engine

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 24, 2023 License: Apache-2.0 Imports: 34 Imported by: 0

Documentation

Overview

Package engine provides an implementation of the policy-engine-related objects, interfaces and functionality.

Index

Constants

View Source 
const (
	// InternalWebhookEventTopic is the topic for internal webhook events
	InternalWebhookEventTopic = "internal.webhook.event"
	// InternalInitEventTopic is the topic for internal init events
	InternalInitEventTopic = "internal.init.event"
	// InternalReconcilerEventTopic is the topic for internal reconciler events
	InternalReconcilerEventTopic = "internal.reconciler.event"
)

Variables

View Source 
var CONTAINER_TYPE = "container"

CONTAINER_TYPE is the type for container artifacts

View Source 
var ErrEvaluationFailed = errors.New("evaluation error")

ErrEvaluationFailed is an error that occurs during evaluation of a rule.

View Source 
var (
	// ErrInvalidRuleTypeDefinition is returned when a rule type definition is invalid
	ErrInvalidRuleTypeDefinition = errors.New("invalid rule type definition")
)
View Source 
var (
	// ErrValidationFailed is returned when a policy fails validation
	ErrValidationFailed = fmt.Errorf("validation failed")
)

Functions

func GetRulesForEntity 

func GetRulesForEntity(p *pb.PipelinePolicy, entity pb.Entity) ([]*pb.PipelinePolicy_ContextualRuleSet, error)

GetRulesForEntity returns the rules for the given entity

func GetRulesFromPolicyOfType 

func GetRulesFromPolicyOfType(p *pb.PipelinePolicy, rt *pb.RuleType) ([]*pb.PipelinePolicy_Rule, error)

GetRulesFromPolicyOfType returns the rules from the policy of the given type

func IsValidEntity 

func IsValidEntity(entity EntityType) bool

IsValidEntity returns true if the entity type is valid

func JQGetValuesFromAccessor 

func JQGetValuesFromAccessor(ctx context.Context, path string, obj any) (any, error)

JQGetValuesFromAccessor gets the values from the given accessor the path is the accessor path in jq format. the obj is the object to be evaluated using the accessor.

func MergeDatabaseGetIntoPolicies 

func MergeDatabaseGetIntoPolicies(ppl []db.GetPolicyByGroupAndIDRow, ectx *EntityContext) map[string]*pb.PipelinePolicy

MergeDatabaseGetIntoPolicies merges the database get policies into the given policies map. This assumes that the policies belong to the same group.

TODO(jaosorior): This will have to consider the project tree once we migrate to that

func MergeDatabaseListIntoPolicies 

func MergeDatabaseListIntoPolicies(ppl []db.ListPoliciesByGroupIDRow, ectx *EntityContext) map[string]*pb.PipelinePolicy

MergeDatabaseListIntoPolicies merges the database list policies into the given policies map. This assumes that the policies belong to the same group.

TODO(jaosorior): This will have to consider the project tree once we migrate to that

func NewErrEvaluationFailed 

func NewErrEvaluationFailed(sfmt string, args ...any) error

NewErrEvaluationFailed creates a new evaluation error

func ParseJSON 

func ParseJSON(r io.Reader) (*pb.PipelinePolicy, error)

ParseJSON parses a JSON pipeline policy and validates it

func ParseRuleType 

func ParseRuleType(r io.Reader) (*pb.RuleType, error)

ParseRuleType parses a rule type from a reader

func ParseYAML 

func ParseYAML(r io.Reader) (*pb.PipelinePolicy, error)

ParseYAML parses a YAML pipeline policy and validates it

func ReadPolicyFromFile 

func ReadPolicyFromFile(fpath string) (*pb.PipelinePolicy, error)

ReadPolicyFromFile reads a pipeline policy from a file and returns it as a protobuf

func RuleDefFromDB 

func RuleDefFromDB(r *db.RuleType) (*pb.RuleType_Definition, error)

RuleDefFromDB converts a rule type definition from the database to a protobuf rule type definition

func RuleTypePBFromDB 

func RuleTypePBFromDB(rt *db.RuleType, ectx *EntityContext) (*pb.RuleType, error)

RuleTypePBFromDB converts a rule type from the database to a protobuf rule type

func TraverseAllRulesForPipeline 

func TraverseAllRulesForPipeline(p *pb.PipelinePolicy, fn func(*pb.PipelinePolicy_Rule) error) error

TraverseAllRulesForPipeline traverses all rules for the given pipeline policy

func TraverseRules 

func TraverseRules(cr []*pb.PipelinePolicy_ContextualRuleSet, fn func(*pb.PipelinePolicy_Rule) error) error

TraverseRules traverses the rules and calls the given function for each rule TODO: do we want to collect and return _all_ errors, rather than just the first, to prevent whack-a-mole fixing?

func ValidatePolicy 

func ValidatePolicy(p *pb.PipelinePolicy) error

ValidatePolicy validates a pipeline policy

func ValidateRuleTypeDefinition 

func ValidateRuleTypeDefinition(def *pb.RuleType_Definition) error

ValidateRuleTypeDefinition validates a rule type definition

func WithEntityContext 

func WithEntityContext(ctx context.Context, c *EntityContext) context.Context

WithEntityContext stores an EntityContext in the current context.

Types

type BuiltinRuleDataIngest 

type BuiltinRuleDataIngest struct {
	// contains filtered or unexported fields
}

BuiltinRuleDataIngest is the engine for a rule type that uses builtin methods

func NewBuiltinRuleDataIngest 

func NewBuiltinRuleDataIngest(
	cfg *pb.RuleType_Definition_DataEval,
	builtinCfg *pb.BuiltinType,
	access_token string,
) (*BuiltinRuleDataIngest, error)

NewBuiltinRuleDataIngest creates a new builtin rule data ingest engine

func (*BuiltinRuleDataIngest) Eval 

func (idi *BuiltinRuleDataIngest) Eval(ctx context.Context, ent protoreflect.ProtoMessage, pol, params map[string]any) error

Eval evaluates the rule type against the given entity and policy

type EntityContext 

type EntityContext struct {
	Group    Group
	Provider string
}

EntityContext is the context of an entity. This is relevant for getting the full information about an entity.

func EntityFromContext 

func EntityFromContext(ctx context.Context) *EntityContext

EntityFromContext extracts the current EntityContext, WHICH MAY BE NIL!

func GetContextFromInput 

func GetContextFromInput(ctx context.Context, in *pb.Context, q db.Querier) (*EntityContext, error)

GetContextFromInput returns the context from the input. The input is the context from the gRPC request which merely holds user-friendly information about an object.

func (*EntityContext) GetGroup 

func (c *EntityContext) GetGroup() Group

GetGroup returns the group of the entity

func (*EntityContext) GetProvider 

func (c *EntityContext) GetProvider() string

GetProvider returns the provider of the entity

type EntityType 

type EntityType string

EntityType is the type of entity 

const (
	// RepositoryEntity is a repository entity
	RepositoryEntity EntityType = "repository"
	// BuildEnvironmentEntity is a build environment entity
	BuildEnvironmentEntity EntityType = "build_environment"
	// ArtifactEntity is an artifact entity
	ArtifactEntity EntityType = "artifact"
	// UnknownEntity is an explicitly unknown entity
	UnknownEntity EntityType = "unknown"
)

Entity types

func EntityTypeFromDB 

func EntityTypeFromDB(entity db.Entities) EntityType

EntityTypeFromDB returns the entity type from the database entity

func (EntityType) String 

func (e EntityType) String() string

String returns the string representation of the entity type

type Executor 

type Executor struct {
	// contains filtered or unexported fields
}

Executor is the engine that executes the rules for a given event

func NewExecutor 

func NewExecutor(querier db.Store) *Executor

NewExecutor creates a new executor

func (*Executor) HandleArtifactsReconcilerEvent 

func (e *Executor) HandleArtifactsReconcilerEvent(ctx context.Context, prov string, evt *ReconcilerEvent) error

HandleArtifactsReconcilerEvent recreates the artifacts belonging to an specific repository nolint: gocyclo

func (*Executor) Register 

func (e *Executor) Register(r events.Registrar)

Register implements the Consumer interface.

type Group 

type Group struct {
	ID   int32
	Name string
}

Group is a construct relevant to an entity's context. This is relevant for getting the full information about an entity.

func (Group) GetID 

func (g Group) GetID() int32

GetID returns the ID of the group

func (Group) GetName 

func (g Group) GetName() string

GetName returns the name of the group

type InitEvent 

type InitEvent struct {
	// Group is the group that the event is relevant to
	Group int32 `json:"group" validate:"gte=0"`
	// Policy is the policy that the event is relevant to
	Policy int32 `json:"policy" validate:"gte=0"`
}

InitEvent is an event that is sent to the init topic Note that this event assumes the `provider` is set in the metadata

type ReconcilerEvent 

type ReconcilerEvent struct {
	// Group is the group that the event is relevant to
	Group int32 `json:"group" validate:"gte=0"`
	// Repository is the repository to be reconciled
	Repository int32 `json:"repository" validate:"gte=0"`
}

ReconcilerEvent is an event that is sent to the reconciler topic

type RestEndpointTemplateParams 

type RestEndpointTemplateParams struct {
	// Entity is the entity to be evaluated
	Entity any
	// Params are the parameters to be used in the template
	Params map[string]any
}

RestEndpointTemplateParams is the parameters for the REST endpoint template

type RestRuleDataIngest 

type RestRuleDataIngest struct {
	// contains filtered or unexported fields
}

RestRuleDataIngest is the engine for a rule type that uses REST data ingest

func NewRestRuleDataIngest 

func NewRestRuleDataIngest(
	cfg *pb.RuleType_Definition_DataEval,
	restCfg *pb.RestType,
	cli ghclient.RestAPI,
) (*RestRuleDataIngest, error)

NewRestRuleDataIngest creates a new REST rule data ingest engine

func (*RestRuleDataIngest) Eval 

func (rdi *RestRuleDataIngest) Eval(ctx context.Context, ent protoreflect.ProtoMessage, pol, params map[string]any) error

Eval evaluates the rule type against the given entity and policy

type RuleDataIngest 

type RuleDataIngest interface {
	Eval(ctx context.Context, ent protoreflect.ProtoMessage, pol, params map[string]any) error
}

RuleDataIngest is the interface for rule data ingest It allows for different mechanisms for ingesting data in order to evaluate a rule.

func NewRuleDataIngest 

func NewRuleDataIngest(rt *pb.RuleType, cli ghclient.RestAPI, access_token string) (RuleDataIngest, error)

NewRuleDataIngest creates a new rule data ingest based no the given rule type definition.

type RuleMeta 

type RuleMeta struct {
	// Name is the name of the rule
	Name string
	// Provider is the ID of the provider that this rule is for
	Provider string
	// Organization is the ID of the organization that this rule is for
	Organization *string
	// Group is the ID of the group that this rule is for
	Group *string
}

RuleMeta is the metadata for a rule TODO: We probably should care about a version

func (*RuleMeta) String 

func (r *RuleMeta) String() string

String returns a string representation of the rule meta

type RuleTypeEngine 

type RuleTypeEngine struct {
	Meta RuleMeta
	// contains filtered or unexported fields
}

RuleTypeEngine is the engine for a rule type

func NewRuleTypeEngine 

func NewRuleTypeEngine(rt *pb.RuleType, cli ghclient.RestAPI, accessToken string) (*RuleTypeEngine, error)

NewRuleTypeEngine creates a new rule type engine

func (*RuleTypeEngine) Eval 

func (r *RuleTypeEngine) Eval(ctx context.Context, ent protoreflect.ProtoMessage, pol, params map[string]any) error

Eval runs the rule type engine against the given entity

func (*RuleTypeEngine) GetID 

func (r *RuleTypeEngine) GetID() string

GetID returns the ID of the rule type. The ID is meant to be a serializable unique identifier for the rule type.

func (*RuleTypeEngine) GetRuleInstanceValidator 

func (r *RuleTypeEngine) GetRuleInstanceValidator() *RuleValidator

GetRuleInstanceValidator returns the rule instance validator for this rule type. By instance we mean a rule that has been instantiated in a policy from a given rule type.

type RuleValidationError 

type RuleValidationError struct {
	Err string
	// RuleType is a rule name
	RuleType string
}

RuleValidationError is used to report errors from evaluating a rule, including attribution of the particular error encountered.

func (*RuleValidationError) Error 

func (e *RuleValidationError) Error() string

Error implements error.Error

func (*RuleValidationError) String 

func (e *RuleValidationError) String() string

String implements fmt.Stringer

type RuleValidator 

type RuleValidator struct {
	// contains filtered or unexported fields
}

RuleValidator validates a rule against a schema

func NewRuleValidator 

func NewRuleValidator(rt *pb.RuleType) (*RuleValidator, error)

NewRuleValidator creates a new rule validator

func (*RuleValidator) ValidateParamsAgainstSchema 

func (r *RuleValidator) ValidateParamsAgainstSchema(params *structpb.Struct) error

ValidateParamsAgainstSchema validates the given parameters against the schema for this rule type

func (*RuleValidator) ValidateRuleDefAgainstSchema 

func (r *RuleValidator) ValidateRuleDefAgainstSchema(contextualPolicy map[string]any) error

ValidateRuleDefAgainstSchema validates the given contextual policy against the schema for this rule type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.