headers 

const (
	// HeaderModeSkip - Don't process headers, skip method invocation
	HeaderModeSkip HeaderProcessingMode = "SKIP"

	// HeaderModeProcess - Process headers (headers are always available)
	HeaderModeProcess HeaderProcessingMode = "PROCESS"
)

type Headers 

type Headers struct {
	// contains filtered or unexported fields
}

Headers provides read-only access to HTTP headers for policies. The underlying data is managed by the policy engine kernel.

Policies should use Get(), Has(), and Iterate() methods for read-only access. Direct mutation is not allowed to maintain policy isolation guarantees.

func NewHeaders 

func NewHeaders(values map[string][]string) *Headers

NewHeaders creates a new Headers instance from a map. For internal use by the policy engine kernel only.

If values is nil, an empty map is created.

func (*Headers) Get 

func (h *Headers) Get(name string) []string

Get retrieves all values for a header name (case-insensitive). Returns a defensive copy to prevent modification of the underlying data.

Returns nil if the header does not exist.

Example: 

apiKeys := ctx.Headers.Get("x-api-key")
if len(apiKeys) > 0 {
    key := apiKeys[0]
}

func (*Headers) GetAll 

func (h *Headers) GetAll() map[string][]string

GetAll returns a defensive copy of all headers. Useful for inspection but not recommended for iteration (use Iterate instead).

The returned map and slices are copies, so modifications won't affect the underlying header data.

Example: 

allHeaders := ctx.Headers.GetAll()
for name, values := range allHeaders {
    fmt.Printf("%s: %v\n", name, values)
}

func (*Headers) Has 

func (h *Headers) Has(name string) bool

Has checks if a header exists (case-insensitive).

Example: 

if ctx.Headers.Has("authorization") {
    // Process authorization header
}

func (*Headers) Iterate 

func (h *Headers) Iterate(fn func(name string, values []string))

Iterate iterates over all headers with a callback function. Header values passed to the callback are defensive copies.

Example: 

ctx.Headers.Iterate(func(name string, values []string) {
    for _, value := range values {
        fmt.Printf("%s: %s\n", name, value)
    }
})

func (*Headers) UnsafeInternalValues 

func (h *Headers) UnsafeInternalValues() map[string][]string

UnsafeInternalValues returns direct mutable access to the underlying header map. This method is ONLY for the policy engine kernel.

WARNING - UNSAFE - INTERNAL USE ONLY:

  • Bypasses immutability guarantees
  • Modifications affect all references to this Headers instance
  • MUST only be called by policy engine kernel code (executor, translator)
  • Policies MUST NEVER call this method

Policies should use Get(), Has(), or Iterate() for read-only access.

Improper use can lead to:

  • Race conditions between policies
  • Breaking policy isolation guarantees
  • Undefined behavior in policy execution

This method exists to allow the kernel to orchestrate header mutations while maintaining the policy contract of immutability.

type ImmediateResponse 

type ImmediateResponse struct {
	StatusCode               int
	Headers                  map[string]string
	Body                     []byte
	AnalyticsMetadata        map[string]any            // Custom analytics metadata (key-value pairs)
	DynamicMetadata          map[string]map[string]any // Dynamic metadata by namespace
	DropHeadersFromAnalytics DropHeaderAction          // Headers to be excluded from analytics event
}

ImmediateResponse - short-circuit and return response immediately

func (ImmediateResponse) StopExecution 

func (i ImmediateResponse) StopExecution() bool

type LazyResource added in v0.3.8 

type LazyResource struct {
	// ID uniquely identifies this resource within its type
	ID string `json:"id" yaml:"id"`

	// ResourceType identifies the type of resource (e.g., "LlmProviderTemplate")
	ResourceType string `json:"resource_type" yaml:"resource_type"`

	// Resource contains the actual resource data as a map
	Resource map[string]interface{} `json:"resource" yaml:"resource"`
}

LazyResource represents a generic lazy resource with ID, Resource_Type, and Actual_Resource

type LazyResourceStore added in v0.3.8 

type LazyResourceStore struct {
	// contains filtered or unexported fields
}

LazyResourceStore holds all lazy resources in memory for fast access Used for non-frequently changing resources like LlmProviderTemplates

func GetLazyResourceStoreInstance added in v0.3.8 

func GetLazyResourceStoreInstance() *LazyResourceStore

GetLazyResourceStoreInstance provides a shared instance of LazyResourceStore

func NewLazyResourceStore added in v0.3.8 

func NewLazyResourceStore() *LazyResourceStore

NewLazyResourceStore creates a new in-memory lazy resource store

func (*LazyResourceStore) ClearAll added in v0.3.8 

func (lrs *LazyResourceStore) ClearAll() error

ClearAll removes all resources from the store

func (*LazyResourceStore) GetAllResources added in v0.3.8 

func (lrs *LazyResourceStore) GetAllResources() map[string]*LazyResource

GetAllResources returns all resources

func (*LazyResourceStore) GetResource added in v0.3.8 

func (lrs *LazyResourceStore) GetResource(id string) (*LazyResource, error)

GetResource retrieves a resource by ID (ambiguous if multiple types have same ID)

func (*LazyResourceStore) GetResourceByIDAndType added in v0.3.8 

func (lrs *LazyResourceStore) GetResourceByIDAndType(id, resourceType string) (*LazyResource, error)

GetResourceByIDAndType retrieves a resource by ID and type (precise)

func (*LazyResourceStore) GetResourcesByType added in v0.3.8 

func (lrs *LazyResourceStore) GetResourcesByType(resourceType string) (map[string]*LazyResource, error)

GetResourcesByType retrieves all resources of a specific type

func (*LazyResourceStore) RemoveResource added in v0.3.8 

func (lrs *LazyResourceStore) RemoveResource(id string) error

RemoveResource removes a resource by ID (ambiguous if multiple types have same ID)

func (*LazyResourceStore) RemoveResourceByIDAndType added in v0.3.8 

func (lrs *LazyResourceStore) RemoveResourceByIDAndType(id, resourceType string) error

RemoveResourceByIDAndType removes a resource by ID and type (precise)

func (*LazyResourceStore) RemoveResourcesByType added in v0.3.8 

func (lrs *LazyResourceStore) RemoveResourcesByType(resourceType string) error

RemoveResourcesByType removes all resources of a specific type

func (*LazyResourceStore) ReplaceAll added in v0.3.8 

func (lrs *LazyResourceStore) ReplaceAll(resources []*LazyResource) error

ReplaceAll replaces all resources with the provided set (state-of-the-world approach)

func (*LazyResourceStore) StoreResource added in v0.3.8 

func (lrs *LazyResourceStore) StoreResource(resource *LazyResource) error

StoreResource stores a lazy resource in the in-memory cache

type Level added in v0.3.2 

type Level string

Level defines the attachment level of a policy 

const (
	// LevelAPI indicates the policy is attached at the API level
	LevelAPI Level = "api"

	// LevelRoute indicates the policy is attached at the route level
	LevelRoute Level = "route"
)

type ParameterType 

type ParameterType string

ParameterType defines the type of a policy parameter 

const (
	ParameterTypeString      ParameterType = "string"
	ParameterTypeInt         ParameterType = "int"
	ParameterTypeFloat       ParameterType = "float"
	ParameterTypeBool        ParameterType = "bool"
	ParameterTypeDuration    ParameterType = "duration"
	ParameterTypeStringArray ParameterType = "string_array"
	ParameterTypeIntArray    ParameterType = "int_array"
	ParameterTypeMap         ParameterType = "map"
	ParameterTypeURI         ParameterType = "uri"
	ParameterTypeEmail       ParameterType = "email"
	ParameterTypeHostname    ParameterType = "hostname"
	ParameterTypeIPv4        ParameterType = "ipv4"
	ParameterTypeIPv6        ParameterType = "ipv6"
	ParameterTypeUUID        ParameterType = "uuid"
)

type ParsedAPIKey added in v0.3.7 

type ParsedAPIKey struct {
	APIKey string
	ID     string
}

ParsedAPIKey represents a parsed API key with its components

type Policy 

type Policy interface {

	// Mode returns the policy's processing mode for each phase
	// Used by the kernel to optimize execution (e.g., skip body buffering if not needed)
	Mode() ProcessingMode

	// OnRequest executes the policy during request phase
	// Called with request context including headers and body (if body mode is BUFFER)
	// Returns RequestAction with modifications or immediate response
	// Returns nil if policy has no action (pass-through)
	OnRequest(ctx *RequestContext, params map[string]interface{}) RequestAction

	// OnResponse executes the policy during response phase
	// Called with response context including headers and body (if body mode is BUFFER)
	// Returns ResponseAction with modifications
	// Returns nil if policy has no action (pass-through)
	OnResponse(ctx *ResponseContext, params map[string]interface{}) ResponseAction
}

Policy is the base interface that all policies must implement

type PolicyDefinition 

type PolicyDefinition struct {
	// Policy name (e.g., "jwtValidation", "rateLimiting")
	Name string `yaml:"name" json:"name"`

	// Semantic version of THIS definition (e.g., "v1.0.0", "v2.0.0")
	// Each version gets its own PolicyDefinition
	Version string `yaml:"version" json:"version"`

	// Human-readable description of what this policy version does
	Description string `yaml:"description" json:"description"`

	// Parameters for THIS version
	// Each schema defines name, type, validation rules
	Parameters map[string]interface{} `yaml:"parameters" json:"parameters"`

	// SystemParameters for THIS version
	SystemParameters map[string]interface{} `yaml:"systemParameters" json:"systemParameters"`
}

PolicyDefinition describes a specific version of a policy

type PolicyFactory 

type PolicyFactory func(metadata PolicyMetadata, params map[string]interface{}) (Policy, error)

PolicyFactory is the function signature for creating policy instances Policy implementations must export a GetPolicy function with this signature: 

func GetPolicy(
    metadata PolicyMetadata,
    params map[string]interface{},
) (Policy, error)

Parameters:

  • metadata: Contains route-level metadata (routeName, etc.)
  • params: Merged parameters combining static config (from policy definition with resolved ${config} references) and runtime parameters (from API configuration). Runtime params override static config on key conflicts.

