policy

package
v0.0.0-...-a1fe3bc Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2023 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const PackageSpecFileName = "sg-package.yaml"

PackageSpecFileName is the default name of the package specification file.

Variables

This section is empty.

Functions

func NewRegoCompiler 

func NewRegoCompiler(
	packages []Package,
	_ ...RegoCompilerOptions,
) (*ast.Compiler, error)

NewRegoCompiler creates a compiler from policy packages. 

func ResolveRuleDocLink(spec PackageSpec, rule Rule) (string, error)

ResolveRuleDocLink resolves the rule document link.

Types

type FSPackage 

type FSPackage struct {
	// contains filtered or unexported fields
}

FSPackage is a policy package loaded from the file system.

func (*FSPackage) ParsedModules 

func (p *FSPackage) ParsedModules() map[string]*ast.Module

func (*FSPackage) Rules 

func (p *FSPackage) Rules() []Rule

func (*FSPackage) Spec 

func (p *FSPackage) Spec() PackageSpec

type Package 

type Package interface {
	// Spec returns the package spec.
	Spec() PackageSpec

	// Rules lists all the rules in the package.
	// NOTE: <Kind> + <Name> is the primary key to a rule query. Therefore, a rule (by name)
	//       can be returned more than once.
	Rules() []Rule

	// ParsedModules returns the parsed rego modules.
	ParsedModules() map[string]*ast.Module
}

Package defines the access methods to a policy package.

func LoadPackagesFromPaths 

func LoadPackagesFromPaths(paths []string) ([]Package, error)

LoadPackagesFromPaths loads policy packages from the given paths.

type PackageSpec 

type PackageSpec struct {
	// Rule specifies the policy rule settings.
	Rule *RuleSpec `json:"rule,omitempty" yaml:"rule,omitempty"`
}

PackageSpec specifies the package settings.

type QueryKind 

type QueryKind string

QueryKind specifies the kind of the query. 

const (
	QueryKindUnknown   QueryKind = "unknown"
	QueryKindWarn      QueryKind = "warn"
	QueryKindDeny      QueryKind = "deny"
	QueryKindViolation QueryKind = "violation"
	QueryKindException QueryKind = "exception"
)

type RegoCompilerOptions 

type RegoCompilerOptions struct{}

RegoCompilerOptions configs the RegoCompiler.

type Rule 

type Rule struct {
	// Kind specifies the kind of the query.
	Kind QueryKind
	// Name provides the name of the rule.
	Name string
	// Namespace specifies the namespace of the rule.
	Namespace string
	// SourceLocation is the source definition of the rule.
	SourceLocation *ast.Location
}

Rule specifies a policy rule. For example:

  • "data.main.deny_x" => Kind: deny, Name: "x"
  • "data.main.violation_y" => Kind: violation, Name: "y"
  • "data.main.warn_z" => Kind: warn, Name: "z"

For naming conventions, see: https://www.conftest.dev/exceptions/

func (Rule) IsKind 

func (r Rule) IsKind(kind QueryKind, others ...QueryKind) bool

IsKind checks if the query string is of the specified kind.

func (Rule) Query 

func (r Rule) Query() string

Query creates the query string.

type RuleSpec 

type RuleSpec struct {
	// DocLink specifies the policy rule document link format.
	//
	// The value will be formatted using text.Template. Following variables are available:
	//
	// - {{.Name}}: the name of the rule.
	// - {{.Kind}}: the kind of the rule. See `QueryKind` for available options.
	// - {{.SourceFileName}}: the source file name (without the .rego extension) of the rule.
	//                        If the rule is not defined in a source file, this will be empty.
	DocLink string `json:"doc_link,omitempty" yaml:"doc_link,omitempty"`
}

RuleSpec specifies the policy rule settings.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.