engine

package

v0.19.0 Latest Latest Go to latest Published: Jul 1, 2022 License: Apache-2.0 Imports: 42 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cerbos/cerbos

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ResidualExpr(a *cel.Ast, details *cel.EvalDetails) *exprpb.Expr
type CheckOpt
- func WithTraceSink(tracerSink tracer.Sink) CheckOpt
- func WithZapTraceSink(log *zap.Logger) CheckOpt
type Components
type Conf
- func GetConf() (*Conf, error)
type EffectInfo
type Engine
- func (engine *Engine) Check(ctx context.Context, inputs []*enginev1.CheckInput, opts ...CheckOpt) ([]*enginev1.CheckOutput, error)
- func (engine *Engine) PlanResources(ctx context.Context, input *enginev1.PlanResourcesInput) (*enginev1.PlanResourcesOutput, error)
type Evaluator
- func NewEvaluator(rps *runtimev1.RunnablePolicySet, schemaMgr schema.Manager) Evaluator
type PolicyEvalResult
type PolicyPlanResult

Constants ¶

View Source

const (
	Or                 = "or"
	And                = "and"
	Not                = "not"
	Equals             = "eq"
	NotEquals          = "ne"
	GreaterThan        = "gt"
	GreaterThanOrEqual = "ge"
	LessThan           = "lt"
	LessThanOrEqual    = "le"
	In                 = "in"
	List               = "list"
	Struct             = "struct"
	Add                = "add"
	Sub                = "sub"
	Mult               = "mult"
	Div                = "div"
	Mod                = "mod"
	SetField           = "set-field"
	GetField           = "get-field"
	Index              = "index"
	All                = "all"
	Filter             = "filter"
	Exists             = "exists"
	ExistsOne          = "exists_one"
	Map                = "map"
	Lambda             = "lambda"
)

Variables ¶

View Source

var ErrPolicyNotExecutable = errors.New("policy not executable")

View Source

var ErrUnknownOperator = errors.New("unknown operator")

Functions ¶

func ResidualExpr ¶ added in v0.16.0

func ResidualExpr(a *cel.Ast, details *cel.EvalDetails) *exprpb.Expr

ResidualExpr evaluates `residual expression` of the partial evaluation. There are two approaches for this: 1. ast := env.ResidualAst(); ast.Expr() 2. ResidualExpr() The former is the built-in approach, but unlike the latter doesn't support CEL comprehensions.

Types ¶

type CheckOpt ¶ added in v0.9.0

type CheckOpt func(*checkOptions)

CheckOpt defines options for engine Check calls.

func WithTraceSink ¶ added in v0.15.0

func WithTraceSink(tracerSink tracer.Sink) CheckOpt

func WithZapTraceSink ¶ added in v0.9.0

func WithZapTraceSink(log *zap.Logger) CheckOpt

WithZapTraceSink sets an engine tracer with Zap set as the sink.

type Components ¶ added in v0.11.0

type Components struct {
	AuditLog   audit.Log
	CompileMgr *compile.Manager
	SchemaMgr  schema.Manager
}

type Conf ¶

type Conf struct {
	// DefaultPolicyVersion defines what version to assume if the request does not specify one.
	DefaultPolicyVersion string `yaml:"defaultPolicyVersion" conf:",example=\"default\""`
	NumWorkers           uint   `yaml:"numWorkers" conf:",ignore"`
}

Conf is optional configuration for engine.

func GetConf ¶ added in v0.15.0

func GetConf() (*Conf, error)

func (*Conf) Key ¶

func (c *Conf) Key() string

func (*Conf) SetDefaults ¶

func (c *Conf) SetDefaults()

func (*Conf) Validate ¶

func (c *Conf) Validate() error

type EffectInfo ¶ added in v0.13.0

type EffectInfo struct {
	Policy string
	Scope  string
	Effect effectv1.Effect
}

type Engine ¶

type Engine struct {
	// contains filtered or unexported fields
}

func New ¶

func New(ctx context.Context, components Components) (*Engine, error)

func NewEphemeral ¶

func NewEphemeral(compileMgr *compile.Manager, schemaMgr schema.Manager) (*Engine, error)

func NewFromConf ¶ added in v0.15.0

func NewFromConf(ctx context.Context, conf *Conf, components Components) *Engine

func (*Engine) Check ¶

func (engine *Engine) Check(ctx context.Context, inputs []*enginev1.CheckInput, opts ...CheckOpt) ([]*enginev1.CheckOutput, error)

func (*Engine) PlanResources ¶ added in v0.16.0

func (engine *Engine) PlanResources(ctx context.Context, input *enginev1.PlanResourcesInput) (*enginev1.PlanResourcesOutput, error)

type Evaluator ¶ added in v0.9.0

type Evaluator interface {
	Evaluate(context.Context, tracer.Context, *enginev1.CheckInput) (*PolicyEvalResult, error)
	EvaluateResourcesQueryPlan(ctx context.Context, request *enginev1.PlanResourcesInput) (*PolicyPlanResult, error)
}

func NewEvaluator ¶ added in v0.9.0

func NewEvaluator(rps *runtimev1.RunnablePolicySet, schemaMgr schema.Manager) Evaluator

type PolicyEvalResult ¶ added in v0.12.0

type PolicyEvalResult struct {
	Effects               map[string]EffectInfo
	EffectiveDerivedRoles map[string]struct{}

	ValidationErrors []*schemav1.ValidationError
	// contains filtered or unexported fields
}

type PolicyPlanResult ¶ added in v0.18.0

type PolicyPlanResult struct {
	Scope            string
	AllowFilter      []*qpN
	DenyFilter       []*qpN
	ValidationErrors []*schemav1.ValidationError
}

func (*PolicyPlanResult) Add ¶ added in v0.18.0

func (p *PolicyPlanResult) Add(filter *qpN, effect effectv1.Effect)

func (*PolicyPlanResult) Empty ¶ added in v0.18.0

func (p *PolicyPlanResult) Empty() bool

func (*PolicyPlanResult) ToPlanResourcesOutput ¶ added in v0.18.0

func (p *PolicyPlanResult) ToPlanResourcesOutput(input *enginev1.PlanResourcesInput) (*enginev1.PlanResourcesOutput, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
tracer

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL