chore: update cue policy evaluation

Signed-off-by: hectorj2f <hectorf@vmware.com>
sigstore · Apr 23, 2022 · 98c6c45 · 98c6c45
1 parent e1469ba
commit 98c6c45
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/pkg/policy/eval.go b/pkg/policy/eval.go
@@ -20,7 +20,6 @@ import (
 	"fmt"
 
 	"cuelang.org/go/cue/cuecontext"
-	cuejson "cuelang.org/go/encoding/json"
 
 	"knative.dev/pkg/logging"
 )
@@ -55,8 +54,19 @@ func EvaluatePolicyAgainstJSON(ctx context.Context, name, policyType string, pol
 func evaluateCue(ctx context.Context, attestation []byte, evaluator string) error {
 	logging.FromContext(ctx).Infof("Evaluating attestation: %s", string(attestation))
 	cueCtx := cuecontext.New()
-	v := cueCtx.CompileString(evaluator)
-	return cuejson.Validate(attestation, v)
+	cueEvaluator := cueCtx.CompileString(evaluator)
+	if cueEvaluator.Err() != nil {
+		return fmt.Errorf("failed to compile the cue policy with error: %v", cueEvaluator.Err())
+	}
+	cueAtt := cueCtx.CompileBytes(attestation)
+	if cueAtt.Err() != nil {
+		return fmt.Errorf("failed to compile the attestation data with error: %v", cueAtt.Err())
+	}
+	result := cueEvaluator.Unify(cueAtt)
+	if err := result.Validate(); err != nil {
+		return fmt.Errorf("failed to evaluate the policy with error: %v", err)
+	}
+	return nil
 }
 
 // evaluateRego evaluates a rego policy `evaluator` against `attestation`