engine

package

v0.35.1 Latest Latest Go to latest Published: Apr 9, 2024 License: Apache-2.0 Imports: 39 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cerbos/cerbos

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type CheckOpt
type CheckOptions
- func ApplyCheckOptions(opts ...CheckOpt) *CheckOptions
type Components
type Conf
- func GetConf() (*Conf, error)
type EffectInfo
type Engine
- func (engine *Engine) Check(ctx context.Context, inputs []*enginev1.CheckInput, opts ...CheckOpt) ([]*enginev1.CheckOutput, error)
- func (engine *Engine) PlanResources(ctx context.Context, input *enginev1.PlanResourcesInput, opts ...CheckOpt) (*enginev1.PlanResourcesOutput, error)
type Evaluator
- func NewEvaluator(rps *runtimev1.RunnablePolicySet, schemaMgr schema.Manager, eparams evalParams) Evaluator
type PolicyEvalResult
type PolicyLoader

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrPolicyNotExecutable = errors.New("policy not executable")

Functions ¶

This section is empty.

Types ¶

type CheckOpt ¶ added in v0.9.0

type CheckOpt func(*CheckOptions)

CheckOpt defines options for engine Check calls.

func WithGlobals ¶ added in v0.32.0

func WithGlobals(globals map[string]any) CheckOpt

WithGlobals sets the global variables for the engine.

func WithLenientScopeSearch ¶ added in v0.31.0

func WithLenientScopeSearch() CheckOpt

WithLenientScopeSearch enables lenient scope search.

func WithNowFunc ¶ added in v0.20.0

func WithNowFunc(nowFunc func() time.Time) CheckOpt

WithNowFunc sets the function for determining `now` during condition evaluation.

func WithTraceSink ¶ added in v0.15.0

func WithTraceSink(tracerSink tracer.Sink) CheckOpt

func WithZapTraceSink ¶ added in v0.9.0

func WithZapTraceSink(log *zap.Logger) CheckOpt

WithZapTraceSink sets an engine tracer with Zap set as the sink.

type CheckOptions ¶ added in v0.32.0

type CheckOptions struct {
	// contains filtered or unexported fields
}

func ApplyCheckOptions ¶ added in v0.32.0

func ApplyCheckOptions(opts ...CheckOpt) *CheckOptions

func (*CheckOptions) Globals ¶ added in v0.32.0

func (co *CheckOptions) Globals() map[string]any

func (*CheckOptions) LenientScopeSearch ¶ added in v0.32.0

func (co *CheckOptions) LenientScopeSearch() bool

func (*CheckOptions) NowFunc ¶ added in v0.32.0

func (co *CheckOptions) NowFunc() func() time.Time

type Components ¶ added in v0.11.0

type Components struct {
	AuditLog          audit.Log
	PolicyLoader      PolicyLoader
	SchemaMgr         schema.Manager
	MetadataExtractor audit.MetadataExtractor
}

type Conf ¶

type Conf struct {
	// Globals are environment-specific variables to be made available to policy conditions.
	Globals map[string]any `yaml:"globals" conf:",example={\"environment\": \"staging\"}"`
	// DefaultPolicyVersion defines what version to assume if the request does not specify one.
	DefaultPolicyVersion string `yaml:"defaultPolicyVersion" conf:",example=\"default\""`
	// LenientScopeSearch configures the engine to ignore missing scopes and search upwards through the scope tree until it finds a usable policy.
	LenientScopeSearch bool `yaml:"lenientScopeSearch" conf:",example=false"`
	NumWorkers         uint `yaml:"numWorkers" conf:",ignore"`
}

Conf is optional configuration for engine.

func GetConf ¶ added in v0.15.0

func GetConf() (*Conf, error)

func (*Conf) Key ¶

func (c *Conf) Key() string

func (*Conf) SetDefaults ¶

func (c *Conf) SetDefaults()

func (*Conf) Validate ¶

func (c *Conf) Validate() error

type EffectInfo ¶ added in v0.13.0

type EffectInfo struct {
	Policy string
	Scope  string
	Effect effectv1.Effect
}

type Engine ¶

type Engine struct {
	// contains filtered or unexported fields
}

func New ¶

func New(ctx context.Context, components Components) (*Engine, error)

func NewEphemeral ¶

func NewEphemeral(policyLoader PolicyLoader, schemaMgr schema.Manager) (*Engine, error)

func NewFromConf ¶ added in v0.15.0

func NewFromConf(ctx context.Context, conf *Conf, components Components) *Engine

func (*Engine) Check ¶

func (engine *Engine) Check(ctx context.Context, inputs []*enginev1.CheckInput, opts ...CheckOpt) ([]*enginev1.CheckOutput, error)

func (*Engine) PlanResources ¶ added in v0.16.0

func (engine *Engine) PlanResources(ctx context.Context, input *enginev1.PlanResourcesInput, opts ...CheckOpt) (*enginev1.PlanResourcesOutput, error)

type Evaluator ¶ added in v0.9.0

type Evaluator interface {
	Evaluate(context.Context, tracer.Context, *enginev1.CheckInput) (*PolicyEvalResult, error)
}

func NewEvaluator ¶ added in v0.9.0

func NewEvaluator(rps *runtimev1.RunnablePolicySet, schemaMgr schema.Manager, eparams evalParams) Evaluator

type PolicyEvalResult ¶ added in v0.12.0

type PolicyEvalResult struct {
	Effects               map[string]EffectInfo
	EffectiveDerivedRoles map[string]struct{}

	AuditTrail       *auditv1.AuditTrail
	ValidationErrors []*schemav1.ValidationError
	Outputs          []*enginev1.OutputEntry
	// contains filtered or unexported fields
}

type PolicyLoader ¶ added in v0.20.0

type PolicyLoader interface {
	GetFirstMatch(context.Context, []namer.ModuleID) (*runtimev1.RunnablePolicySet, error)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
planner
internal
matchers
tracer

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL