policies

package
v0.137.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 10, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ComputeArguments added in v0.104.0

func ComputeArguments(inputs []*v1.PolicyInput, args map[string]string, bindings map[string]string, logger *zerolog.Logger) (map[string]string, error)

ComputeArguments takes a list of arguments, and matches it against the expected inputs. It also applies a set of interpolations if needed.

func ExtractDigest added in v0.96.6

func ExtractDigest(ref string) (string, string)

func InterpolateGroupMaterial added in v0.104.0

func InterpolateGroupMaterial(gm *v1.PolicyGroup_Material, bindings map[string]string) (*v1.PolicyGroup_Material, error)

InterpolateGroupMaterial returns a version of the group material with all template interpolations applied (only name is supported atm)

func IsProviderScheme added in v0.96.0

func IsProviderScheme(ref string) bool

IsProviderScheme takes a policy reference and returns whether it's referencing to an external provider or not

func LoadPolicyScriptsFromSpec added in v0.96.9

func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Material_MaterialType, basePath string) ([]*engine.Policy, error)

LoadPolicyScriptsFromSpec loads all policy script that matches a given material type. It matches if: * the policy kind is unspecified, meaning that it was forced by name selector * the policy kind is specified, and it's equal to the material type

func LogPolicyEvaluations added in v0.96.21

func LogPolicyEvaluations(evaluations []*v12.PolicyEvaluation, logger *zerolog.Logger)

Types

type ChainloopGroupLoader added in v0.96.14

type ChainloopGroupLoader struct {
	Client pb.AttestationServiceClient
	// contains filtered or unexported fields
}

ChainloopGroupLoader loads groups referenced with chainloop://provider/name URLs

func NewChainloopGroupLoader added in v0.96.14

func NewChainloopGroupLoader(client pb.AttestationServiceClient) *ChainloopGroupLoader

func (*ChainloopGroupLoader) Load added in v0.96.14

type ChainloopLoader added in v0.95.7

type ChainloopLoader struct {
	Client pb.AttestationServiceClient
	// contains filtered or unexported fields
}

ChainloopLoader loads policies referenced with chainloop://provider/name URLs

func NewChainloopLoader added in v0.95.7

func NewChainloopLoader(client pb.AttestationServiceClient) *ChainloopLoader

func (*ChainloopLoader) Load added in v0.95.7

type EmbeddedLoader added in v0.95.7

type EmbeddedLoader struct{}

EmbeddedLoader returns embedded policies

func (*EmbeddedLoader) Load added in v0.95.7

type FileGroupLoader added in v0.96.14

type FileGroupLoader struct{}

FileGroupLoader loader loads policies from filesystem and HTTPS references using Cosign's blob package

func (*FileGroupLoader) Load added in v0.96.14

type FileLoader added in v0.96.5

type FileLoader struct{}

FileLoader loader loads policies from filesystem and HTTPS references using Cosign's blob package

func (*FileLoader) Load added in v0.96.5

type GroupLoader added in v0.96.14

type GroupLoader interface {
	Load(context.Context, *v1.PolicyGroupAttachment) (*v1.PolicyGroup, *PolicyDescriptor, error)
}

GroupLoader defines the interface for policy loaders from contract attachments

type HTTPSGroupLoader added in v0.96.14

type HTTPSGroupLoader struct{}

HTTPSGroupLoader loader loads policies from HTTP or HTTPS references

func (*HTTPSGroupLoader) Load added in v0.96.14

type HTTPSLoader added in v0.96.5

type HTTPSLoader struct{}

HTTPSLoader loader loads policies from HTTP or HTTPS references

func (*HTTPSLoader) Load added in v0.96.5

type LoadPolicyGroupOptions added in v0.98.0

type LoadPolicyGroupOptions struct {
	Client v13.AttestationServiceClient
	Logger *zerolog.Logger
}

type Loader added in v0.95.7

type Loader interface {
	Load(context.Context, *v1.PolicyAttachment) (*v1.Policy, *PolicyDescriptor, error)
}

Loader defines the interface for policy loaders from contract attachments

type PolicyDescriptor added in v0.97.5

type PolicyDescriptor struct {
	// FQ URI of the policy
	URI string
	// Policy name (only when it can be resolved by the loader)
	Name string
	// policy digest
	Digest string
	// Org name for custom policies (only supported by the remote ChainloopLoader)
	OrgName string
}

PolicyDescriptor Represents a policy reference. Used as FQ references.

func LoadPolicyGroup added in v0.98.0

LoadPolicyGroup loads a group (unmarshalls it) from a group attachment

func (*PolicyDescriptor) GetDigest added in v0.97.5

func (p *PolicyDescriptor) GetDigest() string

func (*PolicyDescriptor) GetName added in v0.97.5

func (p *PolicyDescriptor) GetName() string

func (*PolicyDescriptor) GetOrgName added in v0.97.5

func (p *PolicyDescriptor) GetOrgName() string

func (*PolicyDescriptor) GetURI added in v0.97.5

func (p *PolicyDescriptor) GetURI() string

type PolicyError added in v0.94.2

type PolicyError struct {
	// contains filtered or unexported fields
}

func NewPolicyError added in v0.94.2

func NewPolicyError(err error) *PolicyError

func (*PolicyError) Error added in v0.94.2

func (e *PolicyError) Error() string

func (*PolicyError) Unwrap added in v0.96.0

func (e *PolicyError) Unwrap() error

type PolicyGroupVerifier added in v0.96.14

type PolicyGroupVerifier struct {
	*PolicyVerifier
	// contains filtered or unexported fields
}

func NewPolicyGroupVerifier added in v0.96.14

func NewPolicyGroupVerifier(schema *v1.CraftingSchema, client v13.AttestationServiceClient, logger *zerolog.Logger) *PolicyGroupVerifier

func (*PolicyGroupVerifier) VerifyMaterial added in v0.96.14

func (pgv *PolicyGroupVerifier) VerifyMaterial(ctx context.Context, material *api.Attestation_Material, path string) ([]*api.PolicyEvaluation, error)

VerifyMaterial evaluates a material against groups of policies defined in the schema

func (*PolicyGroupVerifier) VerifyStatement added in v0.96.14

func (pgv *PolicyGroupVerifier) VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*api.PolicyEvaluation, error)

type PolicyVerifier

type PolicyVerifier struct {
	// contains filtered or unexported fields
}

func NewPolicyVerifier

func NewPolicyVerifier(schema *v1.CraftingSchema, client v13.AttestationServiceClient, logger *zerolog.Logger) *PolicyVerifier

func (*PolicyVerifier) VerifyMaterial added in v0.93.8

func (pv *PolicyVerifier) VerifyMaterial(ctx context.Context, material *v12.Attestation_Material, artifactPath string) ([]*v12.PolicyEvaluation, error)

VerifyMaterial applies all required policies to a material

func (*PolicyVerifier) VerifyStatement added in v0.93.8

func (pv *PolicyVerifier) VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*v12.PolicyEvaluation, error)

VerifyStatement verifies that the statement is compliant with the policies present in the schema

type ProviderRef added in v0.96.15

type ProviderRef struct {
	Provider, OrgName, Name string
}

ProviderRef represents a policy provider reference

func ProviderParts added in v0.96.0

func ProviderParts(reference string) *ProviderRef

ProviderParts returns the provider information for a given reference

type Verifier added in v0.96.14

type Verifier interface {
	VerifyMaterial(ctx context.Context, m *v12.Attestation_Material, path string) ([]*v12.PolicyEvaluation, error)
	VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*v12.PolicyEvaluation, error)
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL