Documentation ¶
Overview ¶
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
Index ¶
- func ParseControls(data interface{}) ([]string, error)
- type Edge
- type Node
- type ResourceState
- type Result
- type Results
- type RuleBundle
- type RuleBundleInfo
- type RuleResult
- type RuleResultResource
- type RuleResultResourceAttribute
- type RuleResults
- type RuleResultsReference
- type SourceLocation
- type State
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseControls ¶
Compatibility type to unmarshal controls in the old (map-based) as well as the new (array-based) format.
Types ¶
type Edge ¶
type Edge struct { Label string `json:"label"` Source *Node `json:"source"` Target *Node `json:"target"` }
A graph edge that describes a relationship between two resources
type Node ¶
type Node struct { Id string `json:"id,omitempty"` Type string `json:"type,omitempty"` Namespace string `json:"namespace,omitempty"` }
A graph node that describes a resource
type ResourceState ¶
type ResourceState struct { // The identifier of the object. This can be a natural ID. It is assumed that this ID is unique within the namespace. Id string `json:"id"` // The type of the resource. ResourceType string `json:"resource_type"` // This field is a component of uniquely identifying a resource. It will resolve to different values depending on the input type and environment provider. For example, in a runtime AWS environment, this will be the region. For an IaC Terraform resource, this will be the module path. Customers of the API can set this to something that makes sense for them and parse it back. Namespace string `json:"namespace"` // Tags applied to the resource. Our goal is to extract tags into a uniform key->value format. Tags map[string]string `json:"tags,omitempty"` // This object is intended to hold any input type-specific or environment-specific fields, e.g. provider, region, or source location. Meta map[string]interface{} `json:"meta"` // A map of resource attributes. Attributes map[string]interface{} `json:"attributes"` }
The state of a single resource
type Result ¶
type Result struct { Input State `json:"input"` // An array of rule results objects RuleResults []RuleResults `json:"rule_results"` }
An object that relates an input with its rule results
type Results ¶
type Results struct { Format string `json:"format"` FormatVersion string `json:"format_version"` // Information about the rule bundles used in the evaluation RuleBundles []RuleBundleInfo `json:"rule_bundles,omitempty"` Results []Result `json:"results"` }
This is the top-level output from the Policy Engine.
type RuleBundle ¶
type RuleBundle struct { Name string `json:"name,omitempty"` Source string `json:"source"` Checksum string `json:"checksum,omitempty"` }
Identifying information for a rule bundle
type RuleBundleInfo ¶
type RuleBundleInfo struct { RuleBundle *RuleBundle `json:"rule_bundle,omitempty"` // Any errors that occurred while initializing this rule bundle Errors []string `json:"errors,omitempty"` }
Information about a rule bundle that was used in the evaluation
type RuleResult ¶
type RuleResult struct { // Whether or not this is a passing or failing result Passed bool `json:"passed"` // Whether or not this result is ignored Ignored bool `json:"ignored"` // An optional message that can be returned by a rule Message string `json:"message,omitempty"` // The ID of the primary resource (if any) associated with this result ResourceId string `json:"resource_id,omitempty"` // The namespace of the primary resource (if any) associated with this result ResourceNamespace string `json:"resource_namespace,omitempty"` // The type of resource (if any) associated with this result. This will typically be used with \"missing resource\" rules. ResourceType string `json:"resource_type,omitempty"` // A Markdown-formatted set of remediation steps to resolve the issue identified by the rule Remediation string `json:"remediation,omitempty"` // The severity of this rule result Severity string `json:"severity,omitempty"` // An arbitrary key-value map that a rule can return in its result. Context map[string]interface{} `json:"context,omitempty"` // A resource objects associated with this result. Resources []*RuleResultResource `json:"resources,omitempty"` // A list of graphs returned by the rule Graphs [][]Edge `json:"graphs,omitempty"` }
A single rule result
type RuleResultResource ¶
type RuleResultResource struct { // The ID of this resource Id string `json:"id,omitempty"` // The type of this resource Type string `json:"type,omitempty"` // The namespace of this resource Namespace string `json:"namespace,omitempty"` Location []SourceLocation `json:"location,omitempty"` // Attributes of the resource that were associated with a rule result. Attributes []RuleResultResourceAttribute `json:"attributes,omitempty"` }
Identifying information for a resource and attributes associated with a rule result
type RuleResultResourceAttribute ¶
type RuleResultResourceAttribute struct { // The path to an attribute associated with this resource and rule result Path []interface{} `json:"path,omitempty"` Location *SourceLocation `json:"location,omitempty"` }
type RuleResults ¶
type RuleResults struct { // The Rule ID, e.g. W3SECURITY_00503 or 608f97c3-a11a-4154-a88e-a2fcd18c75b0 Id string `json:"id,omitempty"` // The kind of result that this rule produces, e.g \"vulnerability\" Kind string `json:"kind,omitempty"` RuleBundle *RuleBundle `json:"rule_bundle,omitempty"` // The rule title Title string `json:"title,omitempty"` // The platform describes the CSPs or other technology platform (e.g. Docker) that the rule checks for Platform []string `json:"platform,omitempty"` // The rule description Description string `json:"description,omitempty"` // Useful links relating to this rule results References []RuleResultsReference `json:"references,omitempty"` // The category of the policy Category string `json:"category,omitempty"` // An array of labels (value-less tags) associated with this policy Labels []string `json:"labels,omitempty"` // The service group of the primary resource associated with this policy (e.g. \"EBS\", \"EC2\") ServiceGroup string `json:"service_group,omitempty"` // A list of controls associated with this rule. Controls []string `json:"controls,omitempty"` // A list of resource types that the rule uses. ResourceTypes []string `json:"resource_types,omitempty"` Results []RuleResult `json:"results"` // Any errors that occurred while evaluating this rule. Errors []string `json:"errors,omitempty"` // The Rego package name that defines the rule, useful for debugging Package_ string `json:"package,omitempty"` }
Container for all results associated with a single rule
func (*RuleResults) UnmarshalJSON ¶
func (r *RuleResults) UnmarshalJSON(data []byte) error
type RuleResultsReference ¶
type SourceLocation ¶
type SourceLocation struct { Filepath string `json:"filepath,omitempty"` Line int `json:"line,omitempty"` Column int `json:"column,omitempty"` }
Points to a row and column within a source file
type State ¶
type State struct { Format string `json:"format"` FormatVersion string `json:"format_version"` // The type of input that this state was generated from. This value factors into which rules are run for this input. InputType string `json:"input_type"` // The type of environment that this state was generated from. This value factors into which rules are run for this input. EnvironmentProvider string `json:"environment_provider"` // This object is intended to hold any input type-specific or environment-specific fields, e.g. account_id or filepath. Meta map[string]interface{} `json:"meta,omitempty"` // Resources is a map of resource type to a map of a unique resource key to a resource object. Resources map[string]map[string]ResourceState `json:"resources"` // Describes the origin of the input, e.g. filepath + branch for IaC files, or account/region for cloud resources Scope map[string]interface{} `json:"scope,omitempty"` }
The state format contains the state of all resources from some input. This format is intended to be used as both an input and output for the policy engine.
Source Files ¶
- compat.go
- model_edge.go
- model_node.go
- model_resource_state.go
- model_result.go
- model_results.go
- model_rule_bundle.go
- model_rule_bundle_info.go
- model_rule_result.go
- model_rule_result_resource.go
- model_rule_result_resource_attribute.go
- model_rule_results.go
- model_rule_results_reference.go
- model_source_location.go
- model_state.go