policy

package

v1.2.1 Latest Latest Go to latest Published: Jan 10, 2024 License: Apache-2.0, BSD-3-Clause, MIT Imports: 27 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

gitlab.eclipse.org/eclipse/xfsc/tsa/policy

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Cache
type Metadata
type RegoCache
type Service
- func New(ctx context.Context, storage Storage, policyCache RegoCache, cache Cache, ...) *Service
type Signer
type Storage
type ZipFile

Constants ¶

View Source

const (
	BundleFilename          = "policy_bundle.zip"
	BundleSignatureFilename = "signature.raw"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Cache ¶

type Cache interface {
	Set(ctx context.Context, key, namespace, scope string, value []byte, ttl int) error
}

type Metadata ¶

type Metadata struct {
	Policy struct {
		Name       string    `json:"name"`
		Group      string    `json:"group"`
		Version    string    `json:"version"`
		Repository string    `json:"repository"`
		Locked     bool      `json:"locked"`
		LastUpdate time.Time `json:"lastUpdate"`
	} `json:"policy"`
	PublicKeyURL string `json:"publicKeyURL"`
}

type RegoCache ¶

type RegoCache interface {
	Set(key string, policy *storage.Policy)
	Get(key string) (policy *storage.Policy, found bool)
}

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

func New ¶

func New(
	ctx context.Context,
	storage Storage,
	policyCache RegoCache,
	cache Cache,
	signer Signer,
	hostname string,
	validationLock bool,
	importPollInterval time.Duration,
	httpClient *http.Client,
	logger *zap.Logger,
) *Service

func (*Service) DeletePolicyAutoImport ¶ added in v1.2.0

func (s *Service) DeletePolicyAutoImport(ctx context.Context, req *policy.DeletePolicyAutoImportRequest) (res any, err error)

DeletePolicyAutoImport removes automatic import configuration.

func (*Service) Evaluate ¶

func (s *Service) Evaluate(ctx context.Context, req *policy.EvaluateRequest) (*policy.EvaluateResult, error)

Evaluate executes a policy with the given input.

Note: The policy must follow strict conventions so that such generic evaluation function could work: package declaration inside the policy must be exactly the same as 'group.policy'. For example: Evaluating the URL: `.../policies/mygroup/example/1.0/evaluation` will return results correctly, only if the package declaration inside the policy is: `package mygroup.example`.

func (*Service) ExportBundle ¶

func (s *Service) ExportBundle(ctx context.Context, req *policy.ExportBundleRequest) (*policy.ExportBundleResult, io.ReadCloser, error)

func (*Service) ImportBundle ¶

func (s *Service) ImportBundle(ctx context.Context, _ *policy.ImportBundlePayload, payload io.ReadCloser) (any, error)

ImportBundle imports a signed policy bundle.

func (*Service) ListPolicies ¶

func (s *Service) ListPolicies(ctx context.Context, req *policy.PoliciesRequest) (*policy.PoliciesResult, error)

func (*Service) Lock ¶

func (s *Service) Lock(ctx context.Context, req *policy.LockRequest) error

Lock a policy so that it cannot be evaluated.

func (*Service) PolicyAutoImport ¶ added in v1.2.0

func (s *Service) PolicyAutoImport(ctx context.Context) (res any, err error)

PolicyAutoImport returns all automatic import configurations.

func (*Service) PolicyPublicKey ¶

func (s *Service) PolicyPublicKey(ctx context.Context, req *policy.PolicyPublicKeyRequest) (any, error)

PolicyPublicKey returns the public key in JWK format which must be used to verify a signed policy bundle.

func (*Service) SetPolicyAutoImport ¶ added in v1.2.0

func (s *Service) SetPolicyAutoImport(ctx context.Context, req *policy.SetPolicyAutoImportRequest) (res any, err error)

SetPolicyAutoImport enables automatic import of policy bundle on a given time interval.

func (*Service) StartAutoImporter ¶ added in v1.2.0

func (s *Service) StartAutoImporter(ctx context.Context, pollInterval time.Duration)

func (*Service) SubscribeForPolicyChange ¶

func (s *Service) SubscribeForPolicyChange(ctx context.Context, req *policy.SubscribeRequest) (any, error)

func (*Service) Unlock ¶

func (s *Service) Unlock(ctx context.Context, req *policy.UnlockRequest) error

Unlock a policy so it can be evaluated again.

func (*Service) Validate ¶

func (s *Service) Validate(ctx context.Context, req *policy.EvaluateRequest) (*policy.EvaluateResult, error)

Validate executes a policy with given input and then validates the output against a predefined JSON schema.

type Signer ¶

type Signer interface {
	Key(ctx context.Context, namespace string, key string) (any, error)
	Sign(ctx context.Context, namespace string, key string, data []byte) ([]byte, error)
}

type Storage ¶

type Storage interface {
	Policy(ctx context.Context, repository, group, name, version string) (*storage.Policy, error)
	SavePolicy(ctx context.Context, policy *storage.Policy) error
	SetPolicyLock(ctx context.Context, repository, group, name, version string, lock bool) error
	GetPolicies(ctx context.Context, locked *bool, policyName *string) ([]*storage.Policy, error)
	AddPolicySubscribers(subscribers ...storage.PolicySubscriber)
	ListenPolicyDataChanges(ctx context.Context) error
	Subscriber(ctx context.Context, policyRepository, policyGroup, policyName, policyVersion, webhook, name string) (*storage.Subscriber, error)
	CreateSubscriber(ctx context.Context, subscriber *storage.Subscriber) (*storage.Subscriber, error)
	Close(ctx context.Context)
	GetData(ctx context.Context, key string) (any, error)
	SetData(ctx context.Context, key string, data map[string]interface{}) error
	DeleteData(ctx context.Context, key string) error
	// SaveAutoImportConfig stores a new autoimport configuration for a given policy bundle.
	SaveAutoImportConfig(ctx context.Context, importConfig *storage.PolicyAutoImport) error
	// AutoImportConfig returns config for single policy import.
	AutoImportConfig(ctx context.Context, policyURL string) (*storage.PolicyAutoImport, error)
	// AutoImportConfigs returns all autoimport configurations.
	AutoImportConfigs(ctx context.Context) ([]*storage.PolicyAutoImport, error)
	// DeleteAutoImportConfig removes a single automatic import configuration.
	DeleteAutoImportConfig(ctx context.Context, policyURL string) error
	// ActiveImportConfigs returns all import configurations which specify
	// that the time to automatically import a policy bundle has been reached.
	ActiveImportConfigs(ctx context.Context) ([]*storage.PolicyAutoImport, error)
}

type ZipFile ¶

type ZipFile struct {
	Name    string
	Content []byte
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
policydata
policydatafakes Code generated by counterfeiter.	Code generated by counterfeiter.
policyfakes Code generated by counterfeiter.	Code generated by counterfeiter.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL