Documentation
¶
Index ¶
Constants ¶
View Source
const PackageSpecFileName = "sg-package.yaml"
PackageSpecFileName is the default name of the package specification file.
Variables ¶
This section is empty.
Functions ¶
func NewRegoCompiler ¶
func NewRegoCompiler( packages []Package, opts ...RegoCompilerOptions, ) (*ast.Compiler, string, error)
NewRegoCompiler creates a compiler from policy packages.
func ResolveRuleDocLink ¶
func ResolveRuleDocLink(spec PackageSpec, rule Rule) (string, error)
ResolveRuleDocLink resolves the rule document link.
Types ¶
type FSPackage ¶
type FSPackage struct {
// contains filtered or unexported fields
}
FSPackage is a policy package loaded from the file system.
func (*FSPackage) QualifiedID ¶
func (*FSPackage) Spec ¶
func (p *FSPackage) Spec() PackageSpec
type Package ¶
type Package interface {
// QualifiedID returns the global unique qualified id to a policy package.
QualifiedID() string
// Spec returns the package spec.
Spec() PackageSpec
// Rules lists all the rules in the package.
// NOTE: <Kind> + <Name> is the primary key to a rule query. Therefore, a rule (by name)
// can be returned more than once.
Rules() []Rule
// ParsedModules returns the parsed rego modules.
ParsedModules() map[string]*ast.Module
}
Package defines the access methods to a policy package.
func LoadPackagesFromPaths ¶
LoadPackagesFromPaths loads policy packages from the given paths.
type PackageSpec ¶
type PackageSpec struct {
// Rule specifies the policy rule settings.
Rule *RuleSpec `json:"rule,omitempty" yaml:"rule,omitempty"`
}
PackageSpec specifies the package settings.
type RegoCompilerOptions ¶
type RegoCompilerOptions struct{}
RegoCompilerOptions configs the RegoCompiler.
type Rule ¶
type Rule struct {
// Kind specifies the kind of the query.
Kind QueryKind
// Name provides the name of the rule.
Name string
// Namespace specifies the namespace of the rule.
Namespace string
// SourceLocation is the source definition of the rule.
SourceLocation *ast.Location
}
Rule specifies a policy rule. For example:
- "data.main.deny_x" => Kind: deny, Name: "x"
- "data.main.violation_y" => Kind: violation, Name: "y"
- "data.main.warn_z" => Kind: warn, Name: "z"
For naming conventions, see: https://www.conftest.dev/exceptions/
type RuleSpec ¶
type RuleSpec struct {
// DocLink specifies the policy rule document link format.
//
// The value will be formatted using text.Template. Following variables are available:
//
// - {{.Name}}: the name of the rule.
// - {{.Kind}}: the kind of the rule. See `QueryKind` for available options.
// - {{.SourceFileName}}: the source file name (without the .rego extension) of the rule.
// If the rule is not defined in a source file, this will be empty.
DocLink string `json:"doc_link,omitempty" yaml:"doc_link,omitempty"`
}
RuleSpec specifies the policy rule settings.
Source Files
Click to show internal directories.
Click to hide internal directories.