engine

package

v0.1.1 Latest Latest Go to latest Published: Nov 14, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/khulnasoft/policy-engine

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Engine
- func NewEngine(ctx context.Context, options *EngineOptions) *Engine
type EngineOptions
type EvalOptions
type MetadataResult
type PolicyConsumer
- func NewPolicyConsumer() *PolicyConsumer
- func (c *PolicyConsumer) DataDocument(_ context.Context, path string, document map[string]interface{}) error
- func (c *PolicyConsumer) Module(ctx context.Context, path string, module *ast.Module) error
type PolicySource
type QueryOptions
type RuleBundleError
- func (p *RuleBundleError) Error() string
- func (p *RuleBundleError) ToModel() models.RuleBundleInfo
type Timeouts

Constants ¶

View Source

const (
	DefaultInitTimeout  = 30 * time.Second
	DefaultEvalTimeout  = 5 * time.Minute
	DefaultQueryTimeout = 45 * time.Second
)

Variables ¶

View Source

var ErrEvalTimedOut = errors.New("evaluation timed out")

ErrEvalTimedOut indicates that evaluation took too long and was cancelled.

View Source

var ErrFailedToReadBundle = errors.New("failed to load bundle")

ErrFailedToReadBundle indicates that an error occurred while consuming a bundle.Reader.

View Source

var ErrInitTimedOut = errors.New("initialization timed out")

ErrInitTimedOut indicates that initialization took too long and was cancelled.

View Source

var ErrQueryTimedOut = errors.New("query timed out")

ErrQueryTimedOut indicates that a query took too long and was cancelled.

View Source

var FailedToCompile = errors.New("Failed to compile rules")

FailedToCompile indicates that more than the maximum number of errors occurred during the compilation stage.

View Source

var FailedToLoadRegoAPI = errors.New("Failed to load the vulnmap Rego API")

FailedToLoadRegoAPI indicates that an error occurred while initializing the vulnmap Rego API.

View Source

var FailedToLoadRules = errors.New("Failed to load rules")

FailedToLoadRules indicates that an error occurred while consuming the rego and data producers provided to the engine.

Functions ¶

This section is empty.

Types ¶

type Engine ¶

type Engine struct {
	// InitializationErrors contains any errors that occurred during initialization.
	InitializationErrors []error
	// contains filtered or unexported fields
}

Engine is responsible for evaluating some States with a given set of rules.

func NewEngine ¶

func NewEngine(ctx context.Context, options *EngineOptions) *Engine

NewEngine constructs a new Engine instance.

func (*Engine) Eval ¶

func (e *Engine) Eval(ctx context.Context, options *EvalOptions) *models.Results

Eval evaluates the given states using the rules that the engine was initialized with.

func (*Engine) Metadata ¶

func (e *Engine) Metadata(ctx context.Context) ([]MetadataResult, error)

Metadata returns the metadata of all Policies that have been loaded into this Engine instance.

func (*Engine) Query ¶

func (e *Engine) Query(ctx context.Context, options *QueryOptions) error

Query runs the given query against all policy sets and invokes the result processor on each result.

type EngineOptions ¶

type EngineOptions struct {
	// Providers contains functions that produce parsed OPA modules or data documents.
	Providers []data.Provider

	// Providers contains bundle.Reader objects that produce parsed bundles.
	BundleReaders []bundle.Reader

	// Logger is an optional instance of the logger.Logger interface
	Logger logging.Logger

	// Metrics is an optional instance of the metrics.Metrics interface
	Metrics metrics.Metrics

	// Timeouts controls timeouts for different engine operations.
	Timeouts Timeouts
}

EngineOptions contains options for initializing an Engine instance

type EvalOptions ¶

type EvalOptions struct {
	// Inputs are the State instances that the engine should evaluate.
	Inputs []models.State

	// Workers sets how many policies are to be evaluated concurrently. When
	// unset or set to a value less than 1, this defaults to the number of CPU
	// cores - 1.
	Workers int

	// ResourceResolver is a function that returns a resource state for the given
	// ResourceRequest.
	// Multiple ResourcesResolvers can be composed with And() and Or().
	ResourcesResolver policy.ResourcesResolver

	// RuleIDs determines which rules are executed. When this option is empty or
	// unspecified, all rules will be run.
	RuleIDs []string
}

EvalOptions contains options for Engine.Eval

type MetadataResult ¶

type MetadataResult struct {
	Package  string          `json:"package"`
	Metadata policy.Metadata `json:"metadata"`
	Error    string          `json:"error,omitempty"`
}

type PolicyConsumer ¶

type PolicyConsumer struct {
	Modules      map[string]*ast.Module
	Document     map[string]interface{}
	NumDocuments int
}

PolicyConsumer is an implementation of the data.Consumer interface that stores parsed modules, policies, and documents in-memory.

func NewPolicyConsumer ¶

func NewPolicyConsumer() *PolicyConsumer

func (*PolicyConsumer) DataDocument ¶

func (c *PolicyConsumer) DataDocument(
	_ context.Context,
	path string,
	document map[string]interface{},
) error

func (*PolicyConsumer) Module ¶

func (c *PolicyConsumer) Module(
	ctx context.Context,
	path string,
	module *ast.Module,
) error

type PolicySource ¶

type PolicySource string

const (
	POLICY_SOURCE_DATA             PolicySource = "data"
	POLICY_SOURCE_BUNDLE_ARCHIVE   PolicySource = "bundle_archive"
	POLICY_SOURCE_BUNDLE_DIRECTORY PolicySource = "bundle_directory"
)

type QueryOptions ¶

type QueryOptions struct {
	// Query is a rego query
	Query string
	// Input is an optional state to query against
	Input *models.State
	// ResourcesQuery determines how your query will resolve resource queries.
	// This is required if the query will end up requesting resource information.
	ResourcesQuery *policy.ResourcesQueryCache
	// ResultProcessor is a function that is run on every result returned by the
	// query.
	ResultProcessor func(ast.Value) error
}

QueryOptions contain options for Engine.Query

type RuleBundleError ¶

type RuleBundleError struct {
	// contains filtered or unexported fields
}

func (*RuleBundleError) Error ¶

func (p *RuleBundleError) Error() string

func (*RuleBundleError) ToModel ¶

func (p *RuleBundleError) ToModel() models.RuleBundleInfo

type Timeouts ¶

type Timeouts struct {
	// Init sets the maximum duration that the engine can take to initialize.
	// This timeout is applied per bundle or policy set.
	Init time.Duration

	// Eval sets the maximum duration that the engine can take to evaluate an
	// input. This timeout is applied per bundle or policy set.
	Eval time.Duration

	// Query sets the maximum duration that the engine can take to evaluate any
	// single query. This timeout is applied while evaluating individual
	// policies, querying metadata, or running ad-hoc queries.
	Query time.Duration
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL