controlplane

package
v0.0.47 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2024 License: Apache-2.0 Imports: 91 Imported by: 0

Documentation

Overview

Package controlplane contains the gRPC server implementation for the control plane

Package controlplane contains the control plane API for the minder.

Index

Constants

View Source 
const (
	WebhookActionEventDeleted     = "deleted"
	WebhookActionEventOpened      = "opened"
	WebhookActionEventClosed      = "closed"
	WebhookActionEventSynchronize = "synchronize"
	WebhookActionEventPublished   = "published"
)

WebhookActionEventDeleted is the action for a deleted event

View Source 
const PaginationLimit = 10

PaginationLimit is the maximum number of items that can be returned in a single page

Variables

This section is empty.

Functions

func DeleteUser 

func DeleteUser(
	ctx context.Context,
	store db.Store,
	authzClient authz.Client,
	providerService service.GitHubProviderService,
	userId string,
) error

DeleteUser deletes a user and all their associated data from the minder database

func EntityContextProjectInterceptor added in v0.0.27 

func EntityContextProjectInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo,
	handler grpc.UnaryHandler) (any, error)

EntityContextProjectInterceptor is a server interceptor that sets up the entity context project

func HandleEvents 

func HandleEvents(
	ctx context.Context,
	store db.Store,
	authzClient authz.Client,
	cfg *serverconfig.Config,
	providerService service.GitHubProviderService,
)

HandleEvents fetches events from the identity provider and performs any related changes to the minder database

func ProjectAuthorizationInterceptor added in v0.0.27 

func ProjectAuthorizationInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo,
	handler grpc.UnaryHandler) (any, error)

ProjectAuthorizationInterceptor is a server interceptor that checks if a user is authorized on the requested project

func RegisterGRPCServices 

func RegisterGRPCServices(s *Server)

RegisterGRPCServices registers the GRPC services

func RegisterGatewayHTTPHandlers 

func RegisterGatewayHTTPHandlers(ctx context.Context, gwmux *runtime.ServeMux, grpcAddress string, opts []grpc.DialOption)

RegisterGatewayHTTPHandlers registers the gateway HTTP handlers

func SubscribeToIdentityEvents 

func SubscribeToIdentityEvents(
	ctx context.Context,
	store db.Store,
	authzClient authz.Client,
	cfg *serverconfig.Config,
	providerService service.GitHubProviderService,
) error

SubscribeToIdentityEvents starts a cron job that periodically fetches events from the identity provider

func TokenValidationInterceptor added in v0.0.24 

func TokenValidationInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo,
	handler grpc.UnaryHandler) (any, error)

TokenValidationInterceptor is a server interceptor that validates the bearer token

Types

type AccountEvent 

type AccountEvent struct {
	Time     int64  `json:"time"`
	Type     string `json:"type"`
	RealmId  string `json:"realmId"`
	ClientId string `json:"clientId"`
	UserId   string `json:"userId"`
}

AccountEvent is an event returned by the identity provider

type HasProtoContext added in v0.0.21 

type HasProtoContext interface {
	GetContext() *pb.Context
}

HasProtoContext is an interface that can be implemented by a request

type Server 

type Server struct {

	// Implementations for service registration
	pb.UnimplementedHealthServiceServer
	pb.UnimplementedOAuthServiceServer
	pb.UnimplementedUserServiceServer
	pb.UnimplementedRepositoryServiceServer
	pb.UnimplementedProjectsServiceServer
	pb.UnimplementedProfileServiceServer
	pb.UnimplementedArtifactServiceServer
	pb.UnimplementedPermissionsServiceServer
	pb.UnimplementedProvidersServiceServer
	pb.UnimplementedEvalResultsServiceServer
	// contains filtered or unexported fields
}

Server represents the controlplane server

func NewServer 

func NewServer(
	store db.Store,
	evt events.Publisher,
	cfg *serverconfig.Config,
	vldtr auth.JwtValidator,
	providerStore providers.ProviderStore,
	opts ...ServerOption,
) (*Server, error)

NewServer creates a new server instance

func (*Server) AssignRole added in v0.0.28 

func (s *Server) AssignRole(ctx context.Context, req *minder.AssignRoleRequest) (*minder.AssignRoleResponse, error)

AssignRole assigns a role to a user on a project. Note that this assumes that the request has already been authorized.

func (*Server) CheckHealth 

func (s *Server) CheckHealth(_ context.Context, _ *pb.CheckHealthRequest) (*pb.CheckHealthResponse, error)

CheckHealth is a simple health check for monitoring

func (*Server) CreateEntityReconciliationTask added in v0.0.36 

func (s *Server) CreateEntityReconciliationTask(ctx context.Context,
	in *pb.CreateEntityReconciliationTaskRequest) (
	*pb.CreateEntityReconciliationTaskResponse, error,
)

CreateEntityReconciliationTask creates a task to reconcile the state of an entity

func (*Server) CreateProfile 

func (s *Server) CreateProfile(ctx context.Context,
	cpr *minderv1.CreateProfileRequest) (*minderv1.CreateProfileResponse, error)

CreateProfile creates a profile for a project

func (*Server) CreateProject added in v0.0.35 

func (s *Server) CreateProject(
	ctx context.Context,
	req *minderv1.CreateProjectRequest,
) (*minderv1.CreateProjectResponse, error)

CreateProject creates a new subproject

func (*Server) CreateRuleType 

func (s *Server) CreateRuleType(
	ctx context.Context,
	crt *minderv1.CreateRuleTypeRequest,
) (*minderv1.CreateRuleTypeResponse, error)

CreateRuleType is a method to create a rule type

func (*Server) CreateUser 

func (s *Server) CreateUser(ctx context.Context,
	_ *pb.CreateUserRequest) (*pb.CreateUserResponse, error)

CreateUser is a service for user self registration

func (*Server) DeleteProfile 

func (s *Server) DeleteProfile(ctx context.Context,
	in *minderv1.DeleteProfileRequest) (*minderv1.DeleteProfileResponse, error)

DeleteProfile is a method to delete a profile

func (*Server) DeleteProject added in v0.0.35 

func (s *Server) DeleteProject(
	ctx context.Context,
	_ *minderv1.DeleteProjectRequest,
) (*minderv1.DeleteProjectResponse, error)

DeleteProject deletes a subproject

func (*Server) DeleteProvider added in v0.0.40 

func (s *Server) DeleteProvider(
	ctx context.Context,
	_ *minderv1.DeleteProviderRequest,
) (*minderv1.DeleteProviderResponse, error)

DeleteProvider deletes a provider by name from a specific project.

func (*Server) DeleteProviderByID added in v0.0.40 

func (s *Server) DeleteProviderByID(
	ctx context.Context,
	in *minderv1.DeleteProviderByIDRequest,
) (*minderv1.DeleteProviderByIDResponse, error)

DeleteProviderByID deletes a provider by ID from a specific project.

func (*Server) DeleteRepositoryById 

func (s *Server) DeleteRepositoryById(
	ctx context.Context,
	in *pb.DeleteRepositoryByIdRequest,
) (*pb.DeleteRepositoryByIdResponse, error)

DeleteRepositoryById deletes a repository by its UUID

func (*Server) DeleteRepositoryByName 

func (s *Server) DeleteRepositoryByName(
	ctx context.Context,
	in *pb.DeleteRepositoryByNameRequest,
) (*pb.DeleteRepositoryByNameResponse, error)

DeleteRepositoryByName deletes a repository by name

func (*Server) DeleteRuleType 

func (s *Server) DeleteRuleType(
	ctx context.Context,
	in *minderv1.DeleteRuleTypeRequest,
) (*minderv1.DeleteRuleTypeResponse, error)

DeleteRuleType is a method to delete a rule type

func (*Server) DeleteUser 

func (s *Server) DeleteUser(ctx context.Context,
	_ *pb.DeleteUserRequest) (*pb.DeleteUserResponse, error)

DeleteUser is a service for user self deletion

func (*Server) GetArtifactById 

func (s *Server) GetArtifactById(ctx context.Context, in *pb.GetArtifactByIdRequest) (*pb.GetArtifactByIdResponse, error)

GetArtifactById gets an artifact by id nolint:gocyclo

func (*Server) GetArtifactByName added in v0.0.22 

func (s *Server) GetArtifactByName(ctx context.Context, in *pb.GetArtifactByNameRequest) (*pb.GetArtifactByNameResponse, error)

GetArtifactByName gets an artifact by name nolint:gocyclo

func (*Server) GetAuthorizationURL 

func (s *Server) GetAuthorizationURL(ctx context.Context,
	req *pb.GetAuthorizationURLRequest) (*pb.GetAuthorizationURLResponse, error)

GetAuthorizationURL returns the URL to redirect the user to for authorization and the state to be used for the callback. It accepts a provider string and a boolean indicating whether the client is a CLI or web client

func (*Server) GetAuthzClient added in v0.0.43 

func (s *Server) GetAuthzClient() authz.Client

GetAuthzClient returns the authz client

func (*Server) GetProfileById 

func (s *Server) GetProfileById(ctx context.Context,
	in *minderv1.GetProfileByIdRequest) (*minderv1.GetProfileByIdResponse, error)

GetProfileById is a method to get a profile by id

func (*Server) GetProfileStatusByName 

func (s *Server) GetProfileStatusByName(ctx context.Context,
	in *minderv1.GetProfileStatusByNameRequest) (*minderv1.GetProfileStatusByNameResponse, error)

GetProfileStatusByName is a method to get profile status nolint:gocyclo // TODO: Refactor this to be more readable

func (*Server) GetProfileStatusByProject 

func (s *Server) GetProfileStatusByProject(ctx context.Context,
	_ *minderv1.GetProfileStatusByProjectRequest) (*minderv1.GetProfileStatusByProjectResponse, error)

GetProfileStatusByProject is a method to get profile status for a project

func (*Server) GetProvider added in v0.0.35 

func (s *Server) GetProvider(ctx context.Context, req *minderv1.GetProviderRequest) (*minderv1.GetProviderResponse, error)

GetProvider gets a given provider available in a specific project.

func (*Server) GetProviderService added in v0.0.39 

func (s *Server) GetProviderService() service.GitHubProviderService

GetProviderService returns the provider service

func (*Server) GetRepositoryById 

func (s *Server) GetRepositoryById(ctx context.Context,
	in *pb.GetRepositoryByIdRequest) (*pb.GetRepositoryByIdResponse, error)

GetRepositoryById returns a repository for a given repository id

func (*Server) GetRepositoryByName 

func (s *Server) GetRepositoryByName(ctx context.Context,
	in *pb.GetRepositoryByNameRequest) (*pb.GetRepositoryByNameResponse, error)

GetRepositoryByName returns information about a repository. This function will typically be called by the client to get a repository which is already registered and present in the minder database The API is called with a project id

func (*Server) GetRuleTypeById 

func (s *Server) GetRuleTypeById(
	ctx context.Context,
	in *minderv1.GetRuleTypeByIdRequest,
) (*minderv1.GetRuleTypeByIdResponse, error)

GetRuleTypeById is a method to get a rule type by id

func (*Server) GetRuleTypeByName 

func (s *Server) GetRuleTypeByName(
	ctx context.Context,
	in *minderv1.GetRuleTypeByNameRequest,
) (*minderv1.GetRuleTypeByNameResponse, error)

GetRuleTypeByName is a method to get a rule type by name

func (*Server) GetUser 

func (s *Server) GetUser(ctx context.Context, _ *pb.GetUserRequest) (*pb.GetUserResponse, error)

GetUser is a service for getting personal user details

func (*Server) HandleGitHubAppCallback added in v0.0.38 

func (s *Server) HandleGitHubAppCallback() runtime.HandlerFunc

HandleGitHubAppCallback handles the authorization callback from the GitHub App. This function validates the GitHub user has access to the installation. It also gathers the state from the database and compares it to the state passed in, if present. If they match a new GitHub App provider is created with the installation ID. note: this is an HTTP only (not RPC) handler

func (*Server) HandleGitHubAppWebhook added in v0.0.39 

func (s *Server) HandleGitHubAppWebhook() http.HandlerFunc

HandleGitHubAppWebhook handles incoming GitHub App webhooks

func (*Server) HandleGitHubWebHook 

func (s *Server) HandleGitHubWebHook() http.HandlerFunc

HandleGitHubWebHook handles incoming GitHub webhooks See https://docs.github.com/en/developers/webhooks-and-events/webhooks/about-webhooks for more information.

func (*Server) HandleOAuthCallback added in v0.0.38 

func (s *Server) HandleOAuthCallback() runtime.HandlerFunc

HandleOAuthCallback handles the OAuth 2.0 authorization code callback from the enrolled provider. This function gathers the state from the database and compares it to the state passed in. If they match, the provider code is exchanged for a provider token. note: this is an HTTP only (not RPC) handler

func (*Server) ListArtifacts 

func (s *Server) ListArtifacts(ctx context.Context, in *pb.ListArtifactsRequest) (*pb.ListArtifactsResponse, error)

ListArtifacts lists all artifacts for a given project and provider nolint:gocyclo

func (*Server) ListEvaluationResults added in v0.0.35 

func (s *Server) ListEvaluationResults(
	ctx context.Context,
	in *minderv1.ListEvaluationResultsRequest,
) (*minderv1.ListEvaluationResultsResponse, error)

ListEvaluationResults lists the evaluation results for entities filtered b entity type, labels, profiles, and rule types.

func (*Server) ListProfiles 

func (s *Server) ListProfiles(ctx context.Context,
	req *minderv1.ListProfilesRequest) (*minderv1.ListProfilesResponse, error)

ListProfiles is a method to get all profiles for a project

func (*Server) ListProjects added in v0.0.35 

func (s *Server) ListProjects(
	ctx context.Context,
	_ *minderv1.ListProjectsRequest,
) (*minderv1.ListProjectsResponse, error)

ListProjects returns the list of projects for the current user

func (*Server) ListProviderClasses added in v0.0.38 

func (_ *Server) ListProviderClasses(
	_ context.Context, _ *minderv1.ListProviderClassesRequest,
) (*minderv1.ListProviderClassesResponse, error)

ListProviderClasses lists the provider classes available in the system.

func (*Server) ListProviders added in v0.0.30 

func (s *Server) ListProviders(ctx context.Context, req *minderv1.ListProvidersRequest) (*minderv1.ListProvidersResponse, error)

ListProviders lists the providers available in a specific project.

func (*Server) ListRemoteRepositoriesFromProvider 

func (s *Server) ListRemoteRepositoriesFromProvider(
	ctx context.Context,
	in *pb.ListRemoteRepositoriesFromProviderRequest,
) (*pb.ListRemoteRepositoriesFromProviderResponse, error)

ListRemoteRepositoriesFromProvider returns a list of repositories from a provider

func (*Server) ListRepositories 

func (s *Server) ListRepositories(ctx context.Context,
	in *pb.ListRepositoriesRequest) (*pb.ListRepositoriesResponse, error)

ListRepositories returns a list of repositories for a given project This function will typically be called by the client to get a list of repositories that are registered present in the minder database

func (*Server) ListRoleAssignments added in v0.0.28 

func (s *Server) ListRoleAssignments(
	ctx context.Context,
	_ *minder.ListRoleAssignmentsRequest,
) (*minder.ListRoleAssignmentsResponse, error)

ListRoleAssignments returns the list of role assignments for the given project

func (*Server) ListRoles added in v0.0.28 

func (*Server) ListRoles(_ context.Context, _ *minder.ListRolesRequest) (*minder.ListRolesResponse, error)

ListRoles returns the list of available roles for the minder instance

func (*Server) ListRuleTypes 

func (s *Server) ListRuleTypes(
	ctx context.Context,
	_ *minderv1.ListRuleTypesRequest,
) (*minderv1.ListRuleTypesResponse, error)

ListRuleTypes is a method to list all rule types for a given context

func (*Server) NoopWebhookHandler added in v0.0.45 

func (s *Server) NoopWebhookHandler() http.HandlerFunc

NoopWebhookHandler is a no-op handler for webhooks

func (*Server) PatchProfile added in v0.0.35 

func (s *Server) PatchProfile(ctx context.Context, ppr *minderv1.PatchProfileRequest) (*minderv1.PatchProfileResponse, error)

