Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Introduces the ability to configure a second fallback storage driver using a configurable circuit breaker pattern. Signed-off-by: Sam Lock <sam@swlock.co.uk> Co-authored-by: Charith Ellawala <charithe@users.noreply.github.com>
- Loading branch information
1 parent
5aca50e
commit d0b3f79
Showing
12 changed files
with
663 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
// Copyright 2021-2023 Zenauth Ltd. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
package overlay | ||
|
||
import ( | ||
"errors" | ||
"time" | ||
|
||
"github.com/cerbos/cerbos/internal/config" | ||
"github.com/cerbos/cerbos/internal/storage" | ||
"go.uber.org/multierr" | ||
) | ||
|
||
const ( | ||
confKey = storage.ConfKey + ".overlay" | ||
defaultFallbackErrorThreshold = 5 | ||
defaultFallbackErrorWindow = 5 * time.Minute | ||
) | ||
|
||
// Conf is required (if driver is set to 'overlay') configuration for overlay storage driver. | ||
// +desc=This section is required only if storage.driver is overlay. | ||
type Conf struct { | ||
// BaseDriver is the default storage driver | ||
BaseDriver string `yaml:"baseDriver" conf:"required,example=blob"` | ||
// FallbackDriver is the secondary or fallback storage driver | ||
FallbackDriver string `yaml:"fallbackDriver" conf:"required,example=disk"` | ||
// FallbackErrorThreshold is the max number of errors we allow within the fallbackErrorWindow period | ||
FallbackErrorThreshold int `yaml:"fallbackErrorThreshold,omitempty" conf:",example=5"` | ||
// FallbackErrorWindow is the cyclic period within which we aggregate failures | ||
FallbackErrorWindow time.Duration `yaml:"fallbackErrorWindow" conf:",example=5m"` | ||
} | ||
|
||
func (conf *Conf) Key() string { | ||
return confKey | ||
} | ||
|
||
func (conf *Conf) Validate() error { | ||
var errs []error | ||
|
||
if conf.BaseDriver == "" { | ||
errs = append(errs, errors.New("baseDriver is required")) | ||
} | ||
|
||
if conf.FallbackDriver == "" { | ||
errs = append(errs, errors.New("fallbackDriver is required")) | ||
} | ||
|
||
if conf.BaseDriver != "" && conf.BaseDriver == conf.FallbackDriver { | ||
errs = append(errs, errors.New("baseDriver and fallbackDriver cannot be the same")) | ||
} | ||
|
||
if len(errs) > 0 { | ||
return multierr.Combine(errs...) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func (conf *Conf) SetDefaults() { | ||
if conf.FallbackErrorThreshold == 0 { | ||
conf.FallbackErrorThreshold = defaultFallbackErrorThreshold | ||
} | ||
if conf.FallbackErrorWindow == 0 { | ||
conf.FallbackErrorWindow = defaultFallbackErrorWindow | ||
} | ||
} | ||
|
||
func GetConf() (*Conf, error) { | ||
conf := &Conf{} | ||
err := config.GetSection(conf) | ||
|
||
return conf, err | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
// Copyright 2021-2023 Zenauth Ltd. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
package overlay | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/cerbos/cerbos/internal/engine" | ||
"github.com/cerbos/cerbos/internal/schema" | ||
) | ||
|
||
// The interface is defined here because placing in storage causes a circular dependency, | ||
// probably because it blurs the lines by implementing `SourceStore` whilst having a dependency on | ||
// `schema` in order to build the compile managers in the GetOverlayPolicyLoader method. | ||
type Overlay interface { | ||
// GetOverlayPolicyLoader returns a PolicyLoader implementation that wraps two SourceStores | ||
GetOverlayPolicyLoader(ctx context.Context, schemaMgr schema.Manager) (engine.PolicyLoader, error) | ||
} |
Oops, something went wrong.