policy

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultQuery = "result := data.attest.result"
)

Variables

View Source 
var PolicyEvaluatorCtxKey policyEvaluatorCtxKeyType

Functions

func CreateAttestationResolver added in v0.1.5 

func CreateAttestationResolver(resolver oci.ImageDetailsResolver, mapping *config.PolicyMapping) (oci.AttestationResolver, error)

func CreateImageDetailsResolver added in v0.1.5 

func CreateImageDetailsResolver(imageSource *oci.ImageSpec) (oci.ImageDetailsResolver, error)

func RegoFunctions 

func RegoFunctions(resolver oci.AttestationResolver) []*tester.Builtin

func WithPolicyEvaluator 

func WithPolicyEvaluator(ctx context.Context, pe PolicyEvaluator) context.Context

sets PolicyEvaluator in context

Types

type MockPolicyEvaluator 

type MockPolicyEvaluator struct {
	EvaluateFunc func(ctx context.Context, resolver oci.AttestationResolver, pctx *Policy, input *PolicyInput) (*Result, error)
}

func (*MockPolicyEvaluator) Evaluate 

func (pe *MockPolicyEvaluator) Evaluate(ctx context.Context, resolver oci.AttestationResolver, pctx *Policy, input *PolicyInput) (*Result, error)

type Policy added in v0.1.4 

type Policy struct {
	InputFiles []*PolicyFile
	Query      string
	Mapping    *config.PolicyMapping
}

func ResolvePolicy 

func ResolvePolicy(ctx context.Context, detailsResolver oci.ImageDetailsResolver, opts *PolicyOptions) (*Policy, error)

type PolicyEvaluator 

type PolicyEvaluator interface {
	Evaluate(ctx context.Context, resolver oci.AttestationResolver, pctx *Policy, input *PolicyInput) (*Result, error)
}

func GetMockPolicy added in v0.1.4 

func GetMockPolicy() PolicyEvaluator

func GetPolicyEvaluator 

func GetPolicyEvaluator(ctx context.Context) (PolicyEvaluator, error)

gets PolicyEvaluator from context, defaults to Rego PolicyEvaluator if not set

func NewRegoEvaluator 

func NewRegoEvaluator(debug bool) PolicyEvaluator

type PolicyFile 

type PolicyFile struct {
	Path    string
	Content []byte
}

type PolicyInput 

type PolicyInput struct {
	Digest      string `json:"digest"`
	Purl        string `json:"purl"`
	IsCanonical bool   `json:"isCanonical"`
}

type PolicyOptions 

type PolicyOptions struct {
	TufClient        tuf.TUFClient
	LocalTargetsDir  string
	LocalPolicyDir   string
	PolicyId         string
	ReferrersRepo    string
	AttestationStyle config.AttestationStyle
}

type Result added in v0.1.4 

type Result struct {
	Success    bool        `json:"success"`
	Violations []Violation `json:"violations"`
	Summary    Summary     `json:"summary"`
}

func AllowedResult added in v0.1.4 

func AllowedResult() *Result

type Summary added in v0.1.4 

type Summary struct {
	Subjects   []intoto.Subject `json:"subjects"`
	SLSALevels []string         `json:"slsa_levels"`
	Verifier   string           `json:"verifier"`
	PolicyURI  string           `json:"policy_uri"`
}

type Violation added in v0.1.4 

type Violation struct {
	Type        string            `json:"type"`
	Description string            `json:"description"`
	Attestation *intoto.Statement `json:"attestation"`
	Details     map[string]any    `json:"details"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.