builtins

package
v1.95.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// NonRestrictiveBuiltin is used in builtin definition categories to mark a builtin as non-suitable for Chainloop's restrictive mode
	NonRestrictiveBuiltin = "non-restrictive"
)

Variables

This section is empty.

Functions

func Register 

func Register(def *ast.Builtin, builtinFunc topdown.BuiltinFunc) error

Register registers built-ins globally with OPA This should be called once during initialization

func RegisterDiscoverBuiltin 

func RegisterDiscoverBuiltin(conn *grpc.ClientConn) error

RegisterDiscoverBuiltin is used to register chainloop's Discover endpoint as a builtin Rego function with signature: 

chainloop.discover(digest, kind)

For instance, to get the references for an CONTAINER_IMAGE material, and fail if any of them is an attestation with policy violations: ``` 

violations contains msg if {
  digest := sprintf("sha256:%s",[input.chainloop_metadata.digest.sha256])
  discovered := chainloop.discover(digest, "")

  some ref in discovered.references
  ref.kind == "ATTESTATION"
  ref.metadata.hasPolicyViolations == "true"

  msg:= sprintf("attestation with digest %s contains policy violations [name: %s, project: %s, org: %s]", [ref.digest, ref.metadata.name, ref.metadata.project, ref.metadata.organization])
}

```

func RegisterHelloBuiltin 

func RegisterHelloBuiltin() error

func WithProjectContext added in v1.95.3 

func WithProjectContext(ctx context.Context, pc ProjectContext) context.Context

WithProjectContext returns a derived context carrying the given project context.

Types

type ProjectContext added in v1.95.3 

type ProjectContext struct {
	Name    string
	Version string
}

ProjectContext carries the project + version a policy is being evaluated against. It is attached to the per-evaluation context.Context by the rego engine so that chainloop.* built-ins can scope their requests (e.g. chainloop.findings) without requiring the rego author to pass project_name / project_version_name explicitly.

Values may be empty when the engine has no project context (e.g. a local `chainloop policy develop eval` without --project flags). Built-ins must degrade gracefully in that case rather than erroring.

func ProjectContextFromContext added in v1.95.3 

func ProjectContextFromContext(ctx context.Context) (ProjectContext, bool)

ProjectContextFromContext returns the project context attached to ctx, or the zero value if none was set. The bool reports whether a value was present.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.