Skip to content

Commit ecbdb9a

Browse files
committed
Align names
1 parent 324c88b commit ecbdb9a

1 file changed

Lines changed: 20 additions & 37 deletions

File tree

Lines changed: 20 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -43,59 +43,41 @@ This JSONB schema describes the configuration for `policy_type = Conforma`. Futu
4343

4444
| Field | Type | Required | Description |
4545
| ---------------------- | -------- | --------------- | --------------------------------------------------------------------------------------------------------------------- |
46-
| `policy_ref` | string | yes | Policy source URL, e.g. `"git://[URL]?ref=[BRANCH OR TAG]"` |
46+
| `policyRef` | string | yes | Policy source URL, e.g. `"git://[URL]?ref=[BRANCH OR TAG]"` |
4747
| `auth` | object | no | Credentials for private repos; encrypted by client before sending to Trustify (never logged or decrypted by Trustify) |
4848
| `auth.type` | enum | yes (if `auth`) | `AuthType` enum: `token`, `ssh_key`, or `none` |
49-
| `auth.token_encrypted` | string | no | Encrypted bearer/PAT token (format defined by client); Trustify stores opaque, validation engine decrypts at use time |
50-
| `policy_paths` | string[] | no | Sub-paths within the repo to evaluate |
49+
| `auth.tokenEncrypted` | string | no | Encrypted bearer/PAT token (format defined by client); Trustify stores opaque, validation engine decrypts at use time |
50+
| `policyPaths` | string[] | no | Sub-paths within the repo to evaluate |
5151
| `exclude` | string[] | no | Rule codes to skip during validation |
5252
| `include` | string[] | no | If non-empty, only these rule codes are evaluated |
53-
| `timeout_seconds` | integer | no | Per-policy override of the default execution timeout |
53+
| `timeoutSeconds` | integer | no | Per-policy override of the default execution timeout |
5454

5555
`policy.configuration` example:
5656

5757
```json
5858
{
59-
"policy_ref": "git://github.com/org/policy-repo?ref=main",
59+
"policyRef": "git://github.com/org/policy-repo?ref=main",
6060
"auth": {
6161
"type": "token",
62-
"token_encrypted": "AES-256-GCM:<base64-nonce>:<base64-ciphertext>"
62+
"tokenEncrypted": "AES-256-GCM:<base64-nonce>:<base64-ciphertext>"
6363
},
64-
"policy_paths": ["policy/lib", "policy/release"],
64+
"policyPaths": ["policy/lib", "policy/release"],
6565
"exclude": ["hello_world.minimal_packages"],
6666
"include": [],
67-
"timeout_seconds": 300
67+
"timeoutSeconds": 300
6868
}
6969
```
7070

7171
#### Data Model Implementation
7272

73-
```rust
74-
enum PolicyType {
75-
Conforma,
76-
}
77-
```
78-
7973
```rust
8074
/// The policy reference information
8175
#[derive(Serialize, Deserialize)]
8276
struct Policy {
8377
id: String,
8478
name: String,
8579
description: String,
86-
policy_type: PolicyType,
87-
configuration: PolicyImporter,
88-
}
89-
```
90-
91-
```rust
92-
/// Policy information that can be mutated
93-
#[derive(Serialize, Deserialize)]
94-
struct PolicyRequest {
95-
name: String,
96-
description: String,
97-
policy_type: PolicyType,
98-
configuration: PolicyImporter,
80+
configuration: PolicyConfiguration,
9981
}
10082
```
10183

@@ -111,6 +93,7 @@ enum AuthType {
11193

11294
/// Credentials for private policy repos (`policy.configuration.auth`)
11395
#[derive(Serialize, Deserialize)]
96+
#[serde(rename_all = "camelCase")]
11497
struct PolicyAuth {
11598
r#type: AuthType,
11699
token_encrypted: String,
@@ -131,7 +114,7 @@ struct PolicyAuth {
131114
schemars::JsonSchema,
132115
)]
133116
#[serde(rename_all = "camelCase")]
134-
pub struct PolicyImporter {
117+
pub struct PolicyConfiguration {
135118
#[serde(flatten)]
136119
pub common: CommonImporter,
137120

@@ -164,31 +147,31 @@ pub struct PolicyImporter {
164147
/// extending modules/importer/src/model/mod.rs
165148
pub enum ImporterConfiguration {
166149
// existing code
167-
Policy(PolicyImporter),
150+
Policy(PolicyConfiguration),
168151
}
169152
```
170153

171154
## Consequences
172155

173156
### Policy Management
174157

175-
Trustify stores only external references and does not cache policy content. When `policy.policy_type` is `"Conforma"`, the validation engine fetches the policy at validation time from the git source specified in `policy.configuration.policy_ref`.
158+
Trustify stores only external references and does not cache policy content. When `policy.policy_type` is "Conforma", the validation engine fetches the policy at validation time from the git source specified in `policy.configuration.policyRef`.
176159

177160
The trade-off:
178161

179162
- Validation always uses the latest policy content from the referenced branch or tag, but network failures or policy repo outages will cause execution errors.
180-
- Authentication credentials (in `auth.token_encrypted`) are stored as opaque encrypted strings. The client encrypts credentials before sending to Trustify; Trustify never decrypts or accesses the encryption key. When the validation engine requests credentials from Trustify, it receives the encrypted blob and is responsible for decryption. This pass-through model keeps Trustify decoupled from the encryption/authentication scheme and eliminates the need for Trustify to manage encryption keys.
163+
- Authentication credentials (in `auth.tokenEncrypted`) are stored as opaque encrypted strings. The client encrypts credentials before sending to Trustify; Trustify never decrypts or accesses the encryption key. When the validation engine requests credentials from Trustify, it receives the encrypted blob and is responsible for decryption. This pass-through model keeps Trustify decoupled from the encryption/authentication scheme and eliminates the need for Trustify to manage encryption keys.
181164

182165
### Type Safety
183166

184167
The `configuration` field uses a strongly-typed `PolicyConfiguration` struct rather than raw `serde_json::Value`. Importer:
185168

186-
- Compile-time validation of required fields (`policy_ref`)
169+
- Compile-time validation of required fields (`policyRef`)
187170
- Type safety for nested structures (e.g., `AuthType` enum)
188171
- Clear API contract in generated OpenAPI schemas
189172
- Prevention of malformed configurations at ingestion time
190173

191-
The database still stores this as JSONB, but the API layer enforces the typed schema. If future validator backends require backend-specific fields not present in `PolicyConfiguration`, the struct can be extended with an optional `extensions: Option<serde_json::Value>` field rather than weakeniImporter type.
174+
The database still stores this as JSONB, but the API layer enforces the typed schema. If future validator backends require backend-specific fields not present in `PolicyConfiguration`, the type can be extended with an optional `extensions: Option<serde_json::Value>` field rather than weakeniImporter type.
192175

193176
### UPDATE and DELETE Semantics and Optimistic Concurrency
194177

@@ -242,9 +225,9 @@ Create a new policy reference.
242225

243226
#### Request
244227

245-
| part | name | type | description |
246-
| ---- | ---- | --------------- | ----------- |
247-
| body | - | `PolicyRequest` | |
228+
| part | name | type | description |
229+
| ---- | ---- | -------- | ----------- |
230+
| body | - | `Policy` | |
248231

249232
#### Response
250233

@@ -338,7 +321,7 @@ Update an existing policy reference.
338321
| ------ | --------- | ---------------- | ------------------------------ |
339322
| path | `id` | `String` | ID of the policy to update |
340323
| header | `IfMatch` | `Option<String>` | ETag value, revision to update |
341-
| body | - | `PolicyRequest` | The new content |
324+
| body | - | `Policy` | The new content |
342325

343326
#### Response
344327

0 commit comments

Comments
 (0)