predicates

package module
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 21, 2026 License: Apache-2.0 Imports: 8 Imported by: 3

README

Policy Material Predicates

This repository contains wrappers around the 🔴🟡🟢 AMPEL policy material elements to implement the Carabiner Attestation Framework interfaces.

This repository is designed to be minimal and the module hosted here is intended to be used only by programs that want to treat Policies or Results as attestations following the in-toto compatible carabiner tools.

Documentation

Index

Constants

View Source 
const (
	PredicateTypePolicy  attestation.PredicateType = "https://carabiner.dev/ampel/policy/v0"
	PredicateTypePolicy0 attestation.PredicateType = "https://carabiner.dev/ampel/policy/v0.0.1"
)
View Source 
const (
	PredicateTypePolicySet  attestation.PredicateType = "https://carabiner.dev/ampel/policyset/v0"
	PredicateTypePolicySet0 attestation.PredicateType = "https://carabiner.dev/ampel/policyset/v0.0.1"
)
View Source 
const (
	PredicateTypeResult  attestation.PredicateType = "https://carabiner.dev/ampel/result/v0"
	PredicateTypeResult0 attestation.PredicateType = "https://carabiner.dev/ampel/results/v0.0.1"
)
View Source 
const PredicateTypePolicyGroup attestation.PredicateType = "https://carabiner.dev/ampel/policygroup/v0"
View Source 
const PredicateTypeResultGroup attestation.PredicateType = "https://carabiner.dev/ampel/resultgroup/v0"
View Source 
const PredicateTypeResultSet attestation.PredicateType = "https://carabiner.dev/ampel/resultset/v0"

Variables

View Source 
var PredicateTypes = []attestation.PredicateType{
	PredicateTypePolicy,
	PredicateTypePolicySet,
	PredicateTypePolicyGroup,

	PredicateTypeResult,
	PredicateTypeResultSet,
	PredicateTypeResultGroup,

	PredicateTypePolicy0,
	PredicateTypePolicySet0,
	PredicateTypeResult0,
}

PredicateTypes is a slice of all the predicate types

Functions

This section is empty.

Types

type Parser 

type Parser struct{}

func New 

func New() *Parser

func (*Parser) Parse 

func (p *Parser) Parse(data []byte) (attestation.Predicate, error)

Parse takes JSON data and returns any of the supported predicates if it parses

func (*Parser) ParsePolicyGroupPredicate 

func (p *Parser) ParsePolicyGroupPredicate(data []byte) (attestation.Predicate, error)

func (*Parser) ParsePolicyPredicate 

func (p *Parser) ParsePolicyPredicate(data []byte) (attestation.Predicate, error)

func (*Parser) ParsePolicySetPredicate 

func (p *Parser) ParsePolicySetPredicate(data []byte) (attestation.Predicate, error)

func (*Parser) ParseResultGroupPredicate 

func (p *Parser) ParseResultGroupPredicate(data []byte) (attestation.Predicate, error)

func (*Parser) ParseResultPredicate 

func (p *Parser) ParseResultPredicate(data []byte) (attestation.Predicate, error)

func (*Parser) ParseResultSetPredicate 

func (p *Parser) ParseResultSetPredicate(data []byte) (attestation.Predicate, error)

func (*Parser) SupportsType 

func (*Parser) SupportsType(predTypes ...attestation.PredicateType) bool

type ParserPolicyGroupPredicate 

type ParserPolicyGroupPredicate struct{}

func NewParserPolicyGroupPredicate 

func NewParserPolicyGroupPredicate() *ParserPolicyGroupPredicate

func (*ParserPolicyGroupPredicate) Parse 

func (p *ParserPolicyGroupPredicate) Parse(data []byte) (attestation.Predicate, error)

func (*ParserPolicyGroupPredicate) SupportsType 

func (p *ParserPolicyGroupPredicate) SupportsType(predTypes ...attestation.PredicateType) bool

type ParserPolicyPredicate 

type ParserPolicyPredicate struct{}

func NewParserPolicyPredicate 

func NewParserPolicyPredicate() *ParserPolicyPredicate

func (*ParserPolicyPredicate) Parse 

func (p *ParserPolicyPredicate) Parse(data []byte) (attestation.Predicate, error)

func (*ParserPolicyPredicate) SupportsType 

func (p *ParserPolicyPredicate) SupportsType(predTypes ...attestation.PredicateType) bool

type ParserPolicySetPredicate 

type ParserPolicySetPredicate struct{}

func NewParserPolicySetPredicate 

func NewParserPolicySetPredicate() *ParserPolicySetPredicate

func (*ParserPolicySetPredicate) Parse 

func (p *ParserPolicySetPredicate) Parse(data []byte) (attestation.Predicate, error)

func (*ParserPolicySetPredicate) SupportsType 

func (p *ParserPolicySetPredicate) SupportsType(predTypes ...attestation.PredicateType) bool

type ParserResultGroupPredicate 

type ParserResultGroupPredicate struct{}

func NewParserResultGroupPredicate 

func NewParserResultGroupPredicate() *ParserResultGroupPredicate

func (*ParserResultGroupPredicate) Parse 

func (p *ParserResultGroupPredicate) Parse(data []byte) (attestation.Predicate, error)

func (*ParserResultGroupPredicate) SupportsType 

func (p *ParserResultGroupPredicate) SupportsType(predTypes ...attestation.PredicateType) bool

type ParserResultPredicate 

type ParserResultPredicate struct{}

func NewParserResultPredicate 

func NewParserResultPredicate() *ParserResultPredicate

func (*ParserResultPredicate) Parse 

func (p *ParserResultPredicate) Parse(data []byte) (attestation.Predicate, error)

func (*ParserResultPredicate) SupportsType 

func (p *ParserResultPredicate) SupportsType(predTypes ...attestation.PredicateType) bool

type ParserResultSetPredicate 

type ParserResultSetPredicate struct{}

func NewParserResultSetPredicate 

func NewParserResultSetPredicate() *ParserResultSetPredicate

func (*ParserResultSetPredicate) Parse 

func (p *ParserResultSetPredicate) Parse(data []byte) (attestation.Predicate, error)

func (*ParserResultSetPredicate) SupportsType 

func (p *ParserResultSetPredicate) SupportsType(predTypes ...attestation.PredicateType) bool

type Policy 

type Policy struct {
	Parsed *v1.Policy
	Data   []byte
	// contains filtered or unexported fields
}

Policy (or rather predicate.Policy) is a wrapper around the policy proto message that implements the ampel attestation predicate interface.

func (*Policy) GetData 

func (p *Policy) GetData() []byte

GetData returns the policy data serialized as JSON.

func (*Policy) GetOrigin 

func (p *Policy) GetOrigin() attestation.Subject

GetOrigin calls the underlying method of the same name

func (*Policy) GetParsed 

func (p *Policy) GetParsed() any

GetParsed returns the Go policy object.

func (*Policy) GetType 

func (p *Policy) GetType() attestation.PredicateType

func (*Policy) GetVerification 

func (p *Policy) GetVerification() attestation.Verification

GetVerification returns the signature verification generated from the envelope parser. The verification may contain details about the integrity, identity and signature guarding the PolicySet.

func (*Policy) MarshalJSON 

func (p *Policy) MarshalJSON() ([]byte, error)

MarshalJSON implements the JSON marshaler interface. It reuses any pre parsed data already stored in the predicate.

func (*Policy) SetOrigin 

func (p *Policy) SetOrigin(origin attestation.Subject)

SetOrigin calls the underlting method of the same name

func (*Policy) SetType 

func (p *Policy) SetType(attestation.PredicateType) error

func (*Policy) SetVerification 

func (p *Policy) SetVerification(verification attestation.Verification)

SetVerification gets the signature verification data from the envelope parser before discarding the envelope. This is supposed the be stored for later retrieval.

type PolicyGroup 

type PolicyGroup struct {
	Parsed *v1.PolicyGroup
	Data   []byte
	// contains filtered or unexported fields
}

Policy (or rather predicate.Policy) is a wrapper around the policy proto message that implements the ampel attestation predicate interface.

