Documentation
¶
Overview ¶
Package annotation handles parsing and matching of tfbreak ignore annotations.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Annotation ¶
type Annotation struct {
// Scope determines whether this applies to a block or entire file
Scope Scope
// RuleIDs is the list of rule IDs to ignore (empty = all rules)
RuleIDs []string
// Reason is the documented reason for ignoring
Reason string
// Ticket is an optional ticket/issue reference
Ticket string
// Expires is an optional expiration date
Expires *time.Time
// Location is where the annotation was found
Filename string
Line int
// BlockLine is the line of the block this annotation applies to (for ScopeBlock)
// This is set during matching, not parsing
BlockLine int
}
Annotation represents a parsed tfbreak ignore annotation
func ParseFile ¶
func ParseFile(filename string, src []byte) ([]*Annotation, error)
ParseFile parses all annotations from an HCL file using the default parser
func (*Annotation) IsExpired ¶
func (a *Annotation) IsExpired() bool
IsExpired returns true if the annotation has an expiration date that has passed
func (*Annotation) MatchesRule ¶
func (a *Annotation) MatchesRule(ruleID string) bool
MatchesRule returns true if this annotation applies to the given rule ID
type DefaultResolver ¶
type DefaultResolver struct{}
DefaultResolver is a no-op resolver that returns the input unchanged Used when no resolver is configured (backward compatibility)
func (DefaultResolver) ResolveRuleID ¶
func (r DefaultResolver) ResolveRuleID(nameOrID string) (string, bool)
ResolveRuleID returns the input unchanged (assumes it's already an ID)
type GovernanceConfig ¶
type GovernanceConfig struct {
Enabled bool
RequireReason bool
AllowRuleIDs []string
DenyRuleIDs []string
}
GovernanceConfig contains settings for annotation governance
type GovernanceViolation ¶
type GovernanceViolation struct {
Annotation *Annotation
Message string
}
GovernanceViolation represents a violation of annotation governance rules
func CheckGovernance ¶
func CheckGovernance(ann *Annotation, cfg GovernanceConfig) *GovernanceViolation
CheckGovernance checks if an annotation violates governance rules
type MatchResult ¶
type MatchResult struct {
Matched bool
Annotation *Annotation
}
MatchResult contains the result of matching an annotation to a finding
type Matcher ¶
type Matcher struct {
// contains filtered or unexported fields
}
Matcher matches annotations to findings
func NewMatcher ¶
func NewMatcher(annotations []*Annotation, blockStarts map[string]map[int]string) *Matcher
NewMatcher creates a new Matcher with the given annotations and block information
type Parser ¶
type Parser struct {
// contains filtered or unexported fields
}
Parser parses annotations from HCL files
func NewParser ¶
func NewParser(resolver RuleResolver) *Parser
NewParser creates a new Parser with the given resolver
type RegistryResolver ¶
type RegistryResolver struct {
// contains filtered or unexported fields
}
RegistryResolver resolves rule names to IDs using a name-to-ID map
func NewRegistryResolver ¶
func NewRegistryResolver(nameToID map[string]string) *RegistryResolver
NewRegistryResolver creates a new RegistryResolver from a name-to-ID map
func (*RegistryResolver) ResolveRuleID ¶
func (r *RegistryResolver) ResolveRuleID(name string) (string, bool)
ResolveRuleID resolves a rule name to a canonical rule ID Only rule names are accepted - legacy rule codes (BC001, etc.) are not supported
type RuleResolver ¶
type RuleResolver interface {
// ResolveRuleID resolves a rule name or ID to a canonical rule ID
// Returns the ID and true if found, or empty string and false if not found
ResolveRuleID(nameOrID string) (string, bool)
}
RuleResolver resolves rule names to rule IDs
Source Files