biz

package
v0.55.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2023 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source
const (
	CASBackendDefaultMaxBytes int64 = 100 * 1024 * 1024 // 100MB
	// Inline, embedded CAS backend
	CASBackendInline                CASBackendProvider = "INLINE"
	CASBackendInlineDefaultMaxBytes int64              = 500 * 1024 // 500KB
)

Variables

ProviderSet is biz providers.

Functions

func IsErrInvalidUUID

func IsErrInvalidUUID(err error) bool

func IsErrUnauthorized added in v0.17.0

func IsErrUnauthorized(err error) bool

func IsErrValidation

func IsErrValidation(err error) bool

func IsNotFound

func IsNotFound(err error) bool

func NewErrReferrerAmbiguous added in v0.40.0

func NewErrReferrerAmbiguous(digest string, kinds []string) error

func WithKind added in v0.40.0

func WithKind(kind string) func(*GetFromRootFilters)

func WithPublicVisibility added in v0.40.0

func WithPublicVisibility(public bool) func(*GetFromRootFilters)

Types

type APIToken added in v0.55.0

type APIToken struct {
	ID          uuid.UUID
	Description string
	// This is the JWT value returned only during creation
	JWT string
	// Tokens are scoped to organizations
	OrganizationID uuid.UUID
	CreatedAt      *time.Time
	// When the token expires
	ExpiresAt *time.Time
	// When the token was manually revoked
	RevokedAt *time.Time
}

API Token is used for unattended access to the control plane API.

type APITokenRepo added in v0.55.0

type APITokenRepo interface {
	Create(ctx context.Context, description *string, expiresAt *time.Time, organizationID uuid.UUID) (*APIToken, error)
	List(ctx context.Context, orgID uuid.UUID, includeRevoked bool) ([]*APIToken, error)
	Revoke(ctx context.Context, orgID, ID uuid.UUID) error
	FindByID(ctx context.Context, ID uuid.UUID) (*APIToken, error)
}

type APITokenUseCase added in v0.55.0

type APITokenUseCase struct {
	// contains filtered or unexported fields
}

func NewAPITokenUseCase added in v0.55.0

func NewAPITokenUseCase(apiTokenRepo APITokenRepo, conf *conf.Auth, logger log.Logger) (*APITokenUseCase, error)

func (*APITokenUseCase) Create added in v0.55.0

func (uc *APITokenUseCase) Create(ctx context.Context, description *string, expiresIn *time.Duration, orgID string) (*APIToken, error)

expires in is a string that can be parsed by time.ParseDuration

func (*APITokenUseCase) FindByID added in v0.55.0

func (uc *APITokenUseCase) FindByID(ctx context.Context, id string) (*APIToken, error)

func (*APITokenUseCase) List added in v0.55.0

func (uc *APITokenUseCase) List(ctx context.Context, orgID string, includeRevoked bool) ([]*APIToken, error)

func (*APITokenUseCase) Revoke added in v0.55.0

func (uc *APITokenUseCase) Revoke(ctx context.Context, orgID, id string) error

type AttachOpts

type AttachOpts struct {
	IntegrationID, WorkflowID, OrgID string
	// The integration that is being attached
	FanOutIntegration sdk.FanOut
	// The attachment configuration
	AttachmentConfig *structpb.Struct
}

type Attestation

type Attestation struct {
	Envelope *dsse.Envelope
	Digest   string
}

type AttestationUseCase

type AttestationUseCase struct {
	CASClient
	// contains filtered or unexported fields
}

func NewAttestationUseCase

func NewAttestationUseCase(client CASClient, logger log.Logger) *AttestationUseCase

func (*AttestationUseCase) UploadToCAS added in v0.8.95

func (uc *AttestationUseCase) UploadToCAS(ctx context.Context, envelope *dsse.Envelope, backend *CASBackend, workflowRunID string) (*cr_v1.Hash, error)

type CASBackend added in v0.14.0

type CASBackend struct {
	ID                                uuid.UUID
	Location, Description, SecretName string
	CreatedAt, ValidatedAt            *time.Time
	OrganizationID                    uuid.UUID
	ValidationStatus                  CASBackendValidationStatus
	// OCI, S3, ...
	Provider CASBackendProvider
	// Whether this is the default cas backend for the organization
	Default bool
	// it's a inline backend, the artifacts are embedded in the attestation
	Inline bool
	// It's a fallback backend, it cannot be deleted
	Fallback bool

	Limits *CASBackendLimits
}

type CASBackendCreateOpts added in v0.14.0

type CASBackendCreateOpts struct {
	*CASBackendOpts
	Fallback bool
}

type CASBackendLimits added in v0.14.0

type CASBackendLimits struct {
	// Max number of bytes allowed to be stored in this backend
	MaxBytes int64
}

type CASBackendOpts added in v0.14.0

type CASBackendOpts struct {
	OrgID                             uuid.UUID
	Location, SecretName, Description string
	Provider                          CASBackendProvider
	Default                           bool
}

type CASBackendProvider added in v0.14.0

type CASBackendProvider string

func (CASBackendProvider) Values added in v0.14.0

func (CASBackendProvider) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type CASBackendReader added in v0.14.0

type CASBackendReader interface {
	FindDefaultBackend(ctx context.Context, orgID string) (*CASBackend, error)
	FindByIDInOrg(ctx context.Context, OrgID, ID string) (*CASBackend, error)
	PerformValidation(ctx context.Context, ID string) error
}

type CASBackendRepo added in v0.14.0

type CASBackendRepo interface {
	FindDefaultBackend(ctx context.Context, orgID uuid.UUID) (*CASBackend, error)
	FindFallbackBackend(ctx context.Context, orgID uuid.UUID) (*CASBackend, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*CASBackend, error)
	FindByIDInOrg(ctx context.Context, OrgID, ID uuid.UUID) (*CASBackend, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*CASBackend, error)
	UpdateValidationStatus(ctx context.Context, ID uuid.UUID, status CASBackendValidationStatus) error
	Create(context.Context, *CASBackendCreateOpts) (*CASBackend, error)
	Update(context.Context, *CASBackendUpdateOpts) (*CASBackend, error)
	Delete(ctx context.Context, ID uuid.UUID) error
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type CASBackendUpdateOpts added in v0.14.0

type CASBackendUpdateOpts struct {
	*CASBackendOpts
	ID uuid.UUID
}

type CASBackendUseCase added in v0.14.0

type CASBackendUseCase struct {
	// contains filtered or unexported fields
}

func NewCASBackendUseCase added in v0.14.0

func NewCASBackendUseCase(repo CASBackendRepo, credsRW credentials.ReaderWriter, providers backend.Providers, l log.Logger) *CASBackendUseCase

func (*CASBackendUseCase) Create added in v0.14.0

func (uc *CASBackendUseCase) Create(ctx context.Context, orgID, location, description string, provider CASBackendProvider, creds any, defaultB bool) (*CASBackend, error)

func (*CASBackendUseCase) CreateInlineFallbackBackend added in v0.14.0

func (uc *CASBackendUseCase) CreateInlineFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) CreateOrUpdate deprecated added in v0.14.0

func (uc *CASBackendUseCase) CreateOrUpdate(ctx context.Context, orgID, name, username, password string, provider CASBackendProvider, defaultB bool) (*CASBackend, error)

Deprecated: use Create and update methods separately instead

func (*CASBackendUseCase) Delete added in v0.14.0

func (uc *CASBackendUseCase) Delete(ctx context.Context, id string) error

Delete will delete the secret in the external secrets manager and the CAS backend from the database This method is used during user off-boarding

func (*CASBackendUseCase) FindByIDInOrg added in v0.14.0

func (uc *CASBackendUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*CASBackend, error)

func (*CASBackendUseCase) FindDefaultBackend added in v0.14.0

func (uc *CASBackendUseCase) FindDefaultBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) FindFallbackBackend added in v0.14.0

func (uc *CASBackendUseCase) FindFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) List added in v0.14.0

func (uc *CASBackendUseCase) List(ctx context.Context, orgID string) ([]*CASBackend, error)

func (*CASBackendUseCase) PerformValidation added in v0.14.0

func (uc *CASBackendUseCase) PerformValidation(ctx context.Context, id string) (err error)

Validate that the repository is valid and reachable

func (*CASBackendUseCase) SoftDelete added in v0.14.0

func (uc *CASBackendUseCase) SoftDelete(ctx context.Context, orgID, id string) error

SoftDelete will mark the cas backend as deleted but will not delete the secret in the external secrets manager We keep it so it can be restored or referenced in the future while trying to download an asset

func (*CASBackendUseCase) Update added in v0.14.0

func (uc *CASBackendUseCase) Update(ctx context.Context, orgID, id, description string, creds any, defaultB bool) (*CASBackend, error)

Update will update credentials, description or default status

type CASBackendValidationStatus added in v0.14.0

type CASBackendValidationStatus string
var CASBackendValidationFailed CASBackendValidationStatus = "Invalid"
var CASBackendValidationOK CASBackendValidationStatus = "OK"

func (CASBackendValidationStatus) Values added in v0.14.0

func (CASBackendValidationStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type CASClient added in v0.8.95

type CASClient interface {
	CASUploader
	CASDownloader
}

type CASClientFactory added in v0.8.96

type CASClientFactory func(conf *conf.Bootstrap_CASServer, token string) (casclient.DownloaderUploader, func(), error)

Function that returns a CAS client including a connection closer method

type CASClientOpts added in v0.8.96

type CASClientOpts func(u *CASClientUseCase)

func WithClientFactory added in v0.8.96

func WithClientFactory(f CASClientFactory) CASClientOpts

type CASClientUseCase added in v0.8.95

type CASClientUseCase struct {
	// contains filtered or unexported fields
}

func NewCASClientUseCase added in v0.8.95

func NewCASClientUseCase(credsProvider *CASCredentialsUseCase, config *conf.Bootstrap_CASServer, l log.Logger, opts ...CASClientOpts) *CASClientUseCase

func (*CASClientUseCase) Download added in v0.8.95

func (uc *CASClientUseCase) Download(ctx context.Context, backendType, secretID string, w io.Writer, digest string) error

func (*CASClientUseCase) IsReady added in v0.8.96

func (uc *CASClientUseCase) IsReady(ctx context.Context) (bool, error)

If the CAS server can be reached and reports readiness

func (*CASClientUseCase) Upload added in v0.8.95

func (uc *CASClientUseCase) Upload(ctx context.Context, backendType, secretID string, content io.Reader, filename, digest string) error

The secretID is embedded in the JWT token and is used to identify the secret by the CAS server

type CASCredentialsUseCase

type CASCredentialsUseCase struct {
	// contains filtered or unexported fields
}

func NewCASCredentialsUseCase

func NewCASCredentialsUseCase(c *conf.Auth) (*CASCredentialsUseCase, error)

func (*CASCredentialsUseCase) GenerateTemporaryCredentials

func (uc *CASCredentialsUseCase) GenerateTemporaryCredentials(backendRef *CASCredsOpts) (string, error)

type CASCredsOpts added in v0.19.0

type CASCredsOpts struct {
	BackendType string // i.e OCI, S3
	SecretPath  string // path to for example the OCI secret in the vault
	Role        robotaccount.Role
}

type CASDownloader added in v0.8.95

type CASDownloader interface {
	Download(ctx context.Context, backendType, secretID string, w io.Writer, digest string) error
}

type CASMapping added in v0.17.0

type CASMapping struct {
	ID, OrgID, WorkflowRunID uuid.UUID
	CASBackend               *CASBackend
	Digest                   string
	CreatedAt                *time.Time
	// A public mapping means that the material/attestation can be downloaded by anyone
	Public bool
}

type CASMappingLookupRef added in v0.17.0

type CASMappingLookupRef struct {
	Name, Digest string
}

type CASMappingRepo added in v0.17.0

type CASMappingRepo interface {
	Create(ctx context.Context, digest string, casBackendID, workflowRunID uuid.UUID) (*CASMapping, error)
	// List all the CAS mappings for the given digest
	FindByDigest(ctx context.Context, digest string) ([]*CASMapping, error)
}

type CASMappingUseCase added in v0.17.0

type CASMappingUseCase struct {
	// contains filtered or unexported fields
}

func NewCASMappingUseCase added in v0.17.0

func NewCASMappingUseCase(repo CASMappingRepo, mRepo MembershipRepo, logger log.Logger) *CASMappingUseCase

func (*CASMappingUseCase) Create added in v0.17.0

func (uc *CASMappingUseCase) Create(ctx context.Context, digest string, casBackendID, workflowRunID string) (*CASMapping, error)

func (*CASMappingUseCase) FindByDigest added in v0.17.0

func (uc *CASMappingUseCase) FindByDigest(ctx context.Context, digest string) ([]*CASMapping, error)

func (*CASMappingUseCase) FindCASMappingForDownloadByOrg added in v0.55.0

func (uc *CASMappingUseCase) FindCASMappingForDownloadByOrg(ctx context.Context, digest string, orgs []string) (*CASMapping, error)

func (*CASMappingUseCase) FindCASMappingForDownloadByUser added in v0.55.0

func (uc *CASMappingUseCase) FindCASMappingForDownloadByUser(ctx context.Context, digest string, userID string) (*CASMapping, error)

FindCASMappingForDownloadByUser returns the CASMapping appropriate for the given digest and user This means, in order 1 - Any mapping that points to an organization which the user is member of 1.1 If there are multiple mappings, it will pick the default one or the first one 2 - Any mapping that is public

func (*CASMappingUseCase) LookupDigestsInAttestation added in v0.17.0

func (uc *CASMappingUseCase) LookupDigestsInAttestation(att *dsse.Envelope) ([]*CASMappingLookupRef, error)

LookupCASItemsInAttestation returns a list of references to the materials that have been uploaded to CAS as well as the attestation digest itself

type CASUploader added in v0.8.95

type CASUploader interface {
	Upload(ctx context.Context, backendType, secretID string, content io.Reader, filename, digest string) error
}

type ContractCreateOpts

type ContractCreateOpts struct {
	Name         string
	OrgID        uuid.UUID
	ContractBody []byte
}

type ContractUpdateOpts

type ContractUpdateOpts struct {
	Name              string
	OrgID, ContractID uuid.UUID
	ContractBody      []byte
}

type ErrAmbiguousReferrer added in v0.40.0

type ErrAmbiguousReferrer struct {
	// contains filtered or unexported fields
}

A referrer with the same digest points to two different artifact types and we require filtering out which one

func (ErrAmbiguousReferrer) Error added in v0.40.0

func (e ErrAmbiguousReferrer) Error() string

type ErrInvalidUUID

type ErrInvalidUUID struct {
	// contains filtered or unexported fields
}

func NewErrInvalidUUID

func NewErrInvalidUUID(err error) ErrInvalidUUID

func (ErrInvalidUUID) Error

func (e ErrInvalidUUID) Error() string

type ErrNotFound

type ErrNotFound struct {
	// contains filtered or unexported fields
}

func NewErrNotFound

func NewErrNotFound(entity string) ErrNotFound

func (ErrNotFound) Error

func (e ErrNotFound) Error() string

type ErrUnauthorized added in v0.17.0

type ErrUnauthorized struct {
	// contains filtered or unexported fields
}

func NewErrUnauthorized added in v0.17.0

func NewErrUnauthorized(err error) ErrUnauthorized

func NewErrUnauthorizedStr added in v0.25.0

func NewErrUnauthorizedStr(errMsg string) ErrUnauthorized

func (ErrUnauthorized) Error added in v0.17.0

func (e ErrUnauthorized) Error() string

type ErrValidation added in v0.8.95

type ErrValidation struct {
	// contains filtered or unexported fields
}

func NewErrValidation added in v0.8.95

func NewErrValidation(err error) ErrValidation

func NewErrValidationStr added in v0.25.0

func NewErrValidationStr(errMsg string) ErrValidation

func (ErrValidation) Error added in v0.8.95

func (e ErrValidation) Error() string

type GetFromRootFilter added in v0.40.0

type GetFromRootFilter func(*GetFromRootFilters)

type GetFromRootFilters added in v0.40.0

type GetFromRootFilters struct {
	// RootKind is the kind of the root referrer, i.e ATTESTATION
	RootKind *string
	// Wether to filter by visibility or not
	Public *bool
}

type Integration

type Integration struct {
	ID uuid.UUID
	// Kind is the type of the integration, it matches the registered plugin ID
	Kind string
	// Description is a human readable description of the integration registration
	// It helps to differentiate different instances of the same kind
	Description string
	// Registration Configuration, usually JSON marshalled
	Config []byte
	// Identifier to the external provider where any secret information is stored
	SecretName string
	CreatedAt  *time.Time
}

type IntegrationAndAttachment

type IntegrationAndAttachment struct {
	*Integration
	*IntegrationAttachment
}

type IntegrationAttachment

type IntegrationAttachment struct {
	ID                        uuid.UUID
	CreatedAt                 *time.Time
	Config                    []byte
	WorkflowID, IntegrationID uuid.UUID
}

type IntegrationAttachmentRepo

type IntegrationAttachmentRepo interface {
	Create(ctx context.Context, integrationID, workflowID uuid.UUID, config []byte) (*IntegrationAttachment, error)
	List(ctx context.Context, orgID, workflowID uuid.UUID) ([]*IntegrationAttachment, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*IntegrationAttachment, error)
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type IntegrationCreateOpts added in v0.11.1

type IntegrationCreateOpts struct {
	Kind, Description, SecretName string
	OrgID                         uuid.UUID
	Config                        []byte
}

type IntegrationRepo

type IntegrationRepo interface {
	Create(ctx context.Context, opts *IntegrationCreateOpts) (*Integration, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*Integration, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*Integration, error)
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type IntegrationUseCase

type IntegrationUseCase struct {
	// contains filtered or unexported fields
}

func NewIntegrationUseCase added in v0.8.95

func NewIntegrationUseCase(opts *NewIntegrationUseCaseOpts) *IntegrationUseCase

func (*IntegrationUseCase) AttachToWorkflow

func (uc *IntegrationUseCase) AttachToWorkflow(ctx context.Context, opts *AttachOpts) (*IntegrationAttachment, error)

- Integration and workflows exists in current organization - Run specific validation for the integration - Persist integration attachment

func (*IntegrationUseCase) Delete

func (uc *IntegrationUseCase) Delete(ctx context.Context, orgID, integrationID string) error

func (*IntegrationUseCase) Detach

func (uc *IntegrationUseCase) Detach(ctx context.Context, orgID, attachmentID string) error

Detach integration from workflow

func (*IntegrationUseCase) FindByIDInOrg

func (uc *IntegrationUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*Integration, error)

func (*IntegrationUseCase) List

func (uc *IntegrationUseCase) List(ctx context.Context, orgID string) ([]*Integration, error)

func (*IntegrationUseCase) ListAttachments

func (uc *IntegrationUseCase) ListAttachments(ctx context.Context, orgID, workflowID string) ([]*IntegrationAttachment, error)

List attachments returns the list of attachments for a given organization and optionally workflow

func (*IntegrationUseCase) RegisterAndSave added in v0.11.1

func (uc *IntegrationUseCase) RegisterAndSave(ctx context.Context, orgID, description string, i sdk.FanOut, regConfig *structpb.Struct) (*Integration, error)

Persist the secret and integration with its configuration in the database

type Membership

type Membership struct {
	ID, UserID, OrganizationID uuid.UUID
	UserEmail                  string
	Current                    bool
	CreatedAt, UpdatedAt       *time.Time
	Org                        *Organization
}

type MembershipRepo

type MembershipRepo interface {
	FindByUser(ctx context.Context, userID uuid.UUID) ([]*Membership, error)
	FindByOrg(ctx context.Context, orgID uuid.UUID) ([]*Membership, error)
	FindByIDInUser(ctx context.Context, userID, ID uuid.UUID) (*Membership, error)
	FindByOrgAndUser(ctx context.Context, orgID, userID uuid.UUID) (*Membership, error)
	SetCurrent(ctx context.Context, ID uuid.UUID) (*Membership, error)
	Create(ctx context.Context, orgID, userID uuid.UUID, current bool) (*Membership, error)
	Delete(ctx context.Context, ID uuid.UUID) error
}

type MembershipUseCase

type MembershipUseCase struct {
	// contains filtered or unexported fields
}

func NewMembershipUseCase added in v0.8.95

func NewMembershipUseCase(repo MembershipRepo, orgUC *OrganizationUseCase, logger log.Logger) *MembershipUseCase

func (*MembershipUseCase) ByOrg

func (uc *MembershipUseCase) ByOrg(ctx context.Context, orgID string) ([]*Membership, error)

func (*MembershipUseCase) ByUser

func (uc *MembershipUseCase) ByUser(ctx context.Context, userID string) ([]*Membership, error)

func (*MembershipUseCase) Create

func (uc *MembershipUseCase) Create(ctx context.Context, orgID, userID string, current bool) (*Membership, error)

func (*MembershipUseCase) DeleteWithOrg added in v0.50.0

func (uc *MembershipUseCase) DeleteWithOrg(ctx context.Context, userID, membershipID string) error

Delete deletes a membership from the database and the associated org if the user is the only member

func (*MembershipUseCase) SetCurrent

func (uc *MembershipUseCase) SetCurrent(ctx context.Context, userID, membershipID string) (*Membership, error)

type NewIntegrationUseCaseOpts added in v0.8.95

type NewIntegrationUseCaseOpts struct {
	IRepo   IntegrationRepo
	IaRepo  IntegrationAttachmentRepo
	WfRepo  WorkflowRepo
	CredsRW credentials.ReaderWriter
	Logger  log.Logger
}

type NewUserUseCaseParams

type NewUserUseCaseParams struct {
	UserRepo            UserRepo
	MembershipUseCase   *MembershipUseCase
	OrganizationUseCase *OrganizationUseCase
	Logger              log.Logger
}

type OrgInvitation added in v0.25.0

type OrgInvitation struct {
	ID            uuid.UUID
	Org           *Organization
	Sender        *User
	ReceiverEmail string
	CreatedAt     *time.Time
	Status        OrgInvitationStatus
}

type OrgInvitationRepo added in v0.25.0

type OrgInvitationRepo interface {
	Create(ctx context.Context, orgID, senderID uuid.UUID, receiverEmail string) (*OrgInvitation, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*OrgInvitation, error)
	PendingInvitation(ctx context.Context, orgID uuid.UUID, receiverEmail string) (*OrgInvitation, error)
	PendingInvitations(ctx context.Context, receiverEmail string) ([]*OrgInvitation, error)
	SoftDelete(ctx context.Context, id uuid.UUID) error
	ListBySender(ctx context.Context, sender uuid.UUID) ([]*OrgInvitation, error)
	ChangeStatus(ctx context.Context, ID uuid.UUID, status OrgInvitationStatus) error
}

type OrgInvitationStatus added in v0.25.0

type OrgInvitationStatus string
var (
	OrgInvitationStatusPending  OrgInvitationStatus = "pending"
	OrgInvitationStatusAccepted OrgInvitationStatus = "accepted"
)

func (OrgInvitationStatus) Values added in v0.25.0

func (OrgInvitationStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type OrgInvitationUseCase added in v0.25.0

type OrgInvitationUseCase struct {
	// contains filtered or unexported fields
}

func NewOrgInvitationUseCase added in v0.25.0

func NewOrgInvitationUseCase(r OrgInvitationRepo, mRepo MembershipRepo, uRepo UserRepo, l log.Logger) (*OrgInvitationUseCase, error)

func (*OrgInvitationUseCase) AcceptInvitation added in v0.25.0

func (uc *OrgInvitationUseCase) AcceptInvitation(ctx context.Context, invitationID string) error

func (*OrgInvitationUseCase) AcceptPendingInvitations added in v0.25.0

func (uc *OrgInvitationUseCase) AcceptPendingInvitations(ctx context.Context, receiverEmail string) error

AcceptPendingInvitations accepts all pending invitations for a given user email

func (*OrgInvitationUseCase) Create added in v0.25.0

func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, receiverEmail string) (*OrgInvitation, error)

func (*OrgInvitationUseCase) FindByID added in v0.25.0

func (uc *OrgInvitationUseCase) FindByID(ctx context.Context, invitationID string) (*OrgInvitation, error)

func (*OrgInvitationUseCase) ListBySender added in v0.25.0

func (uc *OrgInvitationUseCase) ListBySender(ctx context.Context, senderID string) ([]*OrgInvitation, error)

func (*OrgInvitationUseCase) Revoke added in v0.25.0

func (uc *OrgInvitationUseCase) Revoke(ctx context.Context, senderID, invitationID string) error

Revoke an invitation by ID only if the user is the one who created it

type OrgMetricsRepo

type OrgMetricsRepo interface {
	// Total number of runs within the provided time window (from now)
	RunsTotal(ctx context.Context, orgID uuid.UUID, timeWindow time.Duration) (int32, error)
	// Total number by run status
	RunsByStatusTotal(ctx context.Context, orgID uuid.UUID, timeWindow time.Duration) (map[string]int32, error)
	RunsByRunnerTypeTotal(ctx context.Context, orgID uuid.UUID, timeWindow time.Duration) (map[string]int32, error)
	TopWorkflowsByRunsCount(ctx context.Context, orgID uuid.UUID, numWorkflows int, timeWindow time.Duration) ([]*TopWorkflowsByRunsCountItem, error)
}

type OrgMetricsUseCase

type OrgMetricsUseCase struct {
	// contains filtered or unexported fields
}

func NewOrgMetricsUseCase

func NewOrgMetricsUseCase(r OrgMetricsRepo, l log.Logger) (*OrgMetricsUseCase, error)

func (*OrgMetricsUseCase) RunsTotal

func (uc *OrgMetricsUseCase) RunsTotal(ctx context.Context, orgID string, timeWindow time.Duration) (int32, error)

func (*OrgMetricsUseCase) RunsTotalByRunnerType

func (uc *OrgMetricsUseCase) RunsTotalByRunnerType(ctx context.Context, orgID string, timeWindow time.Duration) (map[string]int32, error)

func (*OrgMetricsUseCase) RunsTotalByStatus

func (uc *OrgMetricsUseCase) RunsTotalByStatus(ctx context.Context, orgID string, timeWindow time.Duration) (map[string]int32, error)

func (*OrgMetricsUseCase) TopWorkflowsByRunsCount

func (uc *OrgMetricsUseCase) TopWorkflowsByRunsCount(ctx context.Context, orgID string, numWorkflows int, timeWindow time.Duration) ([]*TopWorkflowsByRunsCountItem, error)

type Organization

type Organization struct {
	ID, Name  string
	CreatedAt *time.Time
}

type OrganizationRepo

type OrganizationRepo interface {
	FindByID(ctx context.Context, orgID uuid.UUID) (*Organization, error)
	Create(ctx context.Context, name string) (*Organization, error)
	Update(ctx context.Context, id uuid.UUID, name *string) (*Organization, error)
	Delete(ctx context.Context, ID uuid.UUID) error
}

type OrganizationUseCase

type OrganizationUseCase struct {
	// contains filtered or unexported fields
}

func NewOrganizationUseCase added in v0.8.95

func NewOrganizationUseCase(repo OrganizationRepo, repoUC *CASBackendUseCase, iUC *IntegrationUseCase, mRepo MembershipRepo, logger log.Logger) *OrganizationUseCase

func (*OrganizationUseCase) Create

func (uc *OrganizationUseCase) Create(ctx context.Context, name string) (*Organization, error)

func (*OrganizationUseCase) Delete

func (uc *OrganizationUseCase) Delete(ctx context.Context, id string) error

Delete deletes an organization and all relevant data This includes: - The organization - The associated repositories - The associated integrations The reason for just deleting these two associated components only is because they have external secrets that need to be deleted as well, and for that we leverage their own delete methods The rest of the data gets removed by the database cascade delete

func (*OrganizationUseCase) FindByID

func (uc *OrganizationUseCase) FindByID(ctx context.Context, id string) (*Organization, error)

func (*OrganizationUseCase) Update added in v0.50.0

func (uc *OrganizationUseCase) Update(ctx context.Context, userID, orgID string, name *string) (*Organization, error)

type Referrer added in v0.30.0

type Referrer struct {
	Digest string
	Kind   string
	// Wether the item is downloadable from CAS or not
	Downloadable bool
	// If this referrer is part of a public workflow
	InPublicWorkflow bool
	References       []*Referrer

