Documentation
¶
Overview ¶
Package values contains domain value objects that encapsulate primitive types with validation and such.
Index ¶
- Variables
- func IsValidProfileURL(s string) bool
- type ControlID
- type Digest
- type ExecutionID
- type PluginMetadata
- type PluginName
- type PluginReference
- type ProfileReference
- func (r ProfileReference) CacheKey() string
- func (r ProfileReference) Digest() *Digest
- func (r ProfileReference) Equals(other ProfileReference) bool
- func (r ProfileReference) HasDigest() bool
- func (r ProfileReference) HasVersion() bool
- func (r ProfileReference) Host() string
- func (r ProfileReference) IsHTTPS() bool
- func (r ProfileReference) IsOCI() bool
- func (r ProfileReference) IsRemote() bool
- func (r ProfileReference) Path() string
- func (r ProfileReference) RawURL() string
- func (r ProfileReference) Scheme() string
- func (r ProfileReference) String() string
- func (r ProfileReference) Version() string
- func (r ProfileReference) WithDigest(digest Digest) ProfileReference
- func (r ProfileReference) WithVersion(version string) ProfileReference
- type Severity
- func (s Severity) Equals(other Severity) bool
- func (s Severity) IsHigherOrEqual(other Severity) bool
- func (s Severity) IsHigherThan(other Severity) bool
- func (s Severity) Level() int
- func (s Severity) MarshalJSON() ([]byte, error)
- func (s Severity) String() string
- func (s *Severity) UnmarshalJSON(data []byte) error
- type SeverityLevel
- type Status
- type TrustedSourcePattern
- type TrustedSourcePatterns
Constants ¶
This section is empty.
Variables ¶
var ( SevUnknown = Severity{SeverityUnknown} SevLow = Severity{SeverityLow} SevMedium = Severity{SeverityMedium} SevHigh = Severity{SeverityHigh} SevCritical = Severity{SeverityCritical} )
Predefined severity values
Functions ¶
func IsValidProfileURL ¶
IsValidProfileURL checks if a string looks like a remote profile URL.
Types ¶
type ControlID ¶
type ControlID struct {
// contains filtered or unexported fields
}
ControlID uniquely identifies a control within a profile. Enforces non-empty, trimmed identifiers.
func MustNewControlID ¶
MustNewControlID creates a ControlID or panics (for tests/constants)
func NewControlID ¶
NewControlID creates a new ControlID with validation
func (ControlID) MarshalJSON ¶
MarshalJSON implements json.Marshaler
func (*ControlID) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler
type Digest ¶
type Digest struct {
// contains filtered or unexported fields
}
Digest represents a content hash with algorithm.
func ComputeDigestSHA256 ¶
ComputeDigestSHA256 computes SHA-256 digest of reader contents.
func ParseDigest ¶
ParseDigest parses a digest string (e.g., "sha256:abc123...").
type ExecutionID ¶
type ExecutionID struct {
// contains filtered or unexported fields
}
ExecutionID uniquely identifies a profile execution. This is critical for persistence, distributed execution, and result tracking.
func FromUUID ¶
func FromUUID(id uuid.UUID) ExecutionID
FromUUID creates an ExecutionID from a uuid.UUID
func MustParseExecutionID ¶
func MustParseExecutionID(s string) ExecutionID
MustParseExecutionID parses a string or panics (for tests only)
func NewExecutionID ¶
func NewExecutionID() ExecutionID
NewExecutionID creates a new random execution ID
func ParseExecutionID ¶
func ParseExecutionID(s string) (ExecutionID, error)
ParseExecutionID parses a string into an ExecutionID
func (ExecutionID) Equals ¶
func (e ExecutionID) Equals(other ExecutionID) bool
Equals checks if two ExecutionIDs are equal
func (ExecutionID) IsZero ¶
func (e ExecutionID) IsZero() bool
IsZero returns true if this is the zero value
func (ExecutionID) MarshalJSON ¶
func (e ExecutionID) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler
func (ExecutionID) String ¶
func (e ExecutionID) String() string
String returns the string representation
func (ExecutionID) UUID ¶
func (e ExecutionID) UUID() uuid.UUID
UUID returns the underlying uuid.UUID
func (*ExecutionID) UnmarshalJSON ¶
func (e *ExecutionID) UnmarshalJSON(data []byte) error
UnmarshalJSON implements json.Unmarshaler
type PluginMetadata ¶
type PluginMetadata struct {
// contains filtered or unexported fields
}
PluginMetadata contains descriptive information about a plugin.
func NewPluginMetadata ¶
func NewPluginMetadata(name, version, description string, capabilities []string) PluginMetadata
NewPluginMetadata creates plugin metadata.
func (PluginMetadata) Capabilities ¶
func (m PluginMetadata) Capabilities() []string
Capabilities returns required capabilities.
func (PluginMetadata) Description ¶
func (m PluginMetadata) Description() string
Description returns human-readable description.
func (PluginMetadata) Version ¶
func (m PluginMetadata) Version() string
Version returns the semantic version.
type PluginName ¶
type PluginName struct {
// contains filtered or unexported fields
}
PluginName represents a validated plugin identifier. Enforces non-empty, trimmed plugin names.
func MustNewPluginName ¶
func MustNewPluginName(name string) PluginName
MustNewPluginName creates a PluginName or panics
func NewPluginName ¶
func NewPluginName(name string) (PluginName, error)
NewPluginName creates a PluginName with strict validation. A valid plugin name must: - Be non-empty - contain only alphanumeric characters, underscores, and hyphens - NOT contain paths, dots, or special characters - Be at most 64 characters long
func (PluginName) Equals ¶
func (p PluginName) Equals(other PluginName) bool
Equals checks if two plugin names are equal
func (PluginName) IsEmpty ¶
func (p PluginName) IsEmpty() bool
IsEmpty returns true if this is the zero value
func (PluginName) MarshalJSON ¶
func (p PluginName) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler. Uses json.Marshal for proper character escaping.
func (PluginName) String ¶
func (p PluginName) String() string
String returns the string representation
func (*PluginName) UnmarshalJSON ¶
func (p *PluginName) UnmarshalJSON(data []byte) error
UnmarshalJSON implements json.Unmarshaler
type PluginReference ¶
type PluginReference struct {
// contains filtered or unexported fields
}
PluginReference uniquely identifies a plugin version. Format: registry.io/org/repo/name:version or name (for embedded)
func NewPluginReference ¶
func NewPluginReference(registry, org, repo, name, version string) PluginReference
NewPluginReference creates a reference from components.
func ParsePluginReference ¶
func ParsePluginReference(ref string) (PluginReference, error)
ParsePluginReference parses OCI reference string. Examples:
- file (embedded)
- ghcr.io/whiskeyjimbo/reglet-plugins/file:1.0.2
func (PluginReference) Equals ¶
func (r PluginReference) Equals(other PluginReference) bool
Equals checks equality with another reference.
func (PluginReference) IsEmbedded ¶
func (r PluginReference) IsEmbedded() bool
IsEmbedded returns true if this is a built-in plugin.
func (PluginReference) Registry ¶
func (r PluginReference) Registry() string
Registry returns the registry hostname.
func (PluginReference) String ¶
func (r PluginReference) String() string
String returns the canonical OCI reference string.
func (PluginReference) Version ¶
func (r PluginReference) Version() string
Version returns the version tag.
type ProfileReference ¶
type ProfileReference struct {
// contains filtered or unexported fields
}
ProfileReference is an immutable value object representing a remote profile location. Supports HTTPS and OCI schemes with optional version/hash pinning.
URL formats:
- https://example.com/profile.yaml
- https://example.com/profile.yaml#v1.2.0 (version fragment)
- https://example.com/profile.yaml@sha256:abc123 (digest suffix)
- oci://ghcr.io/org/profiles/baseline:v1.0.0
- oci://ghcr.io/org/profiles/baseline@sha256:abc123
Invariants:
- scheme must be "https" or "oci"
- host must not be empty
- path must not be empty
- version and digest are mutually exclusive
- rawURL never contains credentials
func ParseProfileReference ¶
func ParseProfileReference(rawURL string) (ProfileReference, error)
ParseProfileReference parses a URL string into a ProfileReference. Credentials in the URL are automatically stripped.
func (ProfileReference) CacheKey ¶
func (r ProfileReference) CacheKey() string
CacheKey returns a deterministic key for cache storage. Uses SHA256 of the normalized URL (without version/digest).
func (ProfileReference) Digest ¶
func (r ProfileReference) Digest() *Digest
Digest returns the digest from the URL suffix, or nil.
func (ProfileReference) Equals ¶
func (r ProfileReference) Equals(other ProfileReference) bool
Equals checks equality with another ProfileReference.
func (ProfileReference) HasDigest ¶
func (r ProfileReference) HasDigest() bool
HasDigest returns true if a digest was specified.
func (ProfileReference) HasVersion ¶
func (r ProfileReference) HasVersion() bool
HasVersion returns true if a version was specified.
func (ProfileReference) Host ¶
func (r ProfileReference) Host() string
Host returns the host portion of the URL.
func (ProfileReference) IsHTTPS ¶
func (r ProfileReference) IsHTTPS() bool
IsHTTPS returns true if this is an HTTPS URL.
func (ProfileReference) IsOCI ¶
func (r ProfileReference) IsOCI() bool
IsOCI returns true if this is an OCI registry reference.
func (ProfileReference) IsRemote ¶
func (r ProfileReference) IsRemote() bool
IsRemote returns true if this reference points to a remote resource. Always true for ProfileReference (as opposed to local file paths).
func (ProfileReference) Path ¶
func (r ProfileReference) Path() string
Path returns the path portion of the URL.
func (ProfileReference) RawURL ¶
func (r ProfileReference) RawURL() string
RawURL returns the original URL (with credentials stripped).
func (ProfileReference) Scheme ¶
func (r ProfileReference) Scheme() string
Scheme returns the URL scheme ("https" or "oci").
func (ProfileReference) String ¶
func (r ProfileReference) String() string
String returns the canonical URL without credentials.
func (ProfileReference) Version ¶
func (r ProfileReference) Version() string
Version returns the version from the URL fragment, or empty string.
func (ProfileReference) WithDigest ¶
func (r ProfileReference) WithDigest(digest Digest) ProfileReference
WithDigest returns a new ProfileReference with the specified digest. Clears any existing version.
func (ProfileReference) WithVersion ¶
func (r ProfileReference) WithVersion(version string) ProfileReference
WithVersion returns a new ProfileReference with the specified version. Clears any existing digest.
type Severity ¶
type Severity struct {
// contains filtered or unexported fields
}
Severity represents the severity level of a control. Enforces valid severity values and provides ordering.
func MustNewSeverity ¶
MustNewSeverity creates a Severity or panics
func NewSeverity ¶
NewSeverity creates a Severity from string
func (Severity) IsHigherOrEqual ¶
IsHigherOrEqual returns true if this severity is higher or equal to the other
func (Severity) IsHigherThan ¶
IsHigherThan returns true if this severity is higher than the other
func (Severity) MarshalJSON ¶
MarshalJSON implements json.Marshaler
func (*Severity) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler
type SeverityLevel ¶
type SeverityLevel int
SeverityLevel is the internal representation
const ( // SeverityUnknown = Unknown SeverityUnknown SeverityLevel = 0 // SeverityLow = Low SeverityLow SeverityLevel = 1 // SeverityMedium = Medium SeverityMedium SeverityLevel = 2 // SeverityHigh = High SeverityHigh SeverityLevel = 3 // SeverityCritical = Critical SeverityCritical SeverityLevel = 4 )
type Status ¶
type Status string
Status represents the status of a control or observation.
const ( // StatusPass indicates the check passed StatusPass Status = "pass" // StatusFail indicates the check failed (but ran successfully) StatusFail Status = "fail" // StatusError indicates the check encountered an error StatusError Status = "error" // StatusSkipped indicates the check was skipped (dependency failure or filtered) StatusSkipped Status = "skipped" )
func (Status) Precedence ¶
Precedence returns the numeric precedence of this status. Higher values indicate higher priority in aggregation. Used by status aggregator to determine control status.
Precedence: Fail (3) > Error (2) > Skipped (1) > Pass (0)
type TrustedSourcePattern ¶
type TrustedSourcePattern struct {
// contains filtered or unexported fields
}
TrustedSourcePattern is an immutable value object representing a glob pattern for matching trusted profile sources.
Examples:
- "https://internal.company.com/*"
- "https://profiles.reglet.dev/*"
- "oci://ghcr.io/myorg/*"
Invariants:
- pattern must be valid glob syntax
- pattern must start with "https://" or "oci://"
func ParseTrustedSourcePattern ¶
func ParseTrustedSourcePattern(pattern string) (TrustedSourcePattern, error)
ParseTrustedSourcePattern validates and creates a TrustedSourcePattern.
func (TrustedSourcePattern) Equals ¶
func (p TrustedSourcePattern) Equals(other TrustedSourcePattern) bool
Equals checks equality with another TrustedSourcePattern.
func (TrustedSourcePattern) Matches ¶
func (p TrustedSourcePattern) Matches(ref ProfileReference) bool
Matches checks if the given ProfileReference matches this pattern.
func (TrustedSourcePattern) MatchesURL ¶
func (p TrustedSourcePattern) MatchesURL(url string) bool
MatchesURL checks if the given URL string matches this pattern. This is a convenience method that avoids parsing a full ProfileReference.
func (TrustedSourcePattern) String ¶
func (p TrustedSourcePattern) String() string
String returns the original pattern string.
type TrustedSourcePatterns ¶
type TrustedSourcePatterns []TrustedSourcePattern
TrustedSourcePatterns is a collection of patterns for matching.
func ParseTrustedSourcePatterns ¶
func ParseTrustedSourcePatterns(patterns []string) (TrustedSourcePatterns, error)
ParseTrustedSourcePatterns parses multiple pattern strings.
func (TrustedSourcePatterns) Matches ¶
func (ps TrustedSourcePatterns) Matches(ref ProfileReference) bool
Matches returns true if any pattern matches the reference.
func (TrustedSourcePatterns) MatchesURL ¶
func (ps TrustedSourcePatterns) MatchesURL(url string) bool
MatchesURL returns true if any pattern matches the URL.
Source Files