package policysession

import "github.com/moby/buildkit/sourcepolicy/policysession"

Index

Constants 

const (
	PolicyVerifier_CheckPolicy_FullMethodName = "/moby.buildkit.v1.sourcepolicy.policysession.PolicyVerifier/CheckPolicy"
)

Variables 

var File_github_com_moby_buildkit_sourcepolicy_policysession_policysession_proto protoreflect.FileDescriptor
var PolicyVerifier_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "moby.buildkit.v1.sourcepolicy.policysession.PolicyVerifier",
	HandlerType: (*PolicyVerifierServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CheckPolicy",
			Handler:    _PolicyVerifier_CheckPolicy_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "github.com/moby/buildkit/sourcepolicy/policysession/policysession.proto",
}

PolicyVerifier_ServiceDesc is the grpc.ServiceDesc for PolicyVerifier service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterPolicyVerifierServer 

func RegisterPolicyVerifierServer(s grpc.ServiceRegistrar, srv PolicyVerifierServer)

func WrapDenyMessages 

func WrapDenyMessages(err error, msgs []*DenyMessage) error

WrapDenyMessages adds deny messages to an error when available.

Types

type CheckPolicyRequest 

type CheckPolicyRequest struct {
	Platform *pb.Platform                   `protobuf:"bytes,1,opt,name=Platform,proto3" json:"Platform,omitempty"`
	Source   *pb1.ResolveSourceMetaResponse `protobuf:"bytes,2,opt,name=Source,proto3" json:"Source,omitempty"`
	Caps     map[string]bool                `protobuf:"bytes,3,rep,name=caps,proto3" json:"caps,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"varint,2,opt,name=value"`
	// contains filtered or unexported fields
}

func (*CheckPolicyRequest) CloneMessageVT 

func (m *CheckPolicyRequest) CloneMessageVT() proto.Message

func (*CheckPolicyRequest) CloneVT 

func (m *CheckPolicyRequest) CloneVT() *CheckPolicyRequest

func (*CheckPolicyRequest) Descriptor 

func (*CheckPolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CheckPolicyRequest.ProtoReflect.Descriptor instead.

func (*CheckPolicyRequest) EqualMessageVT 

func (this *CheckPolicyRequest) EqualMessageVT(thatMsg proto.Message) bool

func (*CheckPolicyRequest) EqualVT 

func (this *CheckPolicyRequest) EqualVT(that *CheckPolicyRequest) bool

func (*CheckPolicyRequest) GetCaps 

func (x *CheckPolicyRequest) GetCaps() map[string]bool

func (*CheckPolicyRequest) GetPlatform 

func (x *CheckPolicyRequest) GetPlatform() *pb.Platform

func (*CheckPolicyRequest) GetSource 

func (x *CheckPolicyRequest) GetSource() *pb1.ResolveSourceMetaResponse

func (*CheckPolicyRequest) MarshalToSizedBufferVT 

func (m *CheckPolicyRequest) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*CheckPolicyRequest) MarshalToVT 

func (m *CheckPolicyRequest) MarshalToVT(dAtA []byte) (int, error)

func (*CheckPolicyRequest) MarshalVT 

func (m *CheckPolicyRequest) MarshalVT() (dAtA []byte, err error)

func (*CheckPolicyRequest) ProtoMessage 

func (*CheckPolicyRequest) ProtoMessage()

func (*CheckPolicyRequest) ProtoReflect 

func (x *CheckPolicyRequest) ProtoReflect() protoreflect.Message

func (*CheckPolicyRequest) Reset 

func (x *CheckPolicyRequest) Reset()

func (*CheckPolicyRequest) SizeVT 

func (m *CheckPolicyRequest) SizeVT() (n int)

func (*CheckPolicyRequest) String 

func (x *CheckPolicyRequest) String() string

func (*CheckPolicyRequest) UnmarshalVT 

func (m *CheckPolicyRequest) UnmarshalVT(dAtA []byte) error

type CheckPolicyResponse 

type CheckPolicyResponse struct {

	// Types that are valid to be assigned to Result:
	//
	//	*CheckPolicyResponse_Decision
	//	*CheckPolicyResponse_Request
	Result isCheckPolicyResponse_Result `protobuf_oneof:"result"`
	// contains filtered or unexported fields
}

func (*CheckPolicyResponse) CloneMessageVT 

func (m *CheckPolicyResponse) CloneMessageVT() proto.Message

func (*CheckPolicyResponse) CloneVT 

func (m *CheckPolicyResponse) CloneVT() *CheckPolicyResponse

func (*CheckPolicyResponse) Descriptor 

func (*CheckPolicyResponse) Descriptor() ([]byte, []int)

Deprecated: Use CheckPolicyResponse.ProtoReflect.Descriptor instead.

func (*CheckPolicyResponse) EqualMessageVT 

func (this *CheckPolicyResponse) EqualMessageVT(thatMsg proto.Message) bool

func (*CheckPolicyResponse) EqualVT 

func (this *CheckPolicyResponse) EqualVT(that *CheckPolicyResponse) bool

func (*CheckPolicyResponse) GetDecision 

func (x *CheckPolicyResponse) GetDecision() *DecisionResponse

func (*CheckPolicyResponse) GetRequest 

func (x *CheckPolicyResponse) GetRequest() *pb1.ResolveSourceMetaRequest

func (*CheckPolicyResponse) GetResult 

func (x *CheckPolicyResponse) GetResult() isCheckPolicyResponse_Result

func (*CheckPolicyResponse) MarshalToSizedBufferVT 

func (m *CheckPolicyResponse) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*CheckPolicyResponse) MarshalToVT 

func (m *CheckPolicyResponse) MarshalToVT(dAtA []byte) (int, error)

func (*CheckPolicyResponse) MarshalVT 

func (m *CheckPolicyResponse) MarshalVT() (dAtA []byte, err error)

func (*CheckPolicyResponse) ProtoMessage 

func (*CheckPolicyResponse) ProtoMessage()

func (*CheckPolicyResponse) ProtoReflect 

func (x *CheckPolicyResponse) ProtoReflect() protoreflect.Message

func (*CheckPolicyResponse) Reset 

func (x *CheckPolicyResponse) Reset()

func (*CheckPolicyResponse) SizeVT 

func (m *CheckPolicyResponse) SizeVT() (n int)

func (*CheckPolicyResponse) String 

func (x *CheckPolicyResponse) String() string

func (*CheckPolicyResponse) UnmarshalVT 

func (m *CheckPolicyResponse) UnmarshalVT(dAtA []byte) error

type CheckPolicyResponse_Decision 

type CheckPolicyResponse_Decision struct {
	Decision *DecisionResponse `protobuf:"bytes,1,opt,name=decision,proto3,oneof"`
}

func (*CheckPolicyResponse_Decision) CloneVT 

func (m *CheckPolicyResponse_Decision) CloneVT() isCheckPolicyResponse_Result

func (*CheckPolicyResponse_Decision) EqualVT 

func (this *CheckPolicyResponse_Decision) EqualVT(thatIface isCheckPolicyResponse_Result) bool

func (*CheckPolicyResponse_Decision) MarshalToSizedBufferVT 

func (m *CheckPolicyResponse_Decision) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*CheckPolicyResponse_Decision) MarshalToVT 

func (m *CheckPolicyResponse_Decision) MarshalToVT(dAtA []byte) (int, error)

func (*CheckPolicyResponse_Decision) SizeVT 

func (m *CheckPolicyResponse_Decision) SizeVT() (n int)

type CheckPolicyResponse_Request 

type CheckPolicyResponse_Request struct {
	Request *pb1.ResolveSourceMetaRequest `protobuf:"bytes,2,opt,name=request,proto3,oneof"`
}

func (*CheckPolicyResponse_Request) CloneVT 

func (m *CheckPolicyResponse_Request) CloneVT() isCheckPolicyResponse_Result

func (*CheckPolicyResponse_Request) EqualVT 

func (this *CheckPolicyResponse_Request) EqualVT(thatIface isCheckPolicyResponse_Result) bool

func (*CheckPolicyResponse_Request) MarshalToSizedBufferVT 

func (m *CheckPolicyResponse_Request) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*CheckPolicyResponse_Request) MarshalToVT 

func (m *CheckPolicyResponse_Request) MarshalToVT(dAtA []byte) (int, error)

func (*CheckPolicyResponse_Request) SizeVT 

func (m *CheckPolicyResponse_Request) SizeVT() (n int)

type DecisionResponse 

type DecisionResponse struct {
	Action       pb2.PolicyAction `protobuf:"varint,1,opt,name=action,proto3,enum=moby.buildkit.v1.sourcepolicy.PolicyAction" json:"action,omitempty"`
	DenyMessages []*DenyMessage   `protobuf:"bytes,2,rep,name=denyMessages,proto3" json:"denyMessages,omitempty"`
	Update       *pb.SourceOp     `protobuf:"bytes,3,opt,name=update,proto3" json:"update,omitempty"`
	// contains filtered or unexported fields
}

func (*DecisionResponse) CloneMessageVT 

func (m *DecisionResponse) CloneMessageVT() proto.Message

func (*DecisionResponse) CloneVT 

func (m *DecisionResponse) CloneVT() *DecisionResponse

func (*DecisionResponse) Descriptor 

func (*DecisionResponse) Descriptor() ([]byte, []int)

Deprecated: Use DecisionResponse.ProtoReflect.Descriptor instead.

func (*DecisionResponse) EqualMessageVT 

func (this *DecisionResponse) EqualMessageVT(thatMsg proto.Message) bool

func (*DecisionResponse) EqualVT 

func (this *DecisionResponse) EqualVT(that *DecisionResponse) bool

func (*DecisionResponse) GetAction 

func (x *DecisionResponse) GetAction() pb2.PolicyAction

func (*DecisionResponse) GetDenyMessages 

func (x *DecisionResponse) GetDenyMessages() []*DenyMessage

func (*DecisionResponse) GetUpdate 

func (x *DecisionResponse) GetUpdate() *pb.SourceOp

func (*DecisionResponse) MarshalToSizedBufferVT 

func (m *DecisionResponse) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*DecisionResponse) MarshalToVT 

func (m *DecisionResponse) MarshalToVT(dAtA []byte) (int, error)

func (*DecisionResponse) MarshalVT 

func (m *DecisionResponse) MarshalVT() (dAtA []byte, err error)

func (*DecisionResponse) ProtoMessage 

func (*DecisionResponse) ProtoMessage()

func (*DecisionResponse) ProtoReflect 

func (x *DecisionResponse) ProtoReflect() protoreflect.Message

func (*DecisionResponse) Reset 

func (x *DecisionResponse) Reset()

func (*DecisionResponse) SizeVT 

func (m *DecisionResponse) SizeVT() (n int)

func (*DecisionResponse) String 

func (x *DecisionResponse) String() string

func (*DecisionResponse) UnmarshalVT 

func (m *DecisionResponse) UnmarshalVT(dAtA []byte) error

func (*DecisionResponse) WrapError 

func (d *DecisionResponse) WrapError(err error) error

WrapError implements grpcerrors.TypedErrorProto for DecisionResponse.

type DenyMessage 

type DenyMessage struct {
	Message string `protobuf:"bytes,1,opt,name=message,proto3" json:"message,omitempty"`
	// contains filtered or unexported fields
}

func DenyMessages 

func DenyMessages(err error) []*DenyMessage

DenyMessages extracts policy deny messages from an error chain.

func (*DenyMessage) CloneMessageVT 

func (m *DenyMessage) CloneMessageVT() proto.Message

func (*DenyMessage) CloneVT 

func (m *DenyMessage) CloneVT() *DenyMessage

func (*DenyMessage) Descriptor 

func (*DenyMessage) Descriptor() ([]byte, []int)

Deprecated: Use DenyMessage.ProtoReflect.Descriptor instead.

func (*DenyMessage) EqualMessageVT 

func (this *DenyMessage) EqualMessageVT(thatMsg proto.Message) bool

func (*DenyMessage) EqualVT 

func (this *DenyMessage) EqualVT(that *DenyMessage) bool

func (*DenyMessage) GetMessage 

func (x *DenyMessage) GetMessage() string

func (*DenyMessage) MarshalToSizedBufferVT 

func (m *DenyMessage) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*DenyMessage) MarshalToVT 

func (m *DenyMessage) MarshalToVT(dAtA []byte) (int, error)

func (*DenyMessage) MarshalVT 

func (m *DenyMessage) MarshalVT() (dAtA []byte, err error)

func (*DenyMessage) ProtoMessage 

func (*DenyMessage) ProtoMessage()

func (*DenyMessage) ProtoReflect 

func (x *DenyMessage) ProtoReflect() protoreflect.Message

func (*DenyMessage) Reset 

func (x *DenyMessage) Reset()

func (*DenyMessage) SizeVT 

func (m *DenyMessage) SizeVT() (n int)

func (*DenyMessage) String 

func (x *DenyMessage) String() string

func (*DenyMessage) UnmarshalVT 

func (m *DenyMessage) UnmarshalVT(dAtA []byte) error

type DenyMessagesError 

type DenyMessagesError struct {
	Messages []*DenyMessage
	// contains filtered or unexported fields
}

DenyMessagesError wraps an error with policy deny messages so they can be propagated as a typed error detail.

func (*DenyMessagesError) ToProto 

func (e *DenyMessagesError) ToProto() grpcerrors.TypedErrorProto

func (*DenyMessagesError) Unwrap 

func (e *DenyMessagesError) Unwrap() error

type PolicyCallback 

type PolicyCallback func(context.Context, *CheckPolicyRequest) (*DecisionResponse, *pb.ResolveSourceMetaRequest, error)

type PolicyProvider 

type PolicyProvider struct {
	// contains filtered or unexported fields
}

func NewPolicyProvider 

func NewPolicyProvider(f PolicyCallback) *PolicyProvider

func (*PolicyProvider) CheckPolicy 

func (p *PolicyProvider) CheckPolicy(ctx context.Context, req *CheckPolicyRequest) (*CheckPolicyResponse, error)

func (*PolicyProvider) Register 

func (p *PolicyProvider) Register(server *grpc.Server)

type PolicyVerifier 

type PolicyVerifier struct {
	// contains filtered or unexported fields
}

func NewVerifier 

func NewVerifier(ctx context.Context, sm *session.Manager, gid string) (*PolicyVerifier, error)

func (*PolicyVerifier) Check 

func (p *PolicyVerifier) Check(ctx context.Context, req *CheckPolicyRequest) (*CheckPolicyResponse, error)

type PolicyVerifierClient 

type PolicyVerifierClient interface {
	CheckPolicy(ctx context.Context, in *CheckPolicyRequest, opts ...grpc.CallOption) (*CheckPolicyResponse, error)
}

PolicyVerifierClient is the client API for PolicyVerifier service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewPolicyVerifierClient 

func NewPolicyVerifierClient(cc grpc.ClientConnInterface) PolicyVerifierClient

type PolicyVerifierServer 

type PolicyVerifierServer interface {
	CheckPolicy(context.Context, *CheckPolicyRequest) (*CheckPolicyResponse, error)
}

PolicyVerifierServer is the server API for PolicyVerifier service. All implementations should embed UnimplementedPolicyVerifierServer for forward compatibility.

type UnimplementedPolicyVerifierServer 

type UnimplementedPolicyVerifierServer struct{}

UnimplementedPolicyVerifierServer should be embedded to have forward compatible implementations.

NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.

func (UnimplementedPolicyVerifierServer) CheckPolicy 

func (UnimplementedPolicyVerifierServer) CheckPolicy(context.Context, *CheckPolicyRequest) (*CheckPolicyResponse, error)

type UnsafePolicyVerifierServer 

type UnsafePolicyVerifierServer interface {
	// contains filtered or unexported methods
}

UnsafePolicyVerifierServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to PolicyVerifierServer will result in compilation errors.

Source Files

denyerror.go policysession.pb.go policysession_grpc.pb.go policysession_vtproto.pb.go provider.go verifier.go

Version
v0.28.0-rc1
Published
Feb 24, 2026
Platform
darwin/amd64
Imports
20 packages
Last checked
4 minutes ago

Tools for package owners.