Returns:

  • Policy instance (can be singleton, cached, or per-route)
  • Error if initialization/validation fails

The policy should perform all initialization, validation, and preprocessing in GetPolicy. This includes parsing configuration, caching expensive operations, and setting up any required state.

type PolicyMetadata 

type PolicyMetadata struct {
	// RouteName is the unique identifier for the route this policy is attached to
	RouteName string

	// APIId is the unique identifier of the API this policy belongs to
	APIId string

	// APIName is the name of the API this policy belongs to
	APIName string

	// APIVersion is the version of the API this policy belongs to
	APIVersion string

	// AttachedTo indicates where the policy is attached (e.g., LevelAPI, LevelRoute)
	AttachedTo Level
}

PolicyMetadata contains metadata passed to GetPolicy for instance creation This will be passed to the GetPolicy factory function to provide context about policy

type PolicyParameters 

type PolicyParameters struct {
	// Raw parameter values as received from xDS config (JSON/YAML)
	Raw map[string]interface{}

	// Validated parameters matching the policy's schema
	// Validated at configuration time, not execution time
	// Key: parameter name, Value: typed validated value
	Validated map[string]TypedValue
}

PolicyParameters holds policy configuration with type-safe validated values

type PolicySpec 

type PolicySpec struct {
	// Policy identifier (e.g., "jwtValidation", "rateLimiting")
	// Must match a registered policy name in PolicyRegistry
	Name string `yaml:"name" json:"name"`

	// Semantic version of policy implementation (e.g., "v1.0.0", "v2.1.0")
	// Must match a registered policy version in PolicyRegistry
	Version string `yaml:"version" json:"version"`

	// Static enable/disable toggle
	// If false, policy never executes regardless of ExecutionCondition
	Enabled bool `yaml:"enabled" json:"enabled"`

	// Typed and validated configuration parameters
	// Validated against PolicyDefinition.ParameterSchemas at config time
	Parameters PolicyParameters `yaml:"parameters" json:"parameters"`

	// Optional CEL expression for dynamic conditional execution
	// nil = always execute (when Enabled=true)
	// non-nil = only execute when expression evaluates to true
	// Expression context: RequestContext (request phase) or ResponseContext (response phase)
	ExecutionCondition *string `yaml:"executionCondition,omitempty" json:"executionCondition,omitempty"`
}

PolicySpec is a configuration instance specifying how to use a policy

type ProcessingMode 

type ProcessingMode struct {
	// RequestHeaderMode specifies if/how the policy processes request headers
	RequestHeaderMode HeaderProcessingMode

	// RequestBodyMode specifies if/how the policy processes request body
	RequestBodyMode BodyProcessingMode

	// ResponseHeaderMode specifies if/how the policy processes response headers
	ResponseHeaderMode HeaderProcessingMode

	// ResponseBodyMode specifies if/how the policy processes response body
	ResponseBodyMode BodyProcessingMode
}

ProcessingMode declares a policy's processing requirements for each phase Used by the kernel to optimize execution (skip unnecessary phases, buffer strategically)

type RequestAction 

type RequestAction interface {
	StopExecution() bool // returns true if execution should stop
	// contains filtered or unexported methods
}

RequestAction marker interface (oneof pattern)

type RequestContext 

type RequestContext struct {
	// Shared data across request/response lifecycle
	*SharedContext

	// Current request headers (read-only for policies)
	// Policies use Get(), Has(), Iterate() methods for read-only access
	// Kernel updates via UnsafeInternalValues()
	Headers   *Headers
	Body      *Body
	Path      string
	Method    string
	Authority string
	Scheme    string
	Vhost     string
}

RequestContext is mutable context for request phase containing current request state

type ResponseAction 

type ResponseAction interface {
	StopExecution() bool // returns true if execution should stop
	// contains filtered or unexported methods
}

ResponseAction marker interface (oneof pattern)

type ResponseContext 

type ResponseContext struct {
	// Shared data across request/response lifecycle
	*SharedContext

	// Original request data (immutable, from request phase)
	RequestHeaders *Headers
	RequestBody    *Body
	RequestPath    string
	RequestMethod  string

	// Current response headers (read-only for policies)
	// Policies use Get(), Has(), Iterate() methods for read-only access
	// Kernel updates via UnsafeInternalValues()
	ResponseHeaders *Headers

	// Current response body (mutable)
	// nil if no body or body not required
	ResponseBody *Body

	// Current response status code (mutable)
	ResponseStatus int
}

ResponseContext is context for response phase containing request and response state

type SharedContext 

type SharedContext struct {
	// ProjectID is the project ID which the API is associated with
	ProjectID string

	// Unique request identifier for correlation
	// Generated by Kernel, immutable
	RequestID string

	// Shared metadata for inter-policy communication
	// Persists from request phase through response phase
	// Policies read/write this map to coordinate behavior
	Metadata map[string]interface{}

	// APIId is the unique identifier of the API (e.g., UUID)
	APIId string

	// APIName is the name of the API (e.g., "PetStore")
	APIName string

	// APIVersion is the version of the API (e.g., "v1.0.0")
	APIVersion string

	// APIKind is the type of the API
	APIKind string

	// APIContext is the base context path of the API (e.g., "/petstore")
	// This is the base path without the version
	APIContext string

	// OperationPath is the operation path pattern from the API definition
	// (e.g., "/pets/{id}" for a parameterized path)
	// This differs from RequestContext.Path which contains the actual request path
	// with resolved parameters (e.g., "/petstore/v1.0.0/pets/123")
	OperationPath string

	// AuthContext stores authentication-related information
	// Policies can read/write this map to share auth data (e.g., user ID)
	AuthContext map[string]string
}

SharedContext contains data shared across request and response phases

type TypedValue 

type TypedValue struct {
	// Parameter type (string, int, float, bool, duration, array, map, uri, email, etc.)
	Type ParameterType

	// Actual value after validation and type conversion
	// Go native type matching ParameterType:
	//   string → string
	//   int → int64
	//   float → float64
	//   bool → bool
	//   duration → time.Duration
	//   string_array → []string
	//   int_array → []int64
	//   uri → string (validated as URI)
	//   email → string (validated as email)
	//   hostname → string (validated as hostname)
	//   ipv4 → string (validated as IPv4)
	//   ipv6 → string (validated as IPv6)
	//   uuid → string (validated as UUID)
	//   map → map[string]interface{}
	Value interface{}
}

TypedValue represents a validated parameter value with type information

type UpstreamRequestModifications 

type UpstreamRequestModifications struct {
	SetHeaders               map[string]string         // Set or replace headers
	RemoveHeaders            []string                  // Headers to remove
	AppendHeaders            map[string][]string       // Headers to append
	AddQueryParameters       map[string][]string       // Query parameters to add
	RemoveQueryParameters    []string                  // Query parameters to remove
	Body                     []byte                    // nil = no change, []byte{} = clear
	Path                     *string                   // nil = no change
	Method                   *string                   // nil = no change
	AnalyticsMetadata        map[string]any            // Custom analytics metadata (key-value pairs)
	DynamicMetadata          map[string]map[string]any // Dynamic metadata by namespace
	DropHeadersFromAnalytics DropHeaderAction          // Request headers to exclude from analytics event
}

UpstreamRequestModifications - continue request to upstream with modifications

func (UpstreamRequestModifications) StopExecution 

func (u UpstreamRequestModifications) StopExecution() bool

type UpstreamResponseModifications 

type UpstreamResponseModifications struct {
	SetHeaders               map[string]string         // Set or replace headers
	RemoveHeaders            []string                  // Headers to remove
	AppendHeaders            map[string][]string       // Headers to append
	Body                     []byte                    // nil = no change, []byte{} = clear
	StatusCode               *int                      // nil = no change
	AnalyticsMetadata        map[string]any            // Custom analytics metadata (key-value pairs)
	DynamicMetadata          map[string]map[string]any // Dynamic metadata by namespace
	DropHeadersFromAnalytics DropHeaderAction          // Response headers to exclude from analytics event
}

UpstreamResponseModifications - modify response from upstream

func (UpstreamResponseModifications) StopExecution 

func (u UpstreamResponseModifications) StopExecution() bool

type ValidationRules 

type ValidationRules struct {
	// String validation
	MinLength *int
	MaxLength *int
	Pattern   string // regex pattern
	Format    string // email, uri, hostname, ipv4, ipv6, uuid
	Enum      []string

	// Numeric validation (int, float)
	Min        *float64
	Max        *float64
	MultipleOf *float64

	// Array validation
	MinItems    *int
	MaxItems    *int
	UniqueItems bool

	// Duration validation
	MinDuration *time.Duration
	MaxDuration *time.Duration

	// Custom CEL validation expression
	// Expression context: value
	// Must return bool
	CustomValidation *string
}

ValidationRules contains type-specific validation constraints

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.