Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateDiscoverHostFunctions ¶
func CreateDiscoverHostFunctions(conn *grpc.ClientConn) []extism.HostFunction
CreateDiscoverHostFunctions creates Extism host functions for the discover builtin. Returns two host functions - one for each supported namespace: 1. "env" namespace for Go (TinyGo) policies 2. "extism:host/user" namespace for JavaScript policies
func RegisterDiscoverBuiltin ¶
func RegisterDiscoverBuiltin(conn *grpc.ClientConn) error
RegisterDiscoverBuiltin registers chainloop's Discover endpoint as a builtin Rego function with signature:
chainloop.discover(digest, kind)
For instance, to get the references for an CONTAINER_IMAGE material, and fail if any of them is an attestation with policy violations: ```
violations contains msg if {
digest := sprintf("sha256:%s",[input.chainloop_metadata.digest.sha256])
discovered := chainloop.discover(digest, "")
some ref in discovered.references
ref.kind == "ATTESTATION"
ref.metadata.hasPolicyViolations == "true"
msg:= sprintf("attestation with digest %s contains policy violations [name: %s, project: %s, org: %s]", [ref.digest, ref.metadata.name, ref.metadata.project, ref.metadata.organization])
}
```
Types ¶
type DiscoverService ¶
type DiscoverService struct {
// contains filtered or unexported fields
}
DiscoverService wraps the gRPC discover functionality to be shared across engines
func NewDiscoverService ¶
func NewDiscoverService(conn *grpc.ClientConn) *DiscoverService
NewDiscoverService creates a new discover service
func (*DiscoverService) Discover ¶
func (s *DiscoverService) Discover(ctx context.Context, digest, kind string) (*v1.ReferrerServiceDiscoverPrivateResponse, error)
Discover calls the DiscoverPrivate gRPC endpoint to get artifact graph data
Source Files
Click to show internal directories.
Click to hide internal directories.