Skip to content

feat(policy): implement policy eval #2611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Piskoo wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(policy): implement policy eval #2611

Piskoo wants to merge 3 commits into from
+1,478 −6

Conversation

@Piskoo
Copy link
Collaborator

@Piskoo Piskoo commented Dec 7, 2025
edited
Loading

Summary

Introduces a new chainloop policy eval command that evaluates policies using the control plane with organization settings, supporting both generic and material-based policy evaluation.

Differences

Feature policy eval policy develop eval
Authentication Required Optional
Allowed Hostnames From org config Manual --allowed-hostnames
Debug Mode Not supported Supported

@Piskoo
expose generic evaluation
24cc520 
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo marked this pull request as ready for review December 8, 2025 07:40
@Piskoo Piskoo marked this pull request as draft December 11, 2025 10:34
@Piskoo
add policy eval command
6006bfb 
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo changed the title feat(policy): support remote execution feat(policy): add policy eval Dec 11, 2025
@Piskoo Piskoo changed the title feat(policy): add policy eval feat(policy): implement policy eval Dec 11, 2025
@Piskoo
missing cli ref
89dc1e2 
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo marked this pull request as ready for review December 11, 2025 13:39
migmartri
migmartri requested changes Dec 15, 2025
View reviewed changes
Copy link
Member

@migmartri migmartri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See inline comments, I am not sure why we need to move the evaluation server-side for this change cc/ @jiparis

app/controlplane/api/controlplane/v1/policy_evaluation.proto
option go_package = "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1;v1";

service PolicyEvaluationService {
rpc Evaluate(PolicyEvaluationServiceEvaluateRequest) returns (PolicyEvaluationServiceEvaluateResponse);
Copy link
Member

@migmartri migmartri Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it possible that this PR contains too much information, including remote evaluations or smth like that?

app/controlplane/configs/config.devel.yaml
# default: true
# url: http://localhost:8002/v1
# Policy providers configuration
policy_providers:
Copy link
Member

@migmartri migmartri Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please keep it commented out

app/controlplane/internal/service/policyevaluation.go
}

// Call business layer to evaluate the policy
result, err := s.uc.Evaluate(ctx, &biz.PolicyEvaluationEvaluateOpts{
Copy link
Member

@migmartri migmartri Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why isn't the evaluation happening client side? Why did we move it server-side?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@migmartri migmartri migmartri requested changes

@jiparis jiparis Awaiting requested review from jiparis

@javirln javirln Awaiting requested review from javirln

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Piskoo @migmartri