Version: v0.0.0-...-291314b Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Sep 22, 2021 License: Apache-2.0 Imports: 13 Imported by: 0




This section is empty.


View Source
var (
	// ErrRuleWithoutEvent is returned when no event type was inferred from the rule
	ErrRuleWithoutEvent = errors.New("no event in the rule definition")

	// ErrRuleWithMultipleEvents is returned when multiple event type were inferred from the rule
	ErrRuleWithMultipleEvents = errors.New("rule with multiple events is not supported")

	// ErrDefinitionIDConflict is returned when mlultiple rule use the same ID
	ErrDefinitionIDConflict = errors.New("multiple definition with the same ID")

	// ErrInternalIDConflict is returned when a user defined rule use an internal ID
	ErrInternalIDConflict = errors.New("internal rule ID conflict")

	// ErrEventTypeNotEnabled is returned when an event is not enabled
	ErrEventTypeNotEnabled = errors.New("event type not enabled")


func LoadPolicies

func LoadPolicies(policiesDir string, ruleSet *RuleSet) *multierror.Error

LoadPolicies loads the policies listed in the configuration and apply them to the given ruleset


type Approvers

type Approvers map[eval.Field]FilterValues

Approvers associates field names with their filter values

type ErrFieldTypeUnknown

type ErrFieldTypeUnknown struct {
	Field string

ErrFieldTypeUnknown is returned when a field has an unknown type

func (*ErrFieldTypeUnknown) Error

func (e *ErrFieldTypeUnknown) Error() string

type ErrMacroLoad

type ErrMacroLoad struct {
	Definition *MacroDefinition
	Err        error

ErrMacroLoad is on macro definition error

func (ErrMacroLoad) Error

func (e ErrMacroLoad) Error() string

type ErrNoApprover

type ErrNoApprover struct {
	Fields []string

ErrNoApprover is returned when no approver was found for a set of rules

func (ErrNoApprover) Error

func (e ErrNoApprover) Error() string

type ErrNoEventTypeBucket

type ErrNoEventTypeBucket struct {
	EventType string

ErrNoEventTypeBucket is returned when no bucket could be found for an event type

func (ErrNoEventTypeBucket) Error

func (e ErrNoEventTypeBucket) Error() string

type ErrPoliciesLoad

type ErrPoliciesLoad struct {
	Name string
	Err  error

ErrPoliciesLoad is returned on policies dir error

func (ErrPoliciesLoad) Error

func (e ErrPoliciesLoad) Error() string

type ErrPolicyLoad

type ErrPolicyLoad struct {
	Name string
	Err  error

ErrPolicyLoad is returned on policy file error

func (ErrPolicyLoad) Error

func (e ErrPolicyLoad) Error() string

type ErrRuleLoad

type ErrRuleLoad struct {
	Definition *RuleDefinition
	Err        error

ErrRuleLoad is on rule definition error

func (ErrRuleLoad) Error

func (e ErrRuleLoad) Error() string

type ErrValueTypeUnknown

type ErrValueTypeUnknown struct {
	Field string

ErrValueTypeUnknown is returned when the value of a field has an unknown type

func (*ErrValueTypeUnknown) Error

func (e *ErrValueTypeUnknown) Error() string

type FieldCapabilities

type FieldCapabilities []FieldCapability

FieldCapabilities holds a list of field capabilities

func (FieldCapabilities) GetFields

func (fcs FieldCapabilities) GetFields() []eval.Field

GetFields returns all the fields of FieldCapabilities

func (FieldCapabilities) Validate

func (fcs FieldCapabilities) Validate(approvers map[eval.Field]FilterValues) bool

Validate ensures that every field has an approver that accepts its type

type FieldCapability

type FieldCapability struct {
	Field eval.Field
	Types eval.FieldValueType

FieldCapability represents a field and the type of its value (scalar, pattern, bitmask, ...)

type FieldCombinations

type FieldCombinations [][]eval.Field

FieldCombinations - array all the combinations of field

func (FieldCombinations) Len

func (a FieldCombinations) Len() int

func (FieldCombinations) Less

func (a FieldCombinations) Less(i, j int) bool

func (FieldCombinations) Swap

func (a FieldCombinations) Swap(i, j int)

type FilterValue

type FilterValue struct {
	Field eval.Field
	Value interface{}
	Type  eval.FieldValueType
	Not   bool
	// contains filtered or unexported fields

FilterValue represents a field, its value, its type and whether it's a used to compare with or against its value

type FilterValues

type FilterValues []FilterValue

FilterValues - list of FilterValue

func (FilterValues) Merge

Merge merges to FilterValues ensuring there is no duplicate value

type Logger

type Logger interface {
	// Infof is used to print a info level log
	Infof(format string, params ...interface{})
	// Tracef is used to print a trace level log
	Tracef(format string, params ...interface{})
	// Debugf is used to print a trace level log
	Debugf(format string, params ...interface{})
	// Errorf is used to print an error
	Errorf(format string, params ...interface{})

Logger interface used to remove the dependency of this package to the logger of the agent

type Macro

type Macro struct {
	Definition *MacroDefinition

Macro describes a macro of a ruleset

type MacroDefinition

type MacroDefinition struct {
	ID         MacroID `yaml:"id"`
	Expression string  `yaml:"expression"`

MacroDefinition holds the definition of a macro

type MacroID

type MacroID = string

MacroID represents the ID of a macro

type NullLogger

type NullLogger struct{}

NullLogger is a default implementation of the Logger interface

func (NullLogger) Debugf

func (l NullLogger) Debugf(format string, params ...interface{})

Debugf is used to print a trace level log

func (NullLogger) Errorf

func (l NullLogger) Errorf(format string, params ...interface{})

Errorf is used to print an error

func (NullLogger) Infof

func (l NullLogger) Infof(format string, params ...interface{})

Infof is used to print an info

func (NullLogger) Tracef

func (l NullLogger) Tracef(format string, params ...interface{})

Tracef is used to print a trace level log

type Opts

type Opts struct {
	SupportedDiscarders map[eval.Field]bool
	ReservedRuleIDs     []RuleID
	EventTypeEnabled    map[eval.EventType]bool
	Logger              Logger

Opts defines rules set options

func NewOptsWithParams

func NewOptsWithParams(constants map[string]interface{}, supportedDiscarders map[eval.Field]bool, eventTypeEnabled map[eval.EventType]bool, reservedRuleIDs []RuleID, legacyAttributes map[eval.Field]eval.Field, logger ...Logger) *Opts

NewOptsWithParams initializes a new Opts instance with Debug and Constants parameters

type Policy

type Policy struct {
	Name    string
	Version string             `yaml:"version"`
	Rules   []*RuleDefinition  `yaml:"rules"`
	Macros  []*MacroDefinition `yaml:"macros"`

Policy represents a policy file which is composed of a list of rules and macros

func LoadPolicy

func LoadPolicy(r io.Reader, name string) (*Policy, error)

LoadPolicy loads a YAML file and returns a new policy

func (*Policy) GetValidMacroAndRules

func (p *Policy) GetValidMacroAndRules() ([]*MacroDefinition, []*RuleDefinition, *multierror.Error)

GetValidMacroAndRules returns valid macro, rules definitions

type Rule

type Rule struct {
	Definition *RuleDefinition

Rule describes a rule of a ruleset

type RuleBucket

type RuleBucket struct {
	// contains filtered or unexported fields

RuleBucket groups rules with the same event type

func (*RuleBucket) AddRule

func (rb *RuleBucket) AddRule(rule *Rule) error

AddRule adds a rule to the bucket

func (*RuleBucket) GetApprovers

func (rb *RuleBucket) GetApprovers(event eval.Event, fieldCaps FieldCapabilities) (Approvers, error)

GetApprovers returns the approvers for an event

func (*RuleBucket) GetRules

func (rb *RuleBucket) GetRules() []*Rule

GetRules returns the bucket rules

type RuleDefinition

type RuleDefinition struct {
	ID          RuleID            `yaml:"id"`
	Version     string            `yaml:"version"`
	Expression  string            `yaml:"expression"`
	Description string            `yaml:"description"`
	Tags        map[string]string `yaml:"tags"`
	Policy      *Policy

RuleDefinition holds the definition of a rule

func (*RuleDefinition) GetTags

func (rd *RuleDefinition) GetTags() []string

GetTags returns the tags associated to a rule

type RuleID

type RuleID = string

RuleID represents the ID of a rule

type RuleSet

type RuleSet struct {
	// contains filtered or unexported fields

RuleSet holds a list of rules, grouped in bucket. An event can be evaluated against it. If the rule matches, the listeners for this rule set are notified

func NewRuleSet

func NewRuleSet(model eval.Model, eventCtor func() eval.Event, opts *Opts) *RuleSet

NewRuleSet returns a new ruleset for the specified data model

func (*RuleSet) AddFields

func (rs *RuleSet) AddFields(fields []eval.EventType)

AddFields merges the provided set of fields with the existing set of fields of the ruleset

func (*RuleSet) AddListener

func (rs *RuleSet) AddListener(listener RuleSetListener)

AddListener adds a listener on the ruleset

func (*RuleSet) AddMacro

func (rs *RuleSet) AddMacro(macroDef *MacroDefinition) (*eval.Macro, error)

AddMacro parses the macro AST and adds it to the list of macros of the ruleset

func (*RuleSet) AddMacros

func (rs *RuleSet) AddMacros(macros []*MacroDefinition) error

AddMacros parses the macros AST and adds them to the list of macros of the ruleset

func (*RuleSet) AddPolicyVersion

func (rs *RuleSet) AddPolicyVersion(filename string, version string)

AddPolicyVersion adds the provided policy filename and version to the map of loaded policies

func (*RuleSet) AddRule

func (rs *RuleSet) AddRule(ruleDef *RuleDefinition) (*eval.Rule, error)

AddRule creates the rule evaluator and adds it to the bucket of its events

func (*RuleSet) AddRules

func (rs *RuleSet) AddRules(rules []*RuleDefinition) *multierror.Error

AddRules adds rules to the ruleset and generate their partials

func (*RuleSet) Evaluate

func (rs *RuleSet) Evaluate(event eval.Event) bool

Evaluate the specified event against the set of rules

func (*RuleSet) GetApprovers

func (rs *RuleSet) GetApprovers(fieldCaps map[eval.EventType]FieldCapabilities) (map[eval.EventType]Approvers, error)

GetApprovers returns all approvers

func (*RuleSet) GetBucket

func (rs *RuleSet) GetBucket(eventType eval.EventType) *RuleBucket

GetBucket returns rule bucket for the given event type

func (*RuleSet) GetEventApprovers

func (rs *RuleSet) GetEventApprovers(eventType eval.EventType, fieldCaps FieldCapabilities) (Approvers, error)

GetEventApprovers returns approvers for the given event type and the fields

func (*RuleSet) GetEventTypes

func (rs *RuleSet) GetEventTypes() []eval.EventType

GetEventTypes returns all the event types handled by the ruleset

func (*RuleSet) GetFieldValues

func (rs *RuleSet) GetFieldValues(field eval.Field) []eval.FieldValue

GetFieldValues returns all the values of the given field

func (*RuleSet) GetRules

func (rs *RuleSet) GetRules() map[eval.RuleID]*Rule

GetRules returns the active rules

func (*RuleSet) HasRulesForEventType

func (rs *RuleSet) HasRulesForEventType(eventType eval.EventType) bool

HasRulesForEventType returns if there is at least one rule for the given event type

func (*RuleSet) IsDiscarder

func (rs *RuleSet) IsDiscarder(event eval.Event, field eval.Field) (bool, error)

IsDiscarder partially evaluates an Event against a field

func (*RuleSet) ListMacroIDs

func (rs *RuleSet) ListMacroIDs() []MacroID

ListMacroIDs returns the list of MacroIDs from the ruleset

func (*RuleSet) ListRuleIDs

func (rs *RuleSet) ListRuleIDs() []RuleID

ListRuleIDs returns the list of RuleIDs from the ruleset

func (*RuleSet) NotifyDiscarderFound

func (rs *RuleSet) NotifyDiscarderFound(event eval.Event, field eval.Field, eventType eval.EventType)

NotifyDiscarderFound notifies all the ruleset listeners that a discarder was found for an event

func (*RuleSet) NotifyRuleMatch

func (rs *RuleSet) NotifyRuleMatch(rule *Rule, event eval.Event)

NotifyRuleMatch notifies all the ruleset listeners that an event matched a rule

type RuleSetListener

type RuleSetListener interface {
	RuleMatch(rule *Rule, event eval.Event)
	EventDiscarderFound(rs *RuleSet, event eval.Event, field eval.Field, eventType eval.EventType)

RuleSetListener describes the methods implemented by an object used to be notified of events on a rule set.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL