policies

package

v0.96.12 Latest Latest Go to latest Published: Sep 22, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chainloop-dev/chainloop

Links

Open Source Insights

Documentation ¶

Index ¶

func ExtractDigest(ref string) (string, string)
func IsProviderScheme(ref string) bool
func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Material_MaterialType) ([]*engine.Policy, error)
func LogPolicyViolations(evaluations []*v12.PolicyEvaluation, logger *zerolog.Logger)
func ProviderParts(ref string) (string, string)
type ChainloopLoader
- func NewChainloopLoader(client pb.AttestationServiceClient) *ChainloopLoader
- func (c *ChainloopLoader) Load(ctx context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
type EmbeddedLoader
- func (e *EmbeddedLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
type FileLoader
- func (l *FileLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
type HTTPSLoader
- func (l *HTTPSLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
type Loader
type PolicyError
- func NewPolicyError(err error) *PolicyError
- func (e *PolicyError) Error() string
- func (e *PolicyError) Unwrap() error
type PolicyVerifier
- func NewPolicyVerifier(schema *v1.CraftingSchema, client v13.AttestationServiceClient, ...) *PolicyVerifier
- func (pv *PolicyVerifier) VerifyMaterial(ctx context.Context, material *v12.Attestation_Material, artifactPath string) ([]*v12.PolicyEvaluation, error)
- func (pv *PolicyVerifier) VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*v12.PolicyEvaluation, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ExtractDigest ¶ added in v0.96.6

func ExtractDigest(ref string) (string, string)

func IsProviderScheme ¶ added in v0.96.0

func IsProviderScheme(ref string) bool

IsProviderScheme takes a policy reference and returns whether it's referencing to an external provider or not

func LoadPolicyScriptsFromSpec ¶ added in v0.96.9

func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Material_MaterialType) ([]*engine.Policy, error)

LoadPolicyScriptsFromSpec loads all policy script that matches a given material type. It matches if: * the policy kind is unspecified, meaning that it was forced by name selector * the policy kind is specified, and it's equal to the material type

func LogPolicyViolations ¶ added in v0.94.0

func LogPolicyViolations(evaluations []*v12.PolicyEvaluation, logger *zerolog.Logger)

func ProviderParts ¶ added in v0.96.0

func ProviderParts(ref string) (string, string)

Types ¶

type ChainloopLoader ¶ added in v0.95.7

type ChainloopLoader struct {
	Client pb.AttestationServiceClient
	// contains filtered or unexported fields
}

ChainloopLoader loads policies referenced with chainloop://provider/name URLs

func NewChainloopLoader ¶ added in v0.95.7

func NewChainloopLoader(client pb.AttestationServiceClient) *ChainloopLoader

func (*ChainloopLoader) Load ¶ added in v0.95.7

func (c *ChainloopLoader) Load(ctx context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)

type EmbeddedLoader ¶ added in v0.95.7

type EmbeddedLoader struct{}

EmbeddedLoader returns embedded policies

func (*EmbeddedLoader) Load ¶ added in v0.95.7

func (e *EmbeddedLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)

type FileLoader ¶ added in v0.96.5

type FileLoader struct{}

FileLoader loader loads policies from filesystem and HTTPS references using Cosign's blob package

func (*FileLoader) Load ¶ added in v0.96.5

func (l *FileLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)

type HTTPSLoader ¶ added in v0.96.5

type HTTPSLoader struct{}

HTTPSLoader loader loads policies from HTTP or HTTPS references

func (*HTTPSLoader) Load ¶ added in v0.96.5

func (l *HTTPSLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)

type Loader ¶ added in v0.95.7

type Loader interface {
	Load(context.Context, *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
}

Loader defines the interface for policy loaders from contract attachments

type PolicyError ¶ added in v0.94.2

type PolicyError struct {
	// contains filtered or unexported fields
}

func NewPolicyError ¶ added in v0.94.2

func NewPolicyError(err error) *PolicyError

func (*PolicyError) Error ¶ added in v0.94.2

func (e *PolicyError) Error() string

func (*PolicyError) Unwrap ¶ added in v0.96.0

func (e *PolicyError) Unwrap() error

type PolicyVerifier ¶

type PolicyVerifier struct {
	// contains filtered or unexported fields
}

func NewPolicyVerifier ¶

func NewPolicyVerifier(schema *v1.CraftingSchema, client v13.AttestationServiceClient, logger *zerolog.Logger) *PolicyVerifier

func (*PolicyVerifier) VerifyMaterial ¶ added in v0.93.8

func (pv *PolicyVerifier) VerifyMaterial(ctx context.Context, material *v12.Attestation_Material, artifactPath string) ([]*v12.PolicyEvaluation, error)

VerifyMaterial applies all required policies to a material

func (*PolicyVerifier) VerifyStatement ¶ added in v0.93.8

func (pv *PolicyVerifier) VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*v12.PolicyEvaluation, error)

VerifyStatement verifies that the statement is compliant with the policies present in the schema

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
engine
rego

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL