compliance

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 14, 2025 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CachedDecision 

type CachedDecision struct {
	Decision  *PolicyDecision
	ExpiresAt time.Time
}

CachedDecision represents a cached policy decision

type CleanupConfig 

type CleanupConfig struct {
	BackupDir       string
	RetentionDays   int
	CleanupInterval time.Duration
}

CleanupConfig contains configuration for cleanup manager

type CleanupManager 

type CleanupManager struct {
	// contains filtered or unexported fields
}

CleanupManager handles backup file cleanup with platform-specific implementations

func NewCleanupManager 

func NewCleanupManager(config CleanupConfig) *CleanupManager

NewCleanupManager creates a new cleanup manager

func (*CleanupManager) CleanupNow 

func (cm *CleanupManager) CleanupNow(ctx context.Context) error

CleanupNow performs immediate cleanup

func (*CleanupManager) EmptyQuarantine 

func (cm *CleanupManager) EmptyQuarantine() error

EmptyQuarantine removes all files from quarantine

func (*CleanupManager) GetQuarantineFiles 

func (cm *CleanupManager) GetQuarantineFiles() ([]string, error)

GetQuarantineFiles returns list of quarantined files

func (*CleanupManager) SetRetentionDays 

func (cm *CleanupManager) SetRetentionDays(days int)

SetRetentionDays updates retention policy

func (*CleanupManager) Start 

func (cm *CleanupManager) Start(ctx context.Context)

Start begins the async cleanup worker

func (*CleanupManager) Stop 

func (cm *CleanupManager) Stop()

Stop stops the cleanup worker

type CleanupWorker 

type CleanupWorker interface {
	// TryDelete attempts to delete a file, returns true if successful
	TryDelete(path string) error
	// ForceUnlock attempts to unlock a file (Windows-specific)
	ForceUnlock(path string) error
	// IsLocked checks if a file is locked
	IsLocked(path string) bool
}

CleanupWorker interface for platform-specific implementations

type ComplianceReport 

type ComplianceReport struct {
	ID          string                 `json:"id"`
	Type        ComplianceType         `json:"type"`
	Title       string                 `json:"title"`
	GeneratedAt time.Time              `json:"generated_at"`
	Period      ReportPeriod           `json:"period"`
	Summary     ReportSummary          `json:"summary"`
	Sections    []ReportSection        `json:"sections"`
	Controls    []Control              `json:"controls"`
	Findings    []Finding              `json:"findings"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
	Signature   string                 `json:"signature,omitempty"`
}

ComplianceReport represents a generated compliance report

type ComplianceReporter 

type ComplianceReporter struct {
	// contains filtered or unexported fields
}

ComplianceReporter generates compliance reports

func NewComplianceReporter 

func NewComplianceReporter(dataSource DataSource, policyEngine *OPAEngine) *ComplianceReporter

NewComplianceReporter creates a new compliance reporter

func (*ComplianceReporter) ExportReport 

func (r *ComplianceReporter) ExportReport(report *ComplianceReport, format string, writer io.Writer) error

ExportReport exports a report in the specified format

func (*ComplianceReporter) GenerateReport 

func (r *ComplianceReporter) GenerateReport(ctx context.Context, complianceType ComplianceType, period ReportPeriod) (*ComplianceReport, error)

GenerateReport generates a compliance report

type ComplianceType 

type ComplianceType string

ComplianceType represents the type of compliance 

const (
	ComplianceSOC2     ComplianceType = "SOC2"
	ComplianceHIPAA    ComplianceType = "HIPAA"
	CompliancePCIDSS   ComplianceType = "PCI-DSS"
	ComplianceISO27001 ComplianceType = "ISO27001"
	ComplianceGDPR     ComplianceType = "GDPR"
	ComplianceCustom   ComplianceType = "Custom"
)

type Control 

type Control struct {
	ID           string        `json:"id"`
	Title        string        `json:"title"`
	Description  string        `json:"description"`
	Category     string        `json:"category"`
	Status       ControlStatus `json:"status"`
	Evidence     []Evidence    `json:"evidence"`
	Findings     []Finding     `json:"findings"`
	Remediation  string        `json:"remediation,omitempty"`
	LastAssessed time.Time     `json:"last_assessed"`
}

Control represents a compliance control

type ControlStatus 

type ControlStatus string

ControlStatus represents the status of a control 

const (
	ControlStatusPassed        ControlStatus = "passed"
	ControlStatusFailed        ControlStatus = "failed"
	ControlStatusPartial       ControlStatus = "partial"
	ControlStatusNotAssessed   ControlStatus = "not_assessed"
	ControlStatusNotApplicable ControlStatus = "not_applicable"
)

type DataSource 

type DataSource interface {
	GetDriftResults(ctx context.Context) ([]*detector.DriftResult, error)
	GetPolicyViolations(ctx context.Context) ([]PolicyViolation, error)
	GetResourceInventory(ctx context.Context) ([]interface{}, error)
	GetAuditLogs(ctx context.Context, since time.Time) ([]interface{}, error)
}

DataSource provides data for compliance reports

type Evidence 

type Evidence struct {
	Type        string                 `json:"type"`
	Description string                 `json:"description"`
	Source      string                 `json:"source"`
	Timestamp   time.Time              `json:"timestamp"`
	Data        map[string]interface{} `json:"data,omitempty"`
	Attachment  string                 `json:"attachment,omitempty"`
}

Evidence represents evidence for a control

type Finding 

type Finding struct {
	ID          string                 `json:"id"`
	Severity    string                 `json:"severity"`
	Title       string                 `json:"title"`
	Description string                 `json:"description"`
	Resource    string                 `json:"resource,omitempty"`
	Impact      string                 `json:"impact,omitempty"`
	Remediation string                 `json:"remediation"`
	Details     map[string]interface{} `json:"details,omitempty"`
}

Finding represents a compliance finding

type Formatter 

type Formatter interface {
	Format(report *ComplianceReport) ([]byte, error)
}

Formatter formats reports in different formats

type HTMLFormatter 

type HTMLFormatter struct{}

HTMLFormatter formats reports as HTML

func (*HTMLFormatter) Format 

func (f *HTMLFormatter) Format(report *ComplianceReport) ([]byte, error)

Format formats the report as HTML

type JSONFormatter 

type JSONFormatter struct{}

JSONFormatter formats reports as JSON

func (*JSONFormatter) Format 

func (f *JSONFormatter) Format(report *ComplianceReport) ([]byte, error)

Format formats the report as JSON

type OPAConfig 

type OPAConfig struct {
	Endpoint      string        // OPA server endpoint (e.g., http://localhost:8181)
	PluginMode    bool          // Use OPA as external plugin vs embedded
	LocalPolicies string        // Path to local policy files
	CacheDuration time.Duration // Cache duration for decisions
	Timeout       time.Duration // HTTP timeout for OPA calls
}

OPAConfig configures the OPA engine

type OPAEngine 

type OPAEngine struct {
	// contains filtered or unexported fields
}

OPAEngine provides policy evaluation using Open Policy Agent

func NewOPAEngine 

func NewOPAEngine(config OPAConfig) *OPAEngine

NewOPAEngine creates a new OPA policy engine

func (*OPAEngine) ClearCache 

func (e *OPAEngine) ClearCache()

ClearCache clears the decision cache

func (*OPAEngine) DeletePolicy 

func (e *OPAEngine) DeletePolicy(ctx context.Context, policyID string) error

DeletePolicy deletes a policy

func (*OPAEngine) Evaluate 

func (e *OPAEngine) Evaluate(ctx context.Context, policyPackage string, input PolicyInput) (*PolicyDecision, error)

Evaluate evaluates a policy against input

func (*OPAEngine) GetPolicy 

func (e *OPAEngine) GetPolicy(policyID string) (*Policy, bool)

GetPolicy retrieves a policy by ID

func (*OPAEngine) ListPolicies 

func (e *OPAEngine) ListPolicies() []*Policy

ListPolicies returns all loaded policies

func (*OPAEngine) LoadPolicies 

func (e *OPAEngine) LoadPolicies(ctx context.Context) error

LoadPolicies loads policies from local files or OPA server

func (*OPAEngine) UploadPolicy 

func (e *OPAEngine) UploadPolicy(ctx context.Context, policy *Policy) error

UploadPolicy uploads a new policy to OPA

type PDFFormatter 

type PDFFormatter struct{}

PDFFormatter formats reports as PDF

func (*PDFFormatter) Format 

func (f *PDFFormatter) Format(report *ComplianceReport) ([]byte, error)

Format formats the report as PDF (stub - would use a PDF library)

type Policy 

type Policy struct {
	ID          string                 `json:"id"`
	Name        string                 `json:"name"`
	Description string                 `json:"description"`
	Package     string                 `json:"package"`
	Rules       string                 `json:"rules"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
	CreatedAt   time.Time              `json:"created_at"`
	UpdatedAt   time.Time              `json:"updated_at"`
}

Policy represents an OPA policy

type PolicyDecision 

type PolicyDecision struct {
	Allow       bool                   `json:"allow"`
	Reasons     []string               `json:"reasons,omitempty"`
	Violations  []PolicyViolation      `json:"violations,omitempty"`
	Suggestions []string               `json:"suggestions,omitempty"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
	EvaluatedAt time.Time              `json:"evaluated_at"`
}

PolicyDecision represents the policy evaluation result

type PolicyInput 

type PolicyInput struct {
	Resource  interface{}            `json:"resource"`
	Action    string                 `json:"action"`
	Principal string                 `json:"principal,omitempty"`
	Context   map[string]interface{} `json:"context,omitempty"`
	Provider  string                 `json:"provider,omitempty"`
	Region    string                 `json:"region,omitempty"`
	Tags      map[string]string      `json:"tags,omitempty"`
}

PolicyInput represents input for policy evaluation

type PolicyViolation 

type PolicyViolation struct {
	Rule        string                 `json:"rule"`
	Message     string                 `json:"message"`
	Severity    string                 `json:"severity"`
	Resource    string                 `json:"resource,omitempty"`
	Details     map[string]interface{} `json:"details,omitempty"`
	Remediation string                 `json:"remediation,omitempty"`
}

PolicyViolation represents a policy violation

type ReportPeriod 

type ReportPeriod struct {
	Start time.Time `json:"start"`
	End   time.Time `json:"end"`
}

ReportPeriod represents the reporting period

type ReportSection 

type ReportSection struct {
	Title       string
	Description string
	Controls    []Control
	Evidence    []Evidence
	Status      ControlStatus
	Score       float64
}

ReportSection represents a section in the compliance report

type ReportSummary 

type ReportSummary struct {
	TotalControls    int                    `json:"total_controls"`
	PassedControls   int                    `json:"passed_controls"`
	FailedControls   int                    `json:"failed_controls"`
	ComplianceScore  float64                `json:"compliance_score"`
	CriticalFindings int                    `json:"critical_findings"`
	HighFindings     int                    `json:"high_findings"`
	MediumFindings   int                    `json:"medium_findings"`
	LowFindings      int                    `json:"low_findings"`
	Trends           map[string]interface{} `json:"trends,omitempty"`
}

ReportSummary provides a summary of the compliance status

type ReportTemplate 

type ReportTemplate struct {
	ID           string
	Name         string
	Type         ComplianceType
	Sections     []ReportSection
	HTMLTemplate string
	JSONSchema   map[string]interface{}
}

ReportTemplate represents a compliance report template

type UnixWorker 

type UnixWorker struct{}

UnixWorker implements cleanup operations for Unix-like systems

func NewUnixWorker 

func NewUnixWorker() *UnixWorker

NewUnixWorker creates a new Unix cleanup worker

func (*UnixWorker) ForceUnlock 

func (w *UnixWorker) ForceUnlock(path string) error

ForceUnlock is a no-op on Unix systems

func (*UnixWorker) IsLocked 

func (w *UnixWorker) IsLocked(path string) bool

IsLocked checks if a file is locked using flock

func (*UnixWorker) TryDelete 

func (w *UnixWorker) TryDelete(path string) error

TryDelete attempts to delete a file

type YAMLFormatter 

type YAMLFormatter struct{}

YAMLFormatter formats reports as YAML

func (*YAMLFormatter) Format 

func (f *YAMLFormatter) Format(report *ComplianceReport) ([]byte, error)

Format formats the report as YAML

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.