Documentation
¶
Index ¶
- Constants
- Variables
- func RegoFunctions(resolver oci.AttestationResolver) []*tester.Builtin
- func WithPolicyEvaluator(ctx context.Context, pe PolicyEvaluator) context.Context
- type MirrorSpec
- type MockPolicyEvaluator
- type Policy
- type PolicyEvaluator
- type PolicyFile
- type PolicyInput
- type PolicyMapping
- type PolicyMappingFile
- type PolicyMappings
- type PolicyMirror
- type PolicyOptions
- type PolicyOrigin
- type Result
- type Summary
- type Violation
Constants ¶
View Source
const (
DefaultQuery = "result := data.attest.result"
)
View Source
const (
PolicyMappingFileName = "mapping.yaml"
)
Variables ¶
View Source
var PolicyEvaluatorCtxKey policyEvaluatorCtxKeyType
Functions ¶
func RegoFunctions ¶
func RegoFunctions(resolver oci.AttestationResolver) []*tester.Builtin
func WithPolicyEvaluator ¶
func WithPolicyEvaluator(ctx context.Context, pe PolicyEvaluator) context.Context
sets PolicyEvaluator in context
Types ¶
type MirrorSpec ¶
type MockPolicyEvaluator ¶
type MockPolicyEvaluator struct {
EvaluateFunc func(ctx context.Context, resolver oci.AttestationResolver, pctx *Policy, input *PolicyInput) (*Result, error)
}
func (*MockPolicyEvaluator) Evaluate ¶
func (pe *MockPolicyEvaluator) Evaluate(ctx context.Context, resolver oci.AttestationResolver, pctx *Policy, input *PolicyInput) (*Result, error)
type Policy ¶ added in v0.1.4
type Policy struct {
InputFiles []*PolicyFile
Query string
}
func ResolvePolicy ¶
func ResolvePolicy(ctx context.Context, resolver oci.AttestationResolver, opts *PolicyOptions) (*Policy, error)
type PolicyEvaluator ¶
type PolicyEvaluator interface {
Evaluate(ctx context.Context, resolver oci.AttestationResolver, pctx *Policy, input *PolicyInput) (*Result, error)
}
func GetMockPolicy ¶ added in v0.1.4
func GetMockPolicy() PolicyEvaluator
func GetPolicyEvaluator ¶
func GetPolicyEvaluator(ctx context.Context) (PolicyEvaluator, error)
gets PolicyEvaluator from context, defaults to Rego PolicyEvaluator if not set
func NewRegoEvaluator ¶
func NewRegoEvaluator(debug bool) PolicyEvaluator
type PolicyFile ¶
type PolicyInput ¶
type PolicyMapping ¶
type PolicyMapping struct {
Id string `json:"id"`
Description string `json:"description"`
Origin PolicyOrigin `json:"origin"`
Files []PolicyMappingFile `json:"files"`
}
type PolicyMappingFile ¶ added in v0.1.4
type PolicyMappingFile struct {
Path string `json:"path"`
}
type PolicyMappings ¶
type PolicyMappings struct {
Version string `json:"version"`
Kind string `json:"kind"`
Policies []PolicyMapping `json:"policies"`
Mirrors []PolicyMirror `json:"mirrors"`
}
func LoadLocalMappings ¶ added in v0.1.4
func LoadLocalMappings(opts *PolicyOptions) (*PolicyMappings, error)
type PolicyMirror ¶
type PolicyMirror struct {
PolicyId string `yaml:"policy-id"`
Mirror MirrorSpec `json:"mirror"`
}
type PolicyOptions ¶
type PolicyOrigin ¶
type Result ¶ added in v0.1.4
type Result struct {
Success bool `json:"success"`
Violations []Violation `json:"violations"`
Summary Summary `json:"summary"`
}
func AllowedResult ¶ added in v0.1.4
func AllowedResult() *Result
Source Files
Click to show internal directories.
Click to hide internal directories.