validation

package

v0.36.2 Latest Latest Go to latest Published: Apr 2, 2026 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/trianalab/pacto

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ResolvePoliciesFromBundle(c *contract.Contract, bundleFS fs.FS) ([]ResolvedPolicy, ValidationResult)
func ResolvePoliciesWithResolver(ctx context.Context, c *contract.Contract, bundleFS fs.FS, ...) ([]ResolvedPolicy, ValidationResult)
func SchemaBytes() []byte
type BundleResolver
type ResolvedPolicy
type RuntimeContext
type RuntimeValidationResult
- func ValidateRuntime(c *contract.Contract, ctx RuntimeContext) RuntimeValidationResult
- func (r *RuntimeValidationResult) IsValid() bool
type ValidationResult

Constants ¶

View Source

const PolicySchemaPath = "policy/schema.json"

PolicySchemaPath is the fixed path where policy schemas are located inside referenced bundles, as documented in the JSON Schema specification.

Variables ¶

This section is empty.

Functions ¶

func ResolvePoliciesFromBundle ¶ added in v0.35.0

func ResolvePoliciesFromBundle(c *contract.Contract, bundleFS fs.FS) ([]ResolvedPolicy, ValidationResult)

ResolvePoliciesFromBundle resolves policy sources from a contract using only the local bundle filesystem. This is the default resolver used when no external resolver (OCI/file) is configured. It compiles local schema files and skips external refs (which are validated structurally but not enforced without a resolver).

func ResolvePoliciesWithResolver ¶ added in v0.35.0

func ResolvePoliciesWithResolver(ctx context.Context, c *contract.Contract, bundleFS fs.FS, resolver BundleResolver) ([]ResolvedPolicy, ValidationResult)

ResolvePoliciesWithResolver resolves all policy sources, including ref-based policies, using the provided BundleResolver. It recurses into referenced bundles' own policies with cycle detection. If resolver is nil, ref-based policies produce a hard POLICY_REF_UNRESOLVED error (fail closed).

func SchemaBytes ¶

func SchemaBytes() []byte

SchemaBytes returns the raw embedded JSON Schema bytes. This is used by the doc package to extract field descriptions.

Types ¶

type BundleResolver ¶ added in v0.35.0

type BundleResolver interface {
	ResolveBundle(ctx context.Context, ref string) (*contract.Bundle, error)
}

BundleResolver resolves a ref string (OCI or local) into a contract Bundle. This abstracts away whether the ref is oci:// or file://.

type ResolvedPolicy ¶ added in v0.35.0

type ResolvedPolicy struct {
	Origin string             // human-readable origin (e.g., "policies[0]", "oci://ghcr.io/acme/policy:1.0.0")
	Schema *jsonschema.Schema // compiled JSON Schema
}

ResolvedPolicy holds a compiled policy schema and its origin for error reporting.

type RuntimeContext ¶

type RuntimeContext struct {
	// HTTPPaths lists the HTTP paths actually served by the running service.
	HTTPPaths []string

	// EnvVars holds configuration environment variables present at runtime.
	EnvVars map[string]string

	// Ports lists the ports actually exposed by the running service.
	Ports []int
}

RuntimeContext represents observed runtime state collected from the actual environment (e.g. a Kubernetes cluster, local dev, CI). It is intentionally generic — no platform-specific types allowed.

type RuntimeValidationResult ¶

type RuntimeValidationResult struct {
	Errors   []contract.ValidationError
	Warnings []contract.ValidationWarning
}

RuntimeValidationResult holds the outcome of comparing a contract against observed runtime state.

func ValidateRuntime ¶

func ValidateRuntime(c *contract.Contract, ctx RuntimeContext) RuntimeValidationResult

ValidateRuntime compares a contract's declared state against the observed runtime context. It checks that declared interfaces and configuration are present at runtime.

func (*RuntimeValidationResult) IsValid ¶

func (r *RuntimeValidationResult) IsValid() bool

IsValid returns true if there are no errors.

type ValidationResult ¶

type ValidationResult struct {
	Errors   []contract.ValidationError
	Warnings []contract.ValidationWarning
}

ValidationResult aggregates errors and warnings from all validation layers.

func EnforcePolicies ¶ added in v0.35.0

func EnforcePolicies(rawYAML []byte, policies []ResolvedPolicy) ValidationResult

EnforcePolicies validates the contract document against all resolved policy schemas. Each policy is applied independently with strict AND semantics: the contract must satisfy every policy. Contradictory policies naturally fail — no precedence or override logic is applied.

func Validate ¶

func Validate(c *contract.Contract, rawYAML []byte, bundleFS fs.FS) ValidationResult

Validate runs all four validation layers in order on the given contract. If structural validation fails, subsequent layers are skipped. The rawYAML parameter is the original YAML bytes for JSON Schema validation. The bundleFS parameter provides access to bundle files for cross-field validation.

func ValidateCrossField ¶

func ValidateCrossField(c *contract.Contract, bundleFS fs.FS) ValidationResult

ValidateCrossField performs Layer 2 validation: cross-field consistency, file existence, reference validation, and semantic rules that cannot be expressed in JSON Schema alone.

func ValidateSemantic ¶

func ValidateSemantic(c *contract.Contract) ValidationResult

ValidateSemantic performs Layer 3 validation: semantic consistency checks based on cross-concern rules that span multiple sections of the contract.

func ValidateStructural ¶

func ValidateStructural(data interface{}) ValidationResult

ValidateStructural performs Layer 1 validation using JSON Schema. It takes the raw YAML bytes (converted to a generic interface{}) and validates against the embedded pacto v1.0 JSON Schema.

func ValidateStructuralRaw ¶

func ValidateStructuralRaw(rawYAML []byte) ValidationResult

ValidateStructuralRaw performs Layer 1 (JSON Schema) validation on raw YAML bytes. It converts the YAML to a generic interface{} and validates against the schema.

func ValidateWithResolver ¶ added in v0.35.0

func ValidateWithResolver(ctx context.Context, c *contract.Contract, rawYAML []byte, bundleFS fs.FS, resolver BundleResolver) ValidationResult

ValidateWithResolver runs all four validation layers, using the provided BundleResolver for recursive ref-based policy resolution. If resolver is nil, any ref-based policies produce a hard POLICY_REF_UNRESOLVED error (fail closed).

func (*ValidationResult) AddError ¶

func (r *ValidationResult) AddError(path, code, message string)

AddError appends a validation error.

func (*ValidationResult) AddWarning ¶

func (r *ValidationResult) AddWarning(path, code, message string)

AddWarning appends a validation warning.

func (*ValidationResult) IsValid ¶

func (r *ValidationResult) IsValid() bool

IsValid returns true if there are no errors.

func (*ValidationResult) Merge ¶

func (r *ValidationResult) Merge(other ValidationResult)

Merge combines another result into this one.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL