Documentation
¶
Index ¶
Constants ¶
const ( // PolicyModeNoop indicates no real policy engine is configured. // All policy checks pass silently. Profiles with a policy_ref will // not have that policy enforced. PolicyModeNoop = "noop" // PolicyModeUnknown is used when the evaluator does not implement // PolicyModer and its mode cannot be determined. PolicyModeUnknown = "unknown" )
Policy mode constants identify the active evaluation strategy. Use these rather than raw strings when branching on policy mode.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type NoOpPolicyEvaluator ¶
type NoOpPolicyEvaluator struct{}
NoOpPolicyEvaluator is the default policy evaluator used when no real policy engine is configured yet.
func (NoOpPolicyEvaluator) Evaluate ¶
func (n NoOpPolicyEvaluator) Evaluate(ctx context.Context, input PolicyInput) (PolicyResult, error)
Evaluate always allows the request. No policy logic is applied. Callers can detect noop mode via PolicyMode() rather than by checking the result reason.
func (NoOpPolicyEvaluator) PolicyMode ¶
func (NoOpPolicyEvaluator) PolicyMode() string
PolicyMode implements PolicyModer. It returns PolicyModeNoop so callers can detect and surface the active policy mode without importing this package.
type PolicyEvaluator ¶
type PolicyEvaluator interface {
Evaluate(ctx context.Context, input PolicyInput) (PolicyResult, error)
}
PolicyEvaluator defines the policy evaluation boundary. Implementations may be no-op, embedded OPA, or enterprise extensions.
type PolicyInput ¶
PolicyInput is the structured input passed from the orchestrator to the policy layer.
type PolicyModer ¶
type PolicyModer interface {
PolicyMode() string
}
PolicyModer is an optional interface that policy evaluators may implement to expose their operating mode. Callers use this for transparency and observability without importing concrete evaluator types.
type PolicyResult ¶
PolicyResult is the result returned by a policy evaluation.
Source Files