Documentation
¶
Overview ¶
Package config provides infrastructure for loading profile configurations. This package handles YAML parsing, file I/O, variable substitution, and profile inheritance.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Control ¶
type Control struct {
ID string `yaml:"id"`
Name string `yaml:"name"`
Description string `yaml:"description,omitempty"`
Severity string `yaml:"severity,omitempty"`
Owner string `yaml:"owner,omitempty"`
RetryBackoff string `yaml:"retry_backoff,omitempty"`
DependsOn []string `yaml:"depends_on,omitempty"`
Observations []Observation `yaml:"observations"`
Tags []string `yaml:"tags,omitempty"`
Timeout time.Duration `yaml:"timeout,omitempty"`
Retries int `yaml:"retries,omitempty"`
RetryDelay time.Duration `yaml:"retry_delay,omitempty"`
RetryMaxDelay time.Duration `yaml:"retry_max_delay,omitempty"`
}
Control represents a control in YAML.
type Controls ¶
type Controls struct {
Defaults *Defaults `yaml:"defaults,omitempty"`
Items []Control `yaml:"items"`
}
Controls represents the controls section in YAML.
func (*Controls) ToEntity ¶
func (c *Controls) ToEntity() entities.ControlsSection
ToEntity converts the controls section to a domain entity.
type Defaults ¶
type Defaults struct {
Severity string `yaml:"severity,omitempty"`
Owner string `yaml:"owner,omitempty"`
RetryBackoff string `yaml:"retry_backoff,omitempty"`
Tags []string `yaml:"tags,omitempty"`
Timeout time.Duration `yaml:"timeout,omitempty"`
Retries int `yaml:"retries,omitempty"`
RetryDelay time.Duration `yaml:"retry_delay,omitempty"`
RetryMaxDelay time.Duration `yaml:"retry_max_delay,omitempty"`
}
Defaults represents the defaults section in YAML.
func (*Defaults) ToEntity ¶
func (d *Defaults) ToEntity() entities.ControlDefaults
ToEntity converts the defaults to a domain entity.
type LoopConfig ¶
type LoopConfig struct {
Items string `yaml:"items"` // Variable path, e.g., "{{ .vars.services }}"
As string `yaml:"as,omitempty"` // Optional custom variable name
}
LoopConfig represents the loop configuration in YAML.
type Metadata ¶
type Metadata struct {
Name string `yaml:"name"`
Version string `yaml:"version"`
Description string `yaml:"description,omitempty"`
}
Metadata represents the metadata section in YAML.
func (*Metadata) ToEntity ¶
func (m *Metadata) ToEntity() entities.ProfileMetadata
ToEntity converts the metadata to a domain entity.
type Observation ¶
type Observation struct {
Loop *LoopConfig `yaml:"loop,omitempty"`
Plugin string `yaml:"plugin"`
Config map[string]interface{} `yaml:"config,omitempty"`
Expect []string `yaml:"expect,omitempty"`
}
Observation represents an observation in YAML.
func (*Observation) ToEntity ¶
func (o *Observation) ToEntity() entities.ObservationDefinition
ToEntity converts the observation to a domain entity.
type Profile ¶
type Profile struct {
Metadata Metadata `yaml:"profile"`
Plugins []string `yaml:"plugins,omitempty"`
Vars map[string]interface{} `yaml:"vars,omitempty"`
Config *ProfileConfig `yaml:"config,omitempty"` // NEW: Profile-level configuration
Controls Controls `yaml:"controls"`
Extends []string `yaml:"extends,omitempty"`
}
Profile represents the YAML structure of a profile.
type ProfileConfig ¶
type ProfileConfig struct {
Limits *system.LimitsConfig `yaml:"limits,omitempty"` // Profile-specific limit overrides
}
ProfileConfig represents profile-level configuration that can override system defaults.
type ProfileLoader ¶
type ProfileLoader struct {
// contains filtered or unexported fields
}
ProfileLoader handles loading profiles from YAML files with inheritance support.
Inheritance Resolution:
- Profiles can specify parent profiles via the `extends` field
- Parents are loaded recursively and merged left-to-right
- Circular dependencies are detected and rejected
- Relative paths are resolved from the extending profile's directory
Cycle Detection Note ¶
This loader detects cycles in PROFILE INHERITANCE (extends field). This is different from Profile.CheckForCycles() which detects cycles in CONTROL DEPENDENCIES (depends_on field within a single profile).
This is different from Profile.CheckForCycles() which detects cycles in CONTROL DEPENDENCIES (depends_on field within a single profile).
func NewProfileLoader ¶
func NewProfileLoader(opts ...ProfileLoaderOption) *ProfileLoader
NewProfileLoader creates a new profile loader with optional configuration.
func (*ProfileLoader) LoadProfile ¶
func (l *ProfileLoader) LoadProfile(path string) (*entities.Profile, error)
LoadProfile loads a profile and resolves all inheritance. This is the main entry point for profile loading.
func (*ProfileLoader) LoadProfileFromReader ¶
LoadProfileFromReader loads a profile from an io.Reader. Note: This does NOT resolve inheritance, only parses YAML.
type ProfileLoaderOption ¶
type ProfileLoaderOption func(*ProfileLoader)
ProfileLoaderOption defines a functional option for configuring ProfileLoader.
func WithFilesystem ¶
func WithFilesystem(fs fs.FS) ProfileLoaderOption
WithFilesystem configures the loader to use the provided filesystem. This is primarily used for testing or when loading profiles from non-standard locations (e.g., embedded files).
type ResolvedLimits ¶
type ResolvedLimits struct {
// Evidence & Data Limits
MaxEvidenceSize int
MaxHTTPResponseSize int
MaxCommandOutputSize int
MaxSARIFArtifactSize int
// Expression Evaluation Limits
MaxExpressionLength int
MaxASTNodes int
// Network & HTTP Limits
MaxHTTPRedirects int
HTTPTimeout time.Duration
HTTPIdleTimeout time.Duration
// Concurrency Limits
MaxConcurrentControls int
MaxConcurrentObservations int
}
ResolvedLimits contains the final, resolved limit values after merging all sources. All fields are non-pointer primitive types for easy access throughout the codebase.
func BuildLimits ¶
func BuildLimits(systemLimits, profileLimits *system.LimitsConfig) (*ResolvedLimits, error)
BuildLimits merges limits from code defaults, system config, and profile config. Precedence: profile > system > defaults Validates all limits against absolute maximums.
type RuntimeConfig ¶
type RuntimeConfig struct {
Limits *ResolvedLimits
SecurityLevel string
WasmMemoryLimitMB int
MaxEvidenceSizeBytes int
MaxConcurrentControls int
MaxConcurrentObservations int
}
RuntimeConfig aggregates all runtime configuration. This is a value object that flows through the system.
func FromSystemAndProfileConfig ¶
func FromSystemAndProfileConfig(sys *system.Config, profileLimits *system.LimitsConfig) (*RuntimeConfig, error)
FromSystemAndProfileConfig creates RuntimeConfig from both system and profile config. This merges limits with proper precedence: defaults → system → profile.
func FromSystemConfig ¶
func FromSystemConfig(sys *system.Config) *RuntimeConfig
FromSystemConfig creates RuntimeConfig from system config. This is the legacy constructor for backward compatibility.
type VariableSubstitutor ¶
type VariableSubstitutor struct {
// contains filtered or unexported fields
}
VariableSubstitutor performs variable substitution in profiles.
func NewVariableSubstitutor ¶
func NewVariableSubstitutor(resolver ports.SecretResolver) *VariableSubstitutor
NewVariableSubstitutor creates a new variable substitutor.
func (*VariableSubstitutor) Substitute ¶
func (s *VariableSubstitutor) Substitute(profile *entities.Profile) error
Substitute performs simple variable substitution in a profile. It replaces {{ .vars.key }} patterns with values from the profile's vars map. Supports nested paths like {{ .vars.paths.config }}. Returns an error if a referenced variable is not found. Modifies the profile in place.
Source Files