engine

package
v0.0.23 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 22, 2023 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Overview

Package engine provides an implementation of the profile-engine-related objects, interfaces and functionality.

Index

Constants

View Source 
const (
	// RepositoryEventEntityType is the entity type for repositories
	RepositoryEventEntityType = "repository"
	// VersionedArtifactEventEntityType is the entity type for versioned artifacts
	VersionedArtifactEventEntityType = "versioned_artifact"
	// PullRequestEventEntityType is the entity type for pull requests
	PullRequestEventEntityType = "pull_request"
)
View Source 
const (
	// EntityTypeEventKey is the key for the entity type
	EntityTypeEventKey = "entity_type"
	// ProviderEventKey is the key for the provider
	ProviderEventKey = "provider"
	// ProjectIDEventKey is the key for the project ID
	ProjectIDEventKey = "project_id"
	// RepositoryIDEventKey is the key for the repository ID
	RepositoryIDEventKey = "repository_id"
	// ArtifactIDEventKey is the key for the artifact ID
	ArtifactIDEventKey = "artifact_id"
	// PullRequestIDEventKey is the key for the pull request ID
	PullRequestIDEventKey = "pull_request_id"
	// ExecutionIDKey is the key for the execution ID. This is set when acquiring a lock.
	ExecutionIDKey = "execution_id"
)
View Source 
const (
	// ExecuteEntityEventTopic is the topic for internal webhook events
	ExecuteEntityEventTopic = "execute.entity.event"
	// FlushEntityEventTopic is the topic for flushing internal webhook events
	FlushEntityEventTopic = "flush.entity.event"
)
View Source 
const (
	// DefaultExecutionTimeout is the timeout for execution of a set
	// of profiles on an entity.
	DefaultExecutionTimeout = 5 * time.Minute
)

Variables

This section is empty.

Functions

func GetRulesForEntity 

func GetRulesForEntity(p *pb.Profile, entity pb.Entity) ([]*pb.Profile_Rule, error)

GetRulesForEntity returns the rules for the given entity

func GetRulesFromProfileOfType 

func GetRulesFromProfileOfType(p *minderv1.Profile, rt *minderv1.RuleType) ([]*minderv1.Profile_Rule, error)

GetRulesFromProfileOfType returns the rules from the profile of the given type

func MergeDatabaseGetIntoProfiles 

func MergeDatabaseGetIntoProfiles(ppl []db.GetProfileByProjectAndIDRow, ectx *EntityContext) map[string]*pb.Profile

MergeDatabaseGetIntoProfiles merges the database get profiles into the given profiles map. This assumes that the profiles belong to the same project.

TODO(jaosorior): This will have to consider the project tree once we migrate to that

func MergeDatabaseListIntoProfiles 

func MergeDatabaseListIntoProfiles(ppl []db.ListProfilesByProjectIDRow, ectx *EntityContext) map[string]*pb.Profile

MergeDatabaseListIntoProfiles merges the database list profiles into the given profiles map. This assumes that the profiles belong to the same project.

TODO(jaosorior): This will have to consider the project tree once we migrate to that

func ParseJSON 

func ParseJSON(r io.Reader) (*pb.Profile, error)

ParseJSON parses a JSON pipeline profile and validates it

func ParseYAML 

func ParseYAML(r io.Reader) (*pb.Profile, error)

ParseYAML parses a YAML pipeline profile and validates it

func ReadProfileFromFile 

func ReadProfileFromFile(fpath string) (*pb.Profile, error)

ReadProfileFromFile reads a pipeline profile from a file and returns it as a protobuf

func RuleDefFromDB 

func RuleDefFromDB(r *db.RuleType) (*minderv1.RuleType_Definition, error)

RuleDefFromDB converts a rule type definition from the database to a protobuf rule type definition

func RuleTypePBFromDB 

func RuleTypePBFromDB(rt *db.RuleType, ectx *EntityContext) (*minderv1.RuleType, error)

RuleTypePBFromDB converts a rule type from the database to a protobuf rule type

func TraverseAllRulesForPipeline 

func TraverseAllRulesForPipeline(p *pb.Profile, fn func(*pb.Profile_Rule) error) error

TraverseAllRulesForPipeline traverses all rules for the given pipeline profile

func TraverseRules 

func TraverseRules(rules []*pb.Profile_Rule, fn func(*pb.Profile_Rule) error) error

TraverseRules traverses the rules and calls the given function for each rule TODO: do we want to collect and return _all_ errors, rather than just the first, to prevent whack-a-mole fixing?

func WithEntityContext 

func WithEntityContext(ctx context.Context, c *EntityContext) context.Context

WithEntityContext stores an EntityContext in the current context.

Types

type EntityContext 

type EntityContext struct {
	Project  Project
	Provider Provider
}

EntityContext is the context of an entity. This is relevant for getting the full information about an entity.

func EntityFromContext 

func EntityFromContext(ctx context.Context) *EntityContext

EntityFromContext extracts the current EntityContext, WHICH MAY BE NIL!

func GetContextFromInput 

func GetContextFromInput(ctx context.Context, in *pb.Context, q db.Querier) (*EntityContext, error)

GetContextFromInput returns the context from the input. The input is the context from the gRPC request which merely holds user-friendly information about an object.

func (*EntityContext) GetProject 

func (c *EntityContext) GetProject() Project

GetProject returns the project of the entity

func (*EntityContext) GetProvider 

func (c *EntityContext) GetProvider() Provider

GetProvider returns the provider of the entity

type EntityInfoWrapper 

type EntityInfoWrapper struct {
	Provider      string
	ProjectID     *uuid.UUID
	Entity        protoreflect.ProtoMessage
	Type          minderv1.Entity
	OwnershipData map[string]string
	ExecutionID   *uuid.UUID
}

EntityInfoWrapper is a helper struct to gather information about entities from events. It's able to build message.Message structures from the information it gathers.

It's also able to read the message.Message that contains a payload with a protobuf message that's specific to the entity type.

It also assumes the following metadata keys are present:

- EntityTypeEventKey - entity_type - ProjectIDEventKey - project_id - RepositoryIDEventKey - repository_id - ArtifactIDEventKey - artifact_id (only for versioned artifacts)

Entity type is used to determine the type of the protobuf message and the entity type in the database. It may be one of the following:

- RepositoryEventEntityType - repository - VersionedArtifactEventEntityType - versioned_artifact

func NewEntityInfoWrapper 

func NewEntityInfoWrapper() *EntityInfoWrapper

NewEntityInfoWrapper creates a new EntityInfoWrapper

func ParseEntityEvent added in v0.0.17 

func ParseEntityEvent(msg *message.Message) (*EntityInfoWrapper, error)

ParseEntityEvent parses a message.Message and returns an EntityInfoWrapper

func (*EntityInfoWrapper) AsArtifact 

func (eiw *EntityInfoWrapper) AsArtifact() *EntityInfoWrapper

AsArtifact sets the entity type to a versioned artifact

func (*EntityInfoWrapper) AsPullRequest 

func (eiw *EntityInfoWrapper) AsPullRequest()

AsPullRequest sets the entity type to a pull request

func (*EntityInfoWrapper) AsRepository 

func (eiw *EntityInfoWrapper) AsRepository() *EntityInfoWrapper

AsRepository sets the entity type to a repository

func (*EntityInfoWrapper) BuildMessage 

func (eiw *EntityInfoWrapper) BuildMessage() (*message.Message, error)

BuildMessage builds a message.Message from the information

func (*EntityInfoWrapper) GetEntityDBIDs added in v0.0.17 

func (eiw *EntityInfoWrapper) GetEntityDBIDs() (repoID uuid.UUID, artifactID uuid.NullUUID, pullRequestID uuid.NullUUID)

GetEntityDBIDs returns the repository, artifact and pull request IDs from the ownership data

func (*EntityInfoWrapper) Publish 

func (eiw *EntityInfoWrapper) Publish(evt *events.Eventer) error

Publish builds a message.Message and publishes it to the event bus

func (*EntityInfoWrapper) ToMessage 

func (eiw *EntityInfoWrapper) ToMessage(msg *message.Message) error

ToMessage sets the information to a message.Message

func (*EntityInfoWrapper) WithArtifact 

func (eiw *EntityInfoWrapper) WithArtifact(va *minderv1.Artifact) *EntityInfoWrapper

WithArtifact sets the entity to a versioned artifact sets the entity to a versioned artifact

func (*EntityInfoWrapper) WithArtifactID 

func (eiw *EntityInfoWrapper) WithArtifactID(id uuid.UUID) *EntityInfoWrapper

WithArtifactID sets the artifact ID

func (*EntityInfoWrapper) WithExecutionID added in v0.0.17 

func (eiw *EntityInfoWrapper) WithExecutionID(id uuid.UUID) *EntityInfoWrapper

WithExecutionID sets the execution ID

func (*EntityInfoWrapper) WithProjectID 

func (eiw *EntityInfoWrapper) WithProjectID(id uuid.UUID) *EntityInfoWrapper

WithProjectID sets the project ID

func (*EntityInfoWrapper) WithProvider 

func (eiw *EntityInfoWrapper) WithProvider(provider string) *EntityInfoWrapper

WithProvider sets the provider

func (*EntityInfoWrapper) WithPullRequest 

func (eiw *EntityInfoWrapper) WithPullRequest(p *minderv1.PullRequest) *EntityInfoWrapper

WithPullRequest sets the entity to a repository

func (*EntityInfoWrapper) WithPullRequestID 

func (eiw *EntityInfoWrapper) WithPullRequestID(id uuid.UUID) *EntityInfoWrapper

WithPullRequestID sets the pull request ID

func (*EntityInfoWrapper) WithRepository 

func (eiw *EntityInfoWrapper) WithRepository(r *minderv1.Repository) *EntityInfoWrapper

WithRepository sets the entity to a repository

func (*EntityInfoWrapper) WithRepositoryID 

func (eiw *EntityInfoWrapper) WithRepositoryID(id uuid.UUID) *EntityInfoWrapper

WithRepositoryID sets the repository ID

type Executor 

type Executor struct {
	// contains filtered or unexported fields
}

Executor is the engine that executes the rules for a given event

func NewExecutor 

func NewExecutor(
	ctx context.Context,
	querier db.Store,
	authCfg *config.AuthConfig,
	evt *events.Eventer,
	opts ...ExecutorOption,
) (*Executor, error)

NewExecutor creates a new executor

func (*Executor) HandleEntityEvent 

func (e *Executor) HandleEntityEvent(msg *message.Message) error

HandleEntityEvent handles events coming from webhooks/signals as well as the init event.

func (*Executor) Register 

func (e *Executor) Register(r events.Registrar)

Register implements the Consumer interface.

func (*Executor) Wait added in v0.0.17 

func (e *Executor) Wait()

Wait waits for all the executions to finish.

type ExecutorOption 

type ExecutorOption func(*Executor)

ExecutorOption is a function that modifies an executor

func WithAggregatorMiddleware added in v0.0.17 

func WithAggregatorMiddleware(mdw events.AggregatorMiddleware) ExecutorOption

WithAggregatorMiddleware sets the aggregator middleware for the executor

func WithProviderMetrics 

func WithProviderMetrics(mt providertelemetry.ProviderMetrics) ExecutorOption

WithProviderMetrics sets the provider metrics for the executor

type Project 

type Project struct {
	ID   uuid.UUID
	Name string
}

Project is a construct relevant to an entity's context. This is relevant for getting the full information about an entity.

func (Project) GetID 

func (g Project) GetID() uuid.UUID

GetID returns the ID of the project

func (Project) GetName 

func (g Project) GetName() string

GetName returns the name of the project

type Provider 

type Provider struct {
	ID   uuid.UUID
	Name string
}

Provider is a construct relevant to an entity's context. This is relevant for getting the full information about an entity.

type RuleMeta 

type RuleMeta struct {
	// Name is the name of the rule
	Name string
	// Provider is the ID of the provider that this rule is for
	Provider string
	// Organization is the ID of the organization that this rule is for
	Organization *string
	// Project is the ID of the project that this rule is for
	Project *string
}

RuleMeta is the metadata for a rule TODO: We probably should care about a version

func (*RuleMeta) String 

func (r *RuleMeta) String() string

String returns a string representation of the rule meta

type RuleTypeEngine 

type RuleTypeEngine struct {
	Meta RuleMeta
	// contains filtered or unexported fields
}

RuleTypeEngine is the engine for a rule type

func NewRuleTypeEngine 

func NewRuleTypeEngine(
	p *minderv1.Profile,
	rt *minderv1.RuleType,
	cli *providers.ProviderBuilder,
) (*RuleTypeEngine, error)

NewRuleTypeEngine creates a new rule type engine

func (*RuleTypeEngine) Actions 

func (r *RuleTypeEngine) Actions(
	ctx context.Context,
	inf *EntityInfoWrapper,
	params engif.ActionsParams,
) enginerr.ActionsError

Actions runs all actions for the rule type engine against the given entity

func (*RuleTypeEngine) Eval 

func (r *RuleTypeEngine) Eval(ctx context.Context, inf *EntityInfoWrapper, params engif.EvalParams) error

Eval runs the rule type engine against the given entity

func (*RuleTypeEngine) GetID 

func (r *RuleTypeEngine) GetID() string

GetID returns the ID of the rule type. The ID is meant to be a serializable unique identifier for the rule type.

func (*RuleTypeEngine) GetRuleInstanceValidator 

func (r *RuleTypeEngine) GetRuleInstanceValidator() *RuleValidator

GetRuleInstanceValidator returns the rule instance validator for this rule type. By instance we mean a rule that has been instantiated in a profile from a given rule type.

func (*RuleTypeEngine) WithIngesterCache 

func (r *RuleTypeEngine) WithIngesterCache(ingestCache ingestcache.Cache) *RuleTypeEngine

WithIngesterCache sets the ingester cache for the rule type engine

type RuleValidationError 

type RuleValidationError struct {
	Err string
	// RuleType is a rule name
	RuleType string
}

RuleValidationError is used to report errors from evaluating a rule, including attribution of the particular error encountered.

func (*RuleValidationError) Error 

func (e *RuleValidationError) Error() string

Error implements error.Error

func (*RuleValidationError) String 

func (e *RuleValidationError) String() string

String implements fmt.Stringer

type RuleValidator 

type RuleValidator struct {
	// contains filtered or unexported fields
}

RuleValidator validates a rule against a schema

func NewRuleValidator 

func NewRuleValidator(rt *minderv1.RuleType) (*RuleValidator, error)

NewRuleValidator creates a new rule validator

func (*RuleValidator) ValidateParamsAgainstSchema 

func (r *RuleValidator) ValidateParamsAgainstSchema(params *structpb.Struct) error

ValidateParamsAgainstSchema validates the given parameters against the schema for this rule type

func (*RuleValidator) ValidateRuleDefAgainstSchema 

func (r *RuleValidator) ValidateRuleDefAgainstSchema(contextualProfile map[string]any) error

ValidateRuleDefAgainstSchema validates the given contextual profile against the schema for this rule type

Source Files

View all Source files

Directories

Path Synopsis
Package actions provide necessary interfaces and implementations for processing actions, such as remediation and alerts.
 Package actions provide necessary interfaces and implementations for processing actions, such as remediation and alerts.
alert
Package alert provides necessary interfaces and implementations for processing alerts.
 Package alert provides necessary interfaces and implementations for processing alerts.
alert/noop
Package noop provides a fallback alert engine for cases where no alert is set.
 Package noop provides a fallback alert engine for cases where no alert is set.
alert/security_advisory
Package security_advisory provides necessary interfaces and implementations for creating alerts of type security advisory.
 Package security_advisory provides necessary interfaces and implementations for creating alerts of type security advisory.
remediate
Package remediate provides necessary interfaces and implementations for remediating rules.
 Package remediate provides necessary interfaces and implementations for remediating rules.
remediate/gh_branch_protect
Package gh_branch_protect provides the github branch protection remediation engine
 Package gh_branch_protect provides the github branch protection remediation engine
remediate/noop
Package noop provides a fallback remediation engine for cases where no remediation is set.
 Package noop provides a fallback remediation engine for cases where no remediation is set.
remediate/pull_request
Package pull_request provides the pull request remediation engine
 Package pull_request provides the pull request remediation engine
remediate/rest
Package rest provides the REST remediation engine
 Package rest provides the REST remediation engine
Package errors provides errors for the evaluator engine
 Package errors provides errors for the evaluator engine
Package eval provides necessary interfaces and implementations for evaluating rules.
 Package eval provides necessary interfaces and implementations for evaluating rules.
jq
Package jq provides the jq profile evaluator
 Package jq provides the jq profile evaluator
pr_actions
Package pr_actions contains shared code to take on PRs
 Package pr_actions contains shared code to take on PRs
rego
Package rego provides the rego rule evaluator
 Package rego provides the rego rule evaluator
trusty
Package trusty provides an evaluator that uses the trusty API
 Package trusty provides an evaluator that uses the trusty API
vulncheck
Package vulncheck provides the vulnerability check evaluator
 Package vulncheck provides the vulnerability check evaluator
Package ingestcache a cache that is used to cache the results of ingesting data.
 Package ingestcache a cache that is used to cache the results of ingesting data.
Package ingester provides necessary interfaces and implementations for ingesting data for rules.
 Package ingester provides necessary interfaces and implementations for ingesting data for rules.
artifact
Package artifact provides the artifact ingestion engine
 Package artifact provides the artifact ingestion engine
builtin
Package builtin provides the builtin ingestion engine
 Package builtin provides the builtin ingestion engine
diff
Package diff provides the diff rule data ingest engine
 Package diff provides the diff rule data ingest engine
git
Package git provides the git rule data ingest engine
 Package git provides the git rule data ingest engine
rest
Package rest provides the REST rule data ingest engine
 Package rest provides the REST rule data ingest engine
Package interfaces provides necessary interfaces and implementations for implementing engine plugins
 Package interfaces provides necessary interfaces and implementations for implementing engine plugins

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.