drivers

package

v0.0.0-...-93551df Latest Latest Go to latest Published: Feb 13, 2026 License: Apache-2.0 Imports: 10 Imported by: 10

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/open-policy-agent/frameworks

Links

Open Source Insights

Documentation ¶

Overview ¶

Package drivers defines interfaces for policy evaluation drivers.

Index ¶

func KeyMap(constraints []*unstructured.Unstructured) map[ConstraintKey]*unstructured.Unstructured
func ToResult(constraints map[ConstraintKey]*unstructured.Unstructured, r rego.Result) (*types.Result, error)
func ToResults(constraints map[ConstraintKey]*unstructured.Unstructured, ...) ([]*types.Result, error)
type ConstraintKey
- func ConstraintKeyFrom(constraint *unstructured.Unstructured) ConstraintKey
- func (k ConstraintKey) StoragePath() storage.Path
type Driver
type QueryResponse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func KeyMap ¶

func KeyMap(constraints []*unstructured.Unstructured) map[ConstraintKey]*unstructured.Unstructured

KeyMap creates a map from ConstraintKey to Unstructured constraint for fast lookup.

func ToResult ¶

func ToResult(constraints map[ConstraintKey]*unstructured.Unstructured, r rego.Result) (*types.Result, error)

ToResult converts a single Rego Result into a Result object.

func ToResults ¶

func ToResults(constraints map[ConstraintKey]*unstructured.Unstructured, resultSet rego.ResultSet) ([]*types.Result, error)

ToResults converts a Rego ResultSet into a slice of Result objects.

Types ¶

type ConstraintKey ¶

type ConstraintKey struct {
	Kind string `json:"kind"`
	Name string `json:"name"`
}

ConstraintKey uniquely identifies a Constraint.

func ConstraintKeyFrom ¶

func ConstraintKeyFrom(constraint *unstructured.Unstructured) ConstraintKey

ConstraintKeyFrom returns a unique identifier corresponding to Constraint.

func (ConstraintKey) StoragePath ¶

func (k ConstraintKey) StoragePath() storage.Path

StoragePath returns a unique path in Rego storage for Constraint's parameters. Constraints have a single set of parameters shared among all targets, so a target-specific path is not required.

type Driver ¶

type Driver interface {
	// Name returns the name of the driver, used to uniquely identify a driver
	// and in errors returned to the user.
	Name() string

	// AddTemplate compiles a Template's code to be specified by
	// Constraints and referenced in Query. Replaces the existing Template if it
	// already exists.
	AddTemplate(ctx context.Context, ct *templates.ConstraintTemplate) error
	// RemoveTemplate removes the Template from the Driver, and any Constraints.
	// Does not return an error if the Template does not exist.
	RemoveTemplate(ctx context.Context, ct *templates.ConstraintTemplate) error

	// AddConstraint adds a Constraint to Driver for a particular Template. Future
	// calls to Query may reference the added Constraint. Replaces the existing
	// Constraint if it already exists.
	AddConstraint(ctx context.Context, constraint *unstructured.Unstructured) error
	// RemoveConstraint removes a Constraint from Driver. Future calls to Query
	// may not reference the removed Constraint.
	// Does not return error if the Constraint does not exist.
	RemoveConstraint(ctx context.Context, constraint *unstructured.Unstructured) error

	// AddData caches data to be used for referential Constraints. Replaces data
	// if it already exists at the specified path. This is a deprecated method that
	// will only be called for the "Rego" driver.
	AddData(ctx context.Context, target string, path storage.Path, data interface{}) error
	// RemoveData removes cached data, so the data at the specified path can no
	// longer be used in referential Constraints. This is a deprecated method that
	// will only be called for the "Rego" driver.
	RemoveData(ctx context.Context, target string, path storage.Path) error

	// Query runs the passed target's Constraints against review.
	// Returns a QueryResponse type.
	// Returns an error if there was a problem executing the Query.
	Query(ctx context.Context, target string, constraints []*unstructured.Unstructured, review interface{}, opts ...reviews.ReviewOpt) (*QueryResponse, error)

	// Dump outputs the entire state of compiled Templates, added Constraints, and
	// cached data used for referential Constraints.
	Dump(ctx context.Context) (string, error)

	// GetDescriptionForStat returns the description for a given stat name
	// or errors out for an unknown stat.
	GetDescriptionForStat(statName string) (string, error)
}

A Driver implements Rego query execution of Templates and Constraints.

type QueryResponse ¶

type QueryResponse struct {
	Results      []*types.Result
	Trace        *string
	StatsEntries []*instrumentation.StatsEntry
}

QueryResponse encapsulates the values returned on Query: - Results includes a Result for each violated Constraint. - Trace is the evaluation trace on Query if specified in query options or enabled at Driver creation. - StatsEntries include any Stats that the engine gathered on Query.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
fake Package fake provides a fake driver implementation for testing.	Package fake provides a fake driver implementation for testing.
schema Package schema defines the source schema for the fake driver.	Package schema defines the source schema for the fake driver.
rego Package rego provides the Rego driver for policy evaluation.	Package rego provides the Rego driver for policy evaluation.
schema Package schema provides Rego driver source schema handling.	Package schema provides Rego driver source schema handling.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL