Documentation ¶
Index ¶
- Constants
- Variables
- func IsErrInvalidUUID(err error) bool
- func IsErrUnauthorized(err error) bool
- func IsErrValidation(err error) bool
- func IsNotFound(err error) bool
- func NewErrReferrerAmbiguous(digest string, kinds []string) error
- func WithKind(kind string) func(*GetFromRootFilters)
- func WithPublicVisibility(public bool) func(*GetFromRootFilters)
- type AttachOpts
- type Attestation
- type AttestationUseCase
- type CASBackend
- type CASBackendCreateOpts
- type CASBackendLimits
- type CASBackendOpts
- type CASBackendProvider
- type CASBackendReader
- type CASBackendRepo
- type CASBackendUpdateOpts
- type CASBackendUseCase
- func (uc *CASBackendUseCase) Create(ctx context.Context, orgID, location, description string, ...) (*CASBackend, error)
- func (uc *CASBackendUseCase) CreateInlineFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)
- func (uc *CASBackendUseCase) CreateOrUpdate(ctx context.Context, orgID, name, username, password string, ...) (*CASBackend, error)deprecated
- func (uc *CASBackendUseCase) Delete(ctx context.Context, id string) error
- func (uc *CASBackendUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*CASBackend, error)
- func (uc *CASBackendUseCase) FindDefaultBackend(ctx context.Context, orgID string) (*CASBackend, error)
- func (uc *CASBackendUseCase) FindFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)
- func (uc *CASBackendUseCase) List(ctx context.Context, orgID string) ([]*CASBackend, error)
- func (uc *CASBackendUseCase) PerformValidation(ctx context.Context, id string) (err error)
- func (uc *CASBackendUseCase) SoftDelete(ctx context.Context, orgID, id string) error
- func (uc *CASBackendUseCase) Update(ctx context.Context, orgID, id, description string, creds any, defaultB bool) (*CASBackend, error)
- type CASBackendValidationStatus
- type CASClient
- type CASClientFactory
- type CASClientOpts
- type CASClientUseCase
- func (uc *CASClientUseCase) Download(ctx context.Context, backendType, secretID string, w io.Writer, digest string) error
- func (uc *CASClientUseCase) IsReady(ctx context.Context) (bool, error)
- func (uc *CASClientUseCase) Upload(ctx context.Context, backendType, secretID string, content io.Reader, ...) error
- type CASCredentialsUseCase
- type CASCredsOpts
- type CASDownloader
- type CASMapping
- type CASMappingLookupRef
- type CASMappingRepo
- type CASMappingUseCase
- func (uc *CASMappingUseCase) Create(ctx context.Context, digest string, casBackendID, workflowRunID string) (*CASMapping, error)
- func (uc *CASMappingUseCase) FindByDigest(ctx context.Context, digest string) ([]*CASMapping, error)
- func (uc *CASMappingUseCase) FindCASMappingForDownload(ctx context.Context, digest string, userID string) (*CASMapping, error)
- func (uc *CASMappingUseCase) LookupDigestsInAttestation(att *dsse.Envelope) ([]*CASMappingLookupRef, error)
- type CASUploader
- type ContractCreateOpts
- type ContractUpdateOpts
- type ErrAmbiguousReferrer
- type ErrInvalidUUID
- type ErrNotFound
- type ErrUnauthorized
- type ErrValidation
- type GetFromRootFilter
- type GetFromRootFilters
- type Integration
- type IntegrationAndAttachment
- type IntegrationAttachment
- type IntegrationAttachmentRepo
- type IntegrationCreateOpts
- type IntegrationRepo
- type IntegrationUseCase
- func (uc *IntegrationUseCase) AttachToWorkflow(ctx context.Context, opts *AttachOpts) (*IntegrationAttachment, error)
- func (uc *IntegrationUseCase) Delete(ctx context.Context, orgID, integrationID string) error
- func (uc *IntegrationUseCase) Detach(ctx context.Context, orgID, attachmentID string) error
- func (uc *IntegrationUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*Integration, error)
- func (uc *IntegrationUseCase) List(ctx context.Context, orgID string) ([]*Integration, error)
- func (uc *IntegrationUseCase) ListAttachments(ctx context.Context, orgID, workflowID string) ([]*IntegrationAttachment, error)
- func (uc *IntegrationUseCase) RegisterAndSave(ctx context.Context, orgID, description string, i sdk.FanOut, ...) (*Integration, error)
- type Membership
- type MembershipRepo
- type MembershipUseCase
- func (uc *MembershipUseCase) ByOrg(ctx context.Context, orgID string) ([]*Membership, error)
- func (uc *MembershipUseCase) ByUser(ctx context.Context, userID string) ([]*Membership, error)
- func (uc *MembershipUseCase) Create(ctx context.Context, orgID, userID string, current bool) (*Membership, error)
- func (uc *MembershipUseCase) Delete(ctx context.Context, id string) error
- func (uc *MembershipUseCase) SetCurrent(ctx context.Context, userID, membershipID string) (*Membership, error)
- type NewIntegrationUseCaseOpts
- type NewUserUseCaseParams
- type OrgInvitation
- type OrgInvitationRepo
- type OrgInvitationStatus
- type OrgInvitationUseCase
- func (uc *OrgInvitationUseCase) AcceptInvitation(ctx context.Context, invitationID string) error
- func (uc *OrgInvitationUseCase) AcceptPendingInvitations(ctx context.Context, receiverEmail string) error
- func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, receiverEmail string) (*OrgInvitation, error)
- func (uc *OrgInvitationUseCase) FindByID(ctx context.Context, invitationID string) (*OrgInvitation, error)
- func (uc *OrgInvitationUseCase) ListBySender(ctx context.Context, senderID string) ([]*OrgInvitation, error)
- func (uc *OrgInvitationUseCase) Revoke(ctx context.Context, senderID, invitationID string) error
- type OrgMetricsRepo
- type OrgMetricsUseCase
- func (uc *OrgMetricsUseCase) RunsTotal(ctx context.Context, orgID string, timeWindow time.Duration) (int32, error)
- func (uc *OrgMetricsUseCase) RunsTotalByRunnerType(ctx context.Context, orgID string, timeWindow time.Duration) (map[string]int32, error)
- func (uc *OrgMetricsUseCase) RunsTotalByStatus(ctx context.Context, orgID string, timeWindow time.Duration) (map[string]int32, error)
- func (uc *OrgMetricsUseCase) TopWorkflowsByRunsCount(ctx context.Context, orgID string, numWorkflows int, timeWindow time.Duration) ([]*TopWorkflowsByRunsCountItem, error)
- type Organization
- type OrganizationRepo
- type OrganizationUseCase
- type Referrer
- type ReferrerRepo
- type ReferrerUseCase
- func (s *ReferrerUseCase) ExtractAndPersist(ctx context.Context, att *dsse.Envelope, workflowID string) error
- func (s *ReferrerUseCase) GetFromRoot(ctx context.Context, digest, rootKind, userID string) (*StoredReferrer, error)
- func (s *ReferrerUseCase) GetFromRootInPublicSharedIndex(ctx context.Context, digest, rootKind string) (*StoredReferrer, error)
- type RobotAccount
- type RobotAccountRepo
- type RobotAccountUseCase
- func (uc *RobotAccountUseCase) Create(ctx context.Context, name string, orgID, workflowID string) (*RobotAccount, error)
- func (uc *RobotAccountUseCase) FindByID(ctx context.Context, id string) (*RobotAccount, error)
- func (uc *RobotAccountUseCase) List(ctx context.Context, orgID, workflowID string, includeRevoked bool) ([]*RobotAccount, error)
- func (uc *RobotAccountUseCase) Revoke(ctx context.Context, orgID, id string) error
- type StoredReferrer
- type TopWorkflowsByRunsCountItem
- type User
- type UserOrgFinder
- type UserRepo
- type UserUseCase
- func (uc *UserUseCase) CurrentOrg(ctx context.Context, userID string) (*Organization, error)
- func (uc *UserUseCase) DeleteUser(ctx context.Context, userID string) error
- func (uc *UserUseCase) FindByID(ctx context.Context, userID string) (*User, error)
- func (uc *UserUseCase) FindOrCreateByEmail(ctx context.Context, email string) (*User, error)
- type Workflow
- type WorkflowContract
- type WorkflowContractRepo
- type WorkflowContractUseCase
- func (uc *WorkflowContractUseCase) Create(ctx context.Context, orgID, name string, schema *schemav1.CraftingSchema) (*WorkflowContract, error)
- func (uc *WorkflowContractUseCase) Delete(ctx context.Context, orgID, contractID string) error
- func (uc *WorkflowContractUseCase) Describe(ctx context.Context, orgID, contractID string, revision int) (*WorkflowContractWithVersion, error)
- func (uc *WorkflowContractUseCase) FindByIDInOrg(ctx context.Context, orgID, contractID string) (*WorkflowContract, error)
- func (uc *WorkflowContractUseCase) FindVersionByID(ctx context.Context, versionID string) (*WorkflowContractVersion, error)
- func (uc *WorkflowContractUseCase) List(ctx context.Context, orgID string) ([]*WorkflowContract, error)
- func (uc *WorkflowContractUseCase) Update(ctx context.Context, orgID, contractID, name string, ...) (*WorkflowContractWithVersion, error)
- type WorkflowContractVersion
- type WorkflowContractWithVersion
- type WorkflowCreateOpts
- type WorkflowRepo
- type WorkflowRun
- type WorkflowRunCreateOpts
- type WorkflowRunExpirerOpts
- type WorkflowRunExpirerUseCase
- type WorkflowRunRepo
- type WorkflowRunStatus
- type WorkflowRunUseCase
- func (uc *WorkflowRunUseCase) Create(ctx context.Context, opts *WorkflowRunCreateOpts) (*WorkflowRun, error)
- func (uc *WorkflowRunUseCase) ExistsInWorkflow(ctx context.Context, workflowID, id string) (bool, error)
- func (uc *WorkflowRunUseCase) GetByDigestInOrgOrPublic(ctx context.Context, orgID, digest string) (*WorkflowRun, error)
- func (uc *WorkflowRunUseCase) GetByIDInOrgOrPublic(ctx context.Context, orgID, runID string) (*WorkflowRun, error)
- func (uc *WorkflowRunUseCase) List(ctx context.Context, orgID, workflowID string, p *pagination.Options) ([]*WorkflowRun, string, error)
- func (uc *WorkflowRunUseCase) MarkAsFinished(ctx context.Context, id string, status WorkflowRunStatus, reason string) error
- func (uc *WorkflowRunUseCase) SaveAttestation(ctx context.Context, id string, envelope *dsse.Envelope, digest string) error
- type WorkflowRunWithContract
- type WorkflowUpdateOpts
- type WorkflowUseCase
- func (uc *WorkflowUseCase) Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error)
- func (uc *WorkflowUseCase) Delete(ctx context.Context, orgID, workflowID string) error
- func (uc *WorkflowUseCase) FindByID(ctx context.Context, workflowID string) (*Workflow, error)
- func (uc *WorkflowUseCase) FindByIDInOrg(ctx context.Context, orgID, workflowID string) (*Workflow, error)
- func (uc *WorkflowUseCase) IncRunsCounter(ctx context.Context, workflowID string) error
- func (uc *WorkflowUseCase) List(ctx context.Context, orgID string) ([]*Workflow, error)
- func (uc *WorkflowUseCase) Update(ctx context.Context, orgID, workflowID string, opts *WorkflowUpdateOpts) (*Workflow, error)
Constants ¶
const ( CASBackendDefaultMaxBytes int64 = 100 * 1024 * 1024 // 100MB // Inline, embedded CAS backend CASBackendInline CASBackendProvider = "INLINE" CASBackendInlineDefaultMaxBytes int64 = 500 * 1024 // 500KB )
Variables ¶
var ProviderSet = wire.NewSet( NewWorkflowUsecase, NewUserUseCase, NewRootAccountUseCase, NewWorkflowRunUseCase, NewOrganizationUseCase, NewWorkflowContractUseCase, NewCASCredentialsUseCase, NewCASBackendUseCase, NewOrgMetricsUseCase, NewIntegrationUseCase, NewMembershipUseCase, NewCASClientUseCase, NewOrgInvitationUseCase, NewAttestationUseCase, NewWorkflowRunExpirerUseCase, NewCASMappingUseCase, NewReferrerUseCase, wire.Struct(new(NewIntegrationUseCaseOpts), "*"), wire.Struct(new(NewUserUseCaseParams), "*"), )
ProviderSet is biz providers.
Functions ¶
func IsErrInvalidUUID ¶
func IsErrUnauthorized ¶ added in v0.17.0
func IsErrValidation ¶
func IsNotFound ¶
func NewErrReferrerAmbiguous ¶ added in v0.40.0
func WithKind ¶ added in v0.40.0
func WithKind(kind string) func(*GetFromRootFilters)
func WithPublicVisibility ¶ added in v0.40.0
func WithPublicVisibility(public bool) func(*GetFromRootFilters)
Types ¶
type AttachOpts ¶
type Attestation ¶
type AttestationUseCase ¶
type AttestationUseCase struct { CASClient // contains filtered or unexported fields }
func NewAttestationUseCase ¶
func NewAttestationUseCase(client CASClient, logger log.Logger) *AttestationUseCase
func (*AttestationUseCase) UploadToCAS ¶ added in v0.8.95
func (uc *AttestationUseCase) UploadToCAS(ctx context.Context, envelope *dsse.Envelope, backend *CASBackend, workflowRunID string) (*cr_v1.Hash, error)
type CASBackend ¶ added in v0.14.0
type CASBackend struct { ID uuid.UUID Location, Description, SecretName string CreatedAt, ValidatedAt *time.Time OrganizationID uuid.UUID ValidationStatus CASBackendValidationStatus // OCI, S3, ... Provider CASBackendProvider // Whether this is the default cas backend for the organization Default bool // it's a inline backend, the artifacts are embedded in the attestation Inline bool // It's a fallback backend, it cannot be deleted Fallback bool Limits *CASBackendLimits }
type CASBackendCreateOpts ¶ added in v0.14.0
type CASBackendCreateOpts struct { *CASBackendOpts Fallback bool }
type CASBackendLimits ¶ added in v0.14.0
type CASBackendLimits struct { // Max number of bytes allowed to be stored in this backend MaxBytes int64 }
type CASBackendOpts ¶ added in v0.14.0
type CASBackendOpts struct { OrgID uuid.UUID Location, SecretName, Description string Provider CASBackendProvider Default bool }
type CASBackendProvider ¶ added in v0.14.0
type CASBackendProvider string
func (CASBackendProvider) Values ¶ added in v0.14.0
func (CASBackendProvider) Values() (kinds []string)
Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues
type CASBackendReader ¶ added in v0.14.0
type CASBackendRepo ¶ added in v0.14.0
type CASBackendRepo interface { FindDefaultBackend(ctx context.Context, orgID uuid.UUID) (*CASBackend, error) FindFallbackBackend(ctx context.Context, orgID uuid.UUID) (*CASBackend, error) FindByID(ctx context.Context, ID uuid.UUID) (*CASBackend, error) FindByIDInOrg(ctx context.Context, OrgID, ID uuid.UUID) (*CASBackend, error) List(ctx context.Context, orgID uuid.UUID) ([]*CASBackend, error) UpdateValidationStatus(ctx context.Context, ID uuid.UUID, status CASBackendValidationStatus) error Create(context.Context, *CASBackendCreateOpts) (*CASBackend, error) Update(context.Context, *CASBackendUpdateOpts) (*CASBackend, error) Delete(ctx context.Context, ID uuid.UUID) error SoftDelete(ctx context.Context, ID uuid.UUID) error }
type CASBackendUpdateOpts ¶ added in v0.14.0
type CASBackendUpdateOpts struct { *CASBackendOpts ID uuid.UUID }
type CASBackendUseCase ¶ added in v0.14.0
type CASBackendUseCase struct {
// contains filtered or unexported fields
}
func NewCASBackendUseCase ¶ added in v0.14.0
func NewCASBackendUseCase(repo CASBackendRepo, credsRW credentials.ReaderWriter, providers backend.Providers, l log.Logger) *CASBackendUseCase
func (*CASBackendUseCase) Create ¶ added in v0.14.0
func (uc *CASBackendUseCase) Create(ctx context.Context, orgID, location, description string, provider CASBackendProvider, creds any, defaultB bool) (*CASBackend, error)
func (*CASBackendUseCase) CreateInlineFallbackBackend ¶ added in v0.14.0
func (uc *CASBackendUseCase) CreateInlineFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)
func (*CASBackendUseCase) CreateOrUpdate
deprecated
added in
v0.14.0
func (uc *CASBackendUseCase) CreateOrUpdate(ctx context.Context, orgID, name, username, password string, provider CASBackendProvider, defaultB bool) (*CASBackend, error)
Deprecated: use Create and update methods separately instead
func (*CASBackendUseCase) Delete ¶ added in v0.14.0
func (uc *CASBackendUseCase) Delete(ctx context.Context, id string) error
Delete will delete the secret in the external secrets manager and the CAS backend from the database This method is used during user off-boarding
func (*CASBackendUseCase) FindByIDInOrg ¶ added in v0.14.0
func (uc *CASBackendUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*CASBackend, error)
func (*CASBackendUseCase) FindDefaultBackend ¶ added in v0.14.0
func (uc *CASBackendUseCase) FindDefaultBackend(ctx context.Context, orgID string) (*CASBackend, error)
func (*CASBackendUseCase) FindFallbackBackend ¶ added in v0.14.0
func (uc *CASBackendUseCase) FindFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)
func (*CASBackendUseCase) List ¶ added in v0.14.0
func (uc *CASBackendUseCase) List(ctx context.Context, orgID string) ([]*CASBackend, error)
func (*CASBackendUseCase) PerformValidation ¶ added in v0.14.0
func (uc *CASBackendUseCase) PerformValidation(ctx context.Context, id string) (err error)
Validate that the repository is valid and reachable
func (*CASBackendUseCase) SoftDelete ¶ added in v0.14.0
func (uc *CASBackendUseCase) SoftDelete(ctx context.Context, orgID, id string) error
SoftDelete will mark the cas backend as deleted but will not delete the secret in the external secrets manager We keep it so it can be restored or referenced in the future while trying to download an asset
func (*CASBackendUseCase) Update ¶ added in v0.14.0
func (uc *CASBackendUseCase) Update(ctx context.Context, orgID, id, description string, creds any, defaultB bool) (*CASBackend, error)