func (*PolicyGroup) GetData 

func (grp *PolicyGroup) GetData() []byte

GetData returns the policy data serialized as JSON.

func (*PolicyGroup) GetOrigin 

func (grp *PolicyGroup) GetOrigin() attestation.Subject

GetOrigin calls the underlying method of the same name

func (*PolicyGroup) GetParsed 

func (grp *PolicyGroup) GetParsed() any

GetParsed returns the Go policy object.

func (*PolicyGroup) GetType 

func (grp *PolicyGroup) GetType() attestation.PredicateType

func (*PolicyGroup) GetVerification 

func (grp *PolicyGroup) GetVerification() attestation.Verification

GetVerification returns the signature verification generated from the envelope parser. The verification may contain details about the integrity, identity and signature guarding the PolicyGroup.

func (*PolicyGroup) MarshalJSON 

func (grp *PolicyGroup) MarshalJSON() ([]byte, error)

MarshalJSON implements the JSON marshaler interface. It reuses any pre parsed data already stored in the predicate.

func (*PolicyGroup) SetOrigin 

func (grp *PolicyGroup) SetOrigin(origin attestation.Subject)

SetOrigin calls the underlying method of the same name

func (*PolicyGroup) SetType 

func (grp *PolicyGroup) SetType(attestation.PredicateType) error

func (*PolicyGroup) SetVerification 

func (grp *PolicyGroup) SetVerification(verification attestation.Verification)

SetVerification gets the signature verification data from the envelope parser before discarding the envelope. This is supposed the be stored for later retrieval.

type PolicySet 

type PolicySet struct {
	Parsed *v1.PolicySet
	Data   []byte
	// contains filtered or unexported fields
}

PolicySet (predicate.Policy) is a wrapper around the policySet proto message that implements the ampel attestation predicate interface.

func (*PolicySet) GetData 

func (set *PolicySet) GetData() []byte

GetData returns the PolicySet data serialized as JSON.

func (*PolicySet) GetOrigin 

func (set *PolicySet) GetOrigin() attestation.Subject

GetOrigin calls the underlying method of the same name

func (*PolicySet) GetParsed 

func (set *PolicySet) GetParsed() any

GetParsed returns the Go PolicySet object.

func (*PolicySet) GetType 

func (set *PolicySet) GetType() attestation.PredicateType

func (*PolicySet) GetVerification 

func (set *PolicySet) GetVerification() attestation.Verification

GetVerification returns the signature verification generated from the envelope parser. The verification may contain details about the integrity, identity and signature guarding the PolicySet.

func (*PolicySet) MarshalJSON 

func (set *PolicySet) MarshalJSON() ([]byte, error)

MarshalJSON implements the JSON marshaler interface. It reuses any pre parsed data already stored in the predicate.

func (*PolicySet) SetOrigin 

func (set *PolicySet) SetOrigin(origin attestation.Subject)

SetOrigin calls the underlting method of the same name

func (*PolicySet) SetType 

func (set *PolicySet) SetType(attestation.PredicateType) error

func (*PolicySet) SetVerification 

func (set *PolicySet) SetVerification(verification attestation.Verification)

SetVerification gets the signature verification data from the envelope parser before discarding the envelope. This is supposed the be stored for later retrieval.

type Result 

type Result struct {
	Parsed *v1.Result
	Data   []byte
	// contains filtered or unexported fields
}

Result (or rather predicates.Result) is a wrapper around the policy evaluation results proto message that ampel generates with --attest

func (*Result) GetData 

func (r *Result) GetData() []byte

GetData returns the policy data serialized as JSON.

func (*Result) GetOrigin 

func (r *Result) GetOrigin() attestation.Subject

GetOrigin calls the underlying method of the same name

func (*Result) GetParsed 

func (r *Result) GetParsed() any

GetParsed returns the Go policy object.

func (*Result) GetType 

func (r *Result) GetType() attestation.PredicateType

func (*Result) GetVerification 

func (r *Result) GetVerification() attestation.Verification

GetVerification returns the signature verification generated from the envelope parser. The verification may contain details about the integrity, identity and signature guarding the PolicySet.

func (*Result) MarshalJSON 

func (r *Result) MarshalJSON() ([]byte, error)

MarshalJSON implements the JSON marshaler interface. It reuses any pre parsed data already stored in the predicate.

func (*Result) SetOrigin 

func (r *Result) SetOrigin(origin attestation.Subject)

SetOrigin calls the underlying method of the same name

func (*Result) SetType 

func (r *Result) SetType(attestation.PredicateType) error

func (*Result) SetVerification 

func (r *Result) SetVerification(verification attestation.Verification)

SetVerification gets the signature verification data from the envelope parser before discarding the envelope. This is supposed the be stored for later retrieval.

type ResultGroup 

type ResultGroup struct {
	Parsed *v1.ResultGroup
	Data   []byte
	// contains filtered or unexported fields
}

ResultGroup (or rather predicates.ResultSet) is a wrapper around the policyset evaluation results proto message that ampel generates with --attest

func (*ResultGroup) GetData 

func (r *ResultGroup) GetData() []byte

GetData returns the policy data serialized as JSON.

func (*ResultGroup) GetOrigin 

func (r *ResultGroup) GetOrigin() attestation.Subject

GetOrigin calls the underlying method of the same name

func (*ResultGroup) GetParsed 

func (r *ResultGroup) GetParsed() any

GetParsed returns the Go policy object.

func (*ResultGroup) GetType 

func (r *ResultGroup) GetType() attestation.PredicateType

func (*ResultGroup) GetVerification 

func (r *ResultGroup) GetVerification() attestation.Verification

GetVerification returns the signature verification generated from the envelope parser. The verification may contain details about the integrity, identity and signature guarding the PolicySet.

func (*ResultGroup) MarshalJSON 

func (r *ResultGroup) MarshalJSON() ([]byte, error)

MarshalJSON implements the JSON marshaler interface. It reuses any pre parsed data already stored in the predicate.

func (*ResultGroup) SetOrigin 

func (r *ResultGroup) SetOrigin(origin attestation.Subject)

SetOrigin calls the underlying method of the same name

func (*ResultGroup) SetType 

func (r *ResultGroup) SetType(attestation.PredicateType) error

func (*ResultGroup) SetVerification 

func (r *ResultGroup) SetVerification(verification attestation.Verification)

SetVerification gets the signature verification data from the envelope parser before discarding the envelope. This is supposed the be stored for later retrieval.

type ResultSet 

type ResultSet struct {
	Parsed *v1.ResultSet
	Data   []byte
	// contains filtered or unexported fields
}

Result (or rather predicates.ResultSet) is a wrapper around the policyset evaluation results proto message that ampel generates with --attest

func (*ResultSet) GetData 

func (r *ResultSet) GetData() []byte

GetData returns the policy data serialized as JSON.

func (*ResultSet) GetOrigin 

func (r *ResultSet) GetOrigin() attestation.Subject

GetOrigin calls the underlying method of the same name

func (*ResultSet) GetParsed 

func (r *ResultSet) GetParsed() any

GetParsed returns the Go policy object.

func (*ResultSet) GetType 

func (r *ResultSet) GetType() attestation.PredicateType

func (*ResultSet) GetVerification 

func (r *ResultSet) GetVerification() attestation.Verification

GetVerification returns the signature verification generated from the envelope parser. The verification may contain details about the integrity, identity and signature guarding the PolicySet.

func (*ResultSet) MarshalJSON 

func (r *ResultSet) MarshalJSON() ([]byte, error)

MarshalJSON implements the JSON marshaler interface. It reuses any pre parsed data already stored in the predicate.

func (*ResultSet) SetOrigin 

func (r *ResultSet) SetOrigin(origin attestation.Subject)

SetOrigin calls the underlying method of the same name

func (*ResultSet) SetType 

func (r *ResultSet) SetType(attestation.PredicateType) error

func (*ResultSet) SetVerification 

func (r *ResultSet) SetVerification(verification attestation.Verification)

SetVerification gets the signature verification data from the envelope parser before discarding the envelope. This is supposed the be stored for later retrieval.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.