rego

package
v1.62.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func InjectBoilerplate added in v1.61.0 

func InjectBoilerplate(policySource []byte, policyName string) ([]byte, error)

InjectBoilerplate automatically injects common policy boilerplate if it doesn't exist. This allows users to write simplified policies with only the violations rules. Requirements: Policy must have package declaration and import rego.v1 The function: - Parses the policy using OPA's AST - Detects which boilerplate rules are missing - Injects only the missing rules after package and imports

Types

type Engine added in v1.39.0 

type Engine struct {

	// Embed common engine options
	*engine.CommonEngineOptions
	// contains filtered or unexported fields
}

Engine policy checker for chainloop attestations and materials

func NewEngine added in v1.39.0 

func NewEngine(opts ...engine.Option) *Engine

NewEngine creates a new policy engine with the given options default operating mode is EnvironmentModeRestrictive default allowed hostnames are www.chainloop.dev and www.cisa.gov user provided allowed hostnames are appended to the base ones

func (*Engine) Capabilities added in v1.39.0 

func (r *Engine) Capabilities() *ast.Capabilities

Capabilities returns the capabilities of the environment based on the mode of operation defaulting to EnvironmentModeRestrictive if not provided.

func (*Engine) MatchesEvaluation added in v1.43.2 

func (r *Engine) MatchesEvaluation(ctx context.Context, policy *engine.Policy, violations []string, expectedParams map[string]string) (bool, error)

MatchesEvaluation evaluates the matches_evaluation rule in a rego policy. Creates an input object with expected parameters and policy violations.

func (*Engine) MatchesParameters added in v1.43.2 

func (r *Engine) MatchesParameters(ctx context.Context, policy *engine.Policy, evaluationParams, expectedParams map[string]string) (bool, error)

MatchesParameters evaluates the matches_parameters rule in a rego policy. The function creates an input object with policy parameters and expected parameters.

func (*Engine) Verify added in v1.39.0 

func (r *Engine) Verify(ctx context.Context, policy *engine.Policy, input []byte, args map[string]any) (*engine.EvaluationResult, error)

type EnvironmentMode added in v0.96.19 

type EnvironmentMode int32

EnvironmentMode defines the mode of running the policy engine 

const (
	// EnvironmentModeRestrictive restricts operations that the compiler can do
	EnvironmentModeRestrictive EnvironmentMode = 0
	// EnvironmentModePermissive allows all operations on the compiler
	EnvironmentModePermissive EnvironmentMode = 1
)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.