Update will update credentials, description or default status
type CASBackendValidationStatus ¶ added in v0.14.0
type CASBackendValidationStatus string
var CASBackendValidationFailed CASBackendValidationStatus = "Invalid"
var CASBackendValidationOK CASBackendValidationStatus = "OK"
func (CASBackendValidationStatus) Values ¶ added in v0.14.0
func (CASBackendValidationStatus) Values() (kinds []string)
Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues
type CASClient ¶ added in v0.8.95
type CASClient interface { CASUploader CASDownloader }
type CASClientFactory ¶ added in v0.8.96
type CASClientFactory func(conf *conf.Bootstrap_CASServer, token string) (casclient.DownloaderUploader, func(), error)
Function that returns a CAS client including a connection closer method
type CASClientOpts ¶ added in v0.8.96
type CASClientOpts func(u *CASClientUseCase)
func WithClientFactory ¶ added in v0.8.96
func WithClientFactory(f CASClientFactory) CASClientOpts
type CASClientUseCase ¶ added in v0.8.95
type CASClientUseCase struct {
// contains filtered or unexported fields
}
func NewCASClientUseCase ¶ added in v0.8.95
func NewCASClientUseCase(credsProvider *CASCredentialsUseCase, config *conf.Bootstrap_CASServer, l log.Logger, opts ...CASClientOpts) *CASClientUseCase
type CASCredentialsUseCase ¶
type CASCredentialsUseCase struct {
// contains filtered or unexported fields
}
func NewCASCredentialsUseCase ¶
func NewCASCredentialsUseCase(c *conf.Auth) (*CASCredentialsUseCase, error)
func (*CASCredentialsUseCase) GenerateTemporaryCredentials ¶
func (uc *CASCredentialsUseCase) GenerateTemporaryCredentials(backendRef *CASCredsOpts) (string, error)
type CASCredsOpts ¶ added in v0.19.0
type CASCredsOpts struct { BackendType string // i.e OCI, S3 SecretPath string // path to for example the OCI secret in the vault Role robotaccount.Role }
type CASDownloader ¶ added in v0.8.95
type CASMapping ¶ added in v0.17.0
type CASMappingLookupRef ¶ added in v0.17.0
type CASMappingLookupRef struct {
Name, Digest string
}
type CASMappingRepo ¶ added in v0.17.0
type CASMappingUseCase ¶ added in v0.17.0
type CASMappingUseCase struct {
// contains filtered or unexported fields
}
func NewCASMappingUseCase ¶ added in v0.17.0
func NewCASMappingUseCase(repo CASMappingRepo, mRepo MembershipRepo, logger log.Logger) *CASMappingUseCase
func (*CASMappingUseCase) Create ¶ added in v0.17.0
func (uc *CASMappingUseCase) Create(ctx context.Context, digest string, casBackendID, workflowRunID string) (*CASMapping, error)
func (*CASMappingUseCase) FindByDigest ¶ added in v0.17.0
func (uc *CASMappingUseCase) FindByDigest(ctx context.Context, digest string) ([]*CASMapping, error)
func (*CASMappingUseCase) FindCASMappingForDownload ¶ added in v0.17.0
func (uc *CASMappingUseCase) FindCASMappingForDownload(ctx context.Context, digest string, userID string) (*CASMapping, error)
FindCASMappingForDownload returns the CASMapping appropriate for the given digest and user This means, in order 1 - Any mapping that points to an organization which the user is member of 1.1 If there are multiple mappings, it will pick the default one or the first one 2 - Any mapping that is public
func (*CASMappingUseCase) LookupDigestsInAttestation ¶ added in v0.17.0
func (uc *CASMappingUseCase) LookupDigestsInAttestation(att *dsse.Envelope) ([]*CASMappingLookupRef, error)
LookupCASItemsInAttestation returns a list of references to the materials that have been uploaded to CAS as well as the attestation digest itself
type CASUploader ¶ added in v0.8.95
type ContractCreateOpts ¶
type ContractUpdateOpts ¶
type ErrAmbiguousReferrer ¶ added in v0.40.0
type ErrAmbiguousReferrer struct {
// contains filtered or unexported fields
}
A referrer with the same digest points to two different artifact types and we require filtering out which one
func (ErrAmbiguousReferrer) Error ¶ added in v0.40.0
func (e ErrAmbiguousReferrer) Error() string
type ErrInvalidUUID ¶
type ErrInvalidUUID struct {
// contains filtered or unexported fields
}
func NewErrInvalidUUID ¶
func NewErrInvalidUUID(err error) ErrInvalidUUID
func (ErrInvalidUUID) Error ¶
func (e ErrInvalidUUID) Error() string
type ErrNotFound ¶
type ErrNotFound struct {
// contains filtered or unexported fields
}
func NewErrNotFound ¶
func NewErrNotFound(entity string) ErrNotFound
func (ErrNotFound) Error ¶
func (e ErrNotFound) Error() string
type ErrUnauthorized ¶ added in v0.17.0
type ErrUnauthorized struct {
// contains filtered or unexported fields
}
func NewErrUnauthorized ¶ added in v0.17.0
func NewErrUnauthorized(err error) ErrUnauthorized
func NewErrUnauthorizedStr ¶ added in v0.25.0
func NewErrUnauthorizedStr(errMsg string) ErrUnauthorized
func (ErrUnauthorized) Error ¶ added in v0.17.0
func (e ErrUnauthorized) Error() string
type ErrValidation ¶ added in v0.8.95
type ErrValidation struct {
// contains filtered or unexported fields
}
func NewErrValidation ¶ added in v0.8.95
func NewErrValidation(err error) ErrValidation
func NewErrValidationStr ¶ added in v0.25.0
func NewErrValidationStr(errMsg string) ErrValidation
func (ErrValidation) Error ¶ added in v0.8.95
func (e ErrValidation) Error() string
type GetFromRootFilter ¶ added in v0.40.0
type GetFromRootFilter func(*GetFromRootFilters)
type GetFromRootFilters ¶ added in v0.40.0
type Integration ¶
