[Feat]: support passing inputs and bundles to rego modules #348

ChaosInTheCRD · 2024-09-12T14:38:52Z

Describe the solution you'd like:

Currently witness policies support embedding base64 encoded rego packages to evaluate predicates found in a witness collection for a particular step:

         {
            "type": "https://witness.dev/attestations/command-run/v0.1",
            "regopolicies": [
              {
                "name": "expected command",
                "module": "cGFja2FnZSBjb21tY..."
              }
            ]
          },

What currently isn't possible though, is to provide extra inputs to configure parts of the rego policy to evaluate (or not):

          {
            "type": "https://witness.dev/attestations/command-run/v0.1",
            "regopolicies": [
              {
                "name": "expected command",
                 "inputs": {
                      "expect_sarif": true,
                      "deny_no_fail": true
                 },
                "module": "cGFja2FnZSBjb21tY..."
              }
            ]
          },

Also, rego bundles could be a way of supporting common logic to be written that can be shared across multiple rego packages.

The text was updated successfully, but these errors were encountered:

ChaosInTheCRD added the feature New feature (larger than enhancement) label Sep 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Feat]: support passing inputs and bundles to rego modules #348

[Feat]: support passing inputs and bundles to rego modules #348

ChaosInTheCRD commented Sep 12, 2024 •

edited

Loading

[Feat]: support passing inputs and bundles to rego modules #348

[Feat]: support passing inputs and bundles to rego modules #348

Comments

ChaosInTheCRD commented Sep 12, 2024 • edited Loading

ChaosInTheCRD commented Sep 12, 2024 •

edited

Loading