Documentation ¶
Index ¶
- func ExtractDigest(ref string) (string, string)
- func IsProviderScheme(ref string) bool
- func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Material_MaterialType, ...) ([]*engine.Policy, error)
- func LogPolicyEvaluations(evaluations []*v12.PolicyEvaluation, logger *zerolog.Logger)
- type ChainloopGroupLoader
- type ChainloopLoader
- type EmbeddedLoader
- type FileGroupLoader
- type FileLoader
- type GroupLoader
- type HTTPSGroupLoader
- type HTTPSLoader
- type Loader
- type PolicyDescriptor
- type PolicyError
- type PolicyGroupVerifier
- type PolicyVerifier
- type ProviderRef
- type Verifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractDigest ¶ added in v0.96.6
func IsProviderScheme ¶ added in v0.96.0
IsProviderScheme takes a policy reference and returns whether it's referencing to an external provider or not
func LoadPolicyScriptsFromSpec ¶ added in v0.96.9
func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Material_MaterialType, basePath string) ([]*engine.Policy, error)
LoadPolicyScriptsFromSpec loads all policy script that matches a given material type. It matches if: * the policy kind is unspecified, meaning that it was forced by name selector * the policy kind is specified, and it's equal to the material type
func LogPolicyEvaluations ¶ added in v0.96.21
func LogPolicyEvaluations(evaluations []*v12.PolicyEvaluation, logger *zerolog.Logger)
Types ¶
type ChainloopGroupLoader ¶ added in v0.96.14
type ChainloopGroupLoader struct { Client pb.AttestationServiceClient // contains filtered or unexported fields }
ChainloopGroupLoader loads groups referenced with chainloop://provider/name URLs
func NewChainloopGroupLoader ¶ added in v0.96.14
func NewChainloopGroupLoader(client pb.AttestationServiceClient) *ChainloopGroupLoader
func (*ChainloopGroupLoader) Load ¶ added in v0.96.14
func (c *ChainloopGroupLoader) Load(ctx context.Context, attachment *v1.PolicyGroupAttachment) (*v1.PolicyGroup, *PolicyDescriptor, error)
type ChainloopLoader ¶ added in v0.95.7
type ChainloopLoader struct { Client pb.AttestationServiceClient // contains filtered or unexported fields }
ChainloopLoader loads policies referenced with chainloop://provider/name URLs
func NewChainloopLoader ¶ added in v0.95.7
func NewChainloopLoader(client pb.AttestationServiceClient) *ChainloopLoader
func (*ChainloopLoader) Load ¶ added in v0.95.7
func (c *ChainloopLoader) Load(ctx context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *PolicyDescriptor, error)
type EmbeddedLoader ¶ added in v0.95.7
type EmbeddedLoader struct{}
EmbeddedLoader returns embedded policies
func (*EmbeddedLoader) Load ¶ added in v0.95.7
func (e *EmbeddedLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *PolicyDescriptor, error)
type FileGroupLoader ¶ added in v0.96.14
type FileGroupLoader struct{}
FileGroupLoader loader loads policies from filesystem and HTTPS references using Cosign's blob package
func (*FileGroupLoader) Load ¶ added in v0.96.14
func (l *FileGroupLoader) Load(_ context.Context, attachment *v1.PolicyGroupAttachment) (*v1.PolicyGroup, *PolicyDescriptor, error)
type FileLoader ¶ added in v0.96.5
type FileLoader struct{}
FileLoader loader loads policies from filesystem and HTTPS references using Cosign's blob package
func (*FileLoader) Load ¶ added in v0.96.5
func (l *FileLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *PolicyDescriptor, error)
type GroupLoader ¶ added in v0.96.14
type GroupLoader interface {
Load(context.Context, *v1.PolicyGroupAttachment) (*v1.PolicyGroup, *PolicyDescriptor, error)
}
GroupLoader defines the interface for policy loaders from contract attachments
type HTTPSGroupLoader ¶ added in v0.96.14
type HTTPSGroupLoader struct{}
HTTPSGroupLoader loader loads policies from HTTP or HTTPS references
func (*HTTPSGroupLoader) Load ¶ added in v0.96.14
func (l *HTTPSGroupLoader) Load(_ context.Context, attachment *v1.PolicyGroupAttachment) (*v1.PolicyGroup, *PolicyDescriptor, error)
type HTTPSLoader ¶ added in v0.96.5
type HTTPSLoader struct{}
HTTPSLoader loader loads policies from HTTP or HTTPS references
func (*HTTPSLoader) Load ¶ added in v0.96.5
func (l *HTTPSLoader) Load(_ context.Context, attachment *v1.PolicyAttachment) (*v1.Policy, *PolicyDescriptor, error)
type Loader ¶ added in v0.95.7
type Loader interface {
Load(context.Context, *v1.PolicyAttachment) (*v1.Policy, *PolicyDescriptor, error)
}
Loader defines the interface for policy loaders from contract attachments
type PolicyDescriptor ¶ added in v0.97.5
type PolicyDescriptor struct { // FQ URI of the policy URI string // Policy name (only when it can be resolved by the loader) Name string // policy digest Digest string // Org name for custom policies (only supported by the remote ChainloopLoader) OrgName string }
PolicyDescriptor Represents a policy reference. Used as FQ references.
func (*PolicyDescriptor) GetDigest ¶ added in v0.97.5
func (p *PolicyDescriptor) GetDigest() string
func (*PolicyDescriptor) GetName ¶ added in v0.97.5
func (p *PolicyDescriptor) GetName() string
func (*PolicyDescriptor) GetOrgName ¶ added in v0.97.5
func (p *PolicyDescriptor) GetOrgName() string
func (*PolicyDescriptor) GetURI ¶ added in v0.97.5
func (p *PolicyDescriptor) GetURI() string
type PolicyError ¶ added in v0.94.2
type PolicyError struct {
// contains filtered or unexported fields
}
func NewPolicyError ¶ added in v0.94.2
func NewPolicyError(err error) *PolicyError
func (*PolicyError) Error ¶ added in v0.94.2
func (e *PolicyError) Error() string
func (*PolicyError) Unwrap ¶ added in v0.96.0
func (e *PolicyError) Unwrap() error
type PolicyGroupVerifier ¶ added in v0.96.14
type PolicyGroupVerifier struct { *PolicyVerifier // contains filtered or unexported fields }
func NewPolicyGroupVerifier ¶ added in v0.96.14
func NewPolicyGroupVerifier(schema *v1.CraftingSchema, client v13.AttestationServiceClient, logger *zerolog.Logger) *PolicyGroupVerifier
func (*PolicyGroupVerifier) VerifyMaterial ¶ added in v0.96.14
func (pgv *PolicyGroupVerifier) VerifyMaterial(ctx context.Context, material *api.Attestation_Material, path string) ([]*api.PolicyEvaluation, error)
VerifyMaterial evaluates a material against groups of policies defined in the schema
func (*PolicyGroupVerifier) VerifyStatement ¶ added in v0.96.14
func (pgv *PolicyGroupVerifier) VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*api.PolicyEvaluation, error)
type PolicyVerifier ¶
type PolicyVerifier struct {
// contains filtered or unexported fields
}
func NewPolicyVerifier ¶
func NewPolicyVerifier(schema *v1.CraftingSchema, client v13.AttestationServiceClient, logger *zerolog.Logger) *PolicyVerifier
func (*PolicyVerifier) VerifyMaterial ¶ added in v0.93.8
func (pv *PolicyVerifier) VerifyMaterial(ctx context.Context, material *v12.Attestation_Material, artifactPath string) ([]*v12.PolicyEvaluation, error)
VerifyMaterial applies all required policies to a material
func (*PolicyVerifier) VerifyStatement ¶ added in v0.93.8
func (pv *PolicyVerifier) VerifyStatement(ctx context.Context, statement *intoto.Statement) ([]*v12.PolicyEvaluation, error)
VerifyStatement verifies that the statement is compliant with the policies present in the schema
type ProviderRef ¶ added in v0.96.15
type ProviderRef struct {
Provider, OrgName, Name string
}
ProviderRef represents a policy provider reference
func ProviderParts ¶ added in v0.96.0
func ProviderParts(reference string) *ProviderRef
ProviderParts returns the provider information for a given reference