engine

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 6, 2023 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Overview

Package engine provides an implementation of the policy-engine-related objects, interfaces and functionality.

Index

Constants

View Source 
const (
	// RepositoryEventEntityType is the entity type for repositories
	RepositoryEventEntityType = "repository"
	// VersionedArtifactEventEntityType is the entity type for versioned artifacts
	VersionedArtifactEventEntityType = "versioned_artifact"
)
View Source 
const (
	// EntityTypeEventKey is the key for the entity type
	EntityTypeEventKey = "entity_type"
	// GroupIDEventKey is the key for the group ID
	GroupIDEventKey = "group_id"
	// RepositoryIDEventKey is the key for the repository ID
	RepositoryIDEventKey = "repository_id"
	// ArtifactIDEventKey is the key for the artifact ID
	ArtifactIDEventKey = "artifact_id"
)
View Source 
const (
	// InternalWebhookEventTopic is the topic for internal webhook events
	InternalWebhookEventTopic = "internal.webhook.event"
	// InternalInitEventTopic is the topic for internal init events
	InternalInitEventTopic = "internal.init.event"
	// InternalReconcilerEventTopic is the topic for internal reconciler events
	InternalReconcilerEventTopic = "internal.reconciler.event"
)

Variables

View Source 
var CONTAINER_TYPE = "container"

CONTAINER_TYPE is the type for container artifacts

View Source 
var (
	// ErrInvalidRuleTypeDefinition is returned when a rule type definition is invalid
	ErrInvalidRuleTypeDefinition = errors.New("invalid rule type definition")
)
View Source 
var (
	// ErrValidationFailed is returned when a policy fails validation
	ErrValidationFailed = fmt.Errorf("validation failed")
)

Functions

func GetRulesForEntity 

func GetRulesForEntity(p *pb.PipelinePolicy, entity pb.Entity) ([]*pb.PipelinePolicy_ContextualRuleSet, error)

GetRulesForEntity returns the rules for the given entity

func GetRulesFromPolicyOfType 

func GetRulesFromPolicyOfType(p *pb.PipelinePolicy, rt *pb.RuleType) ([]*pb.PipelinePolicy_Rule, error)

GetRulesFromPolicyOfType returns the rules from the policy of the given type

func MergeDatabaseGetIntoPolicies 

func MergeDatabaseGetIntoPolicies(ppl []db.GetPolicyByGroupAndIDRow, ectx *EntityContext) map[string]*pb.PipelinePolicy

MergeDatabaseGetIntoPolicies merges the database get policies into the given policies map. This assumes that the policies belong to the same group.

TODO(jaosorior): This will have to consider the project tree once we migrate to that

func MergeDatabaseListIntoPolicies 

func MergeDatabaseListIntoPolicies(ppl []db.ListPoliciesByGroupIDRow, ectx *EntityContext) map[string]*pb.PipelinePolicy

MergeDatabaseListIntoPolicies merges the database list policies into the given policies map. This assumes that the policies belong to the same group.

TODO(jaosorior): This will have to consider the project tree once we migrate to that

func ParseJSON 

func ParseJSON(r io.Reader) (*pb.PipelinePolicy, error)

ParseJSON parses a JSON pipeline policy and validates it

func ParseRuleType 

func ParseRuleType(r io.Reader) (*pb.RuleType, error)

ParseRuleType parses a rule type from a reader

func ParseYAML 

func ParseYAML(r io.Reader) (*pb.PipelinePolicy, error)

ParseYAML parses a YAML pipeline policy and validates it

func ReadPolicyFromFile 

func ReadPolicyFromFile(fpath string) (*pb.PipelinePolicy, error)

ReadPolicyFromFile reads a pipeline policy from a file and returns it as a protobuf

func RuleDefFromDB 

func RuleDefFromDB(r *db.RuleType) (*pb.RuleType_Definition, error)

RuleDefFromDB converts a rule type definition from the database to a protobuf rule type definition

func RuleTypePBFromDB 

func RuleTypePBFromDB(rt *db.RuleType, ectx *EntityContext) (*pb.RuleType, error)

RuleTypePBFromDB converts a rule type from the database to a protobuf rule type

func TraverseAllRulesForPipeline 

func TraverseAllRulesForPipeline(p *pb.PipelinePolicy, fn func(*pb.PipelinePolicy_Rule) error) error

TraverseAllRulesForPipeline traverses all rules for the given pipeline policy

func TraverseRules 

func TraverseRules(cr []*pb.PipelinePolicy_ContextualRuleSet, fn func(*pb.PipelinePolicy_Rule) error) error

TraverseRules traverses the rules and calls the given function for each rule TODO: do we want to collect and return _all_ errors, rather than just the first, to prevent whack-a-mole fixing?

func ValidatePolicy 

func ValidatePolicy(p *pb.PipelinePolicy) error

ValidatePolicy validates a pipeline policy

func ValidateRuleTypeDefinition 

func ValidateRuleTypeDefinition(def *pb.RuleType_Definition) error

ValidateRuleTypeDefinition validates a rule type definition

func WithEntityContext 

func WithEntityContext(ctx context.Context, c *EntityContext) context.Context

WithEntityContext stores an EntityContext in the current context.

Types

type EntityContext 

type EntityContext struct {
	Group    Group
	Provider string
}

EntityContext is the context of an entity. This is relevant for getting the full information about an entity.

func EntityFromContext 

func EntityFromContext(ctx context.Context) *EntityContext

EntityFromContext extracts the current EntityContext, WHICH MAY BE NIL!

func GetContextFromInput 

func GetContextFromInput(ctx context.Context, in *pb.Context, q db.Querier) (*EntityContext, error)

GetContextFromInput returns the context from the input. The input is the context from the gRPC request which merely holds user-friendly information about an object.

func (*EntityContext) GetGroup 

func (c *EntityContext) GetGroup() Group

GetGroup returns the group of the entity

func (*EntityContext) GetProvider 

func (c *EntityContext) GetProvider() string

GetProvider returns the provider of the entity

type Executor 

type Executor struct {
	// contains filtered or unexported fields
}

Executor is the engine that executes the rules for a given event

func NewExecutor 

func NewExecutor(querier db.Store) *Executor

NewExecutor creates a new executor

func (*Executor) HandleArtifactsReconcilerEvent 

func (e *Executor) HandleArtifactsReconcilerEvent(ctx context.Context, prov string, evt *ReconcilerEvent) error

HandleArtifactsReconcilerEvent recreates the artifacts belonging to an specific repository nolint: gocyclo

func (*Executor) Register 

func (e *Executor) Register(r events.Registrar)

Register implements the Consumer interface.

type Group 

type Group struct {
	ID   int32
	Name string
}

Group is a construct relevant to an entity's context. This is relevant for getting the full information about an entity.

func (Group) GetID 

func (g Group) GetID() int32

GetID returns the ID of the group

func (Group) GetName 

func (g Group) GetName() string

GetName returns the name of the group

type ReconcilerEvent 

type ReconcilerEvent struct {
	// Group is the group that the event is relevant to
	Group int32 `json:"group" validate:"gte=0"`
	// Repository is the repository to be reconciled
	Repository int32 `json:"repository" validate:"gte=0"`
}

ReconcilerEvent is an event that is sent to the reconciler topic

type RuleMeta 

type RuleMeta struct {
	// Name is the name of the rule
	Name string
	// Provider is the ID of the provider that this rule is for
	Provider string
	// Organization is the ID of the organization that this rule is for
	Organization *string
	// Group is the ID of the group that this rule is for
	Group *string
}

RuleMeta is the metadata for a rule TODO: We probably should care about a version

func (*RuleMeta) String 

func (r *RuleMeta) String() string

String returns a string representation of the rule meta

type RuleTypeEngine 

type RuleTypeEngine struct {
	Meta RuleMeta
	// contains filtered or unexported fields
}

RuleTypeEngine is the engine for a rule type

func NewRuleTypeEngine 

func NewRuleTypeEngine(rt *pb.RuleType, cli ghclient.RestAPI, accessToken string) (*RuleTypeEngine, error)

NewRuleTypeEngine creates a new rule type engine

func (*RuleTypeEngine) Eval 

func (r *RuleTypeEngine) Eval(ctx context.Context, ent protoreflect.ProtoMessage, pol, params map[string]any) error

Eval runs the rule type engine against the given entity

func (*RuleTypeEngine) GetID 

func (r *RuleTypeEngine) GetID() string

GetID returns the ID of the rule type. The ID is meant to be a serializable unique identifier for the rule type.

func (*RuleTypeEngine) GetRuleInstanceValidator 

func (r *RuleTypeEngine) GetRuleInstanceValidator() *RuleValidator

GetRuleInstanceValidator returns the rule instance validator for this rule type. By instance we mean a rule that has been instantiated in a policy from a given rule type.

type RuleValidationError 

type RuleValidationError struct {
	Err string
	// RuleType is a rule name
	RuleType string
}

RuleValidationError is used to report errors from evaluating a rule, including attribution of the particular error encountered.

func (*RuleValidationError) Error 

func (e *RuleValidationError) Error() string

Error implements error.Error

func (*RuleValidationError) String 

func (e *RuleValidationError) String() string

String implements fmt.Stringer

type RuleValidator 

type RuleValidator struct {
	// contains filtered or unexported fields
}

RuleValidator validates a rule against a schema

func NewRuleValidator 

func NewRuleValidator(rt *pb.RuleType) (*RuleValidator, error)

NewRuleValidator creates a new rule validator

func (*RuleValidator) ValidateParamsAgainstSchema 

func (r *RuleValidator) ValidateParamsAgainstSchema(params *structpb.Struct) error

ValidateParamsAgainstSchema validates the given parameters against the schema for this rule type

func (*RuleValidator) ValidateRuleDefAgainstSchema 

func (r *RuleValidator) ValidateRuleDefAgainstSchema(contextualPolicy map[string]any) error

ValidateRuleDefAgainstSchema validates the given contextual policy against the schema for this rule type

Source Files

View all Source files

Directories

Path Synopsis
Package errors provides errors for the evaluator engine
 Package errors provides errors for the evaluator engine
Package eval provides necessary interfaces and implementations for evaluating rules.
 Package eval provides necessary interfaces and implementations for evaluating rules.
jq
Package jq provides the jq policy evaluator
 Package jq provides the jq policy evaluator
rego
Package rego provides the rego rule evaluator
 Package rego provides the rego rule evaluator
Package ingester provides necessary interfaces and implementations for ingesting data for rules.
 Package ingester provides necessary interfaces and implementations for ingesting data for rules.
artifact
Package artifact provides the artifact ingestion engine
 Package artifact provides the artifact ingestion engine
builtin
Package builtin provides the builtin ingestion engine
 Package builtin provides the builtin ingestion engine
git
Package git provides the git rule data ingest engine
 Package git provides the git rule data ingest engine
rest
Package rest provides the REST rule data ingest engine
 Package rest provides the REST rule data ingest engine
Package interfaces provides necessary interfaces and implementations for implementing engine plugins
 Package interfaces provides necessary interfaces and implementations for implementing engine plugins

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.