	Metadata, Annotations map[string]string
}

func (*Referrer) MapID added in v0.40.0

func (r *Referrer) MapID() string

type ReferrerRepo added in v0.30.0

type ReferrerRepo interface {
	Save(ctx context.Context, input []*Referrer, workflowID uuid.UUID) error
	// GetFromRoot returns the referrer identified by the provided content digest, including its first-level references
	// For example if sha:deadbeef represents an attestation, the result will contain the attestation + materials associated to it
	// OrgIDs represent an allowList of organizations where the referrers should be looked for
	GetFromRoot(ctx context.Context, digest string, orgIDS []uuid.UUID, filters ...GetFromRootFilter) (*StoredReferrer, error)
}

type ReferrerUseCase added in v0.30.0

type ReferrerUseCase struct {
	// contains filtered or unexported fields
}

func NewReferrerUseCase added in v0.30.0

func NewReferrerUseCase(repo ReferrerRepo, wfRepo WorkflowRepo, mRepo MembershipRepo, indexCfg *conf.ReferrerSharedIndex, l log.Logger) (*ReferrerUseCase, error)

func (*ReferrerUseCase) ExtractAndPersist added in v0.30.0

func (s *ReferrerUseCase) ExtractAndPersist(ctx context.Context, att *dsse.Envelope, workflowID string) error

ExtractAndPersist extracts the referrers (subject + materials) from the given attestation and store it as part of the referrers index table

func (*ReferrerUseCase) GetFromRoot added in v0.30.0

func (s *ReferrerUseCase) GetFromRoot(ctx context.Context, digest, rootKind string, orgIDs []uuid.UUID) (*StoredReferrer, error)

func (*ReferrerUseCase) GetFromRootInPublicSharedIndex added in v0.40.0

func (s *ReferrerUseCase) GetFromRootInPublicSharedIndex(ctx context.Context, digest, rootKind string) (*StoredReferrer, error)

Get the list of public referrers from organizations that have been allowed to be shown in a shared index NOTE: This is a public endpoint under /discover/[sha256:deadbeef]

func (*ReferrerUseCase) GetFromRootUser added in v0.55.0

func (s *ReferrerUseCase) GetFromRootUser(ctx context.Context, digest, rootKind, userID string) (*StoredReferrer, error)

GetFromRootUser returns the referrer identified by the provided content digest, including its first-level references For example if sha:deadbeef represents an attestation, the result will contain the attestation + materials associated to it It only returns referrers that belong to organizations the user is member of

type RobotAccount

type RobotAccount struct {
	Name                 string
	ID                   uuid.UUID
	JWT                  string
	WorkflowID           uuid.UUID
	CreatedAt, RevokedAt *time.Time
}

type RobotAccountRepo

type RobotAccountRepo interface {
	Create(ctx context.Context, name string, workflowID uuid.UUID) (*RobotAccount, error)
	List(ctx context.Context, workflowID uuid.UUID, includeRevoked bool) ([]*RobotAccount, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*RobotAccount, error)
	Revoke(ctx context.Context, orgID, ID uuid.UUID) error
}

type RobotAccountUseCase

type RobotAccountUseCase struct {
	// contains filtered or unexported fields
}

func NewRootAccountUseCase

func NewRootAccountUseCase(robotAccountRepo RobotAccountRepo, workflowRepo WorkflowRepo, conf *conf.Auth, logger log.Logger) *RobotAccountUseCase

func (*RobotAccountUseCase) Create

func (uc *RobotAccountUseCase) Create(ctx context.Context, name string, orgID, workflowID string) (*RobotAccount, error)

func (*RobotAccountUseCase) FindByID

func (uc *RobotAccountUseCase) FindByID(ctx context.Context, id string) (*RobotAccount, error)

func (*RobotAccountUseCase) List

func (uc *RobotAccountUseCase) List(ctx context.Context, orgID, workflowID string, includeRevoked bool) ([]*RobotAccount, error)

func (*RobotAccountUseCase) Revoke

func (uc *RobotAccountUseCase) Revoke(ctx context.Context, orgID, id string) error

type StoredReferrer added in v0.30.0

type StoredReferrer struct {
	*Referrer
	ID        uuid.UUID
	CreatedAt *time.Time
	// Fully expanded list of 1-level off references
	References          []*StoredReferrer
	OrgIDs, WorkflowIDs []uuid.UUID
}

Actual referrer stored in the DB which includes a nested list of storedReferences

type TopWorkflowsByRunsCountItem

type TopWorkflowsByRunsCountItem struct {
	Workflow *Workflow
	ByStatus map[string]int32
	Total    int32
}

type User

type User struct {
	ID        string
	Email     string
	CreatedAt *time.Time
}

type UserOrgFinder

type UserOrgFinder interface {
	FindByID(ctx context.Context, userID string) (*User, error)
	CurrentOrg(ctx context.Context, userID string) (*Organization, error)
}

type UserRepo

type UserRepo interface {
	CreateByEmail(ctx context.Context, email string) (*User, error)
	FindByEmail(ctx context.Context, email string) (*User, error)
	FindByID(ctx context.Context, userID uuid.UUID) (*User, error)
	Delete(ctx context.Context, userID uuid.UUID) error
}

type UserUseCase

type UserUseCase struct {
	// contains filtered or unexported fields
}

func NewUserUseCase

func NewUserUseCase(opts *NewUserUseCaseParams) *UserUseCase

func (*UserUseCase) CurrentOrg

func (uc *UserUseCase) CurrentOrg(ctx context.Context, userID string) (*Organization, error)

Find the organization associated with the user that's marked as current

func (*UserUseCase) DeleteUser

func (uc *UserUseCase) DeleteUser(ctx context.Context, userID string) error

DeleteUser deletes the user, related memberships and organization if needed

func (*UserUseCase) FindByID

func (uc *UserUseCase) FindByID(ctx context.Context, userID string) (*User, error)

func (*UserUseCase) FindOrCreateByEmail

func (uc *UserUseCase) FindOrCreateByEmail(ctx context.Context, email string) (*User, error)

type Workflow

type Workflow struct {
	Name, Team, Project   string
	CreatedAt             *time.Time
	RunsCounter           int
	LastRun               *WorkflowRun
	ID, ContractID, OrgID uuid.UUID
	// Public means that the associated workflow runs, attestations and materials
	// are reachable by other users, regardless of their organization
	// This field is also used to calculate if an user can download attestations/materials from the CAS
	Public bool
}

type WorkflowContract

type WorkflowContract struct {
	ID             uuid.UUID
	Name           string
	LatestRevision int
	CreatedAt      *time.Time
	// WorkflowIDs is the list of workflows associated with this contract
	WorkflowIDs []string
}

type WorkflowContractRepo

type WorkflowContractRepo interface {
	Create(ctx context.Context, opts *ContractCreateOpts) (*WorkflowContract, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*WorkflowContract, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*WorkflowContract, error)
	Describe(ctx context.Context, orgID, contractID uuid.UUID, revision int) (*WorkflowContractWithVersion, error)
	FindVersionByID(ctx context.Context, versionID uuid.UUID) (*WorkflowContractVersion, error)
	Update(ctx context.Context, opts *ContractUpdateOpts) (*WorkflowContractWithVersion, error)
	SoftDelete(ctx context.Context, contractID uuid.UUID) error
}

type WorkflowContractUseCase

type WorkflowContractUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowContractUseCase added in v0.8.95

func NewWorkflowContractUseCase(repo WorkflowContractRepo, logger log.Logger) *WorkflowContractUseCase

func (*WorkflowContractUseCase) Create

func (uc *WorkflowContractUseCase) Create(ctx context.Context, orgID, name string, schema *schemav1.CraftingSchema) (*WorkflowContract, error)

we currently only support schema v1

func (*WorkflowContractUseCase) Delete

func (uc *WorkflowContractUseCase) Delete(ctx context.Context, orgID, contractID string) error

Delete soft-deletes the entry

func (*WorkflowContractUseCase) Describe

func (uc *WorkflowContractUseCase) Describe(ctx context.Context, orgID, contractID string, revision int) (*WorkflowContractWithVersion, error)

func (*WorkflowContractUseCase) FindByIDInOrg

func (uc *WorkflowContractUseCase) FindByIDInOrg(ctx context.Context, orgID, contractID string) (*WorkflowContract, error)

func (*WorkflowContractUseCase) FindVersionByID

func (uc *WorkflowContractUseCase) FindVersionByID(ctx context.Context, versionID string) (*WorkflowContractVersion, error)

func (*WorkflowContractUseCase) List

func (*WorkflowContractUseCase) Update

func (uc *WorkflowContractUseCase) Update(ctx context.Context, orgID, contractID, name string, schema *schemav1.CraftingSchema) (*WorkflowContractWithVersion, error)

type WorkflowContractVersion

type WorkflowContractVersion struct {
	ID        uuid.UUID
	Revision  int
	CreatedAt *time.Time
	BodyV1    *schemav1.CraftingSchema
}

type WorkflowContractWithVersion

type WorkflowContractWithVersion struct {
	Contract *WorkflowContract
	Version  *WorkflowContractVersion
}

type WorkflowCreateOpts added in v0.40.0

type WorkflowCreateOpts struct {
	Name, OrgID, Project, Team, ContractID string
	// Public means that the associated workflow runs, attestations and materials
	// are reachable by other users, regardless of their organization
	Public bool
}

TODO: move to pointer properties to handle empty values

type WorkflowRepo

type WorkflowRepo interface {
	Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error)
	Update(ctx context.Context, id uuid.UUID, opts *WorkflowUpdateOpts) (*Workflow, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*Workflow, error)
	GetOrgScoped(ctx context.Context, orgID, workflowID uuid.UUID) (*Workflow, error)
	IncRunsCounter(ctx context.Context, workflowID uuid.UUID) error
	FindByID(ctx context.Context, workflowID uuid.UUID) (*Workflow, error)
	SoftDelete(ctx context.Context, workflowID uuid.UUID) error
}

type WorkflowRun

type WorkflowRun struct {
	ID                    uuid.UUID
	State, Reason         string
	CreatedAt, FinishedAt *time.Time
	Workflow              *Workflow
	RunURL, RunnerType    string
	ContractVersionID     uuid.UUID
	Attestation           *Attestation
	CASBackends           []*CASBackend
}

type WorkflowRunCreateOpts

type WorkflowRunCreateOpts struct {
	WorkflowID, RobotaccountID string
	ContractRevisionUUID       uuid.UUID
	RunnerRunURL               string
	RunnerType                 string
	CASBackendID               uuid.UUID
}

type WorkflowRunExpirerOpts

type WorkflowRunExpirerOpts struct {
	// Maximum time threshold for what a workflowRun will be considered expired
	ExpirationWindow time.Duration
	CheckInterval    time.Duration
}

type WorkflowRunExpirerUseCase

type WorkflowRunExpirerUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowRunExpirerUseCase

func NewWorkflowRunExpirerUseCase(wfrRepo WorkflowRunRepo, logger log.Logger) *WorkflowRunExpirerUseCase

func (*WorkflowRunExpirerUseCase) ExpirationSweep

func (uc *WorkflowRunExpirerUseCase) ExpirationSweep(ctx context.Context, olderThan time.Time) error

ExpirationSweep looks for runs older than the provider time and marks them as expired

func (*WorkflowRunExpirerUseCase) Run

type WorkflowRunRepo

type WorkflowRunRepo interface {
	Create(ctx context.Context, workflowID, robotaccountID, contractVersion uuid.UUID, runURL, runnerType string, casBackends []uuid.UUID) (*WorkflowRun, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*WorkflowRun, error)
	FindByAttestationDigest(ctx context.Context, digest string) (*WorkflowRun, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*WorkflowRun, error)
	MarkAsFinished(ctx context.Context, ID uuid.UUID, status WorkflowRunStatus, reason string) error
	SaveAttestation(ctx context.Context, ID uuid.UUID, att *dsse.Envelope, digest string) error
	List(ctx context.Context, orgID, workflowID uuid.UUID, p *pagination.Options) ([]*WorkflowRun, string, error)
	// List the runs that have not finished and are older than a given time
	ListNotFinishedOlderThan(ctx context.Context, olderThan time.Time) ([]*WorkflowRun, error)
	// Set run as expired
	Expire(ctx context.Context, id uuid.UUID) error
}

type WorkflowRunStatus

type WorkflowRunStatus string
const (
	WorkflowRunInitialized WorkflowRunStatus = "initialized"
	WorkflowRunSuccess     WorkflowRunStatus = "success"
	WorkflowRunError       WorkflowRunStatus = "error"
	WorkflowRunExpired     WorkflowRunStatus = "expired"
	WorkflowRunCancelled   WorkflowRunStatus = "canceled"
)

func (WorkflowRunStatus) Values

func (WorkflowRunStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type WorkflowRunUseCase

type WorkflowRunUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowRunUseCase added in v0.8.95

func NewWorkflowRunUseCase(wfrRepo WorkflowRunRepo, wfRepo WorkflowRepo, logger log.Logger) (*WorkflowRunUseCase, error)

func (*WorkflowRunUseCase) Create

Create will add a new WorkflowRun, associate it to a schemaVersion and increment the counter in the associated workflow

func (*WorkflowRunUseCase) ExistsInWorkflow

func (uc *WorkflowRunUseCase) ExistsInWorkflow(ctx context.Context, workflowID, id string) (bool, error)

The workflowRun belongs to the provided workflowRun

func (*WorkflowRunUseCase) GetByDigestInOrgOrPublic added in v0.18.0

func (uc *WorkflowRunUseCase) GetByDigestInOrgOrPublic(ctx context.Context, orgID, digest string) (*WorkflowRun, error)

func (*WorkflowRunUseCase) GetByIDInOrgOrPublic added in v0.18.0

func (uc *WorkflowRunUseCase) GetByIDInOrgOrPublic(ctx context.Context, orgID, runID string) (*WorkflowRun, error)

Returns the workflow run with the provided ID if it belongs to the org or its public

func (*WorkflowRunUseCase) List

func (uc *WorkflowRunUseCase) List(ctx context.Context, orgID, workflowID string, p *pagination.Options) ([]*WorkflowRun, string, error)

List the workflowruns associated with an org and optionally filtered by a workflow

func (*WorkflowRunUseCase) MarkAsFinished

func (uc *WorkflowRunUseCase) MarkAsFinished(ctx context.Context, id string, status WorkflowRunStatus, reason string) error

func (*WorkflowRunUseCase) SaveAttestation added in v0.11.1

func (uc *WorkflowRunUseCase) SaveAttestation(ctx context.Context, id string, envelope *dsse.Envelope, digest string) error

type WorkflowRunWithContract

type WorkflowRunWithContract struct {
	*WorkflowRun
	*WorkflowContractVersion
}

type WorkflowUpdateOpts added in v0.40.0

type WorkflowUpdateOpts struct {
	Name, Project, Team *string
	Public              *bool
}

type WorkflowUseCase

type WorkflowUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowUsecase

func NewWorkflowUsecase(wfr WorkflowRepo, schemaUC *WorkflowContractUseCase, logger log.Logger) *WorkflowUseCase

func (*WorkflowUseCase) Create

func (uc *WorkflowUseCase) Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error)

func (*WorkflowUseCase) Delete

func (uc *WorkflowUseCase) Delete(ctx context.Context, orgID, workflowID string) error

Delete soft-deletes the entry

func (*WorkflowUseCase) FindByID

func (uc *WorkflowUseCase) FindByID(ctx context.Context, workflowID string) (*Workflow, error)

func (*WorkflowUseCase) FindByIDInOrg

func (uc *WorkflowUseCase) FindByIDInOrg(ctx context.Context, orgID, workflowID string) (*Workflow, error)

func (*WorkflowUseCase) IncRunsCounter

func (uc *WorkflowUseCase) IncRunsCounter(ctx context.Context, workflowID string) error

func (*WorkflowUseCase) List

func (uc *WorkflowUseCase) List(ctx context.Context, orgID string) ([]*Workflow, error)

func (*WorkflowUseCase) Update added in v0.40.0

func (uc *WorkflowUseCase) Update(ctx context.Context, orgID, workflowID string, opts *WorkflowUpdateOpts) (*Workflow, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL