You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|`auth.token_encrypted`| string | no | Encrypted bearer/PAT token (format defined by client); Trustify stores opaque, validation engine decrypts at use time |
50
-
|`policy_paths`| string[]| no | Sub-paths within the repo to evaluate |
49
+
|`auth.tokenEncrypted`| string | no | Encrypted bearer/PAT token (format defined by client); Trustify stores opaque, validation engine decrypts at use time |
50
+
|`policyPaths`| string[]| no | Sub-paths within the repo to evaluate |
51
51
|`exclude`| string[]| no | Rule codes to skip during validation |
52
52
|`include`| string[]| no | If non-empty, only these rule codes are evaluated |
53
-
|`timeout_seconds`| integer | no | Per-policy override of the default execution timeout |
53
+
|`timeoutSeconds`| integer | no | Per-policy override of the default execution timeout |
/// Credentials for private policy repos (`policy.configuration.auth`)
113
95
#[derive(Serialize, Deserialize)]
96
+
#[serde(rename_all ="camelCase")]
114
97
structPolicyAuth {
115
98
r#type:AuthType,
116
99
token_encrypted:String,
@@ -131,7 +114,7 @@ struct PolicyAuth {
131
114
schemars::JsonSchema,
132
115
)]
133
116
#[serde(rename_all ="camelCase")]
134
-
pubstructPolicyImporter {
117
+
pubstructPolicyConfiguration {
135
118
#[serde(flatten)]
136
119
pubcommon:CommonImporter,
137
120
@@ -164,31 +147,31 @@ pub struct PolicyImporter {
164
147
/// extending modules/importer/src/model/mod.rs
165
148
pubenumImporterConfiguration {
166
149
// existing code
167
-
Policy(PolicyImporter),
150
+
Policy(PolicyConfiguration),
168
151
}
169
152
```
170
153
171
154
## Consequences
172
155
173
156
### Policy Management
174
157
175
-
Trustify stores only external references and does not cache policy content. When `policy.policy_type` is `"Conforma"`, the validation engine fetches the policy at validation time from the git source specified in `policy.configuration.policy_ref`.
158
+
Trustify stores only external references and does not cache policy content. When `policy.policy_type` is "Conforma", the validation engine fetches the policy at validation time from the git source specified in `policy.configuration.policyRef`.
176
159
177
160
The trade-off:
178
161
179
162
- Validation always uses the latest policy content from the referenced branch or tag, but network failures or policy repo outages will cause execution errors.
180
-
- Authentication credentials (in `auth.token_encrypted`) are stored as opaque encrypted strings. The client encrypts credentials before sending to Trustify; Trustify never decrypts or accesses the encryption key. When the validation engine requests credentials from Trustify, it receives the encrypted blob and is responsible for decryption. This pass-through model keeps Trustify decoupled from the encryption/authentication scheme and eliminates the need for Trustify to manage encryption keys.
163
+
- Authentication credentials (in `auth.tokenEncrypted`) are stored as opaque encrypted strings. The client encrypts credentials before sending to Trustify; Trustify never decrypts or accesses the encryption key. When the validation engine requests credentials from Trustify, it receives the encrypted blob and is responsible for decryption. This pass-through model keeps Trustify decoupled from the encryption/authentication scheme and eliminates the need for Trustify to manage encryption keys.
181
164
182
165
### Type Safety
183
166
184
167
The `configuration` field uses a strongly-typed `PolicyConfiguration` struct rather than raw `serde_json::Value`. Importer:
185
168
186
-
- Compile-time validation of required fields (`policy_ref`)
169
+
- Compile-time validation of required fields (`policyRef`)
187
170
- Type safety for nested structures (e.g., `AuthType` enum)
188
171
- Clear API contract in generated OpenAPI schemas
189
172
- Prevention of malformed configurations at ingestion time
190
173
191
-
The database still stores this as JSONB, but the API layer enforces the typed schema. If future validator backends require backend-specific fields not present in `PolicyConfiguration`, the struct can be extended with an optional `extensions: Option<serde_json::Value>` field rather than weakeniImporter type.
174
+
The database still stores this as JSONB, but the API layer enforces the typed schema. If future validator backends require backend-specific fields not present in `PolicyConfiguration`, the type can be extended with an optional `extensions: Option<serde_json::Value>` field rather than weakeniImporter type.
192
175
193
176
### UPDATE and DELETE Semantics and Optimistic Concurrency
194
177
@@ -242,9 +225,9 @@ Create a new policy reference.
242
225
243
226
#### Request
244
227
245
-
| part | name | type | description |
246
-
| ---- | ---- | ---------------| ----------- |
247
-
| body | - |`PolicyRequest`||
228
+
| part | name | type | description |
229
+
| ---- | ---- | -------- | ----------- |
230
+
| body | - |`Policy`||
248
231
249
232
#### Response
250
233
@@ -338,7 +321,7 @@ Update an existing policy reference.
0 commit comments