policies

package
v0.96.20 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 16, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExtractDigest added in v0.96.6

func ExtractDigest(ref string) (string, string)

func IsProviderScheme added in v0.96.0

func IsProviderScheme(ref string) bool

IsProviderScheme takes a policy reference and returns whether it's referencing to an external provider or not

func LoadPolicyScriptsFromSpec added in v0.96.9

func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Material_MaterialType) ([]*engine.Policy, error)

LoadPolicyScriptsFromSpec loads all policy script that matches a given material type. It matches if: * the policy kind is unspecified, meaning that it was forced by name selector * the policy kind is specified, and it's equal to the material type

func LogPolicyViolations added in v0.94.0

func LogPolicyViolations(evaluations []*v12.PolicyEvaluation, logger *zerolog.Logger)

Types

type ChainloopGroupLoader added in v0.96.14

type ChainloopGroupLoader struct {
	Client pb.AttestationServiceClient
	// contains filtered or unexported fields
}

ChainloopGroupLoader loads groups referenced with chainloop://provider/name URLs

func NewChainloopGroupLoader added in v0.96.14

func NewChainloopGroupLoader(client pb.AttestationServiceClient) *ChainloopGroupLoader

func (*ChainloopGroupLoader) Load added in v0.96.14

type ChainloopLoader added in v0.95.7

type ChainloopLoader struct {
	Client pb.AttestationServiceClient
	// contains filtered or unexported fields
}

ChainloopLoader loads policies referenced with chainloop://provider/name URLs

func NewChainloopLoader added in v0.95.7

func NewChainloopLoader(client pb.AttestationServiceClient) *ChainloopLoader

func (*ChainloopLoader) Load added in v0.95.7

type EmbeddedLoader added in v0.95.7

type EmbeddedLoader struct{}

EmbeddedLoader returns embedded policies

func (*EmbeddedLoader) Load added in v0.95.7

type FileGroupLoader added in v0.96.14

type FileGroupLoader struct{}

FileGroupLoader loader loads policies from filesystem and HTTPS references using Cosign's blob package

func (*FileGroupLoader) Load added in v0.96.14

type FileLoader added in v0.96.5

type FileLoader struct{}

FileLoader loader loads policies from filesystem and HTTPS references using Cosign's blob package

func (*FileLoader) Load added in v0.96.5

type GroupLoader added in v0.96.14

type GroupLoader interface {
	Load(context.Context, *v1.PolicyGroupAttachment) (*v1.PolicyGroup, *v12.ResourceDescriptor, error)
}

GroupLoader defines the interface for policy loaders from contract attachments

type HTTPSGroupLoader added in v0.96.14

type HTTPSGroupLoader struct{}

HTTPSGroupLoader loader loads policies from HTTP or HTTPS references

func (*HTTPSGroupLoader) Load added in v0.96.14

type HTTPSLoader added in v0.96.5

type HTTPSLoader struct{}

HTTPSLoader loader loads policies from HTTP or HTTPS references

func (*HTTPSLoader) Load added in v0.96.5

type Loader added in v0.95.7

type Loader interface {
	Load(context.Context, *v1.PolicyAttachment) (*v1.Policy, *v12.ResourceDescriptor, error)
}

Loader defines the interface for policy loaders from contract attachments

type PolicyError added in v0.94.2

type PolicyError struct {
	// contains filtered or unexported fields
}

func NewPolicyError added in v0.94.2

func NewPolicyError(err error) *PolicyError

func (*PolicyError) Error added in v0.94.2

func (e *PolicyError) Error() string

func (*PolicyError) Unwrap added in v0.96.0

func (e *PolicyError) Unwrap() error

type PolicyGroupVerifier added in v0.96.14

type PolicyGroupVerifier struct {
	*PolicyVerifier
	// contains filtered or unexported fields
}

func NewPolicyGroupVerifier added in v0.96.14

func NewPolicyGroupVerifier(schema *v1.CraftingSchema, client v13.AttestationServiceClient, logger *zerolog.Logger) *PolicyGroupVerifier

func (*PolicyGroupVerifier) VerifyMaterial added in v0.96.14

func (pgv *PolicyGroupVerifier) VerifyMaterial(ctx context.Context, material *api.Attestation_Material, path string) ([]*api.PolicyEvaluation, error)

VerifyMaterial evaluates a material against groups of policies defined in the schema

func (*PolicyGroupVerifier) VerifyStatement added in v0.96.14

func (pgv *PolicyGroupVerifier) VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*api.PolicyEvaluation, error)

type PolicyVerifier

type PolicyVerifier struct {
	// contains filtered or unexported fields
}

func NewPolicyVerifier

func NewPolicyVerifier(schema *v1.CraftingSchema, client v13.AttestationServiceClient, logger *zerolog.Logger) *PolicyVerifier

func (*PolicyVerifier) VerifyMaterial added in v0.93.8

func (pv *PolicyVerifier) VerifyMaterial(ctx context.Context, material *v12.Attestation_Material, artifactPath string) ([]*v12.PolicyEvaluation, error)

VerifyMaterial applies all required policies to a material

func (*PolicyVerifier) VerifyStatement added in v0.93.8

func (pv *PolicyVerifier) VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*v12.PolicyEvaluation, error)

VerifyStatement verifies that the statement is compliant with the policies present in the schema

type ProviderRef added in v0.96.15

type ProviderRef struct {
	Provider, OrgName, Name string
}

ProviderRef represents a policy provider reference

func ProviderParts added in v0.96.0

func ProviderParts(ref string) *ProviderRef

ProviderParts returns the provider information for a given reference

type Verifier added in v0.96.14

type Verifier interface {
	VerifyMaterial(ctx context.Context, m *v12.Attestation_Material, path string) ([]*v12.PolicyEvaluation, error)
	VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*v12.PolicyEvaluation, error)
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL