Documentation ¶
Index ¶
Constants ¶
Variables ¶
var ErrEvalTimedOut = errors.New("evaluation timed out")
ErrEvalTimedOut indicates that evaluation took too long and was cancelled.
var ErrFailedToReadBundle = errors.New("failed to load bundle")
ErrFailedToReadBundle indicates that an error occurred while consuming a bundle.Reader.
var ErrInitTimedOut = errors.New("initialization timed out")
ErrInitTimedOut indicates that initialization took too long and was cancelled.
var ErrQueryTimedOut = errors.New("query timed out")
ErrQueryTimedOut indicates that a query took too long and was cancelled.
var FailedToCompile = errors.New("Failed to compile rules")
FailedToCompile indicates that more than the maximum number of errors occurred during the compilation stage.
var FailedToLoadRegoAPI = errors.New("Failed to load the vulnmap Rego API")
FailedToLoadRegoAPI indicates that an error occurred while initializing the vulnmap Rego API.
var FailedToLoadRules = errors.New("Failed to load rules")
FailedToLoadRules indicates that an error occurred while consuming the rego and data producers provided to the engine.
Functions ¶
This section is empty.
Types ¶
type Engine ¶
type Engine struct { // InitializationErrors contains any errors that occurred during initialization. InitializationErrors []error // contains filtered or unexported fields }
Engine is responsible for evaluating some States with a given set of rules.
func NewEngine ¶
func NewEngine(ctx context.Context, options *EngineOptions) *Engine
NewEngine constructs a new Engine instance.
func (*Engine) Eval ¶
Eval evaluates the given states using the rules that the engine was initialized with.
type EngineOptions ¶
type EngineOptions struct { // Providers contains functions that produce parsed OPA modules or data documents. Providers []data.Provider // Providers contains bundle.Reader objects that produce parsed bundles. BundleReaders []bundle.Reader // Logger is an optional instance of the logger.Logger interface Logger logging.Logger // Metrics is an optional instance of the metrics.Metrics interface Metrics metrics.Metrics // Timeouts controls timeouts for different engine operations. Timeouts Timeouts }
EngineOptions contains options for initializing an Engine instance
type EvalOptions ¶
type EvalOptions struct { // Inputs are the State instances that the engine should evaluate. Inputs []models.State // Workers sets how many policies are to be evaluated concurrently. When // unset or set to a value less than 1, this defaults to the number of CPU // cores - 1. Workers int // ResourceResolver is a function that returns a resource state for the given // ResourceRequest. // Multiple ResourcesResolvers can be composed with And() and Or(). ResourcesResolver policy.ResourcesResolver // RuleIDs determines which rules are executed. When this option is empty or // unspecified, all rules will be run. RuleIDs []string }
EvalOptions contains options for Engine.Eval
type MetadataResult ¶
type PolicyConsumer ¶
type PolicyConsumer struct { Modules map[string]*ast.Module Document map[string]interface{} NumDocuments int }
PolicyConsumer is an implementation of the data.Consumer interface that stores parsed modules, policies, and documents in-memory.
func NewPolicyConsumer ¶
func NewPolicyConsumer() *PolicyConsumer
func (*PolicyConsumer) DataDocument ¶
type PolicySource ¶
type PolicySource string
const ( POLICY_SOURCE_DATA PolicySource = "data" POLICY_SOURCE_BUNDLE_ARCHIVE PolicySource = "bundle_archive" POLICY_SOURCE_BUNDLE_DIRECTORY PolicySource = "bundle_directory" )
type QueryOptions ¶
type QueryOptions struct { // Query is a rego query Query string // Input is an optional state to query against Input *models.State // ResourcesQuery determines how your query will resolve resource queries. // This is required if the query will end up requesting resource information. ResourcesQuery *policy.ResourcesQueryCache // ResultProcessor is a function that is run on every result returned by the // query. ResultProcessor func(ast.Value) error }
QueryOptions contain options for Engine.Query
type RuleBundleError ¶
type RuleBundleError struct {
// contains filtered or unexported fields
}
func (*RuleBundleError) Error ¶
func (p *RuleBundleError) Error() string
func (*RuleBundleError) ToModel ¶
func (p *RuleBundleError) ToModel() models.RuleBundleInfo
type Timeouts ¶
type Timeouts struct { // Init sets the maximum duration that the engine can take to initialize. // This timeout is applied per bundle or policy set. Init time.Duration // Eval sets the maximum duration that the engine can take to evaluate an // input. This timeout is applied per bundle or policy set. Eval time.Duration // Query sets the maximum duration that the engine can take to evaluate any // single query. This timeout is applied while evaluating individual // policies, querying metadata, or running ad-hoc queries. Query time.Duration }