Documentation
¶
Index ¶
- type PolicyEngine
- func (e *PolicyEngine) AddRule(rule PolicyRule) error
- func (e *PolicyEngine) EvaluateResource(ctx context.Context, instance config.ResourceInstance) ([]PolicyViolation, error)
- func (e *PolicyEngine) GetViolationsByResource(violations []PolicyViolation) map[string][]PolicyViolation
- func (e *PolicyEngine) GetViolationsBySeverity(violations []PolicyViolation) map[string][]PolicyViolation
- func (e *PolicyEngine) HasErrors(violations []PolicyViolation) bool
- func (e *PolicyEngine) LoadBuiltinPolicies() error
- type PolicyRule
- type PolicyViolation
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PolicyEngine ¶
type PolicyEngine struct {
// contains filtered or unexported fields
}
PolicyEngine evaluates policies against resources
func NewPolicyEngine ¶
func NewPolicyEngine() *PolicyEngine
NewPolicyEngine creates a new policy engine
func (*PolicyEngine) AddRule ¶
func (e *PolicyEngine) AddRule(rule PolicyRule) error
AddRule adds a policy rule to the engine
func (*PolicyEngine) EvaluateResource ¶
func (e *PolicyEngine) EvaluateResource(ctx context.Context, instance config.ResourceInstance) ([]PolicyViolation, error)
EvaluateResource evaluates all policies against a resource
func (*PolicyEngine) GetViolationsByResource ¶
func (e *PolicyEngine) GetViolationsByResource(violations []PolicyViolation) map[string][]PolicyViolation
GetViolationsByResource returns violations grouped by resource
func (*PolicyEngine) GetViolationsBySeverity ¶
func (e *PolicyEngine) GetViolationsBySeverity(violations []PolicyViolation) map[string][]PolicyViolation
GetViolationsBySeverity returns violations grouped by severity
func (*PolicyEngine) HasErrors ¶
func (e *PolicyEngine) HasErrors(violations []PolicyViolation) bool
HasErrors returns true if there are any error-level violations
func (*PolicyEngine) LoadBuiltinPolicies ¶
func (e *PolicyEngine) LoadBuiltinPolicies() error
LoadBuiltinPolicies loads common built-in policies
type PolicyRule ¶
type PolicyRule struct {
Name string `yaml:"name"`
Description string `yaml:"description"`
Severity string `yaml:"severity"` // error, warning, info
Condition string `yaml:"condition"`
Message string `yaml:"message"`
Metadata map[string]interface{} `yaml:"metadata"`
}
PolicyRule represents a single policy rule
type PolicyViolation ¶
type PolicyViolation struct {
Rule *PolicyRule
ResourceID string
ResourceKind string
Message string
Severity string
Metadata map[string]interface{}
}
PolicyViolation represents a policy violation
Source Files
Click to show internal directories.
Click to hide internal directories.