Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AttestationToPayloadJSON ¶
func AttestationToPayloadJSON(_ context.Context, predicateType string, verifiedAttestation oci.Signature) ([]byte, string, error)
AttestationToPayloadJSON takes in a verified Attestation (oci.Signature) and marshals it into a JSON depending on the payload that's then consumable by policy engine like cue, rego, etc.
Anything fed here must have been validated with either `VerifyLocalImageAttestations` or `VerifyImageAttestations`
If there's no error, and payload is empty means the predicateType did not match the attestation. Returns the attestation type (PredicateType) if the payload was decoded before the error happened, or in the case the predicateType that was requested does not match. This is useful for callers to be able to provide better error messages. For example, if there's a typo in the predicateType, or the predicateType is not the one they are looking for. Without returning this, it's hard for users to know which attestations/predicateTypes were inspected.
func EvaluatePolicyAgainstJSON ¶
func EvaluatePolicyAgainstJSON(ctx context.Context, name, policyType string, policyBody string, jsonBytes []byte) (warnings error, errors error)
EvaluatePolicyAgainstJson is used to run a policy engine against JSON bytes. These bytes can be for example Attestations, or ClusterImagePolicy result types. name - which attestation are we evaluating policyType - cue|rego policyBody - String representing either cue or rego language jsonBytes - Bytes to evaluate against the policyBody in the given language
Types ¶
type EvaluationFailure ¶ added in v2.1.0
type EvaluationFailure struct {
// contains filtered or unexported fields
}
func (*EvaluationFailure) Error ¶ added in v2.1.0
func (e *EvaluationFailure) Error() string
func (*EvaluationFailure) Unwrap ¶ added in v2.1.0
func (e *EvaluationFailure) Unwrap() error
Source Files