package regopolicyinterpreter

import "github.com/Microsoft/hcsshim/internal/regopolicyinterpreter"

Index

Functions

func ModuleID 

func ModuleID(issuer string, feed string) string

ModuleID computes a unique ID for a Module from its issuer and feed.

Types

type LogLevel 

type LogLevel int
const (
	LogNone LogLevel = iota
	// Logs the output of Rego print() statements in the policy
	LogInfo
	// Logs the result objects returned from each query
	LogResults
	// Logs the full metadata state after each query
	LogMetadata
)

type RegoModule 

type RegoModule struct {
	// The Rego namespace of the module
	Namespace string
	// The feed from which the module was obtained
	Feed string
	// The issuer of the module
	Issuer string
	// The module Rego code
	Code string
}

func (RegoModule) ID 

func (f RegoModule) ID() string

ID is the unique ID of a module.

type RegoPolicyInterpreter 

type RegoPolicyInterpreter struct {
	// contains filtered or unexported fields
}

func NewRegoPolicyInterpreter 

func NewRegoPolicyInterpreter(code string, inputData map[string]interface{}) (*RegoPolicyInterpreter, error)

NewRegoPolicyInterpreter creates a new RegoPolicyInterpreter, using the code provided. inputData is the Rego data which should be used as the initial state of the interpreter. A deep copy is performed on it such that it will not be modified.

func (*RegoPolicyInterpreter) AddModule 

func (r *RegoPolicyInterpreter) AddModule(id string, module *RegoModule)

AddModule adds the specified module to the interpreter such that it will be loaded along with the policy during query execution. The provided id should be used to refer to it for other methods. This will also invalidate the compliation artifact (i.e. Compile must be called again)

func (*RegoPolicyInterpreter) Compile 

func (r *RegoPolicyInterpreter) Compile() error

Compile compiles the policy and its modules. This will increase the speed of policy execution.

func (*RegoPolicyInterpreter) DisableLogging 

func (r *RegoPolicyInterpreter) DisableLogging() error

DisableLogging disables logging and closes the underlying log file.

func (*RegoPolicyInterpreter) EnableLogging 

func (r *RegoPolicyInterpreter) EnableLogging(path string, level LogLevel) error

EnableLogging enables logging to the provided path at the specified level.

func (*RegoPolicyInterpreter) GetData 

func (r *RegoPolicyInterpreter) GetData(key string) (interface{}, error)

GetData attempts to retrieve and return a copy of the data value with the specified key.

func (*RegoPolicyInterpreter) GetMetadata 

func (r *RegoPolicyInterpreter) GetMetadata(name string, key string) (interface{}, error)

GetMetadata retrieves a copy of a single metadata item from the policy.

func (*RegoPolicyInterpreter) IsModuleActive 

func (r *RegoPolicyInterpreter) IsModuleActive(id string) bool

IsModuleActive returns whether the specified module is currently active, i.e. being loaded along with the policy.

func (*RegoPolicyInterpreter) Query 

func (r *RegoPolicyInterpreter) Query(rule string, input map[string]interface{}) (RegoQueryResult, error)

Query queries the policy with the given rule and input data and returns the result.

func (*RegoPolicyInterpreter) RawQuery 

func (r *RegoPolicyInterpreter) RawQuery(rule string, input map[string]interface{}) (rego.ResultSet, error)

func (*RegoPolicyInterpreter) RemoveModule 

func (r *RegoPolicyInterpreter) RemoveModule(id string)

RemoveModule removes the specified module such that it will no longer be loaded. This will also invalidate the compliation artifact (i.e. Compile must be called again)

func (*RegoPolicyInterpreter) SetLogLevel 

func (r *RegoPolicyInterpreter) SetLogLevel(level LogLevel)

SetLogLevel sets the logging level. To actually produce a log, however, EnableLogging must be called first.

func (*RegoPolicyInterpreter) UpdateData 

func (r *RegoPolicyInterpreter) UpdateData(key string, value interface{}) error

UpdateData will perform an update to a value which is already within the data A deep copy will be performed on the value.

type RegoQueryResult 

type RegoQueryResult map[string]interface{}

The result from a policy query

func (RegoQueryResult) Bool 

func (r RegoQueryResult) Bool(key string) (bool, error)

Bool attempts to interpret a result value as a boolean.

func (RegoQueryResult) Float 

func (r RegoQueryResult) Float(key string) (float64, error)

Float attempts to interpret the result value as a floating point number.

func (RegoQueryResult) Int 

func (r RegoQueryResult) Int(key string) (int, error)

Int attempts to interpret the result value as an integer.

func (RegoQueryResult) IsEmpty 

func (r RegoQueryResult) IsEmpty() bool

IsEmpty tests if the query result is empty.

func (RegoQueryResult) Object 

func (r RegoQueryResult) Object(key string) (map[string]interface{}, error)

Object attempts to interpret the result value as an object

func (RegoQueryResult) String 

func (r RegoQueryResult) String(key string) (string, error)

String attempts to interpret the result value as a string.

func (RegoQueryResult) Union 

func (r RegoQueryResult) Union(other RegoQueryResult) RegoQueryResult

Union creates a new result object which is the union of this result with another result, in which the results of the other will take precedence.

func (RegoQueryResult) Value 

func (r RegoQueryResult) Value(key string) (interface{}, error)

Value returns the raw value from a Rego query result.

Source Files

regopolicyinterpreter.go

Version
v0.13.0 (latest)
Published
Apr 21, 2025
Platform
linux/amd64
Imports
13 packages
Last checked
11 hours ago

Tools for package owners.