type Integration struct { ID uuid.UUID // Kind is the type of the integration, it matches the registered plugin ID Kind string // Description is a human readable description of the integration registration // It helps to differentiate different instances of the same kind Description string // Registration Configuration, usually JSON marshalled Config []byte // Identifier to the external provider where any secret information is stored SecretName string CreatedAt *time.Time }
type IntegrationAndAttachment ¶
type IntegrationAndAttachment struct { *Integration *IntegrationAttachment }
type IntegrationAttachment ¶
type IntegrationAttachmentRepo ¶
type IntegrationAttachmentRepo interface { Create(ctx context.Context, integrationID, workflowID uuid.UUID, config []byte) (*IntegrationAttachment, error) List(ctx context.Context, orgID, workflowID uuid.UUID) ([]*IntegrationAttachment, error) FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*IntegrationAttachment, error) SoftDelete(ctx context.Context, ID uuid.UUID) error }
type IntegrationCreateOpts ¶ added in v0.11.1
type IntegrationRepo ¶
type IntegrationRepo interface { Create(ctx context.Context, opts *IntegrationCreateOpts) (*Integration, error) List(ctx context.Context, orgID uuid.UUID) ([]*Integration, error) FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*Integration, error) SoftDelete(ctx context.Context, ID uuid.UUID) error }
type IntegrationUseCase ¶
type IntegrationUseCase struct {
// contains filtered or unexported fields
}
func NewIntegrationUseCase ¶ added in v0.8.95
func NewIntegrationUseCase(opts *NewIntegrationUseCaseOpts) *IntegrationUseCase
func (*IntegrationUseCase) AttachToWorkflow ¶
func (uc *IntegrationUseCase) AttachToWorkflow(ctx context.Context, opts *AttachOpts) (*IntegrationAttachment, error)
- Integration and workflows exists in current organization - Run specific validation for the integration - Persist integration attachment
func (*IntegrationUseCase) Delete ¶
func (uc *IntegrationUseCase) Delete(ctx context.Context, orgID, integrationID string) error
func (*IntegrationUseCase) Detach ¶
func (uc *IntegrationUseCase) Detach(ctx context.Context, orgID, attachmentID string) error
Detach integration from workflow
func (*IntegrationUseCase) FindByIDInOrg ¶
func (uc *IntegrationUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*Integration, error)
func (*IntegrationUseCase) List ¶
func (uc *IntegrationUseCase) List(ctx context.Context, orgID string) ([]*Integration, error)
func (*IntegrationUseCase) ListAttachments ¶
func (uc *IntegrationUseCase) ListAttachments(ctx context.Context, orgID, workflowID string) ([]*IntegrationAttachment, error)
List attachments returns the list of attachments for a given organization and optionally workflow
func (*IntegrationUseCase) RegisterAndSave ¶ added in v0.11.1
func (uc *IntegrationUseCase) RegisterAndSave(ctx context.Context, orgID, description string, i sdk.FanOut, regConfig *structpb.Struct) (*Integration, error)
Persist the secret and integration with its configuration in the database
type Membership ¶
type MembershipRepo ¶
type MembershipRepo interface { FindByUser(ctx context.Context, userID uuid.UUID) ([]*Membership, error) FindByOrg(ctx context.Context, orgID uuid.UUID) ([]*Membership, error) FindByIDInUser(ctx context.Context, userID, ID uuid.UUID) (*Membership, error) SetCurrent(ctx context.Context, ID uuid.UUID) (*Membership, error) Create(ctx context.Context, orgID, userID uuid.UUID, current bool) (*Membership, error) Delete(ctx context.Context, ID uuid.UUID) error }
type MembershipUseCase ¶
type MembershipUseCase struct {
// contains filtered or unexported fields
}
func NewMembershipUseCase ¶ added in v0.8.95
func NewMembershipUseCase(repo MembershipRepo, logger log.Logger) *MembershipUseCase
func (*MembershipUseCase) ByOrg ¶
func (uc *MembershipUseCase) ByOrg(ctx context.Context, orgID string) ([]*Membership, error)
func (*MembershipUseCase) ByUser ¶
func (uc *MembershipUseCase) ByUser(ctx context.Context, userID string) ([]*Membership, error)
func (*MembershipUseCase) Create ¶
func (uc *MembershipUseCase) Create(ctx context.Context, orgID, userID string, current bool) (*Membership, error)
func (*MembershipUseCase) Delete ¶
func (uc *MembershipUseCase) Delete(ctx context.Context, id string) error
func (*MembershipUseCase) SetCurrent ¶
func (uc *MembershipUseCase) SetCurrent(ctx context.Context, userID, membershipID string) (*Membership, error)
type NewIntegrationUseCaseOpts ¶ added in v0.8.95
type NewIntegrationUseCaseOpts struct { IRepo IntegrationRepo IaRepo IntegrationAttachmentRepo WfRepo WorkflowRepo CredsRW credentials.ReaderWriter Logger log.Logger }
type NewUserUseCaseParams ¶
type NewUserUseCaseParams struct { UserRepo UserRepo MembershipUseCase *MembershipUseCase OrganizationUseCase *OrganizationUseCase Logger log.Logger }
type OrgInvitation ¶ added in v0.25.0
type OrgInvitation struct { ID uuid.UUID Org *Organization Sender *User ReceiverEmail string CreatedAt *time.Time Status OrgInvitationStatus }
type OrgInvitationRepo ¶ added in v0.25.0
type OrgInvitationRepo interface { Create(ctx context.Context, orgID, senderID uuid.UUID, receiverEmail string) (*OrgInvitation, error) FindByID(ctx context.Context, ID uuid.UUID) (*OrgInvitation, error) PendingInvitation(ctx context.Context, orgID uuid.UUID, receiverEmail string) (*OrgInvitation, error) PendingInvitations(ctx context.Context, receiverEmail string) ([]*OrgInvitation, error) SoftDelete(ctx context.Context, id uuid.UUID) error ListBySender(ctx context.Context, sender uuid.UUID) ([]*OrgInvitation, error) ChangeStatus(ctx context.Context, ID uuid.UUID, status OrgInvitationStatus) error }
type OrgInvitationStatus ¶ added in v0.25.0
type OrgInvitationStatus string
var ( OrgInvitationStatusPending OrgInvitationStatus = "pending" OrgInvitationStatusAccepted OrgInvitationStatus = "accepted" )
func (OrgInvitationStatus) Values ¶ added in v0.25.0
func (OrgInvitationStatus) Values() (kinds []string)
Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues
type OrgInvitationUseCase ¶ added in v0.25.0
type OrgInvitationUseCase struct {
// contains filtered or unexported fields
}
func NewOrgInvitationUseCase ¶ added in v0.25.0
func NewOrgInvitationUseCase(r OrgInvitationRepo, mRepo MembershipRepo, uRepo UserRepo, l log.Logger) (*OrgInvitationUseCase, error)
func (*OrgInvitationUseCase) AcceptInvitation ¶ added in v0.25.0
func (uc *OrgInvitationUseCase) AcceptInvitation(ctx context.Context, invitationID string) error
func (*OrgInvitationUseCase) AcceptPendingInvitations ¶ added in v0.25.0
func (uc *OrgInvitationUseCase) AcceptPendingInvitations(ctx context.Context, receiverEmail string) error
AcceptPendingInvitations accepts all pending invitations for a given user email
func (*OrgInvitationUseCase) Create ¶ added in v0.25.0
func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, receiverEmail string) (*OrgInvitation, error)
func (*OrgInvitationUseCase) FindByID ¶ added in v0.25.0
func (uc *OrgInvitationUseCase) FindByID(ctx context.Context, invitationID string) (*OrgInvitation, error)
func (*OrgInvitationUseCase) ListBySender ¶ added in v0.25.0
func (uc *OrgInvitationUseCase) ListBySender(ctx context.Context, senderID string) ([]*OrgInvitation, error)
type OrgMetricsRepo ¶
type OrgMetricsRepo interface { // Total number of runs within the provided time window (from now) RunsTotal(ctx context.Context, orgID uuid.UUID, timeWindow time.Duration) (int32, error) // Total number by run status RunsByStatusTotal(ctx context.Context, orgID uuid.UUID, timeWindow time.Duration) (map[string]int32, error) RunsByRunnerTypeTotal(ctx context.Context, orgID uuid.UUID, timeWindow time.Duration) (map[string]int32, error) TopWorkflowsByRunsCount(ctx context.Context, orgID uuid.UUID, numWorkflows int, timeWindow time.Duration) ([]*TopWorkflowsByRunsCountItem, error) }
type OrgMetricsUseCase ¶
type OrgMetricsUseCase struct {
// contains filtered or unexported fields
}
func NewOrgMetricsUseCase ¶
func NewOrgMetricsUseCase(r OrgMetricsRepo, l log.Logger) (*OrgMetricsUseCase, error)
func (*OrgMetricsUseCase) RunsTotalByRunnerType ¶
func (*OrgMetricsUseCase) RunsTotalByStatus ¶
func (*OrgMetricsUseCase) TopWorkflowsByRunsCount ¶
func (uc *OrgMetricsUseCase) TopWorkflowsByRunsCount(ctx context.Context, orgID string, numWorkflows int, timeWindow time.Duration) ([]*TopWorkflowsByRunsCountItem, error)
type Organization ¶
type OrganizationRepo ¶
type OrganizationUseCase ¶
type OrganizationUseCase struct {
// contains filtered or unexported fields
}
func NewOrganizationUseCase ¶ added in v0.8.95
func NewOrganizationUseCase(repo OrganizationRepo, repoUC *CASBackendUseCase, iUC *IntegrationUseCase, logger log.Logger) *OrganizationUseCase
func (*OrganizationUseCase) Create ¶
func (uc *OrganizationUseCase) Create(ctx context.Context, name string) (*Organization, error)
func (*OrganizationUseCase) Delete ¶
func (uc *OrganizationUseCase) Delete(ctx context.Context, id string) error
Delete deletes an organization and all relevant data This includes: - The organization - The associated repositories - The associated integrations The reason for just deleting these two associated components only is because they have external secrets that need to be deleted as well, and for that we leverage their own delete methods The rest of the data gets removed by the database cascade delete
func (*OrganizationUseCase) FindByID ¶
func (uc *OrganizationUseCase) FindByID(ctx context.Context, id string) (*Organization, error)
type Referrer ¶ added in v0.30.0
type ReferrerRepo ¶ added in v0.30.0
type ReferrerRepo interface { Save(ctx context.Context, input []*Referrer, workflowID uuid.UUID) error // GetFromRoot returns the referrer identified by the provided content digest, including its first-level references // For example if sha:deadbeef represents an attestation, the result will contain the attestation + materials associated to it // OrgIDs represent an allowList of organizations where the referrers should be looked for GetFromRoot(ctx context.Context, digest string, orgIDS []uuid.UUID, filters ...GetFromRootFilter) (*StoredReferrer, error) }
type ReferrerUseCase ¶ added in v0.30.0
type ReferrerUseCase struct {
// contains filtered or unexported fields
}
func NewReferrerUseCase ¶ added in v0.30.0
func NewReferrerUseCase(repo ReferrerRepo, wfRepo WorkflowRepo, mRepo MembershipRepo, indexCfg *conf.ReferrerSharedIndex, l log.Logger) (*ReferrerUseCase, error)
func (*ReferrerUseCase) ExtractAndPersist ¶ added in v0.30.0
func (s *ReferrerUseCase) ExtractAndPersist(ctx context.Context, att *dsse.Envelope, workflowID string) error
ExtractAndPersist extracts the referrers (subject + materials) from the given attestation and store it as part of the referrers index table
func (*ReferrerUseCase) GetFromRoot ¶ added in v0.30.0
func (s *ReferrerUseCase) GetFromRoot(ctx context.Context, digest, rootKind, userID string) (*StoredReferrer, error)
GetFromRoot returns the referrer identified by the provided content digest, including its first-level references For example if sha:deadbeef represents an attestation, the result will contain the attestation + materials associated to it It only returns referrers that belong to organizations the user is member of
func (*ReferrerUseCase) GetFromRootInPublicSharedIndex ¶ added in v0.40.0
func (s *ReferrerUseCase) GetFromRootInPublicSharedIndex(ctx context.Context, digest, rootKind string) (*StoredReferrer, error)
Get the list of public referrers from organizations that have been allowed to be shown in a shared index NOTE: This is a public endpoint under /discover/[sha256:deadbeef]
type RobotAccount ¶
type RobotAccountRepo ¶
type RobotAccountRepo interface { Create(ctx context.Context, name string, workflowID uuid.UUID) (*RobotAccount, error) List(ctx context.Context, workflowID uuid.UUID, includeRevoked bool) ([]*RobotAccount, error) FindByID(ctx context.Context, ID uuid.UUID) (*RobotAccount, error) Revoke(ctx context.Context, orgID, ID uuid.UUID) error }
type RobotAccountUseCase ¶
type RobotAccountUseCase struct {
// contains filtered or unexported fields
}
func NewRootAccountUseCase ¶
func NewRootAccountUseCase(robotAccountRepo RobotAccountRepo, workflowRepo WorkflowRepo, conf *conf.Auth, logger log.Logger) *RobotAccountUseCase
func (*RobotAccountUseCase) Create ¶
func (uc *RobotAccountUseCase) Create(ctx context.Context, name string, orgID, workflowID string) (*RobotAccount, error)
func (*RobotAccountUseCase) FindByID ¶
func (uc *RobotAccountUseCase) FindByID(ctx context.Context, id string) (*RobotAccount, error)
func (*RobotAccountUseCase) List ¶
func (uc *RobotAccountUseCase) List(ctx context.Context, orgID, workflowID string, includeRevoked bool) ([]*RobotAccount, error)
type StoredReferrer ¶ added in v0.30.0
type StoredReferrer struct { *Referrer ID uuid.UUID CreatedAt *time.Time // Fully expanded list of 1-level off references References []*StoredReferrer OrgIDs, WorkflowIDs []uuid.UUID }
Actual referrer stored in the DB which includes a nested list of storedReferences
type UserOrgFinder ¶
type UserUseCase ¶
type UserUseCase struct {
// contains filtered or unexported fields
}
func NewUserUseCase ¶
func NewUserUseCase(opts *NewUserUseCaseParams) *UserUseCase
func (*UserUseCase) CurrentOrg ¶
func (uc *UserUseCase) CurrentOrg(ctx context.Context, userID string) (*Organization, error)
Find the organization associated with the user that's marked as current
func (*UserUseCase) DeleteUser ¶
func (uc *UserUseCase) DeleteUser(ctx context.Context, userID string) error
DeleteUser deletes the user, related memberships and organization if needed
func (*UserUseCase) FindOrCreateByEmail ¶
type Workflow ¶
type Workflow struct {
Name, Team, Project string
CreatedAt *time.Time
RunsCounter int
LastRun *WorkflowRun
ID, ContractID, OrgID uuid.UUID
// Public means that the associated workflow runs, attestations and materials
// are reachable by other users, regardless of their organization
// This field is also used to calculate if an user can download attestations/materials from the CAS
Public bool
}
type WorkflowContract ¶
type WorkflowContractRepo ¶
type WorkflowContractRepo interface { Create(ctx context.Context, opts *ContractCreateOpts) (*WorkflowContract, error) List(ctx context.Context, orgID uuid.UUID) ([]*WorkflowContract, error) FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*WorkflowContract, error) Describe(ctx context.Context, orgID, contractID uuid.UUID, revision int) (*WorkflowContractWithVersion, error) FindVersionByID(ctx context.Context, versionID uuid.UUID) (*WorkflowContractVersion, error) Update(ctx context.Context, opts *ContractUpdateOpts) (*WorkflowContractWithVersion, error) SoftDelete(ctx context.Context, contractID uuid.UUID) error }
type WorkflowContractUseCase ¶
type WorkflowContractUseCase struct {
// contains filtered or unexported fields
}
func NewWorkflowContractUseCase ¶ added in v0.8.95
func NewWorkflowContractUseCase(repo WorkflowContractRepo, logger log.Logger) *WorkflowContractUseCase
func (*WorkflowContractUseCase) Create ¶
func (uc *WorkflowContractUseCase) Create(ctx context.Context, orgID, name string, schema *schemav1.CraftingSchema) (*WorkflowContract, error)
we currently only support schema v1
func (*WorkflowContractUseCase) Delete ¶
func (uc *WorkflowContractUseCase) Delete(ctx context.Context, orgID, contractID string) error
Delete soft-deletes the entry
func (*WorkflowContractUseCase) Describe ¶
func (uc *WorkflowContractUseCase) Describe(ctx context.Context, orgID, contractID string, revision int) (*WorkflowContractWithVersion, error)
func (*WorkflowContractUseCase) FindByIDInOrg ¶
func (uc *WorkflowContractUseCase) FindByIDInOrg(ctx context.Context, orgID, contractID string) (*WorkflowContract, error)
func (*WorkflowContractUseCase) FindVersionByID ¶
func (uc *WorkflowContractUseCase) FindVersionByID(ctx context.Context, versionID string) (*WorkflowContractVersion, error)
func (*WorkflowContractUseCase) List ¶
func (uc *WorkflowContractUseCase) List(ctx context.Context, orgID string) ([]*WorkflowContract, error)
func (*WorkflowContractUseCase) Update ¶
func (uc *WorkflowContractUseCase) Update(ctx context.Context, orgID, contractID, name string, schema *schemav1.CraftingSchema) (*WorkflowContractWithVersion, error)
type WorkflowContractVersion ¶
type WorkflowContractWithVersion ¶
type WorkflowContractWithVersion struct { Contract *WorkflowContract Version *WorkflowContractVersion }
type WorkflowCreateOpts ¶ added in v0.40.0
type WorkflowCreateOpts struct {
Name, OrgID, Project, Team, ContractID string
// Public means that the associated workflow runs, attestations and materials
// are reachable by other users, regardless of their organization
Public bool
}
TODO: move to pointer properties to handle empty values
type WorkflowRepo ¶
type WorkflowRepo interface { Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error) Update(ctx context.Context, id uuid.UUID, opts *WorkflowUpdateOpts) (*Workflow, error) List(ctx context.Context, orgID uuid.UUID) ([]*Workflow, error) GetOrgScoped(ctx context.Context, orgID, workflowID uuid.UUID) (*Workflow, error) IncRunsCounter(ctx context.Context, workflowID uuid.UUID) error FindByID(ctx context.Context, workflowID uuid.UUID) (*Workflow, error) SoftDelete(ctx context.Context, workflowID uuid.UUID) error }
type WorkflowRun ¶
type WorkflowRunCreateOpts ¶
type WorkflowRunExpirerOpts ¶
type WorkflowRunExpirerUseCase ¶
type WorkflowRunExpirerUseCase struct {
// contains filtered or unexported fields
}
func NewWorkflowRunExpirerUseCase ¶
func NewWorkflowRunExpirerUseCase(wfrRepo WorkflowRunRepo, logger log.Logger) *WorkflowRunExpirerUseCase
func (*WorkflowRunExpirerUseCase) ExpirationSweep ¶
func (uc *WorkflowRunExpirerUseCase) ExpirationSweep(ctx context.Context, olderThan time.Time) error
ExpirationSweep looks for runs older than the provider time and marks them as expired
func (*WorkflowRunExpirerUseCase) Run ¶
func (uc *WorkflowRunExpirerUseCase) Run(ctx context.Context, opts *WorkflowRunExpirerOpts)
type WorkflowRunRepo ¶
type WorkflowRunRepo interface { Create(ctx context.Context, workflowID, robotaccountID, contractVersion uuid.UUID, runURL, runnerType string, casBackends []uuid.UUID) (*WorkflowRun, error) FindByID(ctx context.Context, ID uuid.UUID) (*WorkflowRun, error) FindByAttestationDigest(ctx context.Context, digest string) (*WorkflowRun, error) FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*WorkflowRun, error) MarkAsFinished(ctx context.Context, ID uuid.UUID, status WorkflowRunStatus, reason string) error SaveAttestation(ctx context.Context, ID uuid.UUID, att *dsse.Envelope, digest string) error List(ctx context.Context, orgID, workflowID uuid.UUID, p *pagination.Options) ([]*WorkflowRun, string, error) // List the runs that have not finished and are older than a given time ListNotFinishedOlderThan(ctx context.Context, olderThan time.Time) ([]*WorkflowRun, error) // Set run as expired Expire(ctx context.Context, id uuid.UUID) error }
type WorkflowRunStatus ¶
type WorkflowRunStatus string
const ( WorkflowRunInitialized WorkflowRunStatus = "initialized" WorkflowRunSuccess WorkflowRunStatus = "success" WorkflowRunError WorkflowRunStatus = "error" WorkflowRunExpired WorkflowRunStatus = "expired" WorkflowRunCancelled WorkflowRunStatus = "canceled" )
func (WorkflowRunStatus) Values ¶
func (WorkflowRunStatus) Values() (kinds []string)
Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues
type WorkflowRunUseCase ¶
type WorkflowRunUseCase struct {
// contains filtered or unexported fields
}
func NewWorkflowRunUseCase ¶ added in v0.8.95
func NewWorkflowRunUseCase(wfrRepo WorkflowRunRepo, wfRepo WorkflowRepo, logger log.Logger) (*WorkflowRunUseCase, error)
func (*WorkflowRunUseCase) Create ¶
func (uc *WorkflowRunUseCase) Create(ctx context.Context, opts *WorkflowRunCreateOpts) (*WorkflowRun, error)
Create will add a new WorkflowRun, associate it to a schemaVersion and increment the counter in the associated workflow
func (*WorkflowRunUseCase) ExistsInWorkflow ¶
func (uc *WorkflowRunUseCase) ExistsInWorkflow(ctx context.Context, workflowID, id string) (bool, error)
The workflowRun belongs to the provided workflowRun
func (*WorkflowRunUseCase) GetByDigestInOrgOrPublic ¶ added in v0.18.0
func (uc *WorkflowRunUseCase) GetByDigestInOrgOrPublic(ctx context.Context, orgID, digest string) (*WorkflowRun, error)
func (*WorkflowRunUseCase) GetByIDInOrgOrPublic ¶ added in v0.18.0
func (uc *WorkflowRunUseCase) GetByIDInOrgOrPublic(ctx context.Context, orgID, runID string) (*WorkflowRun, error)
Returns the workflow run with the provided ID if it belongs to the org or its public
func (*WorkflowRunUseCase) List ¶
func (uc *WorkflowRunUseCase) List(ctx context.Context, orgID, workflowID string, p *pagination.Options) ([]*WorkflowRun, string, error)
List the workflowruns associated with an org and optionally filtered by a workflow
func (*WorkflowRunUseCase) MarkAsFinished ¶
func (uc *WorkflowRunUseCase) MarkAsFinished(ctx context.Context, id string, status WorkflowRunStatus, reason string) error
func (*WorkflowRunUseCase) SaveAttestation ¶ added in v0.11.1
type WorkflowRunWithContract ¶
type WorkflowRunWithContract struct { *WorkflowRun *WorkflowContractVersion }
type WorkflowUpdateOpts ¶ added in v0.40.0
type WorkflowUseCase ¶
type WorkflowUseCase struct {
// contains filtered or unexported fields
}
func NewWorkflowUsecase ¶
func NewWorkflowUsecase(wfr WorkflowRepo, schemaUC *WorkflowContractUseCase, logger log.Logger) *WorkflowUseCase
func (*WorkflowUseCase) Create ¶
func (uc *WorkflowUseCase) Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error)
func (*WorkflowUseCase) Delete ¶
func (uc *WorkflowUseCase) Delete(ctx context.Context, orgID, workflowID string) error
Delete soft-deletes the entry
func (*WorkflowUseCase) FindByIDInOrg ¶
func (*WorkflowUseCase) IncRunsCounter ¶
func (uc *WorkflowUseCase) IncRunsCounter(ctx context.Context, workflowID string) error
func (*WorkflowUseCase) Update ¶ added in v0.40.0
func (uc *WorkflowUseCase) Update(ctx context.Context, orgID, workflowID string, opts *WorkflowUpdateOpts) (*Workflow, error)