opa

package

v0.15.0 Latest Latest Go to latest Published: Jan 17, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/defenseunicorns/lula

Documentation ¶

Index ¶

Variables
func CreateOpaProvider(_ context.Context, spec *OpaSpec) (types.Provider, error)
func GetValidatedAssets(ctx context.Context, regoPolicy string, regoModules map[string]string, ...) (types.Result, error)
type OpaOutput
type OpaProvider
- func (o OpaProvider) Evaluate(ctx context.Context, resources types.DomainResources) (types.Result, error)
type OpaSpec

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrCompileRego  = errors.New("failed to compile rego policy")
	ErrEvaluateRego = errors.New("failed to evaluate rego policy")
)

View Source

var (
	ErrNilSpec                = errors.New("spec is nil")
	ErrEmptyRego              = errors.New("rego policy cannot be empty")
	ErrInvalidValidationPath  = errors.New("validation field must be a json path")
	ErrInvalidObservationPath = errors.New("observation field must be a json path")
	ErrDownloadModule         = errors.New("error downloading module")
	ErrReadModule             = errors.New("error reading module")
	ErrReservedModuleName     = errors.New("module name is reserved and cannot be used in custom modules")
)

Functions ¶

func CreateOpaProvider ¶ added in v0.6.0

func CreateOpaProvider(_ context.Context, spec *OpaSpec) (types.Provider, error)

func GetValidatedAssets ¶

func GetValidatedAssets(ctx context.Context, regoPolicy string, regoModules map[string]string, dataset map[string]interface{}, output *OpaOutput) (types.Result, error)

GetValidatedAssets performs the validation of the dataset against the given rego policy

Types ¶

type OpaOutput ¶ added in v0.2.0

type OpaOutput struct {
	// optional: Specifies the JSON path to a boolean value indicating the validation result.
	Validation string `json:"validation" yaml:"validation"`
	// optional: any additional observations to include (fields must resolve to strings)
	Observations []string `json:"observations" yaml:"observations"`
}

OpaOutput Defines the output structure for OPA validation results, including validation status and additional observations.

type OpaProvider ¶ added in v0.2.0

type OpaProvider struct {
	// Spec is the specification of the OPA policy
	Spec *OpaSpec `json:"spec,omitempty" yaml:"spec,omitempty"`
}

func (OpaProvider) Evaluate ¶ added in v0.2.0

func (o OpaProvider) Evaluate(ctx context.Context, resources types.DomainResources) (types.Result, error)

type OpaSpec ¶ added in v0.2.0

type OpaSpec struct {
	// Required: Rego is the OPA policy
	Rego string `json:"rego" yaml:"rego"`
	// Optional: Modules is a map of additional OPA modules to include. The key is the name of the
	// module and the value is the file with the contents of the module. The `validate.rego` module
	// name is reserved and cannot be used in custom modules.
	Modules map[string]string `json:"modules,omitempty" yaml:"modules,omitempty"`
	// Optional: Output is the output of the OPA policy
	Output *OpaOutput `json:"output,omitempty" yaml:"output,omitempty"`
}

OpaSpec is the specification of the OPA policy, required if the provider type is opa

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL