Documentation ¶
Index ¶
- Constants
- func EvaluateRegoPolicy(attestor attestation.Attestor, policies []RegoPolicy) error
- type Attestation
- type CertConstraint
- type ErrArtifactCycle
- type ErrConstraintCheckFailed
- type ErrKeyIDMismatch
- type ErrMismatchArtifact
- type ErrMissingAttestation
- type ErrNoAttestations
- type ErrPolicyDenied
- type ErrPolicyExpired
- type ErrRegoInvalidData
- type ErrUnknownStep
- type Functionary
- type Policy
- type PublicKey
- type RegoPolicy
- type RejectedCollection
- type Root
- type Step
- type StepResult
- type TrustBundle
- type VerifiedStatement
Constants ¶
View Source
const (
AllowAllConstraint = "*"
)
View Source
const PolicyPredicate = "https://witness.testifysec.com/policy/v0.1"
Variables ¶
This section is empty.
Functions ¶
func EvaluateRegoPolicy ¶
func EvaluateRegoPolicy(attestor attestation.Attestor, policies []RegoPolicy) error
Types ¶
type Attestation ¶
type Attestation struct { Type string `json:"type"` RegoPolicies []RegoPolicy `json:"regopolicies"` }
type CertConstraint ¶
type CertConstraint struct { CommonName string `json:"commonname"` DNSNames []string `json:"dnsnames"` Emails []string `json:"emails"` Organizations []string `json:"organizations"` URIs []string `json:"uris"` Roots []string `json:"roots"` }
func (CertConstraint) Check ¶ added in v0.1.2
func (cc CertConstraint) Check(verifier *cryptoutil.X509Verifier, trustBundles map[string]TrustBundle) error
type ErrArtifactCycle ¶
type ErrArtifactCycle string
func (ErrArtifactCycle) Error ¶
func (e ErrArtifactCycle) Error() string
type ErrConstraintCheckFailed ¶ added in v0.1.2
type ErrConstraintCheckFailed struct {
// contains filtered or unexported fields
}
func (ErrConstraintCheckFailed) Error ¶ added in v0.1.2
func (e ErrConstraintCheckFailed) Error() string
type ErrKeyIDMismatch ¶
func (ErrKeyIDMismatch) Error ¶
func (e ErrKeyIDMismatch) Error() string
type ErrMismatchArtifact ¶
type ErrMismatchArtifact struct { Artifact cryptoutil.DigestSet Material cryptoutil.DigestSet Path string }
func (ErrMismatchArtifact) Error ¶
func (e ErrMismatchArtifact) Error() string
type ErrMissingAttestation ¶
func (ErrMissingAttestation) Error ¶
func (e ErrMissingAttestation) Error() string
type ErrNoAttestations ¶
type ErrNoAttestations string
func (ErrNoAttestations) Error ¶
func (e ErrNoAttestations) Error() string
type ErrPolicyDenied ¶
type ErrPolicyDenied struct {
Reasons []string
}
func (ErrPolicyDenied) Error ¶
func (e ErrPolicyDenied) Error() string
type ErrPolicyExpired ¶
func (ErrPolicyExpired) Error ¶
func (e ErrPolicyExpired) Error() string
type ErrRegoInvalidData ¶
func (ErrRegoInvalidData) Error ¶
func (e ErrRegoInvalidData) Error() string
type ErrUnknownStep ¶
type ErrUnknownStep string
func (ErrUnknownStep) Error ¶
func (e ErrUnknownStep) Error() string
type Functionary ¶
type Functionary struct { Type string `json:"type"` CertConstraint CertConstraint `json:"certConstraint,omitempty"` PublicKeyID string `json:"publickeyid,omitempty"` }
type Policy ¶
type Policy struct { Expires time.Time `json:"expires"` Roots map[string]Root `json:"roots,omitempty"` PublicKeys map[string]PublicKey `json:"publickeys,omitempty"` Steps map[string]Step `json:"steps"` }
func (Policy) PublicKeyVerifiers ¶
func (p Policy) PublicKeyVerifiers() (map[string]cryptoutil.Verifier, error)
PublicKeyVerifiers returns verifiers for each of the policy's embedded public keys grouped by the key's ID
func (Policy) TrustBundles ¶
func (p Policy) TrustBundles() (map[string]TrustBundle, error)
TrustBundles returns the policy's x509 roots and intermediates grouped by the root's ID
func (Policy) Verify ¶
func (p Policy) Verify(verifiedStatements []VerifiedStatement) error
Verify will evaluate a policy using verifiedStatements. All statement signatures must be verified prior to calling this function. policy.Verify does not verify signatures.
type RegoPolicy ¶
type RejectedCollection ¶
type RejectedCollection struct { Collection attestation.Collection Reason error }
type Step ¶
type Step struct { Name string `json:"name"` Functionaries []Functionary `json:"functionaries"` Attestations []Attestation `json:"attestations"` ArtifactsFrom []string `json:"artifactsFrom,omitempty"` }
type StepResult ¶
type StepResult struct { Step string Passed []attestation.Collection Rejected []RejectedCollection }
StepResult contains information about the verified collections for each step. Passed contains the collections that passed any rego policies and all expected attestations exist. Rejected contains the rejected collections and the error that caused them to be rejected.
func (StepResult) Error ¶
func (r StepResult) Error() string
func (StepResult) HasErrors ¶
func (r StepResult) HasErrors() bool
func (StepResult) HasPassed ¶
func (r StepResult) HasPassed() bool
type TrustBundle ¶
type TrustBundle struct { Root *x509.Certificate Intermediates []*x509.Certificate }
type VerifiedStatement ¶
type VerifiedStatement struct { Verifiers []cryptoutil.Verifier Statement intoto.Statement }
Click to show internal directories.
Click to hide internal directories.