policies

package

v0.96.10 Latest Latest Go to latest Published: Sep 19, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/chainloop-dev/chainloop

Links

Open Source Insights

Documentation ¶

Index ¶

func ExtractDigest(ref string) (string, string)
func IsProviderScheme(ref string) bool
func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Material_MaterialType) ([]*engine.Policy, error)
func LogPolicyViolations(evaluations []*v12.PolicyEvaluation, logger *zerolog.Logger)
func ProviderParts(ref string) (string, string)
type ChainloopLoader
- func NewChainloopLoader(client pb.AttestationServiceClient) *ChainloopLoader
- func (c *ChainloopLoader) Load(ctx context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
type EmbeddedLoader
- func (e *EmbeddedLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
type FileLoader
- func (l *FileLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
type HTTPSLoader
- func (l *HTTPSLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
type Loader
type PolicyError
- func NewPolicyError(err error) *PolicyError
- func (e *PolicyError) Error() string
- func (e *PolicyError) Unwrap() error
type PolicyVerifier
- func NewPolicyVerifier(schema *v1.CraftingSchema, client v13.AttestationServiceClient, ...) *PolicyVerifier
- func (pv *PolicyVerifier) VerifyMaterial(ctx context.Context, material *v12.Attestation_Material, artifactPath string) ([]*v12.PolicyEvaluation, error)
- func (pv *PolicyVerifier) VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*v12.PolicyEvaluation, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ExtractDigest ¶ added in v0.96.6

func ExtractDigest(ref string) (string, string)

func IsProviderScheme ¶ added in v0.96.0

func IsProviderScheme(ref string) bool

IsProviderScheme takes a policy reference and returns whether it's referencing to an external provider or not

func LoadPolicyScriptsFromSpec ¶ added in v0.96.9

func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Material_MaterialType) ([]*engine.Policy, error)

LoadPolicyScriptsFromSpec loads all policy script that matches a given material type. It matches if: * the policy kind is unspecified, meaning that it was forced by name selector * the policy kind is specified, and it's equal to the material type

func LogPolicyViolations ¶ added in v0.94.0

func LogPolicyViolations(evaluations []*v12.PolicyEvaluation, logger *zerolog.Logger)

func ProviderParts ¶ added in v0.96.0

func ProviderParts(ref string) (string, string)

Types ¶

type ChainloopLoader ¶ added in v0.95.7

type ChainloopLoader struct {
	Client pb.AttestationServiceClient
	// contains filtered or unexported fields
}

ChainloopLoader loads policies referenced with chainloop://provider/name URLs

func NewChainloopLoader ¶ added in v0.95.7

func NewChainloopLoader(client pb.AttestationServiceClient) *ChainloopLoader

func (*ChainloopLoader) Load ¶ added in v0.95.7

func (c *ChainloopLoader) Load(ctx context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)

type EmbeddedLoader ¶ added in v0.95.7

type EmbeddedLoader struct{}

EmbeddedLoader returns embedded policies

func (*EmbeddedLoader) Load ¶ added in v0.95.7

func (e *EmbeddedLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)

type FileLoader ¶ added in v0.96.5

type FileLoader struct{}

FileLoader loader loads policies from filesystem and HTTPS references using Cosign's blob package

func (*FileLoader) Load ¶ added in v0.96.5

func (l *FileLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)

type HTTPSLoader ¶ added in v0.96.5

type HTTPSLoader struct{}

HTTPSLoader loader loads policies from HTTP or HTTPS references

func (*HTTPSLoader) Load ¶ added in v0.96.5

func (l *HTTPSLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)

type Loader ¶ added in v0.95.7

type Loader interface {
	Load(context.Context, *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
}

Loader defines the interface for policy loaders from contract attachments

type PolicyError ¶ added in v0.94.2

type PolicyError struct {
	// contains filtered or unexported fields
}

func NewPolicyError ¶ added in v0.94.2

func NewPolicyError(err error) *PolicyError

func (*PolicyError) Error ¶ added in v0.94.2

func (e *PolicyError) Error() string

func (*PolicyError) Unwrap ¶ added in v0.96.0

func (e *PolicyError) Unwrap() error

type PolicyVerifier ¶

type PolicyVerifier struct {
	// contains filtered or unexported fields
}

func NewPolicyVerifier ¶

func NewPolicyVerifier(schema *v1.CraftingSchema, client v13.AttestationServiceClient, logger *zerolog.Logger) *PolicyVerifier

func (*PolicyVerifier) VerifyMaterial ¶ added in v0.93.8

func (pv *PolicyVerifier) VerifyMaterial(ctx context.Context, material *v12.Attestation_Material, artifactPath string) ([]*v12.PolicyEvaluation, error)

VerifyMaterial applies all required policies to a material

func (*PolicyVerifier) VerifyStatement ¶ added in v0.93.8

func (pv *PolicyVerifier) VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*v12.PolicyEvaluation, error)

VerifyStatement verifies that the statement is compliant with the policies present in the schema

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
engine
rego

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL