biz

package
v0.96.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 2, 2024 License: Apache-2.0 Imports: 64 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CASBackendDefaultMaxBytes int64 = 100 * 1024 * 1024 // 100MB
	// Inline, embedded CAS backend
	CASBackendInline                CASBackendProvider = "INLINE"
	CASBackendInlineDefaultMaxBytes int64              = 500 * 1024 // 500KB
)
View Source 
const RandomNameMaxTries = 10

Variables

View Source 
var EmptyDefaultContract = &Contract{
	Raw: []byte("schemaVersion: v1"), Format: ContractRawFormatYAML,
}

EmptyDefaultContract is the default contract that will be created if no contract is provided

View Source 
var ProviderSet = wire.NewSet(
	NewWorkflowUsecase,
	NewUserUseCase,
	NewRootAccountUseCase,
	NewWorkflowRunUseCase,
	NewOrganizationUseCase,
	NewWorkflowContractUseCase,
	NewCASCredentialsUseCase,
	NewCASBackendUseCase,
	NewOrgMetricsUseCase,
	NewIntegrationUseCase,
	NewMembershipUseCase,
	NewCASClientUseCase,
	NewOrgInvitationUseCase,
	NewAttestationUseCase,
	NewWorkflowRunExpirerUseCase,
	NewCASMappingUseCase,
	NewReferrerUseCase,
	NewAPITokenUseCase,
	NewAPITokenSyncerUseCase,
	NewAttestationStateUseCase,
	NewChainloopSigningUseCase,
	NewPrometheusUseCase,
	wire.Bind(new(PromObservable), new(*PrometheusUseCase)),
	wire.Struct(new(NewIntegrationUseCaseOpts), "*"),
	wire.Struct(new(NewUserUseCaseParams), "*"),
)

ProviderSet is biz providers.

Functions

func IsErrAlreadyExists added in v0.95.6 

func IsErrAlreadyExists(err error) bool

func IsErrAttestationStateConflict added in v0.94.3 

func IsErrAttestationStateConflict(err error) bool

func IsErrInvalidTimeWindow added in v0.93.0 

func IsErrInvalidTimeWindow(err error) bool

func IsErrInvalidUUID 

func IsErrInvalidUUID(err error) bool

func IsErrNotImplemented 

func IsErrNotImplemented(err error) bool

func IsErrUnauthorized 

func IsErrUnauthorized(err error) bool

func IsErrValidation 

func IsErrValidation(err error) bool

func IsNotFound 

func IsNotFound(err error) bool

func NewErrAttestationStateConflict added in v0.94.3 

func NewErrAttestationStateConflict(got, want string) error

func NewErrReferrerAmbiguous 

func NewErrReferrerAmbiguous(digest string, kinds []string) error

func PbRoleToBiz added in v0.91.8 

func PbRoleToBiz(r pb.MembershipRole) authz.Role

func ValidateIsDNS1123 

func ValidateIsDNS1123(name string) error

func WithKind 

func WithKind(kind string) func(*GetFromRootFilters)

func WithPublicVisibility 

func WithPublicVisibility(public bool) func(*GetFromRootFilters)

Types

type APIToken 

type APIToken struct {
	ID          uuid.UUID
	Name        string
	Description string
	// This is the JWT value returned only during creation
	JWT string
	// Tokens are scoped to organizations
	OrganizationID   uuid.UUID
	OrganizationName string
	CreatedAt        *time.Time
	// When the token expires
	ExpiresAt *time.Time
	// When the token was manually revoked
	RevokedAt *time.Time
}

API Token is used for unattended access to the control plane API.

type APITokenRepo 

type APITokenRepo interface {
	Create(ctx context.Context, name string, description *string, expiresAt *time.Time, organizationID uuid.UUID) (*APIToken, error)
	// List all the tokens optionally filtering it by organization and including revoked tokens
	List(ctx context.Context, orgID *uuid.UUID, includeRevoked bool) ([]*APIToken, error)
	Revoke(ctx context.Context, orgID, ID uuid.UUID) error
	FindByID(ctx context.Context, ID uuid.UUID) (*APIToken, error)
	FindByNameInOrg(ctx context.Context, orgID uuid.UUID, name string) (*APIToken, error)
}

type APITokenSyncerUseCase 

type APITokenSyncerUseCase struct {
	// contains filtered or unexported fields
}

func NewAPITokenSyncerUseCase 

func NewAPITokenSyncerUseCase(tokenUC *APITokenUseCase) *APITokenSyncerUseCase

func (*APITokenSyncerUseCase) SyncPolicies 

func (suc *APITokenSyncerUseCase) SyncPolicies() error

Make sure all the API tokens contain the default policies NOTE: We'll remove this method once we have a proper policies management system where the user can add/remove policies

type APITokenUseCase 

type APITokenUseCase struct {
	DefaultAuthzPolicies []*authz.Policy
	// contains filtered or unexported fields
}

func NewAPITokenUseCase 

func NewAPITokenUseCase(apiTokenRepo APITokenRepo, conf *conf.Auth, authzE *authz.Enforcer, orgUseCase *OrganizationUseCase, logger log.Logger) (*APITokenUseCase, error)

func (*APITokenUseCase) Create 

func (uc *APITokenUseCase) Create(ctx context.Context, name string, description *string, expiresIn *time.Duration, orgID string) (*APIToken, error)

expires in is a string that can be parsed by time.ParseDuration

func (*APITokenUseCase) FindByID 

func (uc *APITokenUseCase) FindByID(ctx context.Context, id string) (*APIToken, error)

func (*APITokenUseCase) FindByNameInOrg added in v0.93.0 

func (uc *APITokenUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*APIToken, error)

func (*APITokenUseCase) List 

func (uc *APITokenUseCase) List(ctx context.Context, orgID string, includeRevoked bool) ([]*APIToken, error)

func (*APITokenUseCase) Revoke 

func (uc *APITokenUseCase) Revoke(ctx context.Context, orgID, id string) error

type AttachOpts 

type AttachOpts struct {
	IntegrationID, WorkflowID, OrgID string
	// The integration that is being attached
	FanOutIntegration sdk.FanOut
	// The attachment configuration
	AttachmentConfig *structpb.Struct
}

type Attestation 

type Attestation struct {
	Envelope *dsse.Envelope
	Digest   string
}

type AttestationState 

type AttestationState struct {
	State *v1.CraftingState
	// Digest will be used for optimistic concurrency control
	Digest string
}

type AttestationStateRepo 

type AttestationStateRepo interface {
	Initialized(ctx context.Context, workflowRunID uuid.UUID) (bool, error)
	Save(ctx context.Context, workflowRunID uuid.UUID, state []byte, baseDigest string) error
	Read(ctx context.Context, workflowRunID uuid.UUID) ([]byte, string, error)
	Reset(ctx context.Context, workflowRunID uuid.UUID) error
}

type AttestationStateSaveOpts added in v0.94.3 

type AttestationStateSaveOpts struct {
	BaseDigest string
}

type AttestationStateUseCase 

type AttestationStateUseCase struct {
	// contains filtered or unexported fields
}

func NewAttestationStateUseCase 

func NewAttestationStateUseCase(repo AttestationStateRepo, wfRunRepo WorkflowRunRepo) (*AttestationStateUseCase, error)

func (*AttestationStateUseCase) Initialized 

func (uc *AttestationStateUseCase) Initialized(ctx context.Context, workflowID, runID string) (bool, error)

func (*AttestationStateUseCase) Read 

func (uc *AttestationStateUseCase) Read(ctx context.Context, workflowID, runID, passphrase string) (*AttestationState, error)

func (*AttestationStateUseCase) Reset 

func (uc *AttestationStateUseCase) Reset(ctx context.Context, workflowID, runID string) error

func (*AttestationStateUseCase) Save 

func (uc *AttestationStateUseCase) Save(ctx context.Context, workflowID, runID string, state *v1.CraftingState, passphrase string, opts ...SaveOption) error

type AttestationUseCase 

type AttestationUseCase struct {
	CASClient
	// contains filtered or unexported fields
}

func NewAttestationUseCase 

func NewAttestationUseCase(client CASClient, logger log.Logger) *AttestationUseCase

func (*AttestationUseCase) UploadToCAS 

func (uc *AttestationUseCase) UploadToCAS(ctx context.Context, envelope *dsse.Envelope, backend *CASBackend, workflowRunID string) (*cr_v1.Hash, error)

type ByStatusCount 

type ByStatusCount struct {
	Status string
	Count  int32
}

type CASBackend 

type CASBackend struct {
	ID                                uuid.UUID
	Name                              string
	Location, Description, SecretName string
	CreatedAt, ValidatedAt            *time.Time
	OrganizationID                    uuid.UUID
	ValidationStatus                  CASBackendValidationStatus
	// OCI, S3, ...
	Provider CASBackendProvider
	// Whether this is the default cas backend for the organization
	Default bool
	// it's a inline backend, the artifacts are embedded in the attestation
	Inline bool
	// It's a fallback backend, it cannot be deleted
	Fallback bool

	Limits *CASBackendLimits
}

type CASBackendCreateOpts 

type CASBackendCreateOpts struct {
	*CASBackendOpts
	Name     string
	Fallback bool
	MaxBytes int64
}

type CASBackendLimits 

type CASBackendLimits struct {
	// Max number of bytes allowed to be stored in this backend per blob
	MaxBytes int64
}

type CASBackendOpts 

type CASBackendOpts struct {
	OrgID                             uuid.UUID
	Location, SecretName, Description string
	Provider                          CASBackendProvider
	Default                           bool
}

type CASBackendProvider 

type CASBackendProvider string

func (CASBackendProvider) Values 

func (CASBackendProvider) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type CASBackendReader 

type CASBackendReader interface {
	FindDefaultBackend(ctx context.Context, orgID string) (*CASBackend, error)
	FindByIDInOrg(ctx context.Context, OrgID, ID string) (*CASBackend, error)
	PerformValidation(ctx context.Context, ID string) error
}

type CASBackendRepo 

type CASBackendRepo interface {
	FindDefaultBackend(ctx context.Context, orgID uuid.UUID) (*CASBackend, error)
	FindFallbackBackend(ctx context.Context, orgID uuid.UUID) (*CASBackend, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*CASBackend, error)
	FindByIDInOrg(ctx context.Context, OrgID, ID uuid.UUID) (*CASBackend, error)
	FindByNameInOrg(ctx context.Context, OrgID uuid.UUID, name string) (*CASBackend, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*CASBackend, error)
	UpdateValidationStatus(ctx context.Context, ID uuid.UUID, status CASBackendValidationStatus) error
	Create(context.Context, *CASBackendCreateOpts) (*CASBackend, error)
	Update(context.Context, *CASBackendUpdateOpts) (*CASBackend, error)
	Delete(ctx context.Context, ID uuid.UUID) error
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type CASBackendUpdateOpts 

type CASBackendUpdateOpts struct {
	*CASBackendOpts
	ID uuid.UUID
}

type CASBackendUseCase 

type CASBackendUseCase struct {
	// contains filtered or unexported fields
}

func NewCASBackendUseCase 

func NewCASBackendUseCase(repo CASBackendRepo, credsRW credentials.ReaderWriter, providers backend.Providers, l log.Logger) *CASBackendUseCase

func (*CASBackendUseCase) Create 

func (uc *CASBackendUseCase) Create(ctx context.Context, orgID, name, location, description string, provider CASBackendProvider, creds any, defaultB bool) (*CASBackend, error)

func (*CASBackendUseCase) CreateInlineFallbackBackend 

func (uc *CASBackendUseCase) CreateInlineFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) CreateOrUpdate deprecated 

func (uc *CASBackendUseCase) CreateOrUpdate(ctx context.Context, orgID, name, username, password string, provider CASBackendProvider, defaultB bool) (*CASBackend, error)

Deprecated: use Create and update methods separately instead

func (*CASBackendUseCase) Delete 

func (uc *CASBackendUseCase) Delete(ctx context.Context, id string) error

Delete will delete the secret in the external secrets manager and the CAS backend from the database This method is used during user off-boarding

func (*CASBackendUseCase) FindByIDInOrg 

func (uc *CASBackendUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*CASBackend, error)

func (*CASBackendUseCase) FindByNameInOrg added in v0.93.0 

func (uc *CASBackendUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*CASBackend, error)

func (*CASBackendUseCase) FindDefaultBackend 

func (uc *CASBackendUseCase) FindDefaultBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) FindFallbackBackend 

func (uc *CASBackendUseCase) FindFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) List 

func (uc *CASBackendUseCase) List(ctx context.Context, orgID string) ([]*CASBackend, error)

func (*CASBackendUseCase) PerformValidation 

func (uc *CASBackendUseCase) PerformValidation(ctx context.Context, id string) (err error)

Validate that the repository is valid and reachable

func (*CASBackendUseCase) SoftDelete 

func (uc *CASBackendUseCase) SoftDelete(ctx context.Context, orgID, id string) error

SoftDelete will mark the cas backend as deleted but will not delete the secret in the external secrets manager We keep it so it can be restored or referenced in the future while trying to download an asset

func (*CASBackendUseCase) Update 

func (uc *CASBackendUseCase) Update(ctx context.Context, orgID, id, description string, creds any, defaultB bool) (*CASBackend, error)

Update will update credentials, description or default status

type CASBackendValidationStatus 

type CASBackendValidationStatus string
var CASBackendValidationFailed CASBackendValidationStatus = "Invalid"
var CASBackendValidationOK CASBackendValidationStatus = "OK"

func (CASBackendValidationStatus) Values 

func (CASBackendValidationStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type CASClient 

type CASClient interface {
	CASUploader
	CASDownloader
}

type CASClientFactory 

type CASClientFactory func(conf *conf.Bootstrap_CASServer, token string) (casclient.DownloaderUploader, func(), error)

Function that returns a CAS client including a connection closer method

type CASClientOpts 

type CASClientOpts func(u *CASClientUseCase)

func WithClientFactory 

func WithClientFactory(f CASClientFactory) CASClientOpts

type CASClientUseCase 

type CASClientUseCase struct {
	// contains filtered or unexported fields
}

func NewCASClientUseCase 

func NewCASClientUseCase(credsProvider *CASCredentialsUseCase, config *conf.Bootstrap_CASServer, l log.Logger, opts ...CASClientOpts) *CASClientUseCase

func (*CASClientUseCase) Download 

func (uc *CASClientUseCase) Download(ctx context.Context, backendType, secretID string, w io.Writer, digest string) error

func (*CASClientUseCase) IsReady 

func (uc *CASClientUseCase) IsReady(ctx context.Context) (bool, error)

If the CAS server can be reached and reports readiness

func (*CASClientUseCase) Upload 

func (uc *CASClientUseCase) Upload(ctx context.Context, backendType, secretID string, content io.Reader, filename, digest string) error

The secretID is embedded in the JWT token and is used to identify the secret by the CAS server

type CASCredentialsUseCase 

type CASCredentialsUseCase struct {
	// contains filtered or unexported fields
}

func NewCASCredentialsUseCase 

func NewCASCredentialsUseCase(c *conf.Auth) (*CASCredentialsUseCase, error)

func (*CASCredentialsUseCase) GenerateTemporaryCredentials 

func (uc *CASCredentialsUseCase) GenerateTemporaryCredentials(backendRef *CASCredsOpts) (string, error)

type CASCredsOpts 

type CASCredsOpts struct {
	BackendType string // i.e OCI, S3
	SecretPath  string // path to for example the OCI secret in the vault
	Role        robotaccount.Role
	MaxBytes    int64
}

type CASDownloader 

type CASDownloader interface {
	Download(ctx context.Context, backendType, secretID string, w io.Writer, digest string) error
}

type CASMapping 

type CASMapping struct {
	ID, OrgID, WorkflowRunID uuid.UUID
	CASBackend               *CASBackend
	Digest                   string
	CreatedAt                *time.Time
	// A public mapping means that the material/attestation can be downloaded by anyone
	Public bool
}

type CASMappingLookupRef 

type CASMappingLookupRef struct {
	Name, Digest string
}

type CASMappingRepo 

type CASMappingRepo interface {
	Create(ctx context.Context, digest string, casBackendID, workflowRunID uuid.UUID) (*CASMapping, error)
	// List all the CAS mappings for the given digest
	FindByDigest(ctx context.Context, digest string) ([]*CASMapping, error)
}

type CASMappingUseCase 

type CASMappingUseCase struct {
	// contains filtered or unexported fields
}

func NewCASMappingUseCase 

func NewCASMappingUseCase(repo CASMappingRepo, mRepo MembershipRepo, logger log.Logger) *CASMappingUseCase

func (*CASMappingUseCase) Create 

func (uc *CASMappingUseCase) Create(ctx context.Context, digest string, casBackendID, workflowRunID string) (*CASMapping, error)

func (*CASMappingUseCase) FindByDigest 

func (uc *CASMappingUseCase) FindByDigest(ctx context.Context, digest string) ([]*CASMapping, error)

func (*CASMappingUseCase) FindCASMappingForDownloadByOrg 

func (uc *CASMappingUseCase) FindCASMappingForDownloadByOrg(ctx context.Context, digest string, orgs []string) (*CASMapping, error)

func (*CASMappingUseCase) FindCASMappingForDownloadByUser 

func (uc *CASMappingUseCase) FindCASMappingForDownloadByUser(ctx context.Context, digest string, userID string) (*CASMapping, error)

FindCASMappingForDownloadByUser returns the CASMapping appropriate for the given digest and user This means, in order 1 - Any mapping that points to an organization which the user is member of 1.1 If there are multiple mappings, it will pick the default one or the first one 2 - Any mapping that is public

func (*CASMappingUseCase) LookupDigestsInAttestation 

func (uc *CASMappingUseCase) LookupDigestsInAttestation(att *dsse.Envelope) ([]*CASMappingLookupRef, error)

LookupCASItemsInAttestation returns a list of references to the materials that have been uploaded to CAS as well as the attestation digest itself

type CASUploader 

type CASUploader interface {
	Upload(ctx context.Context, backendType, secretID string, content io.Reader, filename, digest string) error
}

type Contract added in v0.96.0 

type Contract struct {
	// Raw representation of the contract in yaml, json, or cue
	// it maintain the format provided by the user
	Raw []byte
	// Detected format as provided by the user
	Format ContractRawFormat
	// marhalled proto contract
	Schema *schemav1.CraftingSchema
}

func SchemaToRawContract added in v0.96.0 

func SchemaToRawContract(contract *schemav1.CraftingSchema) (*Contract, error)

generate a default representation of a contract

func UnmarshalAndValidateRawContract added in v0.96.0 

func UnmarshalAndValidateRawContract(raw []byte, format ContractRawFormat) (*Contract, error)

Take the raw contract + format and will unmarshal the contract and validate it

type ContractCreateOpts 

type ContractCreateOpts struct {
	Name        string
	OrgID       uuid.UUID
	Description *string
	// raw representation of the contract in whatever original format it was (json, yaml, ...)
	Contract *Contract
}

type ContractRawFormat added in v0.96.0 

type ContractRawFormat string
const (
	ContractRawFormatJSON ContractRawFormat = "json"
	ContractRawFormatYAML ContractRawFormat = "yaml"
	ContractRawFormatCUE  ContractRawFormat = "cue"
)

func (ContractRawFormat) Values added in v0.96.0 

func (ContractRawFormat) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type ContractUpdateOpts 

type ContractUpdateOpts struct {
	Description *string
	// raw representation of the contract in whatever original format it was (json, yaml, ...)
	Contract *Contract
}

type CreateOpt 

type CreateOpt func(*createOptions)

func WithCreateInlineBackend 

func WithCreateInlineBackend() CreateOpt

Optionally create an inline CAS-backend

type DayRunsCount 

type DayRunsCount struct {
	Date   time.Time
	Totals []*ByStatusCount
}

type ErrAlreadyExists 

type ErrAlreadyExists struct {
	// contains filtered or unexported fields
}

func NewErrAlreadyExists added in v0.95.6 

func NewErrAlreadyExists(err error) ErrAlreadyExists

func NewErrAlreadyExistsStr added in v0.95.6 

func NewErrAlreadyExistsStr(errMsg string) ErrAlreadyExists

func (ErrAlreadyExists) Error added in v0.95.6 

func (e ErrAlreadyExists) Error() string

type ErrAmbiguousReferrer 

type ErrAmbiguousReferrer struct {
	// contains filtered or unexported fields
}

A referrer with the same digest points to two different artifact types and we require filtering out which one

func (ErrAmbiguousReferrer) Error 

func (e ErrAmbiguousReferrer) Error() string

type ErrAttestationStateConflict added in v0.94.3 

type ErrAttestationStateConflict struct {
	// contains filtered or unexported fields
}

func (*ErrAttestationStateConflict) Error added in v0.94.3 

func (e *ErrAttestationStateConflict) Error() string

type ErrInvalidTimeWindow added in v0.93.0 

type ErrInvalidTimeWindow struct {
	// contains filtered or unexported fields
}

func NewErrInvalidTimeWindow added in v0.93.0 

func NewErrInvalidTimeWindow(err error) ErrInvalidTimeWindow

func NewErrInvalidTimeWindowStr added in v0.93.0 

func NewErrInvalidTimeWindowStr(errMsg string) ErrInvalidTimeWindow

func (ErrInvalidTimeWindow) Error added in v0.93.0 

func (e ErrInvalidTimeWindow) Error() string

type ErrInvalidUUID 

type ErrInvalidUUID struct {
	// contains filtered or unexported fields
}

func NewErrInvalidUUID 

func NewErrInvalidUUID(err error) ErrInvalidUUID

func (ErrInvalidUUID) Error 

func (e ErrInvalidUUID) Error() string

type ErrNotFound 

type ErrNotFound struct {
	// contains filtered or unexported fields
}

func NewErrNotFound 

func NewErrNotFound(entity string) ErrNotFound

func (ErrNotFound) Error 

func (e ErrNotFound) Error() string

type ErrNotImplemented 

type ErrNotImplemented struct {
	// contains filtered or unexported fields
}

func NewErrNotImplemented 

func NewErrNotImplemented(msg string) ErrNotImplemented

func (ErrNotImplemented) Error 

func (e ErrNotImplemented) Error() string

type ErrUnauthorized 

type ErrUnauthorized struct {
	// contains filtered or unexported fields
}

func NewErrUnauthorized 

func NewErrUnauthorized(err error) ErrUnauthorized

func NewErrUnauthorizedStr 

func NewErrUnauthorizedStr(errMsg string) ErrUnauthorized

func (ErrUnauthorized) Error 

func (e ErrUnauthorized) Error() string

type ErrValidation 

type ErrValidation struct {
	// contains filtered or unexported fields
}

func NewErrValidation 

func NewErrValidation(err error) ErrValidation

func NewErrValidationStr 

func NewErrValidationStr(errMsg string) ErrValidation

func (ErrValidation) Error 

func (e ErrValidation) Error() string

type GetFromRootFilter 

type GetFromRootFilter func(*GetFromRootFilters)

type GetFromRootFilters 

type GetFromRootFilters struct {
	// RootKind is the kind of the root referrer, i.e ATTESTATION
	RootKind *string
	// Wether to filter by visibility or not
	Public *bool
}

type Integration 

type Integration struct {
	ID uuid.UUID
	// Kind is the type of the integration, it matches the registered plugin ID
	Kind string
	// Name is a unique identifier for the integration registration
	Name string
	// Description is a human readable description of the integration registration
	// It helps to differentiate different instances of the same kind
	Description string
	// Registration Configuration, usually JSON marshalled
	Config []byte
	// Identifier to the external provider where any secret information is stored
	SecretName string
	CreatedAt  *time.Time
}

type IntegrationAndAttachment 

type IntegrationAndAttachment struct {
	*Integration
	*IntegrationAttachment
}

type IntegrationAttachment 

type IntegrationAttachment struct {
	ID                        uuid.UUID
	CreatedAt                 *time.Time
	Config                    []byte
	WorkflowID, IntegrationID uuid.UUID
}

type IntegrationAttachmentRepo 

type IntegrationAttachmentRepo interface {
	Create(ctx context.Context, integrationID, workflowID uuid.UUID, config []byte) (*IntegrationAttachment, error)
	List(ctx context.Context, orgID, workflowID uuid.UUID) ([]*IntegrationAndAttachment, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*IntegrationAttachment, error)
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type IntegrationCreateOpts 

type IntegrationCreateOpts struct {
	// Unique name of the registration
	// used to declaratively reference the integration
	Name                          string
	Kind, Description, SecretName string
	OrgID                         uuid.UUID
	Config                        []byte
}

type IntegrationRepo 

type IntegrationRepo interface {
	Create(ctx context.Context, opts *IntegrationCreateOpts) (*Integration, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*Integration, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*Integration, error)
	FindByNameInOrg(ctx context.Context, orgID uuid.UUID, ID string) (*Integration, error)
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type IntegrationUseCase 

type IntegrationUseCase struct {
	// contains filtered or unexported fields
}

func NewIntegrationUseCase 

func NewIntegrationUseCase(opts *NewIntegrationUseCaseOpts) *IntegrationUseCase

func (*IntegrationUseCase) AttachToWorkflow 

func (uc *IntegrationUseCase) AttachToWorkflow(ctx context.Context, opts *AttachOpts) (*IntegrationAttachment, error)

- Integration and workflows exists in current organization - Run specific validation for the integration - Persist integration attachment

func (*IntegrationUseCase) Delete 

func (uc *IntegrationUseCase) Delete(ctx context.Context, orgID, integrationID string) error

func (*IntegrationUseCase) Detach 

func (uc *IntegrationUseCase) Detach(ctx context.Context, orgID, attachmentID string) error

Detach integration from workflow

func (*IntegrationUseCase) FindByIDInOrg 

func (uc *IntegrationUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*Integration, error)

func (*IntegrationUseCase) FindByNameInOrg added in v0.93.0 

func (uc *IntegrationUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*Integration, error)

func (*IntegrationUseCase) List 

func (uc *IntegrationUseCase) List(ctx context.Context, orgID string) ([]*Integration, error)

func (*IntegrationUseCase) ListAttachments 

func (uc *IntegrationUseCase) ListAttachments(ctx context.Context, orgID, workflowID string) ([]*IntegrationAndAttachment, error)

List attachments returns the list of attachments for a given organization and optionally workflow

func (*IntegrationUseCase) RegisterAndSave 

func (uc *IntegrationUseCase) RegisterAndSave(ctx context.Context, orgID, name, description string, i sdk.FanOut, regConfig *structpb.Struct) (*Integration, error)

Persist the secret and integration with its configuration in the database

type InvitationCreateOpt 

type InvitationCreateOpt func(*invitationCreateOpts)

func WithInvitationRole 

func WithInvitationRole(r authz.Role) InvitationCreateOpt

type Membership 

type Membership struct {
	ID, OrganizationID   uuid.UUID
	Current              bool
	CreatedAt, UpdatedAt *time.Time
	Org                  *Organization
	User                 *User
	Role                 authz.Role
}

type MembershipCreateOpt 

type MembershipCreateOpt func(*membershipCreateOpts)

func WithCurrentMembership 

func WithCurrentMembership() MembershipCreateOpt

func WithMembershipRole 

func WithMembershipRole(r authz.Role) MembershipCreateOpt

type MembershipRepo 

type MembershipRepo interface {
	FindByUser(ctx context.Context, userID uuid.UUID) ([]*Membership, error)
	FindByOrg(ctx context.Context, orgID uuid.UUID) ([]*Membership, error)
	FindByIDInUser(ctx context.Context, userID, ID uuid.UUID) (*Membership, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*Membership, error)
	FindByOrgAndUser(ctx context.Context, orgID, userID uuid.UUID) (*Membership, error)
	SetCurrent(ctx context.Context, ID uuid.UUID) (*Membership, error)
	SetRole(ctx context.Context, ID uuid.UUID, role authz.Role) (*Membership, error)
	Create(ctx context.Context, orgID, userID uuid.UUID, current bool, role authz.Role) (*Membership, error)
	Delete(ctx context.Context, ID uuid.UUID) error
}

type MembershipUseCase 

type MembershipUseCase struct {
	// contains filtered or unexported fields
}

func NewMembershipUseCase 

func NewMembershipUseCase(repo MembershipRepo, orgUC *OrganizationUseCase, logger log.Logger) *MembershipUseCase

func (*MembershipUseCase) ByOrg 

func (uc *MembershipUseCase) ByOrg(ctx context.Context, orgID string) ([]*Membership, error)

func (*MembershipUseCase) ByUser 

func (uc *MembershipUseCase) ByUser(ctx context.Context, userID string) ([]*Membership, error)

func (*MembershipUseCase) Create 

func (uc *MembershipUseCase) Create(ctx context.Context, orgID, userID string, opts ...MembershipCreateOpt) (*Membership, error)

func (*MembershipUseCase) DeleteOther 

func (uc *MembershipUseCase) DeleteOther(ctx context.Context, orgID, userID, membershipID string) error

DeleteOther just deletes a membership from the database but ensures that the user is not deleting itself from the org

func (*MembershipUseCase) FindByOrgAndUser 

func (uc *MembershipUseCase) FindByOrgAndUser(ctx context.Context, orgID, userID string) (*Membership, error)

func (*MembershipUseCase) LeaveAndDeleteOrg 

func (uc *MembershipUseCase) LeaveAndDeleteOrg(ctx context.Context, userID, membershipID string) error

LeaveAndDeleteOrg deletes a membership (and the org i) from the database associated with the current user and the associated org if the user is the only member

func (*MembershipUseCase) SetCurrent 

func (uc *MembershipUseCase) SetCurrent(ctx context.Context, userID, membershipID string) (*Membership, error)

SetCurrent sets the current membership for the user and unsets the previous one

func (*MembershipUseCase) UpdateRole 

func (uc *MembershipUseCase) UpdateRole(ctx context.Context, orgID, userID, membershipID string, role authz.Role) (*Membership, error)

type NewIntegrationUseCaseOpts 

type NewIntegrationUseCaseOpts struct {
	IRepo   IntegrationRepo
	IaRepo  IntegrationAttachmentRepo
	WfRepo  WorkflowRepo
	CredsRW credentials.ReaderWriter
	Logger  log.Logger
}

type NewUserUseCaseParams 

type NewUserUseCaseParams struct {
	UserRepo            UserRepo
	MembershipUseCase   *MembershipUseCase
	OrganizationUseCase *OrganizationUseCase
	OnboardingConfig    []*config.OnboardingSpec
	Logger              log.Logger
}

type OrgInvitation 

type OrgInvitation struct {
	ID            uuid.UUID
	Org           *Organization
	Sender        *User
	ReceiverEmail string
	CreatedAt     *time.Time
	Status        OrgInvitationStatus
	Role          authz.Role
}

type OrgInvitationRepo 

type OrgInvitationRepo interface {
	Create(ctx context.Context, orgID, senderID uuid.UUID, receiverEmail string, role authz.Role) (*OrgInvitation, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*OrgInvitation, error)
	PendingInvitation(ctx context.Context, orgID uuid.UUID, receiverEmail string) (*OrgInvitation, error)
	PendingInvitations(ctx context.Context, receiverEmail string) ([]*OrgInvitation, error)
	SoftDelete(ctx context.Context, id uuid.UUID) error
	ListByOrg(ctx context.Context, org uuid.UUID) ([]*OrgInvitation, error)
	ChangeStatus(ctx context.Context, ID uuid.UUID, status OrgInvitationStatus) error
}

type OrgInvitationStatus 

type OrgInvitationStatus string
var (
	OrgInvitationStatusPending  OrgInvitationStatus = "pending"
	OrgInvitationStatusAccepted OrgInvitationStatus = "accepted"
)

func (OrgInvitationStatus) Values 

func (OrgInvitationStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type OrgInvitationUseCase 

type OrgInvitationUseCase struct {
	// contains filtered or unexported fields
}

func NewOrgInvitationUseCase 

func NewOrgInvitationUseCase(r OrgInvitationRepo, mRepo MembershipRepo, uRepo UserRepo, l log.Logger) (*OrgInvitationUseCase, error)

func (*OrgInvitationUseCase) AcceptInvitation 

func (uc *OrgInvitationUseCase) AcceptInvitation(ctx context.Context, invitationID string) error

func (*OrgInvitationUseCase) AcceptPendingInvitations 

func (uc *OrgInvitationUseCase) AcceptPendingInvitations(ctx context.Context, receiverEmail string) error

AcceptPendingInvitations accepts all pending invitations for a given user email

func (*OrgInvitationUseCase) Create 

func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, receiverEmail string, createOpts ...InvitationCreateOpt) (*OrgInvitation, error)

func (*OrgInvitationUseCase) FindByID 

func (uc *OrgInvitationUseCase) FindByID(ctx context.Context, invitationID string) (*OrgInvitation, error)

func (*OrgInvitationUseCase) ListByOrg 

func (uc *OrgInvitationUseCase) ListByOrg(ctx context.Context, orgID string) ([]*OrgInvitation, error)

func (*OrgInvitationUseCase) Revoke 

func (uc *OrgInvitationUseCase) Revoke(ctx context.Context, orgID, invitationID string) error

Revoke an invitation by ID only if the user is the one who created it

type OrgMetricsRepo 

type OrgMetricsRepo interface {
	// Total number of runs within the provided time window (from now)
	RunsTotal(ctx context.Context, orgID uuid.UUID, timeWindow *TimeWindow) (int32, error)
	// Total number by run status
	RunsByStatusTotal(ctx context.Context, orgID uuid.UUID, timeWindow *TimeWindow) (map[string]int32, error)
	RunsByRunnerTypeTotal(ctx context.Context, orgID uuid.UUID, timeWindow *TimeWindow) (map[string]int32, error)
	TopWorkflowsByRunsCount(ctx context.Context, orgID uuid.UUID, numWorkflows int, timeWindow *TimeWindow) ([]*TopWorkflowsByRunsCountItem, error)
	DailyRunsCount(ctx context.Context, orgID, workflowID uuid.UUID, timeWindow *TimeWindow) ([]*DayRunsCount, error)
}

type OrgMetricsUseCase 

type OrgMetricsUseCase struct {
	// contains filtered or unexported fields
}

func NewOrgMetricsUseCase 

func NewOrgMetricsUseCase(r OrgMetricsRepo, orgRepo OrganizationRepo, wfUseCase *WorkflowUseCase, l log.Logger) (*OrgMetricsUseCase, error)

func (*OrgMetricsUseCase) DailyRunsCount 

func (uc *OrgMetricsUseCase) DailyRunsCount(ctx context.Context, orgID string, workflowID *string, timeWindow *TimeWindow) ([]*DayRunsCount, error)

DailyRunsCount returns the number of runs per day within the provided time window (from now) Optionally filtered by workflowID

func (*OrgMetricsUseCase) GetLastWorkflowStatusByRun added in v0.94.0 

func (uc *OrgMetricsUseCase) GetLastWorkflowStatusByRun(ctx context.Context, orgName string) ([]*prometheuscollector.WorkflowLastStatusByRunReport, error)

GetLastWorkflowStatusByRun returns the last status of each workflow by its last run It only returns workflows with at least one run and skips workflows with initialized runs

func (*OrgMetricsUseCase) RunsTotal 

func (uc *OrgMetricsUseCase) RunsTotal(ctx context.Context, orgID string, timeWindow *TimeWindow) (int32, error)

func (*OrgMetricsUseCase) RunsTotalByRunnerType 

func (uc *OrgMetricsUseCase) RunsTotalByRunnerType(ctx context.Context, orgID string, timeWindow *TimeWindow) (map[string]int32, error)

func (*OrgMetricsUseCase) RunsTotalByStatus 

func (uc *OrgMetricsUseCase) RunsTotalByStatus(ctx context.Context, orgID string, timeWindow *TimeWindow) (map[string]int32, error)

func (*OrgMetricsUseCase) TopWorkflowsByRunsCount 

func (uc *OrgMetricsUseCase) TopWorkflowsByRunsCount(ctx context.Context, orgID string, numWorkflows int, timeWindow *TimeWindow) ([]*TopWorkflowsByRunsCountItem, error)

type Organization 

type Organization struct {
	ID, Name  string
	CreatedAt *time.Time
}

type OrganizationRepo 

type OrganizationRepo interface {
	FindByID(ctx context.Context, orgID uuid.UUID) (*Organization, error)
	FindByName(ctx context.Context, name string) (*Organization, error)
	Create(ctx context.Context, name string) (*Organization, error)
	Delete(ctx context.Context, ID uuid.UUID) error
}

type OrganizationUseCase 

type OrganizationUseCase struct {
	// contains filtered or unexported fields
}

func NewOrganizationUseCase 

func NewOrganizationUseCase(repo OrganizationRepo, repoUC *CASBackendUseCase, iUC *IntegrationUseCase, mRepo MembershipRepo, onboardingConfig []*config.OnboardingSpec, l log.Logger) *OrganizationUseCase

func (*OrganizationUseCase) AutoOnboardOrganizations added in v0.91.8 

func (uc *OrganizationUseCase) AutoOnboardOrganizations(ctx context.Context, userID string) error

AutoOnboardOrganizations creates the organizations specified in the onboarding config and assigns the user to them with the specified role if they are not already a member.

func (*OrganizationUseCase) Create 

func (uc *OrganizationUseCase) Create(ctx context.Context, name string, opts ...CreateOpt) (*Organization, error)

Create an organization with the given name

func (*OrganizationUseCase) CreateWithRandomName 

func (uc *OrganizationUseCase) CreateWithRandomName(ctx context.Context, opts ...CreateOpt) (*Organization, error)

func (*OrganizationUseCase) Delete 

func (uc *OrganizationUseCase) Delete(ctx context.Context, id string) error

Delete deletes an organization and all relevant data This includes: - The organization - The associated repositories - The associated integrations The reason for just deleting these two associated components only is because they have external secrets that need to be deleted as well, and for that we leverage their own delete methods The rest of the data gets removed by the database cascade delete

func (*OrganizationUseCase) FindByID 

func (uc *OrganizationUseCase) FindByID(ctx context.Context, id string) (*Organization, error)

type PromObservable added in v0.95.0 

type PromObservable interface {
	ObserveAttestationIfNeeded(ctx context.Context, run *WorkflowRun, status WorkflowRunStatus) bool
}

type PrometheusUseCase added in v0.94.0 

type PrometheusUseCase struct {
	// contains filtered or unexported fields
}

PrometheusUseCase is a use case for Prometheus where some metrics are exposed

func NewPrometheusUseCase added in v0.94.0 

func NewPrometheusUseCase(conf []*conf.PrometheusIntegrationSpec, orgUseCase *OrganizationUseCase, orgMetricsUseCase *OrgMetricsUseCase, logger log.Logger) *PrometheusUseCase

NewPrometheusUseCase creates a new PrometheusUseCase

func (*PrometheusUseCase) GetRegistryByOrganizationName added in v0.94.0 

func (uc *PrometheusUseCase) GetRegistryByOrganizationName(orgName string) *registry.PrometheusRegistry

GetRegistryByOrganizationName returns a registry by organization name

func (*PrometheusUseCase) ObserveAttestationIfNeeded added in v0.95.0 

func (uc *PrometheusUseCase) ObserveAttestationIfNeeded(ctx context.Context, run *WorkflowRun, status WorkflowRunStatus) bool

Record an attestation if the run exists and there is a registry for the organization

func (*PrometheusUseCase) OrganizationHasRegistry added in v0.94.0 

func (uc *PrometheusUseCase) OrganizationHasRegistry(orgName string) bool

OrganizationHasRegistry checks if an organization has a registry

type Referrer 

type Referrer struct {
	Digest string
	Kind   string
	// Wether the item is downloadable from CAS or not
	Downloadable bool
	// If this referrer is part of a public workflow
	InPublicWorkflow bool
	References       []*Referrer

	Metadata, Annotations map[string]string
}

func (*Referrer) MapID 

func (r *Referrer) MapID() string

type ReferrerRepo 

type ReferrerRepo interface {
	Save(ctx context.Context, input []*Referrer, workflowID uuid.UUID) error
	// GetFromRoot returns the referrer identified by the provided content digest, including its first-level references
	// For example if sha:deadbeef represents an attestation, the result will contain the attestation + materials associated to it
	// OrgIDs represent an allowList of organizations where the referrers should be looked for
	GetFromRoot(ctx context.Context, digest string, orgIDS []uuid.UUID, filters ...GetFromRootFilter) (*StoredReferrer, error)
	// Check if a given referrer by digest exist.
	// The query can be scoped further down if needed by providing the kind or visibility status
	Exist(ctx context.Context, digest string, filters ...GetFromRootFilter) (bool, error)
}

type ReferrerUseCase 

type ReferrerUseCase struct {
	// contains filtered or unexported fields
}

func NewReferrerUseCase 

func NewReferrerUseCase(repo ReferrerRepo, wfRepo WorkflowRepo, mRepo MembershipRepo, indexCfg *conf.ReferrerSharedIndex, l log.Logger) (*ReferrerUseCase, error)

func (*ReferrerUseCase) ExtractAndPersist 

func (s *ReferrerUseCase) ExtractAndPersist(ctx context.Context, att *dsse.Envelope, workflowID string) error

ExtractAndPersist extracts the referrers (subject + materials) from the given attestation and store it as part of the referrers index table

func (*ReferrerUseCase) GetFromRoot 

func (s *ReferrerUseCase) GetFromRoot(ctx context.Context, digest, rootKind string, orgIDs []uuid.UUID) (*StoredReferrer, error)

func (*ReferrerUseCase) GetFromRootInPublicSharedIndex 

func (s *ReferrerUseCase) GetFromRootInPublicSharedIndex(ctx context.Context, digest, rootKind string) (*StoredReferrer, error)

Get the list of public referrers from organizations that have been allowed to be shown in a shared index NOTE: This is a public endpoint under /discover/[sha256:deadbeef]

func (*ReferrerUseCase) GetFromRootUser 

func (s *ReferrerUseCase) GetFromRootUser(ctx context.Context, digest, rootKind, userID string) (*StoredReferrer, error)

GetFromRootUser returns the referrer identified by the provided content digest, including its first-level references For example if sha:deadbeef represents an attestation, the result will contain the attestation + materials associated to it It only returns referrers that belong to organizations the user is member of

type RemotePolicy added in v0.96.5 

type RemotePolicy struct {
	ProviderRef *policies.PolicyReference
	Policy      *schemav1.Policy
}

type RobotAccount 

type RobotAccount struct {
	Name                 string
	ID                   uuid.UUID
	JWT                  string
	WorkflowID           uuid.UUID
	CreatedAt, RevokedAt *time.Time
}

type RobotAccountRepo 

type RobotAccountRepo interface {
	Create(ctx context.Context, name string, workflowID uuid.UUID) (*RobotAccount, error)
	List(ctx context.Context, workflowID uuid.UUID, includeRevoked bool) ([]*RobotAccount, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*RobotAccount, error)
	Revoke(ctx context.Context, orgID, ID uuid.UUID) error
}

type RobotAccountUseCase 

type RobotAccountUseCase struct {
	// contains filtered or unexported fields
}

func NewRootAccountUseCase 

func NewRootAccountUseCase(robotAccountRepo RobotAccountRepo, workflowRepo WorkflowRepo, conf *conf.Auth, logger log.Logger) *RobotAccountUseCase

func (*RobotAccountUseCase) Create 

func (uc *RobotAccountUseCase) Create(ctx context.Context, name string, orgID, workflowID string) (*RobotAccount, error)

func (*RobotAccountUseCase) FindByID 

func (uc *RobotAccountUseCase) FindByID(ctx context.Context, id string) (*RobotAccount, error)

func (*RobotAccountUseCase) List 

func (uc *RobotAccountUseCase) List(ctx context.Context, orgID, workflowID string, includeRevoked bool) ([]*RobotAccount, error)

func (*RobotAccountUseCase) Revoke 

func (uc *RobotAccountUseCase) Revoke(ctx context.Context, orgID, id string) error

type RunListFilters 

type RunListFilters struct {
	WorkflowID uuid.UUID
	Status     WorkflowRunStatus
}

type SaveOption added in v0.94.3 

type SaveOption func(*AttestationStateSaveOpts)

func WithAttStateBaseDigest added in v0.94.3 

func WithAttStateBaseDigest(digest string) SaveOption

type SigningUseCase 

type SigningUseCase struct {
	CA ca.CertificateAuthority
}

func NewChainloopSigningUseCase 

func NewChainloopSigningUseCase(ca ca.CertificateAuthority) *SigningUseCase

func (*SigningUseCase) CreateSigningCert 

func (s *SigningUseCase) CreateSigningCert(ctx context.Context, orgID string, csrRaw []byte) ([]string, error)

CreateSigningCert signs a certificate request with a configured CA, and returns the full certificate chain

type StoredReferrer 

type StoredReferrer struct {
	*Referrer
	ID        uuid.UUID
	CreatedAt *time.Time
	// Fully expanded list of 1-level off references
	References          []*StoredReferrer
	OrgIDs, WorkflowIDs []uuid.UUID
}

Actual referrer stored in the DB which includes a nested list of storedReferences

type TimeWindow added in v0.93.0 

type TimeWindow struct {
	From time.Time
	To   time.Time
}

TimeWindow represents in time.Time format not in time.Duration

func (*TimeWindow) Validate added in v0.93.0 

func (tw *TimeWindow) Validate() error

Validate validates the time window checking From and To are set

type TopWorkflowsByRunsCountItem 

type TopWorkflowsByRunsCountItem struct {
	Workflow *Workflow
	ByStatus map[string]int32
	Total    int32
}

type User 

type User struct {
	ID        string
	Email     string
	CreatedAt *time.Time
}

type UserOrgFinder 

type UserOrgFinder interface {
	FindByID(ctx context.Context, userID string) (*User, error)
	CurrentMembership(ctx context.Context, userID string) (*Membership, error)
}

type UserRepo 

type UserRepo interface {
	CreateByEmail(ctx context.Context, email string) (*User, error)
	FindByEmail(ctx context.Context, email string) (*User, error)
	FindByID(ctx context.Context, userID uuid.UUID) (*User, error)
	Delete(ctx context.Context, userID uuid.UUID) error
}

type UserUseCase 

type UserUseCase struct {
	// contains filtered or unexported fields
}

func NewUserUseCase 

func NewUserUseCase(opts *NewUserUseCaseParams) *UserUseCase

func (*UserUseCase) CurrentMembership 

func (uc *UserUseCase) CurrentMembership(ctx context.Context, userID string) (*Membership, error)

Find the membership associated with the user that's marked as current If none is selected, it will pick the first one and set it as current

func (*UserUseCase) DeleteUser 

func (uc *UserUseCase) DeleteUser(ctx context.Context, userID string) error

DeleteUser deletes the user, related memberships and organization if needed

func (*UserUseCase) FindByID 

func (uc *UserUseCase) FindByID(ctx context.Context, userID string) (*User, error)

func (*UserUseCase) FindOrCreateByEmail 

func (uc *UserUseCase) FindOrCreateByEmail(ctx context.Context, email string, disableAutoOnboarding ...bool) (*User, error)

FindOrCreateByEmail finds or creates a user by email. By default, it will auto-onboard the user to the organizations defined in the configuration. If disableAutoOnboarding is set to true, it will skip the auto-onboarding process.

type Workflow 

type Workflow struct {
	Name, Description, Team, Project string
	CreatedAt                        *time.Time
	RunsCounter                      int
	LastRun                          *WorkflowRun
	ID, ContractID, OrgID            uuid.UUID
	ContractName                     string
	// Latest available contract revision
	ContractRevisionLatest int
	// Public means that the associated workflow runs, attestations and materials
	// are reachable by other users, regardless of their organization
	// This field is also used to calculate if an user can download attestations/materials from the CAS
	Public bool
}

type WorkflowContract 

type WorkflowContract struct {
	ID             uuid.UUID
	Name           string
	Description    string
	LatestRevision int
	CreatedAt      *time.Time
	// WorkflowNames is the list of workflows associated with this contract
	WorkflowNames []string
}

type WorkflowContractCreateOpts 

type WorkflowContractCreateOpts struct {
	OrgID, Name string
	RawSchema   []byte
	Description *string
	// Make sure that the name is unique in the organization
	AddUniquePrefix bool
}

type WorkflowContractRepo 

type WorkflowContractRepo interface {
	Create(ctx context.Context, opts *ContractCreateOpts) (*WorkflowContract, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*WorkflowContract, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*WorkflowContract, error)
	FindByNameInOrg(ctx context.Context, orgID uuid.UUID, name string) (*WorkflowContract, error)
	Describe(ctx context.Context, orgID, contractID uuid.UUID, revision int) (*WorkflowContractWithVersion, error)
	FindVersionByID(ctx context.Context, versionID uuid.UUID) (*WorkflowContractWithVersion, error)
	Update(ctx context.Context, orgID uuid.UUID, name string, opts *ContractUpdateOpts) (*WorkflowContractWithVersion, error)
	SoftDelete(ctx context.Context, contractID uuid.UUID) error
}

type WorkflowContractUpdateOpts 

type WorkflowContractUpdateOpts struct {
	RawSchema   []byte
	Description *string
}

type WorkflowContractUseCase 

type WorkflowContractUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowContractUseCase 

func NewWorkflowContractUseCase(repo WorkflowContractRepo, policyRegistry *policies.Registry, logger log.Logger) *WorkflowContractUseCase

func (*WorkflowContractUseCase) Create 

func (uc *WorkflowContractUseCase) Create(ctx context.Context, opts *WorkflowContractCreateOpts) (*WorkflowContract, error)

we currently only support schema v1

func (*WorkflowContractUseCase) Delete 

func (uc *WorkflowContractUseCase) Delete(ctx context.Context, orgID, contractID string) error

Delete soft-deletes the entry

func (*WorkflowContractUseCase) Describe 

func (uc *WorkflowContractUseCase) Describe(ctx context.Context, orgID, contractID string, revision int) (*WorkflowContractWithVersion, error)

func (*WorkflowContractUseCase) FindByIDInOrg 

func (uc *WorkflowContractUseCase) FindByIDInOrg(ctx context.Context, orgID, contractID string) (*WorkflowContract, error)

func (*WorkflowContractUseCase) FindByNameInOrg added in v0.93.0 

func (uc *WorkflowContractUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*WorkflowContract, error)

func (*WorkflowContractUseCase) FindVersionByID 

func (uc *WorkflowContractUseCase) FindVersionByID(ctx context.Context, versionID string) (*WorkflowContractWithVersion, error)

func (*WorkflowContractUseCase) GetPolicy added in v0.95.7 

func (uc *WorkflowContractUseCase) GetPolicy(providerName, policyName, token string) (*RemotePolicy, error)

GetPolicy retrieves a policy from a policy provider

func (*WorkflowContractUseCase) List 

func (uc *WorkflowContractUseCase) List(ctx context.Context, orgID string) ([]*WorkflowContract, error)

func (*WorkflowContractUseCase) Update 

func (uc *WorkflowContractUseCase) Update(ctx context.Context, orgID, name string, opts *WorkflowContractUpdateOpts) (*WorkflowContractWithVersion, error)

func (*WorkflowContractUseCase) ValidateContractPolicies added in v0.96.0 

func (uc *WorkflowContractUseCase) ValidateContractPolicies(rawSchema []byte, token string) error

type WorkflowContractVersion 

type WorkflowContractVersion struct {
	ID        uuid.UUID
	Revision  int
	CreatedAt *time.Time
	Schema    *Contract
}

type WorkflowContractWithVersion 

type WorkflowContractWithVersion struct {
	Contract *WorkflowContract
	Version  *WorkflowContractVersion
}

type WorkflowCreateOpts 

type WorkflowCreateOpts struct {
	Name, OrgID, Project, Team, ContractName, Description string
	ContractID                                            string
	// Public means that the associated workflow runs, attestations and materials
	// are reachable by other users, regardless of their organization
	Public bool
}

TODO: move to pointer properties to handle empty values

type WorkflowRepo 

type WorkflowRepo interface {
	Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error)
	Update(ctx context.Context, id uuid.UUID, opts *WorkflowUpdateOpts) (*Workflow, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*Workflow, error)
	GetOrgScoped(ctx context.Context, orgID, workflowID uuid.UUID) (*Workflow, error)
	GetOrgScopedByName(ctx context.Context, orgID uuid.UUID, workflowName string) (*Workflow, error)
	IncRunsCounter(ctx context.Context, workflowID uuid.UUID) error
	FindByID(ctx context.Context, workflowID uuid.UUID) (*Workflow, error)
	SoftDelete(ctx context.Context, workflowID uuid.UUID) error
}

type WorkflowRun 

type WorkflowRun struct {
	ID                    uuid.UUID
	State, Reason         string
	CreatedAt, FinishedAt *time.Time
	Workflow              *Workflow
	RunURL, RunnerType    string
	ContractVersionID     uuid.UUID
	Attestation           *Attestation
	CASBackends           []*CASBackend
	// The revision of the contract that was used
	ContractRevisionUsed int
	// The max revision of the contract at the time of the run
	ContractRevisionLatest int
}

type WorkflowRunCreateOpts 

type WorkflowRunCreateOpts struct {
	WorkflowID       string
	ContractRevision *WorkflowContractWithVersion
	RunnerRunURL     string
	RunnerType       string
	CASBackendID     uuid.UUID
}

type WorkflowRunExpirerOpts 

type WorkflowRunExpirerOpts struct {
	// Maximum time threshold for what a workflowRun will be considered expired
	ExpirationWindow time.Duration
	CheckInterval    time.Duration
}

type WorkflowRunExpirerUseCase 

type WorkflowRunExpirerUseCase struct {
	PromObservable PromObservable
	// contains filtered or unexported fields
}

func NewWorkflowRunExpirerUseCase 

func NewWorkflowRunExpirerUseCase(wfrRepo WorkflowRunRepo, po PromObservable, logger log.Logger) *WorkflowRunExpirerUseCase

func (*WorkflowRunExpirerUseCase) ExpirationSweep 

func (uc *WorkflowRunExpirerUseCase) ExpirationSweep(ctx context.Context, olderThan time.Time) error

ExpirationSweep looks for runs older than the provider time and marks them as expired

func (*WorkflowRunExpirerUseCase) Run 

func (uc *WorkflowRunExpirerUseCase) Run(ctx context.Context, opts *WorkflowRunExpirerOpts)

type WorkflowRunRepo 

type WorkflowRunRepo interface {
	Create(ctx context.Context, opts *WorkflowRunRepoCreateOpts) (*WorkflowRun, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*WorkflowRun, error)
	FindByAttestationDigest(ctx context.Context, digest string) (*WorkflowRun, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*WorkflowRun, error)
	MarkAsFinished(ctx context.Context, ID uuid.UUID, status WorkflowRunStatus, reason string) error
	SaveAttestation(ctx context.Context, ID uuid.UUID, att *dsse.Envelope, digest string) error
	List(ctx context.Context, orgID uuid.UUID, f *RunListFilters, p *pagination.CursorOptions) ([]*WorkflowRun, string, error)
	// List the runs that have not finished and are older than a given time
	ListNotFinishedOlderThan(ctx context.Context, olderThan time.Time) ([]*WorkflowRun, error)
	// Set run as expired
	Expire(ctx context.Context, id uuid.UUID) error
}

type WorkflowRunRepoCreateOpts 

type WorkflowRunRepoCreateOpts struct {
	WorkflowID, SchemaVersionID  uuid.UUID
	RunURL, RunnerType           string
	Backends                     []uuid.UUID
	LatestRevision, UsedRevision int
}

type WorkflowRunStatus 

type WorkflowRunStatus string
const (
	WorkflowRunInitialized WorkflowRunStatus = "initialized"
	WorkflowRunSuccess     WorkflowRunStatus = "success"
	WorkflowRunError       WorkflowRunStatus = "error"
	WorkflowRunExpired     WorkflowRunStatus = "expired"
	WorkflowRunCancelled   WorkflowRunStatus = "canceled"
)

func (WorkflowRunStatus) Values 

func (WorkflowRunStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type WorkflowRunUseCase 

type WorkflowRunUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowRunUseCase 

func NewWorkflowRunUseCase(wfrRepo WorkflowRunRepo, wfRepo WorkflowRepo, logger log.Logger) (*WorkflowRunUseCase, error)

func (*WorkflowRunUseCase) Create 

func (uc *WorkflowRunUseCase) Create(ctx context.Context, opts *WorkflowRunCreateOpts) (*WorkflowRun, error)

Create will add a new WorkflowRun, associate it to a schemaVersion and increment the counter in the associated workflow

func (*WorkflowRunUseCase) ExistsInWorkflow 

func (uc *WorkflowRunUseCase) ExistsInWorkflow(ctx context.Context, workflowID, id string) (bool, error)

The workflowRun belongs to the provided workflowRun

func (*WorkflowRunUseCase) GetByDigestInOrgOrPublic 

func (uc *WorkflowRunUseCase) GetByDigestInOrgOrPublic(ctx context.Context, orgID, digest string) (*WorkflowRun, error)

func (*WorkflowRunUseCase) GetByIDInOrg 

func (uc *WorkflowRunUseCase) GetByIDInOrg(ctx context.Context, orgID, runID string) (*WorkflowRun, error)

Returns the workflow run with the provided ID if it belongs to the org

func (*WorkflowRunUseCase) GetByIDInOrgOrPublic 

func (uc *WorkflowRunUseCase) GetByIDInOrgOrPublic(ctx context.Context, orgID, runID string) (*WorkflowRun, error)

Returns the workflow run with the provided ID if it belongs to the org or its public

func (*WorkflowRunUseCase) List 

func (uc *WorkflowRunUseCase) List(ctx context.Context, orgID string, f *RunListFilters, p *pagination.CursorOptions) ([]*WorkflowRun, string, error)

List the workflowruns associated with an org and optionally filtered by a workflow

func (*WorkflowRunUseCase) MarkAsFinished 

func (uc *WorkflowRunUseCase) MarkAsFinished(ctx context.Context, id string, status WorkflowRunStatus, reason string) error

func (*WorkflowRunUseCase) SaveAttestation 

func (uc *WorkflowRunUseCase) SaveAttestation(ctx context.Context, id string, envelope *dsse.Envelope) (string, error)

type WorkflowRunWithContract 

type WorkflowRunWithContract struct {
	*WorkflowRun
	*WorkflowContractVersion
}

type WorkflowUpdateOpts 

type WorkflowUpdateOpts struct {
	Project, Team, Description, ContractID *string
	Public                                 *bool
}

type WorkflowUseCase 

type WorkflowUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowUsecase 

func NewWorkflowUsecase(wfr WorkflowRepo, schemaUC *WorkflowContractUseCase, logger log.Logger) *WorkflowUseCase

func (*WorkflowUseCase) Create 

func (uc *WorkflowUseCase) Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error)

func (*WorkflowUseCase) Delete 

func (uc *WorkflowUseCase) Delete(ctx context.Context, orgID, workflowID string) error

Delete soft-deletes the entry

func (*WorkflowUseCase) FindByID 

func (uc *WorkflowUseCase) FindByID(ctx context.Context, workflowID string) (*Workflow, error)

func (*WorkflowUseCase) FindByIDInOrg 

func (uc *WorkflowUseCase) FindByIDInOrg(ctx context.Context, orgID, workflowID string) (*Workflow, error)

func (*WorkflowUseCase) FindByNameInOrg 

func (uc *WorkflowUseCase) FindByNameInOrg(ctx context.Context, orgID, workflowName string) (*Workflow, error)

func (*WorkflowUseCase) IncRunsCounter 

func (uc *WorkflowUseCase) IncRunsCounter(ctx context.Context, workflowID string) error

func (*WorkflowUseCase) List 

func (uc *WorkflowUseCase) List(ctx context.Context, orgID string) ([]*Workflow, error)

func (*WorkflowUseCase) Update 

func (uc *WorkflowUseCase) Update(ctx context.Context, orgID, workflowID string, opts *WorkflowUpdateOpts) (*Workflow, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.