policy

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

README

policy

This package is for attestation policy mapping and evaluation.

Documentation

Index

Constants

View Source 
const (
	DefaultQuery = "result := data.attest.result"
)

Variables

View Source 
var PolicyEvaluatorCtxKey policyEvaluatorCtxKeyType

Functions

func CreateAttestationResolver added in v0.1.5 

func CreateAttestationResolver(resolver oci.ImageDetailsResolver, mapping *config.PolicyMapping) (attestation.Resolver, error)

func CreateImageDetailsResolver added in v0.1.5 

func CreateImageDetailsResolver(imageSource *oci.ImageSpec) (oci.ImageDetailsResolver, error)

func RegoFunctions 

func RegoFunctions(resolver attestation.Resolver) []*tester.Builtin

func WithPolicyEvaluator 

func WithPolicyEvaluator(ctx context.Context, pe Evaluator) context.Context

sets PolicyEvaluator in context.

Types

type Evaluator added in v0.2.0 

type Evaluator interface {
	Evaluate(ctx context.Context, resolver attestation.Resolver, pctx *Policy, input *Input) (*Result, error)
}

func GetMockPolicy added in v0.1.4 

func GetMockPolicy() Evaluator

func GetPolicyEvaluator 

func GetPolicyEvaluator(ctx context.Context) (Evaluator, error)

gets PolicyEvaluator from context, defaults to Rego PolicyEvaluator if not set.

func NewRegoEvaluator 

func NewRegoEvaluator(debug bool) Evaluator

type File added in v0.2.0 

type File struct {
	Path    string
	Content []byte
}

type Input added in v0.2.0 

type Input struct {
	Digest      string `json:"digest"`
	PURL        string `json:"purl"`
	IsCanonical bool   `json:"isCanonical"`
}

type MockPolicyEvaluator 

type MockPolicyEvaluator struct {
	EvaluateFunc func(ctx context.Context, resolver attestation.Resolver, pctx *Policy, input *Input) (*Result, error)
}

func (*MockPolicyEvaluator) Evaluate 

func (pe *MockPolicyEvaluator) Evaluate(ctx context.Context, resolver attestation.Resolver, pctx *Policy, input *Input) (*Result, error)

type Options added in v0.2.0 

type Options struct {
	TUFClient        tuf.Downloader
	LocalTargetsDir  string
	LocalPolicyDir   string
	PolicyID         string
	ReferrersRepo    string
	AttestationStyle config.AttestationStyle
}

type Policy added in v0.1.4 

type Policy struct {
	InputFiles   []*File
	Query        string
	Mapping      *config.PolicyMapping
	ResolvedName string
	URI          string
	Digest       map[string]string
}

func ResolvePolicy 

func ResolvePolicy(ctx context.Context, detailsResolver oci.ImageDetailsResolver, opts *Options) (*Policy, error)

type Result added in v0.1.4 

type Result struct {
	Success    bool        `json:"success"`
	Violations []Violation `json:"violations"`
	Summary    Summary     `json:"summary"`
}

func AllowedResult added in v0.1.4 

func AllowedResult() *Result

type Summary added in v0.1.4 

type Summary struct {
	Subjects   []intoto.Subject `json:"subjects"`
	SLSALevels []string         `json:"slsa_levels"`
	Verifier   string           `json:"verifier"`
	PolicyURI  string           `json:"policy_uri"`
}

type Violation added in v0.1.4 

type Violation struct {
	Type        string            `json:"type"`
	Description string            `json:"description"`
	Attestation *intoto.Statement `json:"attestation"`
	Details     map[string]any    `json:"details"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.