biz

package
v0.147.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: Apache-2.0 Imports: 68 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Inline, embedded CAS backend
	CASBackendInline                CASBackendProvider = "INLINE"
	CASBackendInlineDefaultMaxBytes int64              = 500 * 1024 // 500KB
)
View Source
const RandomNameMaxTries = 10

Variables

View Source
var EmptyDefaultContract = &Contract{
	Raw: []byte("schemaVersion: v1"), Format: unmarshal.RawFormatYAML,
}

EmptyDefaultContract is the default contract that will be created if no contract is provided

ProviderSet is biz providers.

Functions

func IsErrAlreadyExists added in v0.95.6

func IsErrAlreadyExists(err error) bool

func IsErrAttestationStateConflict added in v0.94.3

func IsErrAttestationStateConflict(err error) bool

func IsErrInvalidTimeWindow added in v0.93.0

func IsErrInvalidTimeWindow(err error) bool

func IsErrInvalidUUID

func IsErrInvalidUUID(err error) bool

func IsErrNotImplemented

func IsErrNotImplemented(err error) bool

func IsErrUnauthorized

func IsErrUnauthorized(err error) bool

func IsErrValidation

func IsErrValidation(err error) bool

func IsNotFound

func IsNotFound(err error) bool

func NewErrAttestationStateConflict added in v0.94.3

func NewErrAttestationStateConflict(got, want string) error

func NewErrReferrerAmbiguous

func NewErrReferrerAmbiguous(digest string, kinds []string) error

func PbRoleToBiz added in v0.91.8

func PbRoleToBiz(r pb.MembershipRole) authz.Role

func ValidateIsDNS1123

func ValidateIsDNS1123(name string) error

func ValidateVersion added in v0.97.5

func ValidateVersion(version string) error

ValidateVersion validates that the provided version string is in a valid format. The version string must match the following regular expression: ^[a-zA-Z0-9.\-]+$ This ensures the version only contains alphanumeric characters, dots, and hyphens.

func WithKind

func WithKind(kind string) func(*GetFromRootFilters)

func WithPublicVisibility

func WithPublicVisibility(public bool) func(*GetFromRootFilters)

Types

type APIToken

type APIToken struct {
	ID          uuid.UUID
	Name        string
	Description string
	// This is the JWT value returned only during creation
	JWT string
	// Tokens are scoped to organizations
	OrganizationID   uuid.UUID
	OrganizationName string
	CreatedAt        *time.Time
	// When the token expires
	ExpiresAt *time.Time
	// When the token was manually revoked
	RevokedAt *time.Time
}

API Token is used for unattended access to the control plane API.

type APITokenRepo

type APITokenRepo interface {
	Create(ctx context.Context, name string, description *string, expiresAt *time.Time, organizationID uuid.UUID) (*APIToken, error)
	// List all the tokens optionally filtering it by organization and including revoked tokens
	List(ctx context.Context, orgID *uuid.UUID, includeRevoked bool) ([]*APIToken, error)
	Revoke(ctx context.Context, orgID, ID uuid.UUID) error
	FindByID(ctx context.Context, ID uuid.UUID) (*APIToken, error)
	FindByNameInOrg(ctx context.Context, orgID uuid.UUID, name string) (*APIToken, error)
}

type APITokenSyncerUseCase

type APITokenSyncerUseCase struct {
	// contains filtered or unexported fields
}

func NewAPITokenSyncerUseCase

func NewAPITokenSyncerUseCase(tokenUC *APITokenUseCase) *APITokenSyncerUseCase

func (*APITokenSyncerUseCase) SyncPolicies

func (suc *APITokenSyncerUseCase) SyncPolicies() error

Make sure all the API tokens contain the default policies NOTE: We'll remove this method once we have a proper policies management system where the user can add/remove policies

type APITokenUseCase

type APITokenUseCase struct {
	DefaultAuthzPolicies []*authz.Policy
	// contains filtered or unexported fields
}

func NewAPITokenUseCase

func NewAPITokenUseCase(apiTokenRepo APITokenRepo, conf *conf.Auth, authzE *authz.Enforcer, orgUseCase *OrganizationUseCase, logger log.Logger) (*APITokenUseCase, error)

func (*APITokenUseCase) Create

func (uc *APITokenUseCase) Create(ctx context.Context, name string, description *string, expiresIn *time.Duration, orgID string) (*APIToken, error)

expires in is a string that can be parsed by time.ParseDuration

func (*APITokenUseCase) FindByID

func (uc *APITokenUseCase) FindByID(ctx context.Context, id string) (*APIToken, error)

func (*APITokenUseCase) FindByNameInOrg added in v0.93.0

func (uc *APITokenUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*APIToken, error)

func (*APITokenUseCase) List

func (uc *APITokenUseCase) List(ctx context.Context, orgID string, includeRevoked bool) ([]*APIToken, error)

func (*APITokenUseCase) Revoke

func (uc *APITokenUseCase) Revoke(ctx context.Context, orgID, id string) error

type AttachOpts

type AttachOpts struct {
	IntegrationID, WorkflowID, OrgID string
	// The integration that is being attached
	FanOutIntegration sdk.FanOut
	// The attachment configuration
	AttachmentConfig *structpb.Struct
}

type Attestation

type Attestation struct {
	Envelope *dsse.Envelope
	Digest   string
}

type AttestationState

type AttestationState struct {
	State *v1.CraftingState
	// Digest will be used for optimistic concurrency control
	Digest string
}

type AttestationStateRepo

type AttestationStateRepo interface {
	Initialized(ctx context.Context, workflowRunID uuid.UUID) (bool, error)
	Save(ctx context.Context, workflowRunID uuid.UUID, state []byte, baseDigest string) error
	Read(ctx context.Context, workflowRunID uuid.UUID) ([]byte, string, error)
	Reset(ctx context.Context, workflowRunID uuid.UUID) error
}

type AttestationStateSaveOpts added in v0.94.3

type AttestationStateSaveOpts struct {
	BaseDigest string
}

type AttestationStateUseCase

type AttestationStateUseCase struct {
	// contains filtered or unexported fields
}

func NewAttestationStateUseCase

func NewAttestationStateUseCase(repo AttestationStateRepo, wfRunRepo WorkflowRunRepo) (*AttestationStateUseCase, error)

func (*AttestationStateUseCase) Initialized

func (uc *AttestationStateUseCase) Initialized(ctx context.Context, workflowID, runID string) (bool, error)

func (*AttestationStateUseCase) Read

func (uc *AttestationStateUseCase) Read(ctx context.Context, workflowID, runID, passphrase string) (*AttestationState, error)

func (*AttestationStateUseCase) Reset

func (uc *AttestationStateUseCase) Reset(ctx context.Context, workflowID, runID string) error

func (*AttestationStateUseCase) Save

func (uc *AttestationStateUseCase) Save(ctx context.Context, workflowID, runID string, state *v1.CraftingState, passphrase string, opts ...SaveOption) error

type AttestationUseCase

type AttestationUseCase struct {
	CASClient
	// contains filtered or unexported fields
}

func NewAttestationUseCase

func NewAttestationUseCase(client CASClient, logger log.Logger) *AttestationUseCase

func (*AttestationUseCase) UploadToCAS

func (uc *AttestationUseCase) UploadToCAS(ctx context.Context, envelope *dsse.Envelope, backend *CASBackend, workflowRunID string) (*cr_v1.Hash, error)

type AuditorUseCase added in v0.136.0

type AuditorUseCase struct {
	// contains filtered or unexported fields
}

func NewAuditorUseCase added in v0.136.0

func NewAuditorUseCase(p *auditor.AuditLogPublisher, logger log.Logger) *AuditorUseCase

func (*AuditorUseCase) Dispatch added in v0.136.0

func (uc *AuditorUseCase) Dispatch(ctx context.Context, entry auditor.LogEntry, orgID *uuid.UUID)

Dispatch logs an entry to the audit log asynchronously.

type ByStatusCount

type ByStatusCount struct {
	Status string
	Count  int32
}

type CASBackend

type CASBackend struct {
	ID                                uuid.UUID
	Name                              string
	Location, Description, SecretName string
	CreatedAt, ValidatedAt            *time.Time
	OrganizationID                    uuid.UUID
	ValidationStatus                  CASBackendValidationStatus
	// OCI, S3, ...
	Provider CASBackendProvider
	// Whether this is the default cas backend for the organization
	Default bool
	// it's a inline backend, the artifacts are embedded in the attestation
	Inline bool
	// It's a fallback backend, it cannot be deleted
	Fallback bool

	Limits *CASBackendLimits
}

type CASBackendCreateOpts

type CASBackendCreateOpts struct {
	*CASBackendOpts
	Name     string
	Fallback bool
	MaxBytes int64
}

type CASBackendLimits

type CASBackendLimits struct {
	// Max number of bytes allowed to be stored in this backend per blob
	MaxBytes int64
}

type CASBackendOpts

type CASBackendOpts struct {
	OrgID                             uuid.UUID
	Location, SecretName, Description string
	Provider                          CASBackendProvider
	Default                           bool
}

type CASBackendProvider

type CASBackendProvider string

func (CASBackendProvider) Values

func (CASBackendProvider) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type CASBackendReader

type CASBackendReader interface {
	FindDefaultBackend(ctx context.Context, orgID string) (*CASBackend, error)
	FindByIDInOrg(ctx context.Context, OrgID, ID string) (*CASBackend, error)
	PerformValidation(ctx context.Context, ID string) error
}

type CASBackendRepo

type CASBackendRepo interface {
	FindDefaultBackend(ctx context.Context, orgID uuid.UUID) (*CASBackend, error)
	FindFallbackBackend(ctx context.Context, orgID uuid.UUID) (*CASBackend, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*CASBackend, error)
	FindByIDInOrg(ctx context.Context, OrgID, ID uuid.UUID) (*CASBackend, error)
	FindByNameInOrg(ctx context.Context, OrgID uuid.UUID, name string) (*CASBackend, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*CASBackend, error)
	UpdateValidationStatus(ctx context.Context, ID uuid.UUID, status CASBackendValidationStatus) error
	Create(context.Context, *CASBackendCreateOpts) (*CASBackend, error)
	Update(context.Context, *CASBackendUpdateOpts) (*CASBackend, error)
	Delete(ctx context.Context, ID uuid.UUID) error
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type CASBackendUpdateOpts

type CASBackendUpdateOpts struct {
	*CASBackendOpts
	ID uuid.UUID
}

type CASBackendUseCase

type CASBackendUseCase struct {
	MaxBytesDefault int64
	// contains filtered or unexported fields
}

func (*CASBackendUseCase) Create

func (uc *CASBackendUseCase) Create(ctx context.Context, orgID, name, location, description string, provider CASBackendProvider, creds any, defaultB bool) (*CASBackend, error)

func (*CASBackendUseCase) CreateInlineFallbackBackend

func (uc *CASBackendUseCase) CreateInlineFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) CreateOrUpdate deprecated

func (uc *CASBackendUseCase) CreateOrUpdate(ctx context.Context, orgID, name, username, password string, provider CASBackendProvider, defaultB bool) (*CASBackend, error)

Deprecated: use Create and update methods separately instead

func (*CASBackendUseCase) Delete

func (uc *CASBackendUseCase) Delete(ctx context.Context, id string) error

Delete will delete the secret in the external secrets manager and the CAS backend from the database This method is used during user off-boarding

func (*CASBackendUseCase) FindByIDInOrg

func (uc *CASBackendUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*CASBackend, error)

func (*CASBackendUseCase) FindByNameInOrg added in v0.93.0

func (uc *CASBackendUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*CASBackend, error)

func (*CASBackendUseCase) FindDefaultBackend

func (uc *CASBackendUseCase) FindDefaultBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) FindFallbackBackend

func (uc *CASBackendUseCase) FindFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) List

func (uc *CASBackendUseCase) List(ctx context.Context, orgID string) ([]*CASBackend, error)

func (*CASBackendUseCase) PerformValidation

func (uc *CASBackendUseCase) PerformValidation(ctx context.Context, id string) (err error)

Validate that the repository is valid and reachable

func (*CASBackendUseCase) SoftDelete

func (uc *CASBackendUseCase) SoftDelete(ctx context.Context, orgID, id string) error

SoftDelete will mark the cas backend as deleted but will not delete the secret in the external secrets manager We keep it so it can be restored or referenced in the future while trying to download an asset

func (*CASBackendUseCase) Update

func (uc *CASBackendUseCase) Update(ctx context.Context, orgID, id, description string, creds any, defaultB bool) (*CASBackend, error)

Update will update credentials, description or default status

type CASBackendValidationStatus

type CASBackendValidationStatus string
var CASBackendValidationFailed CASBackendValidationStatus = "Invalid"
var CASBackendValidationOK CASBackendValidationStatus = "OK"

func (CASBackendValidationStatus) Values

func (CASBackendValidationStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type CASClient

type CASClient interface {
	CASUploader
	CASDownloader
}

type CASClientFactory

type CASClientFactory func(conf *conf.Bootstrap_CASServer, token string) (casclient.DownloaderUploader, func(), error)

Function that returns a CAS client including a connection closer method

type CASClientOpts

type CASClientOpts func(u *CASClientUseCase)

func WithClientFactory

func WithClientFactory(f CASClientFactory) CASClientOpts

type CASClientUseCase

type CASClientUseCase struct {
	// contains filtered or unexported fields
}

func NewCASClientUseCase

func NewCASClientUseCase(credsProvider *CASCredentialsUseCase, config *conf.Bootstrap_CASServer, l log.Logger, opts ...CASClientOpts) *CASClientUseCase

func (*CASClientUseCase) Download

func (uc *CASClientUseCase) Download(ctx context.Context, backendType, secretID string, w io.Writer, digest string) error

func (*CASClientUseCase) IsReady

func (uc *CASClientUseCase) IsReady(ctx context.Context) (bool, error)

If the CAS server can be reached and reports readiness

func (*CASClientUseCase) Upload

func (uc *CASClientUseCase) Upload(ctx context.Context, backendType, secretID string, content io.Reader, filename, digest string) error

The secretID is embedded in the JWT token and is used to identify the secret by the CAS server

type CASCredentialsUseCase

type CASCredentialsUseCase struct {
	// contains filtered or unexported fields
}

func NewCASCredentialsUseCase

func NewCASCredentialsUseCase(c *conf.Auth) (*CASCredentialsUseCase, error)

func (*CASCredentialsUseCase) GenerateTemporaryCredentials

func (uc *CASCredentialsUseCase) GenerateTemporaryCredentials(backendRef *CASCredsOpts) (string, error)

type CASCredsOpts

type CASCredsOpts struct {
	BackendType string // i.e OCI, S3
	SecretPath  string // path to for example the OCI secret in the vault
	Role        robotaccount.Role
	MaxBytes    int64
}

type CASDownloader

type CASDownloader interface {
	Download(ctx context.Context, backendType, secretID string, w io.Writer, digest string) error
}

type CASMapping

type CASMapping struct {
	ID, OrgID, WorkflowRunID uuid.UUID
	CASBackend               *CASBackend
	Digest                   string
	CreatedAt                *time.Time
	// A public mapping means that the material/attestation can be downloaded by anyone
	Public bool
}

type CASMappingLookupRef

type CASMappingLookupRef struct {
	Name, Digest string
}

type CASMappingRepo

type CASMappingRepo interface {
	Create(ctx context.Context, digest string, casBackendID, workflowRunID uuid.UUID) (*CASMapping, error)
	// List all the CAS mappings for the given digest
	FindByDigest(ctx context.Context, digest string) ([]*CASMapping, error)
}

type CASMappingUseCase

type CASMappingUseCase struct {
	// contains filtered or unexported fields
}

func NewCASMappingUseCase

func NewCASMappingUseCase(repo CASMappingRepo, mRepo MembershipRepo, logger log.Logger) *CASMappingUseCase

func (*CASMappingUseCase) Create

func (uc *CASMappingUseCase) Create(ctx context.Context, digest string, casBackendID, workflowRunID string) (*CASMapping, error)

func (*CASMappingUseCase) FindByDigest

func (uc *CASMappingUseCase) FindByDigest(ctx context.Context, digest string) ([]*CASMapping, error)

func (*CASMappingUseCase) FindCASMappingForDownloadByOrg

func (uc *CASMappingUseCase) FindCASMappingForDownloadByOrg(ctx context.Context, digest string, orgs []string) (*CASMapping, error)

func (*CASMappingUseCase) FindCASMappingForDownloadByUser

func (uc *CASMappingUseCase) FindCASMappingForDownloadByUser(ctx context.Context, digest string, userID string) (*CASMapping, error)

FindCASMappingForDownloadByUser returns the CASMapping appropriate for the given digest and user This means, in order 1 - Any mapping that points to an organization which the user is member of 1.1 If there are multiple mappings, it will pick the default one or the first one 2 - Any mapping that is public

func (*CASMappingUseCase) LookupDigestsInAttestation

func (uc *CASMappingUseCase) LookupDigestsInAttestation(att *dsse.Envelope) ([]*CASMappingLookupRef, error)

LookupCASItemsInAttestation returns a list of references to the materials that have been uploaded to CAS as well as the attestation digest itself

type CASServerDefaultOpts added in v0.146.0

type CASServerDefaultOpts struct {
	DefaultEntryMaxSize string
}

CASServerDefaultOpts holds the default options for the CAS server

type CASUploader

type CASUploader interface {
	Upload(ctx context.Context, backendType, secretID string, content io.Reader, filename, digest string) error
}

type Contract added in v0.96.0

type Contract struct {
	// Raw representation of the contract in yaml, json, or cue
	// it maintain the format provided by the user
	Raw []byte
	// Detected format as provided by the user
	Format unmarshal.RawFormat
	// marhalled proto contract
	Schema *schemav1.CraftingSchema
}

func SchemaToRawContract added in v0.96.0

func SchemaToRawContract(contract *schemav1.CraftingSchema) (*Contract, error)

SchemaToRawContract generates a default representation of a contract

func UnmarshalAndValidateRawContract added in v0.96.0

func UnmarshalAndValidateRawContract(raw []byte, format unmarshal.RawFormat) (*Contract, error)

UnmarshalAndValidateRawContract Takes the raw contract + format and will unmarshal the contract and validate it

type ContractCreateOpts

type ContractCreateOpts struct {
	Name        string
	OrgID       uuid.UUID
	Description *string
	// raw representation of the contract in whatever original format it was (json, yaml, ...)
	Contract *Contract
}

type ContractQueryOpt added in v0.122.0

type ContractQueryOpt func(opts *ContractQueryOpts)

func WithoutReferences added in v0.122.0

func WithoutReferences() ContractQueryOpt

type ContractQueryOpts added in v0.122.0

type ContractQueryOpts struct {
	SkipGetReferences bool
}

type ContractUpdateOpts

type ContractUpdateOpts struct {
	Description *string
	// raw representation of the contract in whatever original format it was (json, yaml, ...)
	Contract *Contract
}

type CreateOpt

type CreateOpt func(*createOptions)

func WithCreateInlineBackend

func WithCreateInlineBackend() CreateOpt

Optionally create an inline CAS-backend

type DayRunsCount

type DayRunsCount struct {
	Date   time.Time
	Totals []*ByStatusCount
}

type EntityRef added in v0.97.5

type EntityRef struct {
	// ID is the unique identifier of the entity
	ID string
	// Name is the name of the entity
	Name string
}

EntityRef is a reference to an entity

type ErrAlreadyExists

type ErrAlreadyExists struct {
	// contains filtered or unexported fields
}

func NewErrAlreadyExists added in v0.95.6

func NewErrAlreadyExists(err error) ErrAlreadyExists

func NewErrAlreadyExistsStr added in v0.95.6

func NewErrAlreadyExistsStr(errMsg string) ErrAlreadyExists

func (ErrAlreadyExists) Error added in v0.95.6

func (e ErrAlreadyExists) Error() string

type ErrAmbiguousReferrer

type ErrAmbiguousReferrer struct {
	// contains filtered or unexported fields
}

A referrer with the same digest points to two different artifact types and we require filtering out which one

func (ErrAmbiguousReferrer) Error

func (e ErrAmbiguousReferrer) Error() string

type ErrAttestationStateConflict added in v0.94.3

type ErrAttestationStateConflict struct {
	// contains filtered or unexported fields
}

func (*ErrAttestationStateConflict) Error added in v0.94.3

type ErrInvalidTimeWindow added in v0.93.0

type ErrInvalidTimeWindow struct {
	// contains filtered or unexported fields
}

func NewErrInvalidTimeWindow added in v0.93.0

func NewErrInvalidTimeWindow(err error) ErrInvalidTimeWindow

func NewErrInvalidTimeWindowStr added in v0.93.0

func NewErrInvalidTimeWindowStr(errMsg string) ErrInvalidTimeWindow

func (ErrInvalidTimeWindow) Error added in v0.93.0

func (e ErrInvalidTimeWindow) Error() string

type ErrInvalidUUID

type ErrInvalidUUID struct {
	// contains filtered or unexported fields
}

func NewErrInvalidUUID

func NewErrInvalidUUID(err error) ErrInvalidUUID

func (ErrInvalidUUID) Error

func (e ErrInvalidUUID) Error() string

type ErrNotFound

type ErrNotFound struct {
	// contains filtered or unexported fields
}

func NewErrNotFound

func NewErrNotFound(entity string) ErrNotFound

func (ErrNotFound) Error

func (e ErrNotFound) Error() string

type ErrNotImplemented

type ErrNotImplemented struct {
	// contains filtered or unexported fields
}

func NewErrNotImplemented

func NewErrNotImplemented(msg string) ErrNotImplemented

func (ErrNotImplemented) Error

func (e ErrNotImplemented) Error() string

type ErrUnauthorized

type ErrUnauthorized struct {
	// contains filtered or unexported fields
}

func NewErrUnauthorized

func NewErrUnauthorized(err error) ErrUnauthorized

func NewErrUnauthorizedStr

func NewErrUnauthorizedStr(errMsg string) ErrUnauthorized

func (ErrUnauthorized) Error

func (e ErrUnauthorized) Error() string

type ErrValidation

type ErrValidation struct {
	// contains filtered or unexported fields
}

func NewErrValidation

func NewErrValidation(err error) ErrValidation

func NewErrValidationStr

func NewErrValidationStr(errMsg string) ErrValidation

func (ErrValidation) Error

func (e ErrValidation) Error() string

type GetFromRootFilter

type GetFromRootFilter func(*GetFromRootFilters)

type GetFromRootFilters

type GetFromRootFilters struct {
	// RootKind is the kind of the root referrer, i.e ATTESTATION
	RootKind *string
	// Wether to filter by visibility or not
	Public *bool
}

type Integration

type Integration struct {
	ID uuid.UUID
	// Kind is the type of the integration, it matches the registered plugin ID
	Kind string
	// Name is a unique identifier for the integration registration
	Name string
	// Description is a human readable description of the integration registration
	// It helps to differentiate different instances of the same kind
	Description string
	// Registration Configuration, usually JSON marshalled
	Config []byte
	// Identifier to the external provider where any secret information is stored
	SecretName string
	CreatedAt  *time.Time
}

type IntegrationAndAttachment

type IntegrationAndAttachment struct {
	*Integration
	*IntegrationAttachment
}

type IntegrationAttachment

type IntegrationAttachment struct {
	ID                        uuid.UUID
	CreatedAt                 *time.Time
	Config                    []byte
	WorkflowID, IntegrationID uuid.UUID
}

type IntegrationAttachmentRepo

type IntegrationAttachmentRepo interface {
	Create(ctx context.Context, integrationID, workflowID uuid.UUID, config []byte) (*IntegrationAttachment, error)
	List(ctx context.Context, orgID, workflowID uuid.UUID) ([]*IntegrationAndAttachment, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*IntegrationAttachment, error)
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type IntegrationCreateOpts

type IntegrationCreateOpts struct {
	// Unique name of the registration
	// used to declaratively reference the integration
	Name                          string
	Kind, Description, SecretName string
	OrgID                         uuid.UUID
	Config                        []byte
}

type IntegrationRepo

type IntegrationRepo interface {
	Create(ctx context.Context, opts *IntegrationCreateOpts) (*Integration, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*Integration, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*Integration, error)
	FindByNameInOrg(ctx context.Context, orgID uuid.UUID, ID string) (*Integration, error)
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type IntegrationUseCase

type IntegrationUseCase struct {
	// contains filtered or unexported fields
}

func NewIntegrationUseCase

func NewIntegrationUseCase(opts *NewIntegrationUseCaseOpts) *IntegrationUseCase

func (*IntegrationUseCase) AttachToWorkflow

func (uc *IntegrationUseCase) AttachToWorkflow(ctx context.Context, opts *AttachOpts) (*IntegrationAttachment, error)

- Integration and workflows exists in current organization - Run specific validation for the integration - Persist integration attachment

func (*IntegrationUseCase) Delete

func (uc *IntegrationUseCase) Delete(ctx context.Context, orgID, integrationID string) error

func (*IntegrationUseCase) Detach

func (uc *IntegrationUseCase) Detach(ctx context.Context, orgID, attachmentID string) error

Detach integration from workflow

func (*IntegrationUseCase) FindByIDInOrg

func (uc *IntegrationUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*Integration, error)

func (*IntegrationUseCase) FindByNameInOrg added in v0.93.0

func (uc *IntegrationUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*Integration, error)

func (*IntegrationUseCase) List

func (uc *IntegrationUseCase) List(ctx context.Context, orgID string) ([]*Integration, error)

func (*IntegrationUseCase) ListAttachments

func (uc *IntegrationUseCase) ListAttachments(ctx context.Context, orgID, workflowID string) ([]*IntegrationAndAttachment, error)

List attachments returns the list of attachments for a given organization and optionally workflow

func (*IntegrationUseCase) RegisterAndSave

func (uc *IntegrationUseCase) RegisterAndSave(ctx context.Context, orgID, name, description string, i sdk.FanOut, regConfig *structpb.Struct) (*Integration, error)

Persist the secret and integration with its configuration in the database

type InvitationCreateOpt

type InvitationCreateOpt func(*invitationCreateOpts)

func WithInvitationRole

func WithInvitationRole(r authz.Role) InvitationCreateOpt

type Membership

type Membership struct {
	ID, OrganizationID   uuid.UUID
	Current              bool
	CreatedAt, UpdatedAt *time.Time
	Org                  *Organization
	User                 *User
	Role                 authz.Role
}

type MembershipCreateOpt

type MembershipCreateOpt func(*membershipCreateOpts)

func WithCurrentMembership

func WithCurrentMembership() MembershipCreateOpt

func WithMembershipRole

func WithMembershipRole(r authz.Role) MembershipCreateOpt

type MembershipRepo

type MembershipRepo interface {
	FindByUser(ctx context.Context, userID uuid.UUID) ([]*Membership, error)
	FindByOrg(ctx context.Context, orgID uuid.UUID) ([]*Membership, error)
	FindByIDInUser(ctx context.Context, userID, ID uuid.UUID) (*Membership, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*Membership, error)
	FindByOrgAndUser(ctx context.Context, orgID, userID uuid.UUID) (*Membership, error)
	FindByOrgNameAndUser(ctx context.Context, orgName string, userID uuid.UUID) (*Membership, error)
	SetCurrent(ctx context.Context, ID uuid.UUID) (*Membership, error)
	SetRole(ctx context.Context, ID uuid.UUID, role authz.Role) (*Membership, error)
	Create(ctx context.Context, orgID, userID uuid.UUID, current bool, role authz.Role) (*Membership, error)
	Delete(ctx context.Context, ID uuid.UUID) error
}

type MembershipUseCase

type MembershipUseCase struct {
	// contains filtered or unexported fields
}

func NewMembershipUseCase

func NewMembershipUseCase(repo MembershipRepo, orgUC *OrganizationUseCase, auditor *AuditorUseCase, logger log.Logger) *MembershipUseCase

func (*MembershipUseCase) ByOrg

func (uc *MembershipUseCase) ByOrg(ctx context.Context, orgID string) ([]*Membership, error)

func (*MembershipUseCase) ByUser

func (uc *MembershipUseCase) ByUser(ctx context.Context, userID string) ([]*Membership, error)

func (*MembershipUseCase) Create

func (uc *MembershipUseCase) Create(ctx context.Context, orgID, userID string, opts ...MembershipCreateOpt) (*Membership, error)

func (*MembershipUseCase) DeleteOther

func (uc *MembershipUseCase) DeleteOther(ctx context.Context, orgID, userID, membershipID string) error

DeleteOther just deletes a membership from the database but ensures that the user is not deleting itself from the org

func (*MembershipUseCase) FindByOrgAndUser

func (uc *MembershipUseCase) FindByOrgAndUser(ctx context.Context, orgID, userID string) (*Membership, error)

func (*MembershipUseCase) FindByOrgNameAndUser added in v0.109.0

func (uc *MembershipUseCase) FindByOrgNameAndUser(ctx context.Context, orgName, userID string) (*Membership, error)

func (*MembershipUseCase) LeaveAndDeleteOrg

func (uc *MembershipUseCase) LeaveAndDeleteOrg(ctx context.Context, userID, membershipID string) error

LeaveAndDeleteOrg deletes a membership (and the org i) from the database associated with the current user and the associated org if the user is the only member

func (*MembershipUseCase) SetCurrent

func (uc *MembershipUseCase) SetCurrent(ctx context.Context, userID, membershipID string) (*Membership, error)

SetCurrent sets the current membership for the user and unsets the previous one

func (*MembershipUseCase) UpdateRole

func (uc *MembershipUseCase) UpdateRole(ctx context.Context, orgID, userID, membershipID string, role authz.Role) (*Membership, error)

type NewIntegrationUseCaseOpts

type NewIntegrationUseCaseOpts struct {
	IRepo   IntegrationRepo
	IaRepo  IntegrationAttachmentRepo
	WfRepo  WorkflowRepo
	CredsRW credentials.ReaderWriter
	Logger  log.Logger
}

type NewUserUseCaseParams

type NewUserUseCaseParams struct {
	UserRepo            UserRepo
	MembershipUseCase   *MembershipUseCase
	OrganizationUseCase *OrganizationUseCase
	OnboardingConfig    []*config.OnboardingSpec
	Logger              log.Logger
	AuditorUseCase      *AuditorUseCase
}

type OrgInvitation

type OrgInvitation struct {
	ID            uuid.UUID
	Org           *Organization
	Sender        *User
	ReceiverEmail string
	CreatedAt     *time.Time
	Status        OrgInvitationStatus
	Role          authz.Role
}

type OrgInvitationRepo

type OrgInvitationRepo interface {
	Create(ctx context.Context, orgID, senderID uuid.UUID, receiverEmail string, role authz.Role) (*OrgInvitation, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*OrgInvitation, error)
	PendingInvitation(ctx context.Context, orgID uuid.UUID, receiverEmail string) (*OrgInvitation, error)
	PendingInvitations(ctx context.Context, receiverEmail string) ([]*OrgInvitation, error)
	SoftDelete(ctx context.Context, id uuid.UUID) error
	ListByOrg(ctx context.Context, org uuid.UUID) ([]*OrgInvitation, error)
	ChangeStatus(ctx context.Context, ID uuid.UUID, status OrgInvitationStatus) error
}

type OrgInvitationStatus

type OrgInvitationStatus string
var (
	OrgInvitationStatusPending  OrgInvitationStatus = "pending"
	OrgInvitationStatusAccepted OrgInvitationStatus = "accepted"
)

func (OrgInvitationStatus) Values

func (OrgInvitationStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type OrgInvitationUseCase

type OrgInvitationUseCase struct {
	// contains filtered or unexported fields
}

func NewOrgInvitationUseCase

func NewOrgInvitationUseCase(r OrgInvitationRepo, mRepo MembershipRepo, uRepo UserRepo, auditorUC *AuditorUseCase, l log.Logger) (*OrgInvitationUseCase, error)

func (*OrgInvitationUseCase) AcceptInvitation

func (uc *OrgInvitationUseCase) AcceptInvitation(ctx context.Context, invitationID string) error

func (*OrgInvitationUseCase) AcceptPendingInvitations

func (uc *OrgInvitationUseCase) AcceptPendingInvitations(ctx context.Context, receiverEmail string) error

AcceptPendingInvitations accepts all pending invitations for a given user email

func (*OrgInvitationUseCase) Create

func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, receiverEmail string, createOpts ...InvitationCreateOpt) (*OrgInvitation, error)

func (*OrgInvitationUseCase) FindByID

func (uc *OrgInvitationUseCase) FindByID(ctx context.Context, invitationID string) (*OrgInvitation, error)

func (*OrgInvitationUseCase) ListByOrg

func (uc *OrgInvitationUseCase) ListByOrg(ctx context.Context, orgID string) ([]*OrgInvitation, error)

func (*OrgInvitationUseCase) Revoke

func (uc *OrgInvitationUseCase) Revoke(ctx context.Context, orgID, invitationID string) error

Revoke an invitation by ID only if the user is the one who created it

type OrgMetricsRepo

type OrgMetricsRepo interface {
	// Total number of runs within the provided time window (from now)
	RunsTotal(ctx context.Context, orgID uuid.UUID, timeWindow *TimeWindow) (int32, error)
	// Total number by run status
	RunsByStatusTotal(ctx context.Context, orgID uuid.UUID, timeWindow *TimeWindow) (map[string]int32, error)
	RunsByRunnerTypeTotal(ctx context.Context, orgID uuid.UUID, timeWindow *TimeWindow) (map[string]int32, error)
	TopWorkflowsByRunsCount(ctx context.Context, orgID uuid.UUID, numWorkflows int, timeWindow *TimeWindow) ([]*TopWorkflowsByRunsCountItem, error)
	DailyRunsCount(ctx context.Context, orgID, workflowID uuid.UUID, timeWindow *TimeWindow) ([]*DayRunsCount, error)
}

type OrgMetricsUseCase

type OrgMetricsUseCase struct {
	// contains filtered or unexported fields
}

func NewOrgMetricsUseCase

func NewOrgMetricsUseCase(r OrgMetricsRepo, orgRepo OrganizationRepo, wfUseCase *WorkflowUseCase, l log.Logger) (*OrgMetricsUseCase, error)

func (*OrgMetricsUseCase) DailyRunsCount

func (uc *OrgMetricsUseCase) DailyRunsCount(ctx context.Context, orgID string, workflowID *string, timeWindow *TimeWindow) ([]*DayRunsCount, error)

DailyRunsCount returns the number of runs per day within the provided time window (from now) Optionally filtered by workflowID

func (*OrgMetricsUseCase) GetLastWorkflowStatusByRun added in v0.94.0

func (uc *OrgMetricsUseCase) GetLastWorkflowStatusByRun(ctx context.Context, orgName string) ([]*prometheuscollector.WorkflowLastStatusByRunReport, error)

GetLastWorkflowStatusByRun returns the last status of each workflow by its last run It only returns workflows with at least one run and skips workflows with initialized runs

func (*OrgMetricsUseCase) RunsTotal

func (uc *OrgMetricsUseCase) RunsTotal(ctx context.Context, orgID string, timeWindow *TimeWindow) (int32, error)

func (*OrgMetricsUseCase) RunsTotalByRunnerType

func (uc *OrgMetricsUseCase) RunsTotalByRunnerType(ctx context.Context, orgID string, timeWindow *TimeWindow) (map[string]int32, error)

func (*OrgMetricsUseCase) RunsTotalByStatus

func (uc *OrgMetricsUseCase) RunsTotalByStatus(ctx context.Context, orgID string, timeWindow *TimeWindow) (map[string]int32, error)

func (*OrgMetricsUseCase) TopWorkflowsByRunsCount

func (uc *OrgMetricsUseCase) TopWorkflowsByRunsCount(ctx context.Context, orgID string, numWorkflows int, timeWindow *TimeWindow) ([]*TopWorkflowsByRunsCountItem, error)

type Organization

type Organization struct {
	ID, Name  string
	CreatedAt *time.Time
}

type OrganizationRepo

type OrganizationRepo interface {
	FindByID(ctx context.Context, orgID uuid.UUID) (*Organization, error)
	FindByName(ctx context.Context, name string) (*Organization, error)
	Create(ctx context.Context, name string) (*Organization, error)
	Delete(ctx context.Context, ID uuid.UUID) error
}

type OrganizationUseCase

type OrganizationUseCase struct {
	// contains filtered or unexported fields
}

func NewOrganizationUseCase

func NewOrganizationUseCase(repo OrganizationRepo, repoUC *CASBackendUseCase, auditor *AuditorUseCase, iUC *IntegrationUseCase, mRepo MembershipRepo, onboardingConfig []*config.OnboardingSpec, l log.Logger) *OrganizationUseCase

func (*OrganizationUseCase) AutoOnboardOrganizations added in v0.91.8

func (uc *OrganizationUseCase) AutoOnboardOrganizations(ctx context.Context, userID string) error

AutoOnboardOrganizations creates the organizations specified in the onboarding config and assigns the user to them with the specified role if they are not already a member.

func (*OrganizationUseCase) Create

func (uc *OrganizationUseCase) Create(ctx context.Context, name string, opts ...CreateOpt) (*Organization, error)

Create an organization with the given name

func (*OrganizationUseCase) CreateWithRandomName

func (uc *OrganizationUseCase) CreateWithRandomName(ctx context.Context, opts ...CreateOpt) (*Organization, error)

func (*OrganizationUseCase) Delete

func (uc *OrganizationUseCase) Delete(ctx context.Context, id string) error

Delete deletes an organization and all relevant data This includes: - The organization - The associated repositories - The associated integrations The reason for just deleting these two associated components only is because they have external secrets that need to be deleted as well, and for that we leverage their own delete methods The rest of the data gets removed by the database cascade delete

func (*OrganizationUseCase) FindByID

func (uc *OrganizationUseCase) FindByID(ctx context.Context, id string) (*Organization, error)

type Project added in v0.97.5

type Project struct {
	// ID is the unique identifier of the project
	ID uuid.UUID
	// Name is the name of the project
	Name string
	// OrgID is the organization that this project belongs to
	OrgID uuid.UUID
	// CreatedAt is the time when the project was created
	CreatedAt *time.Time
	// UpdatedAt is the time when the project was last updated
	UpdatedAt *time.Time
}

Project is a project in the organization

type ProjectUseCase added in v0.97.5

type ProjectUseCase struct {
	// contains filtered or unexported fields
}

ProjectUseCase is a use case for projects

func NewProjectsUseCase added in v0.97.5

func NewProjectsUseCase(logger log.Logger, projectsRepository ProjectsRepo) *ProjectUseCase

func (*ProjectUseCase) Create added in v0.98.0

func (uc *ProjectUseCase) Create(ctx context.Context, orgID, name string) (*Project, error)

func (*ProjectUseCase) FindProjectByReference added in v0.97.5

func (uc *ProjectUseCase) FindProjectByReference(ctx context.Context, orgID string, reference *EntityRef) (*Project, error)

FindProjectByReference finds a project by reference, which can be either a project name or a project ID.

type ProjectVersion added in v0.97.5

type ProjectVersion struct {
	// ID is the UUID of the project version.
	ID uuid.UUID
	// Version is the version of the project.
	Version string
	// Prerelease indicates whether the version is a prerelease.
	Prerelease bool
	// TotalWorkflowRuns is the total number of workflow runs for this version.
	TotalWorkflowRuns int
	// CreatedAt is the time when the project version was created.
	CreatedAt *time.Time
}

type ProjectVersionRepo added in v0.97.5

type ProjectVersionRepo interface {
	FindByProjectAndVersion(ctx context.Context, projectID uuid.UUID, version string) (*ProjectVersion, error)
	Update(ctx context.Context, versionID uuid.UUID, updates *ProjectVersionUpdateOpts) (*ProjectVersion, error)
	Create(ctx context.Context, projectID uuid.UUID, version string, prerelease bool) (*ProjectVersion, error)
}

type ProjectVersionUpdateOpts added in v0.98.0

type ProjectVersionUpdateOpts struct {
	Prerelease *bool
}

type ProjectVersionUseCase added in v0.97.5

type ProjectVersionUseCase struct {
	// contains filtered or unexported fields
}

func NewProjectVersionUseCase added in v0.97.5

func NewProjectVersionUseCase(repo ProjectVersionRepo, l log.Logger) *ProjectVersionUseCase

func (*ProjectVersionUseCase) Create added in v0.98.0

func (uc *ProjectVersionUseCase) Create(ctx context.Context, projectID, version string, prerelease bool) (*ProjectVersion, error)

func (*ProjectVersionUseCase) FindByProjectAndVersion added in v0.97.5

func (uc *ProjectVersionUseCase) FindByProjectAndVersion(ctx context.Context, projectID string, version string) (*ProjectVersion, error)

func (*ProjectVersionUseCase) UpdateReleaseStatus added in v0.98.0

func (uc *ProjectVersionUseCase) UpdateReleaseStatus(ctx context.Context, version string, isRelease bool) (*ProjectVersion, error)

type ProjectsRepo added in v0.97.5

type ProjectsRepo interface {
	FindProjectByOrgIDAndName(ctx context.Context, orgID uuid.UUID, projectName string) (*Project, error)
	FindProjectByOrgIDAndID(ctx context.Context, orgID uuid.UUID, projectID uuid.UUID) (*Project, error)
	Create(ctx context.Context, orgID uuid.UUID, name string) (*Project, error)
}

ProjectsRepo is a repository for projects

type PromObservable added in v0.95.0

type PromObservable interface {
	ObserveAttestationIfNeeded(ctx context.Context, run *WorkflowRun, status WorkflowRunStatus) bool
}

type PrometheusUseCase added in v0.94.0

type PrometheusUseCase struct {
	// contains filtered or unexported fields
}

PrometheusUseCase is a use case for Prometheus where some metrics are exposed

func NewPrometheusUseCase added in v0.94.0

func NewPrometheusUseCase(conf []*conf.PrometheusIntegrationSpec, orgUseCase *OrganizationUseCase, orgMetricsUseCase *OrgMetricsUseCase, logger log.Logger) *PrometheusUseCase

NewPrometheusUseCase creates a new PrometheusUseCase

func (*PrometheusUseCase) GetRegistryByOrganizationName added in v0.94.0

func (uc *PrometheusUseCase) GetRegistryByOrganizationName(orgName string) *registry.PrometheusRegistry

GetRegistryByOrganizationName returns a registry by organization name

func (*PrometheusUseCase) ObserveAttestationIfNeeded added in v0.95.0

func (uc *PrometheusUseCase) ObserveAttestationIfNeeded(ctx context.Context, run *WorkflowRun, status WorkflowRunStatus) bool

Record an attestation if the run exists and there is a registry for the organization

func (*PrometheusUseCase) OrganizationHasRegistry added in v0.94.0

func (uc *PrometheusUseCase) OrganizationHasRegistry(orgName string) bool

OrganizationHasRegistry checks if an organization has a registry

type Referrer

type Referrer struct {
	Digest string
	Kind   string
	// Wether the item is downloadable from CAS or not
	Downloadable bool
	// If this referrer is part of a public workflow
	InPublicWorkflow bool
	References       []*Referrer

	Metadata, Annotations map[string]string
}

func (*Referrer) MapID

func (r *Referrer) MapID() string

type ReferrerRepo

type ReferrerRepo interface {
	Save(ctx context.Context, input []*Referrer, workflowID uuid.UUID) error
	// GetFromRoot returns the referrer identified by the provided content digest, including its first-level references
	// For example if sha:deadbeef represents an attestation, the result will contain the attestation + materials associated to it
	// OrgIDs represent an allowList of organizations where the referrers should be looked for
	GetFromRoot(ctx context.Context, digest string, orgIDS []uuid.UUID, filters ...GetFromRootFilter) (*StoredReferrer, error)
	// Check if a given referrer by digest exist.
	// The query can be scoped further down if needed by providing the kind or visibility status
	Exist(ctx context.Context, digest string, filters ...GetFromRootFilter) (bool, error)
}

type ReferrerUseCase

type ReferrerUseCase struct {
	// contains filtered or unexported fields
}

func NewReferrerUseCase

func NewReferrerUseCase(repo ReferrerRepo, wfRepo WorkflowRepo, mRepo MembershipRepo, indexCfg *conf.ReferrerSharedIndex, l log.Logger) (*ReferrerUseCase, error)

func (*ReferrerUseCase) ExtractAndPersist

func (s *ReferrerUseCase) ExtractAndPersist(ctx context.Context, att *dsse.Envelope, workflowID string) error

ExtractAndPersist extracts the referrers (subject + materials) from the given attestation and store it as part of the referrers index table

func (*ReferrerUseCase) GetFromRoot

func (s *ReferrerUseCase) GetFromRoot(ctx context.Context, digest, rootKind string, orgIDs []uuid.UUID) (*StoredReferrer, error)

func (*ReferrerUseCase) GetFromRootInPublicSharedIndex

func (s *ReferrerUseCase) GetFromRootInPublicSharedIndex(ctx context.Context, digest, rootKind string) (*StoredReferrer, error)

Get the list of public referrers from organizations that have been allowed to be shown in a shared index NOTE: This is a public endpoint under /discover/[sha256:deadbeef]

func (*ReferrerUseCase) GetFromRootUser

func (s *ReferrerUseCase) GetFromRootUser(ctx context.Context, digest, rootKind, userID string) (*StoredReferrer, error)

GetFromRootUser returns the referrer identified by the provided content digest, including its first-level references For example if sha:deadbeef represents an attestation, the result will contain the attestation + materials associated to it It only returns referrers that belong to organizations the user is member of

type RemotePolicy added in v0.96.5

type RemotePolicy struct {
	ProviderRef *policies.PolicyReference
	Policy      *schemav1.Policy
}

type RemotePolicyGroup added in v0.96.14

type RemotePolicyGroup struct {
	ProviderRef *policies.PolicyReference
	PolicyGroup *schemav1.PolicyGroup
}

type RobotAccount

type RobotAccount struct {
	Name                 string
	ID                   uuid.UUID
	JWT                  string
	WorkflowID           uuid.UUID
	CreatedAt, RevokedAt *time.Time
}

type RobotAccountRepo

type RobotAccountRepo interface {
	Create(ctx context.Context, name string, workflowID uuid.UUID) (*RobotAccount, error)
	List(ctx context.Context, workflowID uuid.UUID, includeRevoked bool) ([]*RobotAccount, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*RobotAccount, error)
	Revoke(ctx context.Context, orgID, ID uuid.UUID) error
}

type RobotAccountUseCase

type RobotAccountUseCase struct {
	// contains filtered or unexported fields
}

func NewRootAccountUseCase

func NewRootAccountUseCase(robotAccountRepo RobotAccountRepo, workflowRepo WorkflowRepo, conf *conf.Auth, logger log.Logger) *RobotAccountUseCase

func (*RobotAccountUseCase) Create

func (uc *RobotAccountUseCase) Create(ctx context.Context, name string, orgID, workflowID string) (*RobotAccount, error)

func (*RobotAccountUseCase) FindByID

func (uc *RobotAccountUseCase) FindByID(ctx context.Context, id string) (*RobotAccount, error)

func (*RobotAccountUseCase) List

func (uc *RobotAccountUseCase) List(ctx context.Context, orgID, workflowID string, includeRevoked bool) ([]*RobotAccount, error)

func (*RobotAccountUseCase) Revoke

func (uc *RobotAccountUseCase) Revoke(ctx context.Context, orgID, id string) error

type RunListFilters

type RunListFilters struct {
	WorkflowID *uuid.UUID
	VersionID  *uuid.UUID
	Status     WorkflowRunStatus
}

type SaveOption added in v0.94.3

type SaveOption func(*AttestationStateSaveOpts)

func WithAttStateBaseDigest added in v0.94.3

func WithAttStateBaseDigest(digest string) SaveOption

type SigningUseCase

type SigningUseCase struct {
	CA ca.CertificateAuthority
}

func NewChainloopSigningUseCase

func NewChainloopSigningUseCase(ca ca.CertificateAuthority) *SigningUseCase

func (*SigningUseCase) CreateSigningCert

func (s *SigningUseCase) CreateSigningCert(ctx context.Context, orgID string, csrRaw []byte) ([]string, error)

CreateSigningCert signs a certificate request with a configured CA, and returns the full certificate chain

type StoredReferrer

type StoredReferrer struct {
	*Referrer
	ID        uuid.UUID
	CreatedAt *time.Time
	// Fully expanded list of 1-level off references
	References          []*StoredReferrer
	OrgIDs, WorkflowIDs []uuid.UUID
}

Actual referrer stored in the DB which includes a nested list of storedReferences

type TimeWindow added in v0.93.0

type TimeWindow struct {
	From time.Time
	To   time.Time
}

TimeWindow represents in time.Time format not in time.Duration

func (*TimeWindow) Validate added in v0.93.0

func (tw *TimeWindow) Validate() error

Validate validates the time window checking From and To are set

type TopWorkflowsByRunsCountItem

type TopWorkflowsByRunsCountItem struct {
	Workflow *Workflow
	ByStatus map[string]int32
	Total    int32
}

type User

type User struct {
	ID        string
	Email     string
	CreatedAt *time.Time
}

type UserOrgFinder

type UserOrgFinder interface {
	FindByID(ctx context.Context, userID string) (*User, error)
	CurrentMembership(ctx context.Context, userID string) (*Membership, error)
	MembershipInOrg(ctx context.Context, userID string, orgName string) (*Membership, error)
}

type UserRepo

type UserRepo interface {
	CreateByEmail(ctx context.Context, email string) (*User, error)
	FindByEmail(ctx context.Context, email string) (*User, error)
	FindByID(ctx context.Context, userID uuid.UUID) (*User, error)
	Delete(ctx context.Context, userID uuid.UUID) error
}

type UserUseCase

type UserUseCase struct {
	// contains filtered or unexported fields
}

func NewUserUseCase

func NewUserUseCase(opts *NewUserUseCaseParams) *UserUseCase

func (*UserUseCase) CurrentMembership

func (uc *UserUseCase) CurrentMembership(ctx context.Context, userID string) (*Membership, error)

Find the membership associated with the user that's marked as current If none is selected, it will pick the first one and set it as current

func (*UserUseCase) DeleteUser

func (uc *UserUseCase) DeleteUser(ctx context.Context, userID string) error

DeleteUser deletes the user, related memberships and organization if needed

func (*UserUseCase) FindByID

func (uc *UserUseCase) FindByID(ctx context.Context, userID string) (*User, error)

func (*UserUseCase) FindOrCreateByEmail

func (uc *UserUseCase) FindOrCreateByEmail(ctx context.Context, email string, disableAutoOnboarding ...bool) (*User, error)

FindOrCreateByEmail finds or creates a user by email. By default, it will auto-onboard the user to the organizations defined in the configuration. If disableAutoOnboarding is set to true, it will skip the auto-onboarding process.

func (*UserUseCase) MembershipInOrg added in v0.140.0

func (uc *UserUseCase) MembershipInOrg(ctx context.Context, userID string, orgName string) (*Membership, error)

type Workflow

type Workflow struct {
	Name, Description, Team, Project string
	CreatedAt                        *time.Time
	RunsCounter                      int
	LastRun                          *WorkflowRun
	ID, ContractID, OrgID            uuid.UUID
	ContractName                     string
	// Latest available contract revision
	ContractRevisionLatest int
	// Public means that the associated workflow runs, attestations and materials
	// are reachable by other users, regardless of their organization
	// This field is also used to calculate if an user can download attestations/materials from the CAS
	Public    bool
	ProjectID uuid.UUID
}

type WorkflowContract

type WorkflowContract struct {
	ID             uuid.UUID
	Name           string
	Description    string
	LatestRevision int
	CreatedAt      *time.Time
	// WorkflowRefs is the list of workflows associated with this contract
	WorkflowRefs []*WorkflowRef
}

type WorkflowContractCreateOpts

type WorkflowContractCreateOpts struct {
	OrgID, Name string
	RawSchema   []byte
	Description *string
	// Make sure that the name is unique in the organization
	AddUniquePrefix bool
}

type WorkflowContractRepo

type WorkflowContractRepo interface {
	Create(ctx context.Context, opts *ContractCreateOpts) (*WorkflowContract, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*WorkflowContract, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*WorkflowContract, error)
	FindByNameInOrg(ctx context.Context, orgID uuid.UUID, name string) (*WorkflowContract, error)
	Describe(ctx context.Context, orgID, contractID uuid.UUID, revision int, opts ...ContractQueryOpt) (*WorkflowContractWithVersion, error)
	FindVersionByID(ctx context.Context, versionID uuid.UUID) (*WorkflowContractWithVersion, error)
	Update(ctx context.Context, orgID uuid.UUID, name string, opts *ContractUpdateOpts) (*WorkflowContractWithVersion, error)
	SoftDelete(ctx context.Context, contractID uuid.UUID) error
}

type WorkflowContractUpdateOpts

type WorkflowContractUpdateOpts struct {
	RawSchema   []byte
	Description *string
}

type WorkflowContractUseCase

type WorkflowContractUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowContractUseCase

func NewWorkflowContractUseCase(repo WorkflowContractRepo, policyRegistry *policies.Registry, auditorUC *AuditorUseCase, logger log.Logger) *WorkflowContractUseCase

func (*WorkflowContractUseCase) Create

we currently only support schema v1

func (*WorkflowContractUseCase) Delete

func (uc *WorkflowContractUseCase) Delete(ctx context.Context, orgID, contractID string) error

Delete soft-deletes the entry

func (*WorkflowContractUseCase) Describe

func (uc *WorkflowContractUseCase) Describe(ctx context.Context, orgID, contractID string, revision int, opts ...ContractQueryOpt) (*WorkflowContractWithVersion, error)

func (*WorkflowContractUseCase) FindByIDInOrg

func (uc *WorkflowContractUseCase) FindByIDInOrg(ctx context.Context, orgID, contractID string) (*WorkflowContract, error)

func (*WorkflowContractUseCase) FindByNameInOrg added in v0.93.0

func (uc *WorkflowContractUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*WorkflowContract, error)

func (*WorkflowContractUseCase) FindVersionByID

func (uc *WorkflowContractUseCase) FindVersionByID(ctx context.Context, versionID string) (*WorkflowContractWithVersion, error)

func (*WorkflowContractUseCase) GetPolicy added in v0.95.7

func (uc *WorkflowContractUseCase) GetPolicy(providerName, policyName, orgName, token string) (*RemotePolicy, error)

GetPolicy retrieves a policy from a policy provider

func (*WorkflowContractUseCase) GetPolicyGroup added in v0.96.14

func (uc *WorkflowContractUseCase) GetPolicyGroup(providerName, groupName, orgName, token string) (*RemotePolicyGroup, error)

func (*WorkflowContractUseCase) List

func (*WorkflowContractUseCase) Update

func (*WorkflowContractUseCase) ValidateContractPolicies added in v0.96.0

func (uc *WorkflowContractUseCase) ValidateContractPolicies(rawSchema []byte, token string) error

func (*WorkflowContractUseCase) ValidatePolicyAttachment added in v0.144.0

func (uc *WorkflowContractUseCase) ValidatePolicyAttachment(providerName string, att *schemav1.PolicyAttachment, token string) error

type WorkflowContractVersion

type WorkflowContractVersion struct {
	ID        uuid.UUID
	Revision  int
	CreatedAt *time.Time
	Schema    *Contract
}

type WorkflowContractWithVersion

type WorkflowContractWithVersion struct {
	Contract *WorkflowContract
	Version  *WorkflowContractVersion
}

type WorkflowCreateOpts

type WorkflowCreateOpts struct {
	Name, OrgID, Project, Team, ContractName, Description string
	ContractID                                            string
	// Public means that the associated workflow runs, attestations and materials
	// are reachable by other users, regardless of their organization
	Public bool
}

TODO: move to pointer properties to handle empty values

type WorkflowListOpts added in v0.109.0

type WorkflowListOpts struct {
	// WorkflowName is the name of the workflow
	WorkflowName string
	// WorkflowDescription is the description of the workflow
	WorkflowDescription string
	// WorkflowTeam is the team of the workflow
	WorkflowTeam string
	// WorkflowProjectNames is the project name of the workflow
	WorkflowProjectNames []string
	// WorkflowPublic is the flag to filter public workflows
	WorkflowPublic *bool
	// WorkflowActiveWindow is the active window of the workflow
	WorkflowRunRunnerType string
	// WorkflowActiveWindow is the active window of the workflow
	WorkflowActiveWindow *TimeWindow
	// WorkflowRunStatus is the status of the workflow runs to return
	WorkflowRunLastStatus WorkflowRunStatus
}

WorkflowListOpts is the options to filter the list of workflows

type WorkflowRef added in v0.96.19

type WorkflowRef struct {
	ID          uuid.UUID
	Name        string
	ProjectName string
}

WorkflowRef is a reference to a workflow With combination of the name and the project, it should be unique

type WorkflowRepo

type WorkflowRepo interface {
	Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error)
	Update(ctx context.Context, id uuid.UUID, opts *WorkflowUpdateOpts) (*Workflow, error)
	List(ctx context.Context, orgID uuid.UUID, filter *WorkflowListOpts, pagination *pagination.OffsetPaginationOpts) ([]*Workflow, int, error)
	GetOrgScoped(ctx context.Context, orgID, workflowID uuid.UUID) (*Workflow, error)
	GetOrgScopedByProjectAndName(ctx context.Context, orgID uuid.UUID, projectName, workflowName string) (*Workflow, error)
	IncRunsCounter(ctx context.Context, workflowID uuid.UUID) error
	FindByID(ctx context.Context, workflowID uuid.UUID) (*Workflow, error)
	SoftDelete(ctx context.Context, workflowID uuid.UUID) error
}

type WorkflowRun

type WorkflowRun struct {
	ID                    uuid.UUID
	State, Reason         string
	CreatedAt, FinishedAt *time.Time
	Workflow              *Workflow
	RunURL, RunnerType    string
	ContractVersionID     uuid.UUID
	Attestation           *Attestation
	CASBackends           []*CASBackend
	// The revision of the contract that was used
	ContractRevisionUsed int
	// The max revision of the contract at the time of the run
	ContractRevisionLatest int
	ProjectVersion         *ProjectVersion
}

type WorkflowRunCreateOpts

type WorkflowRunCreateOpts struct {
	WorkflowID       string
	ContractRevision *WorkflowContractWithVersion
	RunnerRunURL     string
	RunnerType       string
	CASBackendID     uuid.UUID
	ProjectVersion   string
}

type WorkflowRunExpirerOpts

type WorkflowRunExpirerOpts struct {
	// Maximum time threshold for what a workflowRun will be considered expired
	ExpirationWindow time.Duration
	CheckInterval    time.Duration
}

type WorkflowRunExpirerUseCase

type WorkflowRunExpirerUseCase struct {
	PromObservable PromObservable
	// contains filtered or unexported fields
}

func NewWorkflowRunExpirerUseCase

func NewWorkflowRunExpirerUseCase(wfrRepo WorkflowRunRepo, po PromObservable, logger log.Logger) *WorkflowRunExpirerUseCase

func (*WorkflowRunExpirerUseCase) ExpirationSweep

func (uc *WorkflowRunExpirerUseCase) ExpirationSweep(ctx context.Context, olderThan time.Time) error

ExpirationSweep looks for runs older than the provider time and marks them as expired

func (*WorkflowRunExpirerUseCase) Run

type WorkflowRunRepo

type WorkflowRunRepo interface {
	Create(ctx context.Context, opts *WorkflowRunRepoCreateOpts) (*WorkflowRun, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*WorkflowRun, error)
	FindByAttestationDigest(ctx context.Context, digest string) (*WorkflowRun, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*WorkflowRun, error)
	MarkAsFinished(ctx context.Context, ID uuid.UUID, status WorkflowRunStatus, reason string) error
	SaveAttestation(ctx context.Context, ID uuid.UUID, att *dsse.Envelope, digest string) error
	List(ctx context.Context, orgID uuid.UUID, f *RunListFilters, p *pagination.CursorOptions) ([]*WorkflowRun, string, error)
	// List the runs that have not finished and are older than a given time
	ListNotFinishedOlderThan(ctx context.Context, olderThan time.Time, limit int) ([]*WorkflowRun, error)
	// Set run as expired
	Expire(ctx context.Context, id uuid.UUID) error
}

type WorkflowRunRepoCreateOpts

type WorkflowRunRepoCreateOpts struct {
	WorkflowID, SchemaVersionID  uuid.UUID
	RunURL, RunnerType           string
	Backends                     []uuid.UUID
	LatestRevision, UsedRevision int
	ProjectVersion               string
}

type WorkflowRunStatus

type WorkflowRunStatus string
const (
	WorkflowRunInitialized WorkflowRunStatus = "initialized"
	WorkflowRunSuccess     WorkflowRunStatus = "success"
	WorkflowRunError       WorkflowRunStatus = "error"
	WorkflowRunExpired     WorkflowRunStatus = "expired"
	WorkflowRunCancelled   WorkflowRunStatus = "canceled"
)

func (WorkflowRunStatus) Values

func (WorkflowRunStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type WorkflowRunUseCase

type WorkflowRunUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowRunUseCase

func NewWorkflowRunUseCase(wfrRepo WorkflowRunRepo, wfRepo WorkflowRepo, logger log.Logger) (*WorkflowRunUseCase, error)

func (*WorkflowRunUseCase) Create

Create will add a new WorkflowRun, associate it to a schemaVersion and increment the counter in the associated workflow

func (*WorkflowRunUseCase) ExistsInWorkflow

func (uc *WorkflowRunUseCase) ExistsInWorkflow(ctx context.Context, workflowID, id string) (bool, error)

The workflowRun belongs to the provided workflowRun

func (*WorkflowRunUseCase) GetByDigestInOrgOrPublic

func (uc *WorkflowRunUseCase) GetByDigestInOrgOrPublic(ctx context.Context, orgID, digest string) (*WorkflowRun, error)

func (*WorkflowRunUseCase) GetByIDInOrg

func (uc *WorkflowRunUseCase) GetByIDInOrg(ctx context.Context, orgID, runID string) (*WorkflowRun, error)

Returns the workflow run with the provided ID if it belongs to the org

func (*WorkflowRunUseCase) GetByIDInOrgOrPublic

func (uc *WorkflowRunUseCase) GetByIDInOrgOrPublic(ctx context.Context, orgID, runID string) (*WorkflowRun, error)

Returns the workflow run with the provided ID if it belongs to the org or its public

func (*WorkflowRunUseCase) List

List the workflowruns associated with an org and optionally filtered by a workflow

func (*WorkflowRunUseCase) MarkAsFinished

func (uc *WorkflowRunUseCase) MarkAsFinished(ctx context.Context, id string, status WorkflowRunStatus, reason string) error

func (*WorkflowRunUseCase) SaveAttestation

func (uc *WorkflowRunUseCase) SaveAttestation(ctx context.Context, id string, envelope *dsse.Envelope) (string, error)

type WorkflowRunWithContract

type WorkflowRunWithContract struct {
	*WorkflowRun
	*WorkflowContractVersion
}

type WorkflowUpdateOpts

type WorkflowUpdateOpts struct {
	Team, Description, ContractID *string
	Public                        *bool
}

type WorkflowUseCase

type WorkflowUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowUsecase

func NewWorkflowUsecase(wfr WorkflowRepo, projectsRepo ProjectsRepo, schemaUC *WorkflowContractUseCase, auditorUC *AuditorUseCase, logger log.Logger) *WorkflowUseCase

func (*WorkflowUseCase) Create

func (uc *WorkflowUseCase) Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error)

func (*WorkflowUseCase) Delete

func (uc *WorkflowUseCase) Delete(ctx context.Context, orgID, workflowID string) error

Delete soft-deletes the entry

func (*WorkflowUseCase) FindByID

func (uc *WorkflowUseCase) FindByID(ctx context.Context, workflowID string) (*Workflow, error)

func (*WorkflowUseCase) FindByIDInOrg

func (uc *WorkflowUseCase) FindByIDInOrg(ctx context.Context, orgID, workflowID string) (*Workflow, error)

func (*WorkflowUseCase) FindByNameInOrg

func (uc *WorkflowUseCase) FindByNameInOrg(ctx context.Context, orgID, projectName, workflowName string) (*Workflow, error)

func (*WorkflowUseCase) IncRunsCounter

func (uc *WorkflowUseCase) IncRunsCounter(ctx context.Context, workflowID string) error

func (*WorkflowUseCase) List

func (uc *WorkflowUseCase) List(ctx context.Context, orgID string, filterOpts *WorkflowListOpts, paginationOpts *pagination.OffsetPaginationOpts) ([]*Workflow, int, error)

List returns a list of workflows and the total count of workflows

func (*WorkflowUseCase) Update

func (uc *WorkflowUseCase) Update(ctx context.Context, orgID, workflowID string, opts *WorkflowUpdateOpts) (*Workflow, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL