Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrPolicyNotExecutable = errors.New("policy not executable")
Functions ¶
This section is empty.
Types ¶
type CheckOpt ¶ added in v0.9.0
type CheckOpt func(*CheckOptions)
CheckOpt defines options for engine Check calls.
func WithGlobals ¶ added in v0.32.0
WithGlobals sets the global variables for the engine.
func WithLenientScopeSearch ¶ added in v0.31.0
func WithLenientScopeSearch() CheckOpt
WithLenientScopeSearch enables lenient scope search.
func WithNowFunc ¶ added in v0.20.0
WithNowFunc sets the function for determining `now` during condition evaluation.
func WithTraceSink ¶ added in v0.15.0
func WithZapTraceSink ¶ added in v0.9.0
WithZapTraceSink sets an engine tracer with Zap set as the sink.
type CheckOptions ¶ added in v0.32.0
type CheckOptions struct {
// contains filtered or unexported fields
}
func ApplyCheckOptions ¶ added in v0.32.0
func ApplyCheckOptions(opts ...CheckOpt) *CheckOptions
func (*CheckOptions) Globals ¶ added in v0.32.0
func (co *CheckOptions) Globals() map[string]any
func (*CheckOptions) LenientScopeSearch ¶ added in v0.32.0
func (co *CheckOptions) LenientScopeSearch() bool
func (*CheckOptions) NowFunc ¶ added in v0.32.0
func (co *CheckOptions) NowFunc() func() time.Time
type Components ¶ added in v0.11.0
type Components struct { AuditLog audit.Log PolicyLoader PolicyLoader SchemaMgr schema.Manager MetadataExtractor audit.MetadataExtractor }
type Conf ¶
type Conf struct { // Globals are environment-specific variables to be made available to policy conditions. Globals map[string]any `yaml:"globals" conf:",example={\"environment\": \"staging\"}"` // DefaultPolicyVersion defines what version to assume if the request does not specify one. DefaultPolicyVersion string `yaml:"defaultPolicyVersion" conf:",example=\"default\""` // LenientScopeSearch configures the engine to ignore missing scopes and search upwards through the scope tree until it finds a usable policy. LenientScopeSearch bool `yaml:"lenientScopeSearch" conf:",example=false"` NumWorkers uint `yaml:"numWorkers" conf:",ignore"` }
Conf is optional configuration for engine.
func (*Conf) SetDefaults ¶
func (c *Conf) SetDefaults()
type EffectInfo ¶ added in v0.13.0
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
func NewEphemeral ¶
func NewEphemeral(policyLoader PolicyLoader, schemaMgr schema.Manager) (*Engine, error)
func NewFromConf ¶ added in v0.15.0
func NewFromConf(ctx context.Context, conf *Conf, components Components) *Engine
func (*Engine) Check ¶
func (engine *Engine) Check(ctx context.Context, inputs []*enginev1.CheckInput, opts ...CheckOpt) ([]*enginev1.CheckOutput, error)
func (*Engine) PlanResources ¶ added in v0.16.0
func (engine *Engine) PlanResources(ctx context.Context, input *enginev1.PlanResourcesInput, opts ...CheckOpt) (*enginev1.PlanResourcesOutput, error)
type Evaluator ¶ added in v0.9.0
type Evaluator interface {
Evaluate(context.Context, tracer.Context, *enginev1.CheckInput) (*PolicyEvalResult, error)
}
func NewEvaluator ¶ added in v0.9.0
func NewEvaluator(rps *runtimev1.RunnablePolicySet, schemaMgr schema.Manager, eparams evalParams) Evaluator
type PolicyEvalResult ¶ added in v0.12.0
type PolicyEvalResult struct { Effects map[string]EffectInfo EffectiveDerivedRoles map[string]struct{} AuditTrail *auditv1.AuditTrail ValidationErrors []*schemav1.ValidationError Outputs []*enginev1.OutputEntry // contains filtered or unexported fields }
type PolicyLoader ¶ added in v0.20.0
Click to show internal directories.
Click to hide internal directories.