policy

package

v2.4.0 Latest Latest Go to latest Published: Aug 6, 2024 License: Apache-2.0 Imports: 11 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sigstore/cosign

Links

Open Source Insights

Documentation ¶

Index ¶

func AttestationToPayloadJSON(_ context.Context, predicateType string, verifiedAttestation PayloadProvider) ([]byte, string, error)
func EvaluatePolicyAgainstJSON(ctx context.Context, name, policyType string, policyBody string, ...) (warnings error, errors error)
type EvaluationFailure
- func (e *EvaluationFailure) Error() string
- func (e *EvaluationFailure) Unwrap() error
type PayloadProvider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AttestationToPayloadJSON ¶

func AttestationToPayloadJSON(_ context.Context, predicateType string, verifiedAttestation PayloadProvider) ([]byte, string, error)

AttestationToPayloadJSON takes in a verified Attestation (oci.Signature) and marshals it into a JSON depending on the payload that's then consumable by policy engine like cue, rego, etc.

Anything fed here must have been validated with either `VerifyLocalImageAttestations` or `VerifyImageAttestations`

If there's no error, and payload is empty means the predicateType did not match the attestation. Returns the attestation type (PredicateType) if the payload was decoded before the error happened, or in the case the predicateType that was requested does not match. This is useful for callers to be able to provide better error messages. For example, if there's a typo in the predicateType, or the predicateType is not the one they are looking for. Without returning this, it's hard for users to know which attestations/predicateTypes were inspected.

func EvaluatePolicyAgainstJSON ¶

func EvaluatePolicyAgainstJSON(ctx context.Context, name, policyType string, policyBody string, jsonBytes []byte) (warnings error, errors error)

EvaluatePolicyAgainstJson is used to run a policy engine against JSON bytes. These bytes can be for example Attestations, or ClusterImagePolicy result types. name - which attestation are we evaluating policyType - cue|rego policyBody - String representing either cue or rego language jsonBytes - Bytes to evaluate against the policyBody in the given language

Types ¶

type EvaluationFailure ¶ added in v2.1.0

type EvaluationFailure struct {
	// contains filtered or unexported fields
}

func (*EvaluationFailure) Error ¶ added in v2.1.0

func (e *EvaluationFailure) Error() string

func (*EvaluationFailure) Unwrap ¶ added in v2.1.0

func (e *EvaluationFailure) Unwrap() error

type PayloadProvider ¶ added in v2.3.0

type PayloadProvider interface {
	// Payload fetches the opaque data that is being signed.
	// This will always return data when there is no error.
	Payload() ([]byte, error)
}

PayloadProvider is a subset of oci.Signature that only provides the Payload() method.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL