Documentation
¶
Index ¶
Constants ¶
View Source
const (
// NonRestrictiveBuiltin is used in builtin definition categories to mark a builtin as non-suitable for Chainloop's restrictive mode
NonRestrictiveBuiltin = "non-restrictive"
)
Variables ¶
This section is empty.
Functions ¶
func Register ¶
func Register(def *ast.Builtin, builtinFunc topdown.BuiltinFunc) error
Register registers built-ins globally with OPA This should be called once during initialization
func RegisterDiscoverBuiltin ¶
func RegisterDiscoverBuiltin(conn *grpc.ClientConn) error
RegisterDiscoverBuiltin is used to register chainloop's Discover endpoint as a builtin Rego function with signature:
chainloop.discover(digest, kind)
For instance, to get the references for an CONTAINER_IMAGE material, and fail if any of them is an attestation with policy violations: ```
violations contains msg if {
digest := sprintf("sha256:%s",[input.chainloop_metadata.digest.sha256])
discovered := chainloop.discover(digest, "")
some ref in discovered.references
ref.kind == "ATTESTATION"
ref.metadata.hasPolicyViolations == "true"
msg:= sprintf("attestation with digest %s contains policy violations [name: %s, project: %s, org: %s]", [ref.digest, ref.metadata.name, ref.metadata.project, ref.metadata.organization])
}
```
func RegisterHelloBuiltin ¶
func RegisterHelloBuiltin() error
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.