policy

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 29, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

README

policy

This package is for attestation policy mapping and evaluation.

Documentation

Index

Constants

View Source 
const (
	DefaultQuery = "result := data.attest.result"
)

Variables

This section is empty.

Functions

func CreateAttestationResolver added in v0.1.5 

func CreateAttestationResolver(resolver oci.ImageDetailsResolver, mapping *config.PolicyMapping) (attestation.Resolver, error)

func CreateImageDetailsResolver added in v0.1.5 

func CreateImageDetailsResolver(imageSource *oci.ImageSpec) (oci.ImageDetailsResolver, error)

func RegoFunctions 

func RegoFunctions(resolver attestation.Resolver) []*tester.Builtin

Types

type Evaluator added in v0.2.0 

type Evaluator interface {
	Evaluate(ctx context.Context, resolver attestation.Resolver, pctx *Policy, input *Input) (*Result, error)
}

func GetMockPolicy added in v0.1.4 

func GetMockPolicy() Evaluator

func NewRegoEvaluator 

func NewRegoEvaluator(debug bool) Evaluator

type File added in v0.2.0 

type File struct {
	Path    string
	Content []byte
}

type Input added in v0.2.0 

type Input struct {
	Digest         string `json:"digest"`
	PURL           string `json:"purl"`
	Tag            string `json:"tag,omitempty"`
	Domain         string `json:"domain"`
	NormalizedName string `json:"normalized_name"`
	FamiliarName   string `json:"familiar_name"`
	Platform       string `json:"platform"`
}

type MockPolicyEvaluator 

type MockPolicyEvaluator struct {
	EvaluateFunc func(ctx context.Context, resolver attestation.Resolver, pctx *Policy, input *Input) (*Result, error)
}

func (*MockPolicyEvaluator) Evaluate 

func (pe *MockPolicyEvaluator) Evaluate(ctx context.Context, resolver attestation.Resolver, pctx *Policy, input *Input) (*Result, error)

type Options added in v0.2.0 

type Options struct {
	TUFClientOptions *tuf.ClientOptions
	DisableTUF       bool
	LocalTargetsDir  string
	LocalPolicyDir   string
	PolicyID         string
	ReferrersRepo    string
	AttestationStyle config.AttestationStyle
	Debug            bool
}

type Policy added in v0.1.4 

type Policy struct {
	InputFiles   []*File
	Query        string
	Mapping      *config.PolicyMapping
	ResolvedName string
	URI          string
	Digest       map[string]string
}

type Resolver added in v0.4.0 

type Resolver struct {
	// contains filtered or unexported fields
}

func NewResolver added in v0.4.0 

func NewResolver(tufClient tuf.Downloader, opts *Options) *Resolver

func (*Resolver) ResolvePolicy added in v0.4.0 

func (r *Resolver) ResolvePolicy(_ context.Context, imageName string) (*Policy, error)

type Result added in v0.1.4 

type Result struct {
	Success    bool        `json:"success"`
	Violations []Violation `json:"violations"`
	Summary    Summary     `json:"summary"`
}

func AllowedResult added in v0.1.4 

func AllowedResult() *Result

type Summary added in v0.1.4 

type Summary struct {
	Subjects   []intoto.Subject `json:"subjects"`
	SLSALevels []string         `json:"slsa_levels"`
	Verifier   string           `json:"verifier"`
	PolicyURI  string           `json:"policy_uri"`
}

type Violation added in v0.1.4 

type Violation struct {
	Type        string            `json:"type"`
	Description string            `json:"description"`
	Attestation *intoto.Statement `json:"attestation"`
	Details     map[string]any    `json:"details"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.