Documentation
¶
Index ¶
- type AuditPolicy
- type ComplexityPolicy
- type EnvironmentPolicy
- type OutputPolicy
- type PolicyConfig
- type PolicyEnforcer
- func (pe *PolicyEnforcer) GetAuditConfig() *AuditPolicy
- func (pe *PolicyEnforcer) ShouldAudit() bool
- func (pe *PolicyEnforcer) ValidateEnvironmentProvider(envName, providerType string) error
- func (pe *PolicyEnforcer) ValidateEnvironmentSecretCount(envName string, secretCount int) error
- func (pe *PolicyEnforcer) ValidateOutputPath(outputPath string) error
- func (pe *PolicyEnforcer) ValidateProviderType(providerType string) error
- func (pe *PolicyEnforcer) ValidateSecretValue(secretValue string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditPolicy ¶
type AuditPolicy struct {
Enabled bool `yaml:"enabled,omitempty"` // Enable audit logging
LogPath string `yaml:"log_path,omitempty"` // Path to audit log file
LogLevel string `yaml:"log_level,omitempty"` // Audit log level (info, warn, error)
IncludeValues bool `yaml:"include_values,omitempty"` // Include secret values in audit log (NOT RECOMMENDED)
}
AuditPolicy defines audit logging requirements
type ComplexityPolicy ¶
type ComplexityPolicy struct {
MinLength int `yaml:"min_length,omitempty"` // Minimum secret length
MaxLength int `yaml:"max_length,omitempty"` // Maximum secret length
RequireUpper bool `yaml:"require_upper,omitempty"` // Require uppercase letters
RequireLower bool `yaml:"require_lower,omitempty"` // Require lowercase letters
RequireDigit bool `yaml:"require_digit,omitempty"` // Require digits
RequireSymbol bool `yaml:"require_symbol,omitempty"` // Require symbols
}
ComplexityPolicy defines requirements for secret values
type EnvironmentPolicy ¶
type EnvironmentPolicy struct {
AllowedProviders []string `yaml:"allowed_providers,omitempty"` // Environment-specific provider whitelist
BlockedProviders []string `yaml:"blocked_providers,omitempty"` // Environment-specific provider blacklist
RequireApproval bool `yaml:"require_approval,omitempty"` // Require manual approval for this env
MaxSecrets int `yaml:"max_secrets,omitempty"` // Maximum number of secrets allowed
}
EnvironmentPolicy defines per-environment restrictions
type OutputPolicy ¶
type OutputPolicy struct {
AllowedPaths []string `yaml:"allowed_paths,omitempty"` // Whitelist of allowed output paths
BlockedPaths []string `yaml:"blocked_paths,omitempty"` // Blacklist of blocked output paths
RequireGitignore bool `yaml:"require_gitignore,omitempty"` // Require output files to be in .gitignore
MaxTTL int `yaml:"max_ttl,omitempty"` // Maximum TTL for output files (seconds)
}
OutputPolicy defines file output restrictions
type PolicyConfig ¶
type PolicyConfig struct {
// Global policies
AllowedProviders []string `yaml:"allowed_providers,omitempty"` // Whitelist of allowed provider types
BlockedProviders []string `yaml:"blocked_providers,omitempty"` // Blacklist of blocked provider types
RequireEncryption bool `yaml:"require_encryption,omitempty"` // Require encrypted provider configs
// Secret policies
SecretComplexity *ComplexityPolicy `yaml:"secret_complexity,omitempty"` // Secret value complexity requirements
ForbiddenPatterns []string `yaml:"forbidden_patterns,omitempty"` // Regex patterns that secrets must not match
RequiredPatterns []string `yaml:"required_patterns,omitempty"` // Regex patterns that secrets must match
// Environment policies
EnvironmentRules map[string]*EnvironmentPolicy `yaml:"environment_rules,omitempty"` // Per-environment restrictions
// File policies
OutputRestrictions *OutputPolicy `yaml:"output_restrictions,omitempty"` // File output restrictions
// Audit policies
AuditLogging *AuditPolicy `yaml:"audit_logging,omitempty"` // Audit and compliance logging
}
PolicyConfig defines security policies for dsops operations
type PolicyEnforcer ¶
type PolicyEnforcer struct {
// contains filtered or unexported fields
}
PolicyEnforcer validates operations against configured policies
func NewPolicyEnforcer ¶
func NewPolicyEnforcer(config *PolicyConfig) *PolicyEnforcer
NewPolicyEnforcer creates a new policy enforcer
func (*PolicyEnforcer) GetAuditConfig ¶
func (pe *PolicyEnforcer) GetAuditConfig() *AuditPolicy
GetAuditConfig returns audit configuration
func (*PolicyEnforcer) ShouldAudit ¶
func (pe *PolicyEnforcer) ShouldAudit() bool
ShouldAudit returns whether an operation should be audited
func (*PolicyEnforcer) ValidateEnvironmentProvider ¶
func (pe *PolicyEnforcer) ValidateEnvironmentProvider(envName, providerType string) error
ValidateEnvironmentProvider checks provider usage for specific environment
func (*PolicyEnforcer) ValidateEnvironmentSecretCount ¶
func (pe *PolicyEnforcer) ValidateEnvironmentSecretCount(envName string, secretCount int) error
ValidateEnvironmentSecretCount checks secret count limits
func (*PolicyEnforcer) ValidateOutputPath ¶
func (pe *PolicyEnforcer) ValidateOutputPath(outputPath string) error
ValidateOutputPath checks if output path is allowed
func (*PolicyEnforcer) ValidateProviderType ¶
func (pe *PolicyEnforcer) ValidateProviderType(providerType string) error
ValidateProviderType checks if a provider type is allowed
func (*PolicyEnforcer) ValidateSecretValue ¶
func (pe *PolicyEnforcer) ValidateSecretValue(secretValue string) error
ValidateSecretValue checks if a secret value meets policy requirements
Source Files
Click to show internal directories.
Click to hide internal directories.