policy

package

v0.1.3 Latest Latest Go to latest Published: Apr 30, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/docker/attest

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func RegoFunctions(resolver oci.AttestationResolver) []*tester.Builtin
func WithPolicyEvaluator(ctx context.Context, pe PolicyEvaluator) context.Context
type MirrorSpec
type PolicyEvaluator
- func GetPolicyEvaluator(ctx context.Context) (PolicyEvaluator, error)
- func NewRegoEvaluator(debug bool) PolicyEvaluator
type PolicyFile
- func ResolvePolicy(ctx context.Context, resolver oci.AttestationResolver, opts *PolicyOptions) ([]*PolicyFile, error)
type PolicyInput
type PolicyMapping
type PolicyMappings
type PolicyMirror
type PolicyOptions
type PolicyOrigin

Constants ¶

View Source

const (
	PolicyMappingFileName = "mapping.yaml"
)

Variables ¶

View Source

var PolicyEvaluatorCtxKey policyEvaluatorCtxKeyType

View Source

var (
	PolicyFileNames = []string{"data.yaml", "policy.rego"}
)

Functions ¶

func RegoFunctions ¶

func RegoFunctions(resolver oci.AttestationResolver) []*tester.Builtin

func WithPolicyEvaluator ¶

func WithPolicyEvaluator(ctx context.Context, pe PolicyEvaluator) context.Context

sets PolicyEvaluator in context

Types ¶

type MirrorSpec ¶

type MirrorSpec struct {
	Domains []string `json:"domains"`
	Prefix  string   `json:"prefix"`
}

type PolicyEvaluator ¶

type PolicyEvaluator interface {
	Evaluate(ctx context.Context, resolver oci.AttestationResolver, policy []*PolicyFile, input *PolicyInput) error
}

func GetPolicyEvaluator ¶

func GetPolicyEvaluator(ctx context.Context) (PolicyEvaluator, error)

gets PolicyEvaluator from context, defaults to Rego PolicyEvaluator if not set

func NewRegoEvaluator ¶

func NewRegoEvaluator(debug bool) PolicyEvaluator

type PolicyFile ¶

type PolicyFile struct {
	Path    string
	Content []byte
}

func ResolvePolicy ¶

func ResolvePolicy(ctx context.Context, resolver oci.AttestationResolver, opts *PolicyOptions) ([]*PolicyFile, error)

type PolicyInput ¶

type PolicyInput struct {
	Digest      string `json:"digest"`
	Purl        string `json:"purl"`
	IsCanonical bool   `json:"isCanonical"`
}

type PolicyMapping ¶

type PolicyMapping struct {
	Name        string       `json:"namespace"`
	Location    string       `json:"location"`
	Description string       `json:"description"`
	Origin      PolicyOrigin `json:"origin"`
}

type PolicyMappings ¶

type PolicyMappings struct {
	Version  string          `json:"version"`
	Kind     string          `json:"kind"`
	Policies []PolicyMapping `json:"policies"`
	Mirrors  []PolicyMirror  `json:"mirrors"`
}

type PolicyMirror ¶

type PolicyMirror struct {
	Name   string     `json:"name"`
	Mirror MirrorSpec `json:"mirror"`
}

type PolicyOptions ¶

type PolicyOptions struct {
	TufClient       tuf.TUFClient
	LocalTargetsDir string
	LocalPolicyDir  string
}

type PolicyOrigin ¶

type PolicyOrigin struct {
	Name   string `json:"name"`
	Prefix string `json:"prefix"`
	Domain string `json:"domain"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL