Documentation ¶
Index ¶
Constants ¶
View Source
const ( Or = "or" And = "and" Not = "not" Equals = "eq" NotEquals = "ne" GreaterThan = "gt" GreaterThanOrEqual = "ge" LessThan = "lt" LessThanOrEqual = "le" In = "in" List = "list" Struct = "struct" Add = "add" Sub = "sub" Mult = "mult" Div = "div" Mod = "mod" SetField = "set-field" GetField = "get-field" Index = "index" All = "all" Filter = "filter" Exists = "exists" ExistsOne = "exists_one" Map = "map" Lambda = "lambda" )
Variables ¶
View Source
var ErrPolicyNotExecutable = errors.New("policy not executable")
View Source
var ErrUnknownOperator = errors.New("unknown operator")
Functions ¶
func ResidualExpr ¶ added in v0.16.0
ResidualExpr evaluates `residual expression` of the partial evaluation. There are two approaches for this: 1. ast := env.ResidualAst(); ast.Expr() 2. ResidualExpr() The former is the built-in approach, but unlike the latter doesn't support CEL comprehensions.
Types ¶
type CheckOpt ¶ added in v0.9.0
type CheckOpt func(*checkOptions)
CheckOpt defines options for engine Check calls.
func WithTraceSink ¶ added in v0.15.0
func WithZapTraceSink ¶ added in v0.9.0
WithZapTraceSink sets an engine tracer with Zap set as the sink.
type Components ¶ added in v0.11.0
type Conf ¶
type Conf struct { // DefaultPolicyVersion defines what version to assume if the request does not specify one. DefaultPolicyVersion string `yaml:"defaultPolicyVersion" conf:",example=\"default\""` NumWorkers uint `yaml:"numWorkers" conf:",ignore"` }
Conf is optional configuration for engine.
func (*Conf) SetDefaults ¶
func (c *Conf) SetDefaults()
type EffectInfo ¶ added in v0.13.0
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
func NewEphemeral ¶
func NewFromConf ¶ added in v0.15.0
func NewFromConf(ctx context.Context, conf *Conf, components Components) *Engine
func (*Engine) Check ¶
func (engine *Engine) Check(ctx context.Context, inputs []*enginev1.CheckInput, opts ...CheckOpt) ([]*enginev1.CheckOutput, error)
func (*Engine) PlanResources ¶ added in v0.16.0
func (engine *Engine) PlanResources(ctx context.Context, input *enginev1.PlanResourcesInput) (*enginev1.PlanResourcesOutput, error)
type Evaluator ¶ added in v0.9.0
type Evaluator interface { Evaluate(context.Context, tracer.Context, *enginev1.CheckInput) (*PolicyEvalResult, error) EvaluateResourcesQueryPlan(ctx context.Context, request *enginev1.PlanResourcesInput) (*PolicyPlanResult, error) }
func NewEvaluator ¶ added in v0.9.0
func NewEvaluator(rps *runtimev1.RunnablePolicySet, schemaMgr schema.Manager) Evaluator
type PolicyEvalResult ¶ added in v0.12.0
type PolicyEvalResult struct { Effects map[string]EffectInfo EffectiveDerivedRoles map[string]struct{} ValidationErrors []*schemav1.ValidationError // contains filtered or unexported fields }
type PolicyPlanResult ¶ added in v0.18.0
type PolicyPlanResult struct { Scope string AllowFilter []*qpN DenyFilter []*qpN ValidationErrors []*schemav1.ValidationError }
func (*PolicyPlanResult) Add ¶ added in v0.18.0
func (p *PolicyPlanResult) Add(filter *qpN, effect effectv1.Effect)
func (*PolicyPlanResult) Empty ¶ added in v0.18.0
func (p *PolicyPlanResult) Empty() bool
func (*PolicyPlanResult) ToPlanResourcesOutput ¶ added in v0.18.0
func (p *PolicyPlanResult) ToPlanResourcesOutput(input *enginev1.PlanResourcesInput) (*enginev1.PlanResourcesOutput, error)
Source Files ¶
Click to show internal directories.
Click to hide internal directories.