Documentation
¶
Overview ¶
Package profiles loads the per-host lockdown profile registry from ~/.coily/coily.yaml and resolves named profiles to cli-guard/profile
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultYAML []byte
Functions ¶
func LoadOverride ¶
func LoadOverride() (map[string]profile.Coordinate, error)
LoadOverride reads and validates ~/.coily/coily.yaml. Returns (nil, os.ErrNotExist) when the file is absent so callers can fall
func OverridePath ¶
OverridePath returns ~/.coily/coily.yaml. Caller stat()s it; the loader treats os.ErrNotExist as the deny-everything fallback signal.
func ParseAndValidate ¶
ParseAndValidate decodes a YAML body and validates every profile. Exposed for tests and for `coily lockdown init-config` to check the
Types ¶
type File ¶
type File struct {
Profiles map[string]rawCoordinate `yaml:"profiles"`
}
File is the on-disk shape of ~/.coily/coily.yaml. One field today; future schema additions land alongside without breaking the loader.
type Resolution ¶
type Resolution struct {
Coord profile.Coordinate
Source Source
Note string
}
Resolution is the output of Resolve: the resolved Coordinate, the source that produced it, and a human-readable note suitable for the
func Resolve ¶
func Resolve(profileName string) (Resolution, error)
Resolve returns the Coordinate for the given profile name. An empty name resolves to Strictest with Source=Unset so the show command can
type Source ¶
type Source string
Source records why a Coordinate resolved the way it did. The session show command surfaces this so the operator can see at a glance
const ( // SourceOverride means the named profile was found in the on-disk // override file and its tiers are in effect. SourceOverride Source = "override" // SourceMissingFile means ~/.coily/coily.yaml was absent. Every // axis falls back to Strictest(). SourceMissingFile Source = "missing_file" // SourceUnknownProfile means the override file exists and parsed, // but the requested profile name was not declared in it. Every SourceUnknownProfile Source = "unknown_profile" // SourceUnset means no profile name was requested (the session // sentinel was absent). Every axis falls back to Strictest(). SourceUnset Source = "unset" )
Source Files