PatchProfile updates a profile for a project with a partial request

func (*Server) PatchProject added in v0.0.36 

func (s *Server) PatchProject(
	ctx context.Context,
	req *minderv1.PatchProjectRequest,
) (*minderv1.PatchProjectResponse, error)

PatchProject patches a project. Note that this does not reparent nor touches the project's metadata directly. There is only a subset of fields that can be updated.

func (*Server) RegisterRepository 

func (s *Server) RegisterRepository(
	ctx context.Context,
	in *pb.RegisterRepositoryRequest,
) (*pb.RegisterRepositoryResponse, error)

RegisterRepository adds repositories to the database and registers a webhook Once a user had enrolled in a project (they have a valid token), they can register repositories to be monitored by the minder by provisioning a webhook on the repository(ies).

func (*Server) RemoveRole added in v0.0.28 

func (s *Server) RemoveRole(ctx context.Context, req *minder.RemoveRoleRequest) (*minder.RemoveRoleResponse, error)

RemoveRole removes a role from a user on a project Note that this assumes that the request has already been authorized.

func (*Server) StartGRPCServer 

func (s *Server) StartGRPCServer(ctx context.Context) error

StartGRPCServer starts a gRPC server and blocks while serving.

func (*Server) StartHTTPServer 

func (s *Server) StartHTTPServer(ctx context.Context) error

StartHTTPServer starts a HTTP server and registers the gRPC handler mux to it set store as a blank identifier for now as we will use it in the future

func (*Server) StoreProviderToken 

func (s *Server) StoreProviderToken(ctx context.Context,
	in *pb.StoreProviderTokenRequest) (*pb.StoreProviderTokenResponse, error)

StoreProviderToken stores the provider token for a project

func (*Server) UpdateProfile added in v0.0.16 

func (s *Server) UpdateProfile(ctx context.Context,
	cpr *minderv1.UpdateProfileRequest) (*minderv1.UpdateProfileResponse, error)

UpdateProfile updates a profile for a project

func (*Server) UpdateProject added in v0.0.36 

func (s *Server) UpdateProject(
	ctx context.Context,
	req *minderv1.UpdateProjectRequest,
) (*minderv1.UpdateProjectResponse, error)

UpdateProject updates a project. Note that this does not reparent nor touches the project's metadata directly. There is only a subset of fields that can be updated.

func (*Server) UpdateRuleType 

func (s *Server) UpdateRuleType(
	ctx context.Context,
	urt *minderv1.UpdateRuleTypeRequest,
) (*minderv1.UpdateRuleTypeResponse, error)

UpdateRuleType is a method to update a rule type

func (*Server) VerifyProviderCredential added in v0.0.39 

func (s *Server) VerifyProviderCredential(ctx context.Context,
	in *pb.VerifyProviderCredentialRequest) (*pb.VerifyProviderCredentialResponse, error)

VerifyProviderCredential verifies the provider credential has been created for the matching enrollment nonce

func (*Server) VerifyProviderTokenFrom 

func (s *Server) VerifyProviderTokenFrom(ctx context.Context,
	in *pb.VerifyProviderTokenFromRequest) (*pb.VerifyProviderTokenFromResponse, error)

VerifyProviderTokenFrom verifies the provider token since a timestamp Deprecated: Use VerifyProviderCredential instead

type ServerOption 

type ServerOption func(*Server)

ServerOption is a function that modifies a server

func WithAuthzClient added in v0.0.27 

func WithAuthzClient(c authz.Client) ServerOption

WithAuthzClient sets the authz client for the server

func WithProviderMetrics 

func WithProviderMetrics(mt provtelemetry.ProviderMetrics) ServerOption

WithProviderMetrics sets the provider metrics for the server

func WithRestClientCache added in v0.0.31 

func WithRestClientCache(c ratecache.RestClientCache) ServerOption

WithRestClientCache sets the rest client cache for the server

func WithServerMetrics added in v0.0.35 

func WithServerMetrics(mt metrics.Metrics) ServerOption

WithServerMetrics sets the server metrics for the server

Source Files

View all Source files

Directories

Path Synopsis
Package metrics defines the primitives available for the controlplane metrics
 Package metrics defines the primitives available for the controlplane metrics

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.