rego

package
v0.0.18 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package rego provides the rego rule evaluator

Index

Constants

View Source 
const (
	// RegoEvalType is the type of the rego evaluator
	RegoEvalType = "rego"
	// MinderRegoFile is the default rego file for minder.
	MinderRegoFile = "minder.rego"
	// RegoQueryPrefix is the prefix for rego queries
	RegoQueryPrefix = "data.minder"
)
View Source 
const (
	// EnablePrintEnvVar is the environment variable to enable print statements
	EnablePrintEnvVar = "REGO_ENABLE_PRINT"
)

Variables

View Source 
var MinderRegoLib = []func(res *engif.Result) func(*rego.Rego){
	FileExists,
	FileLs,
	FileRead,
}

MinderRegoLib contains the minder-specific functions for rego

Functions

func FileExists 

func FileExists(res *engif.Result) func(*rego.Rego)

FileExists is a rego function that checks if a file exists in the filesystem being evaluated (which comes from the ingester). It takes one argument, the path to the file to check. It's exposed as `file.exists`.

func FileLs 

func FileLs(res *engif.Result) func(*rego.Rego)

FileLs is a rego function that lists the files in a directory in the filesystem being evaluated (which comes from the ingester). It takes one argument, the path to the directory to list. It's exposed as `file.ls`. If the file is a file, it returns the file itself. If the file is a directory, it returns the files in the directory. If the file is a symlink, it follows the symlink and returns the files in the target.

func FileRead 

func FileRead(res *engif.Result) func(*rego.Rego)

FileRead is a rego function that reads a file from the filesystem being evaluated (which comes from the ingester). It takes one argument, the path to the file to read. It's exposed as `file.read`.

Types

type Config 

type Config struct {
	// Type is the type of evaluation to perform
	Type EvaluationType `json:"type" mapstructure:"type" validate:"required"`
	// Def is the definition of the profile
	Def string `json:"def" mapstructure:"def" validate:"required"`
}

Config is the configuration for the rego evaluator

type EvaluationType 

type EvaluationType string

EvaluationType is the type of evaluation to perform 

const (
	// DenyByDefaultEvaluationType is the deny-by-default evaluation type
	// It uses the rego query "data.minder.allow" to determine if the
	// object is allowed.
	DenyByDefaultEvaluationType EvaluationType = "deny-by-default"
	// ConstraintsEvaluationType is the constraints evaluation type
	// It uses the rego query "data.minder.violations[results]" to determine
	// if the object violates any constraints. If there are any violations,
	// the object is denied. Denials may contain a message specified through
	// the "msg" key.
	ConstraintsEvaluationType EvaluationType = "constraints"
)

func (EvaluationType) String 

func (e EvaluationType) String() string

type Evaluator 

type Evaluator struct {
	// contains filtered or unexported fields
}

Evaluator is the evaluator for rego rules It initializes the rego engine and evaluates the rules The default rego package is "minder"

func NewRegoEvaluator 

func NewRegoEvaluator(cfg *minderv1.RuleType_Definition_Eval_Rego) (*Evaluator, error)

NewRegoEvaluator creates a new rego evaluator

func (*Evaluator) Eval 

func (e *Evaluator) Eval(ctx context.Context, pol map[string]any, res *engif.Result) error

Eval implements the Evaluator interface.

type Input 

type Input struct {
	// Profile is the values set for the profile
	Profile map[string]any `json:"profile"`
	// Ingested is the values set for the ingested data
	Ingested any `json:"ingested"`
}

Input is the input for the rego evaluator

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.