chrischdi/memory.md

## memory.md

      
    Raw
  

              memory.md
            
          
    Memory utilization:

Snippet how opa is started (it is a container spec for a kubernetes pod):
  - name: opa
    image: reg-dhc.app.corpintra.net/caas/opa:0.10.1
    imagePullPolicy: Always
    args:
    - run
    - --server
    - --addr=https://127.0.0.1:8181
    - --tls-cert-file=/etc/kubernetes/ssl/policy-controller/opa-cert.pem
    - --tls-private-key-file=/etc/kubernetes/ssl/policy-controller/opa-key.key
    - /policy
    - /etc/kubernetes/ssl/policy-controller/policy-controller.authorization.rego
    - -l=info
    - -w


## x.go
package main

import (
	"bytes"
	"crypto/tls"
	"encoding/json"
	"log"
	"net/http"

	"github.com/open-policy-agent/opa/server/types"
)

func postAuthorizationQuery() {

	var body types.QueryRequestV1

	body.Query = `
		data.authorization.deny[{
			"id": id,
			"resource": {"kind": "globalfelixconfigs", "namespace": "", "name": "hcbGbrFyuP"},
			"resolution": resolution,
		}] with data["kubernetes"]["globalfelixconfigs"][""]["hcbGbrFyuP"] as {} with input as {
			"kind":"SubjectAccessReview",
			"apiVersion":"authorization.k8s.io/v1beta1",
			"metadata":{
				"creationTimestamp":null
			},
			"spec":{
				"resourceAttributes":{
					"verb":"create",
					"group":"crd.projectcalico.org",
					"version":"v1",
					"resource":"globalfelixconfigs"
				},
				"user":"bob",
				"group":["dhc:cni","system:authenticated"]
			},
		}`

	var buf bytes.Buffer
	encoder := json.NewEncoder(&buf)
	if err := encoder.Encode(body); err != nil {
		log.Fatal(err)
	}

	req, err := http.NewRequest("POST", "https://localhost:8181/v1/query", &buf)
	if err != nil {
		log.Fatal(err)
	}

	tr := &http.Transport{
		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
	}
	client := &http.Client{Transport: tr}

	resp, err := client.Do(req)
	if err != nil {
		log.Fatal(err)
	}

	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		log.Fatal(resp)
	}

	var x interface{}

	if err := json.NewDecoder(resp.Body).Decode(&x); err != nil {
		log.Fatal(err)
	}

	//	fmt.Println(x)

}

func main() {
	//	postAuthorizationQuery()
	for {
		postAuthorizationQuery()
	}
}
	package main

	import (
	"bytes"
	"crypto/tls"
	"encoding/json"
	"log"
	"net/http"

	"github.com/open-policy-agent/opa/server/types"
	)

	func postAuthorizationQuery() {

	var body types.QueryRequestV1

	body.Query = `
	data.authorization.deny[{
	"id": id,
	"resource": {"kind": "globalfelixconfigs", "namespace": "", "name": "hcbGbrFyuP"},
	"resolution": resolution,
	}] with data["kubernetes"]["globalfelixconfigs"][""]["hcbGbrFyuP"] as {} with input as {
	"kind":"SubjectAccessReview",
	"apiVersion":"authorization.k8s.io/v1beta1",
	"metadata":{
	"creationTimestamp":null
	},
	"spec":{
	"resourceAttributes":{
	"verb":"create",
	"group":"crd.projectcalico.org",
	"version":"v1",
	"resource":"globalfelixconfigs"
	},
	"user":"bob",
	"group":["dhc:cni","system:authenticated"]
	},
	}`

	var buf bytes.Buffer
	encoder := json.NewEncoder(&buf)
	if err := encoder.Encode(body); err != nil {
	log.Fatal(err)
	}

	req, err := http.NewRequest("POST", "https://localhost:8181/v1/query", &buf)
	if err != nil {
	log.Fatal(err)
	}

	tr := &http.Transport{
	TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
	}
	client := &http.Client{Transport: tr}

	resp, err := client.Do(req)
	if err != nil {
	log.Fatal(err)
	}

	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
	log.Fatal(resp)
	}

	var x interface{}

	if err := json.NewDecoder(resp.Body).Decode(&x); err != nil {
	log.Fatal(err)
	}

	// fmt.Println(x)

	}

	func main() {
	// postAuthorizationQuery()
	for {
	postAuthorizationQuery()
	}
	}