engine

package

v0.24.3 Latest Latest Go to latest Published: Jun 16, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/w3security/policy-engine

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Engine
- func NewEngine(ctx context.Context, options *EngineOptions) *Engine
type EngineOptions
type EvalOptions
type MetadataResult
type PolicyConsumer
- func NewPolicyConsumer() *PolicyConsumer
- func (c *PolicyConsumer) DataDocument(_ context.Context, path string, document map[string]interface{}) error
- func (c *PolicyConsumer) Module(ctx context.Context, path string, module *ast.Module) error
type PolicySource
type QueryOptions
type RuleBundleError
- func (p *RuleBundleError) Error() string
- func (p *RuleBundleError) ToModel() models.RuleBundleInfo
type Timeouts

Constants ¶

View Source

const (
	DefaultInitTimeout  = 30 * time.Second
	DefaultEvalTimeout  = 5 * time.Minute
	DefaultQueryTimeout = 45 * time.Second
)

Variables ¶

View Source

var ErrEvalTimedOut = errors.New("evaluation timed out")

ErrEvalTimedOut indicates that evaluation took too long and was cancelled.

View Source

var ErrFailedToReadBundle = errors.New("failed to load bundle")

ErrFailedToReadBundle indicates that an error occurred while consuming a bundle.Reader.

View Source

var ErrInitTimedOut = errors.New("initialization timed out")

ErrInitTimedOut indicates that initialization took too long and was cancelled.

View Source

var ErrQueryTimedOut = errors.New("query timed out")

ErrQueryTimedOut indicates that a query took too long and was cancelled.

View Source

var FailedToCompile = errors.New("Failed to compile rules")

FailedToCompile indicates that more than the maximum number of errors occurred during the compilation stage.

View Source

var FailedToLoadRegoAPI = errors.New("Failed to load the w3security Rego API")

FailedToLoadRegoAPI indicates that an error occurred while initializing the w3security Rego API.

View Source

var FailedToLoadRules = errors.New("Failed to load rules")

FailedToLoadRules indicates that an error occurred while consuming the rego and data producers provided to the engine.

Functions ¶

This section is empty.

Types ¶

type Engine ¶

type Engine struct {
	// InitializationErrors contains any errors that occurred during initialization.
	InitializationErrors []error
	// contains filtered or unexported fields
}

Engine is responsible for evaluating some States with a given set of rules.

func NewEngine ¶

func NewEngine(ctx context.Context, options *EngineOptions) *Engine

NewEngine constructs a new Engine instance.

func (*Engine) Eval ¶

func (e *Engine) Eval(ctx context.Context, options *EvalOptions) *models.Results

Eval evaluates the given states using the rules that the engine was initialized with.

func (*Engine) Metadata ¶

func (e *Engine) Metadata(ctx context.Context) ([]MetadataResult, error)

Metadata returns the metadata of all Policies that have been loaded into this Engine instance.

func (*Engine) Query ¶

func (e *Engine) Query(ctx context.Context, options *QueryOptions) error

Query runs the given query against all policy sets and invokes the result processor on each result.

type EngineOptions ¶

type EngineOptions struct {
	// Providers contains functions that produce parsed OPA modules or data documents.
	Providers []data.Provider

	// Providers contains bundle.Reader objects that produce parsed bundles.
	BundleReaders []bundle.Reader

	// Logger is an optional instance of the logger.Logger interface
	Logger logging.Logger

	// Metrics is an optional instance of the metrics.Metrics interface
	Metrics metrics.Metrics

	// Timeouts controls timeouts for different engine operations.
	Timeouts Timeouts
}

EngineOptions contains options for initializing an Engine instance

type EvalOptions ¶

type EvalOptions struct {
	// Inputs are the State instances that the engine should evaluate.
	Inputs []models.State

	// Workers sets how many policies are to be evaluated concurrently. When
	// unset or set to a value less than 1, this defaults to the number of CPU
	// cores - 1.
	Workers int

	// ResourceResolver is a function that returns a resource state for the given
	// ResourceRequest.
	// Multiple ResourcesResolvers can be composed with And() and Or().
	ResourcesResolver policy.ResourcesResolver

	// RuleIDs determines which rules are executed. When this option is empty or
	// unspecified, all rules will be run.
	RuleIDs []string
}

EvalOptions contains options for Engine.Eval

type MetadataResult ¶

type MetadataResult struct {
	Package  string          `json:"package"`
	Metadata policy.Metadata `json:"metadata"`
	Error    string          `json:"error,omitempty"`
}

type PolicyConsumer ¶

type PolicyConsumer struct {
	Modules      map[string]*ast.Module
	Document     map[string]interface{}
	NumDocuments int
}

PolicyConsumer is an implementation of the data.Consumer interface that stores parsed modules, policies, and documents in-memory.

func NewPolicyConsumer ¶

func NewPolicyConsumer() *PolicyConsumer

func (*PolicyConsumer) DataDocument ¶

func (c *PolicyConsumer) DataDocument(
	_ context.Context,
	path string,
	document map[string]interface{},
) error

func (*PolicyConsumer) Module ¶

func (c *PolicyConsumer) Module(
	ctx context.Context,
	path string,
	module *ast.Module,
) error

type PolicySource ¶

type PolicySource string

const (
	POLICY_SOURCE_DATA             PolicySource = "data"
	POLICY_SOURCE_BUNDLE_ARCHIVE   PolicySource = "bundle_archive"
	POLICY_SOURCE_BUNDLE_DIRECTORY PolicySource = "bundle_directory"
)

type QueryOptions ¶

type QueryOptions struct {
	// Query is a rego query
	Query string
	// Input is an optional state to query against
	Input *models.State
	// ResourceResolver is an optional function that returns a resource state
	// for the given ResourceRequest. Multiple ResourcesResolvers can be
	// composed with And() and Or().
	ResourcesResolver policy.ResourcesResolver
	// ResultProcessor is a function that is run on every result returned by the
	// query.
	ResultProcessor func(ast.Value) error
}

QueryOptions contain options for Engine.Query

type RuleBundleError ¶

type RuleBundleError struct {
	// contains filtered or unexported fields
}

func (*RuleBundleError) Error ¶

func (p *RuleBundleError) Error() string

func (*RuleBundleError) ToModel ¶

func (p *RuleBundleError) ToModel() models.RuleBundleInfo

type Timeouts ¶

type Timeouts struct {
	// Init sets the maximum duration that the engine can take to initialize.
	// This timeout is applied per bundle or policy set.
	Init time.Duration

	// Eval sets the maximum duration that the engine can take to evaluate an
	// input. This timeout is applied per bundle or policy set.
	Eval time.Duration

	// Query sets the maximum duration that the engine can take to evaluate any
	// single query. This timeout is applied while evaluating individual
	// policies, querying metadata, or running ad-hoc queries.
	Query time.Duration
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL