engine

package

v0.0.47 Latest Latest Go to latest Published: Apr 16, 2024 License: Apache-2.0 Imports: 42 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/stacklok/minder

Links

Open Source Insights

Documentation ¶

Overview ¶

Package engine provides an implementation of the profile-engine-related objects, interfaces and functionality.

Index ¶

Constants
func GetRulesForEntity(p *pb.Profile, entity pb.Entity) ([]*pb.Profile_Rule, error)
func GetRulesFromProfileOfType(p *minderv1.Profile, rt *minderv1.RuleType) ([]*minderv1.Profile_Rule, error)
func MergeDatabaseGetIntoProfiles(ppl []db.GetProfileByProjectAndIDRow) map[string]*pb.Profile
func MergeDatabaseListIntoProfiles[T db.ProfileRow](ppl []T) map[string]*pb.Profile
func ParseJSON(r io.Reader) (*pb.Profile, error)
func ParseYAML(r io.Reader) (*pb.Profile, error)
func ReadProfileFromFile(fpath string) (*pb.Profile, error)
func RuleDefFromDB(r *db.RuleType) (*minderv1.RuleType_Definition, error)
func RuleTypePBFromDB(rt *db.RuleType) (*minderv1.RuleType, error)
func TraverseAllRulesForPipeline(p *pb.Profile, fn func(*pb.Profile_Rule) error) error
func TraverseRuleTypesForEntities(p *pb.Profile, fn func(pb.Entity, *pb.Profile_Rule) error) error
func TraverseRules(rules []*pb.Profile_Rule, fn func(*pb.Profile_Rule) error) error
func WithEntityContext(ctx context.Context, c *EntityContext) context.Context
type EntityContext
- func EntityFromContext(ctx context.Context) EntityContext
- func (c *EntityContext) Validate(ctx context.Context, q db.Querier, providerStore providers.ProviderStore) error
- func (c *EntityContext) ValidateProject(ctx context.Context, q db.Querier) error
type Executor
- func NewExecutor(ctx context.Context, querier db.Store, authCfg *serverconfig.AuthConfig, ...) (*Executor, error)
- func (e *Executor) HandleEntityEvent(msg *message.Message) error
- func (e *Executor) Register(r events.Registrar)
- func (e *Executor) Wait()
type ExecutorOption
- func WithMiddleware(mdw message.HandlerMiddleware) ExecutorOption
- func WithProviderMetrics(mt providertelemetry.ProviderMetrics) ExecutorOption
- func WithRestClientCache(cache ratecache.RestClientCache) ExecutorOption
type Project
type Provider
type RuleMeta
- func (r *RuleMeta) String() string
type RuleTypeEngine
- func NewRuleTypeEngine(ctx context.Context, p *minderv1.Profile, rt *minderv1.RuleType, ...) (*RuleTypeEngine, error)
- func (r *RuleTypeEngine) Actions(ctx context.Context, inf *entities.EntityInfoWrapper, ...) enginerr.ActionsError
- func (r *RuleTypeEngine) Eval(ctx context.Context, inf *entities.EntityInfoWrapper, ...) error
- func (r *RuleTypeEngine) GetActionsOnOff() map[engif.ActionType]engif.ActionOpt
- func (r *RuleTypeEngine) GetID() string
- func (r *RuleTypeEngine) GetRuleInstanceValidator() *RuleValidator
- func (r *RuleTypeEngine) WithIngesterCache(ingestCache ingestcache.Cache) *RuleTypeEngine
type RuleValidationError
- func (e *RuleValidationError) Error() string
- func (e *RuleValidationError) String() string
type RuleValidator
- func NewRuleValidator(rt *minderv1.RuleType) (*RuleValidator, error)
- func (r *RuleValidator) ValidateParamsAgainstSchema(params *structpb.Struct) error
- func (r *RuleValidator) ValidateRuleDefAgainstSchema(contextualProfile map[string]any) error

Constants ¶

View Source

const (
	// DefaultExecutionTimeout is the timeout for execution of a set
	// of profiles on an entity.
	DefaultExecutionTimeout = 5 * time.Minute
	// ArtifactSignatureWaitPeriod is the waiting period for potential artifact signature to be available
	// before proceeding with evaluation.
	ArtifactSignatureWaitPeriod = 10 * time.Second
)

Variables ¶

This section is empty.

Functions ¶

func GetRulesForEntity ¶

func GetRulesForEntity(p *pb.Profile, entity pb.Entity) ([]*pb.Profile_Rule, error)

GetRulesForEntity returns the rules for the given entity

func GetRulesFromProfileOfType ¶

func GetRulesFromProfileOfType(p *minderv1.Profile, rt *minderv1.RuleType) ([]*minderv1.Profile_Rule, error)

GetRulesFromProfileOfType returns the rules from the profile of the given type

func MergeDatabaseGetIntoProfiles ¶

func MergeDatabaseGetIntoProfiles(ppl []db.GetProfileByProjectAndIDRow) map[string]*pb.Profile

MergeDatabaseGetIntoProfiles merges the database get profiles into the given profiles map. This assumes that the profiles belong to the same project.

TODO(jaosorior): This will have to consider the project tree once we migrate to that

func MergeDatabaseListIntoProfiles ¶

func MergeDatabaseListIntoProfiles[T db.ProfileRow](ppl []T) map[string]*pb.Profile

MergeDatabaseListIntoProfiles merges the database list profiles into the given profiles map. This assumes that the profiles belong to the same project.

TODO(jaosorior): This will have to consider the project tree once we migrate to that

func ParseJSON ¶

func ParseJSON(r io.Reader) (*pb.Profile, error)

ParseJSON parses a JSON pipeline profile and validates it

func ParseYAML ¶

func ParseYAML(r io.Reader) (*pb.Profile, error)

ParseYAML parses a YAML pipeline profile and validates it

func ReadProfileFromFile ¶

func ReadProfileFromFile(fpath string) (*pb.Profile, error)

ReadProfileFromFile reads a pipeline profile from a file and returns it as a protobuf

func RuleDefFromDB ¶

func RuleDefFromDB(r *db.RuleType) (*minderv1.RuleType_Definition, error)

RuleDefFromDB converts a rule type definition from the database to a protobuf rule type definition

func RuleTypePBFromDB ¶

func RuleTypePBFromDB(rt *db.RuleType) (*minderv1.RuleType, error)

RuleTypePBFromDB converts a rule type from the database to a protobuf rule type

func TraverseAllRulesForPipeline ¶

func TraverseAllRulesForPipeline(p *pb.Profile, fn func(*pb.Profile_Rule) error) error

TraverseAllRulesForPipeline traverses all rules for the given pipeline profile

func TraverseRuleTypesForEntities ¶ added in v0.0.38

func TraverseRuleTypesForEntities(p *pb.Profile, fn func(pb.Entity, *pb.Profile_Rule) error) error

TraverseRuleTypesForEntities traverses the rules for the given entities and calls the given function

func TraverseRules ¶

func TraverseRules(rules []*pb.Profile_Rule, fn func(*pb.Profile_Rule) error) error

TraverseRules traverses the rules and calls the given function for each rule TODO: do we want to collect and return _all_ errors, rather than just the first, to prevent whack-a-mole fixing?

func WithEntityContext ¶

func WithEntityContext(ctx context.Context, c *EntityContext) context.Context

WithEntityContext stores an EntityContext in the current context.

Types ¶

type EntityContext ¶

type EntityContext struct {
	Project  Project
	Provider Provider
}

EntityContext is the context of an entity. This is relevant for getting the full information about an entity.

func EntityFromContext ¶

func EntityFromContext(ctx context.Context) EntityContext

EntityFromContext extracts the current EntityContext, WHICH MAY BE NIL!

func (*EntityContext) Validate ¶ added in v0.0.27

func (c *EntityContext) Validate(ctx context.Context, q db.Querier, providerStore providers.ProviderStore) error

Validate validates that the entity context contains values that are present in the DB

func (*EntityContext) ValidateProject ¶ added in v0.0.39

func (c *EntityContext) ValidateProject(ctx context.Context, q db.Querier) error

ValidateProject validates that the entity context contains a project that is present in the DB

type Executor ¶

type Executor struct {
	// contains filtered or unexported fields
}

Executor is the engine that executes the rules for a given event

func NewExecutor ¶

func NewExecutor(
	ctx context.Context,
	querier db.Store,
	authCfg *serverconfig.AuthConfig,
	provCfg *serverconfig.ProviderConfig,
	evt events.Publisher,
	providerStore providers.ProviderStore,
	opts ...ExecutorOption,
) (*Executor, error)

NewExecutor creates a new executor

func (*Executor) HandleEntityEvent ¶

func (e *Executor) HandleEntityEvent(msg *message.Message) error

HandleEntityEvent handles events coming from webhooks/signals as well as the init event.

func (*Executor) Register ¶

func (e *Executor) Register(r events.Registrar)

Register implements the Consumer interface.

func (*Executor) Wait ¶ added in v0.0.17

func (e *Executor) Wait()

Wait waits for all the entity executions to finish.

type ExecutorOption ¶

type ExecutorOption func(*Executor)

ExecutorOption is a function that modifies an executor

func WithMiddleware ¶ added in v0.0.25

func WithMiddleware(mdw message.HandlerMiddleware) ExecutorOption

WithMiddleware sets the aggregator middleware for the executor

func WithProviderMetrics ¶

func WithProviderMetrics(mt providertelemetry.ProviderMetrics) ExecutorOption

WithProviderMetrics sets the provider metrics for the executor

func WithRestClientCache ¶ added in v0.0.31

func WithRestClientCache(cache ratecache.RestClientCache) ExecutorOption

WithRestClientCache sets the rest client cache for the executor

type Project ¶

type Project struct {
	ID uuid.UUID
}

Project is a construct relevant to an entity's context. This is relevant for getting the full information about an entity.

type Provider ¶

type Provider struct {
	Name string
}

Provider is a construct relevant to an entity's context. This is relevant for getting the full information about an entity.

type RuleMeta ¶

type RuleMeta struct {
	// Name is the name of the rule
	Name string
	// Organization is the ID of the organization that this rule is for
	Organization *string
	// Project is the ID of the project that this rule is for
	Project *string
}

RuleMeta is the metadata for a rule TODO: We probably should care about a version

func (*RuleMeta) String ¶

func (r *RuleMeta) String() string

String returns a string representation of the rule meta

type RuleTypeEngine ¶

type RuleTypeEngine struct {
	Meta RuleMeta
	// contains filtered or unexported fields
}

RuleTypeEngine is the engine for a rule type. It builds the multiple sections of the rule type and instantiates the needed drivers for them.

func NewRuleTypeEngine ¶

func NewRuleTypeEngine(
	ctx context.Context,
	p *minderv1.Profile,
	rt *minderv1.RuleType,
	cli *providers.ProviderBuilder,
) (*RuleTypeEngine, error)

NewRuleTypeEngine creates a new rule type engine

func (*RuleTypeEngine) Actions ¶

func (r *RuleTypeEngine) Actions(
	ctx context.Context,
	inf *entities.EntityInfoWrapper,
	params engif.ActionsParams,
) enginerr.ActionsError

Actions runs all actions for the rule type engine against the given entity

func (*RuleTypeEngine) Eval ¶

func (r *RuleTypeEngine) Eval(ctx context.Context, inf *entities.EntityInfoWrapper, params engif.EvalParamsReadWriter) error

Eval runs the rule type engine against the given entity

func (*RuleTypeEngine) GetActionsOnOff ¶ added in v0.0.25

func (r *RuleTypeEngine) GetActionsOnOff() map[engif.ActionType]engif.ActionOpt

GetActionsOnOff returns the on/off state of the actions

func (*RuleTypeEngine) GetID ¶

func (r *RuleTypeEngine) GetID() string

GetID returns the ID of the rule type. The ID is meant to be a serializable unique identifier for the rule type.

func (*RuleTypeEngine) GetRuleInstanceValidator ¶

func (r *RuleTypeEngine) GetRuleInstanceValidator() *RuleValidator

GetRuleInstanceValidator returns the rule instance validator for this rule type. By instance we mean a rule that has been instantiated in a profile from a given rule type.

func (*RuleTypeEngine) WithIngesterCache ¶

func (r *RuleTypeEngine) WithIngesterCache(ingestCache ingestcache.Cache) *RuleTypeEngine

WithIngesterCache sets the ingester cache for the rule type engine

type RuleValidationError ¶

type RuleValidationError struct {
	Err string
	// RuleType is a rule name
	RuleType string
}

RuleValidationError is used to report errors from evaluating a rule, including attribution of the particular error encountered.

func (*RuleValidationError) Error ¶

func (e *RuleValidationError) Error() string

Error implements error.Error

func (*RuleValidationError) String ¶

func (e *RuleValidationError) String() string

String implements fmt.Stringer

type RuleValidator ¶

type RuleValidator struct {
	// contains filtered or unexported fields
}

RuleValidator takes a rule type and validates an instance of it. The main purpose of this is to validate the schemas that are associated with the rule.

func NewRuleValidator ¶

func NewRuleValidator(rt *minderv1.RuleType) (*RuleValidator, error)

NewRuleValidator creates a new rule validator

func (*RuleValidator) ValidateParamsAgainstSchema ¶

func (r *RuleValidator) ValidateParamsAgainstSchema(params *structpb.Struct) error

ValidateParamsAgainstSchema validates the given parameters against the schema for this rule type

func (*RuleValidator) ValidateRuleDefAgainstSchema ¶

func (r *RuleValidator) ValidateRuleDefAgainstSchema(contextualProfile map[string]any) error

ValidateRuleDefAgainstSchema validates the given contextual profile against the schema for this rule type

Source Files ¶

View all Source files

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
actions Package actions provide necessary interfaces and implementations for processing actions, such as remediation and alerts.	Package actions provide necessary interfaces and implementations for processing actions, such as remediation and alerts.
alert Package alert provides necessary interfaces and implementations for processing alerts.	Package alert provides necessary interfaces and implementations for processing alerts.
alert/noop Package noop provides a fallback alert engine for cases where no alert is set.	Package noop provides a fallback alert engine for cases where no alert is set.
alert/security_advisory Package security_advisory provides necessary interfaces and implementations for creating alerts of type security advisory.	Package security_advisory provides necessary interfaces and implementations for creating alerts of type security advisory.
remediate Package remediate provides necessary interfaces and implementations for remediating rules.	Package remediate provides necessary interfaces and implementations for remediating rules.
remediate/gh_branch_protect Package gh_branch_protect provides the github branch protection remediation engine	Package gh_branch_protect provides the github branch protection remediation engine
remediate/noop Package noop provides a fallback remediation engine for cases where no remediation is set.	Package noop provides a fallback remediation engine for cases where no remediation is set.
remediate/pull_request Package pull_request provides the pull request remediation engine	Package pull_request provides the pull request remediation engine
remediate/rest Package rest provides the REST remediation engine	Package rest provides the REST remediation engine
entities Package entities contains internal helper functions to deal with, validate and print the Entity protobuf enum.	Package entities contains internal helper functions to deal with, validate and print the Entity protobuf enum.
errors Package errors provides errors for the evaluator engine	Package errors provides errors for the evaluator engine
eval Package eval provides necessary interfaces and implementations for evaluating rules.	Package eval provides necessary interfaces and implementations for evaluating rules.
homoglyphs/application Package application contains the application logic for the homoglyphs rule type	Package application contains the application logic for the homoglyphs rule type
homoglyphs/communication Package communication contains the communication logic for the homoglyphs rule type	Package communication contains the communication logic for the homoglyphs rule type
homoglyphs/domain Package domain contains the domain logic for the homoglyphs rule type	Package domain contains the domain logic for the homoglyphs rule type
homoglyphs/domain/resources Package resources contains resources used by the homoglyphs evaluators.	Package resources contains resources used by the homoglyphs evaluators.
homoglyphs/util Package util contains utility functions for the homoglyphs evaluation engine	Package util contains utility functions for the homoglyphs evaluation engine
jq Package jq provides the jq profile evaluator	Package jq provides the jq profile evaluator
pr_actions Package pr_actions contains shared code to take on PRs	Package pr_actions contains shared code to take on PRs
rego Package rego provides the rego rule evaluator	Package rego provides the rego rule evaluator
trusty Package trusty provides an evaluator that uses the trusty API	Package trusty provides an evaluator that uses the trusty API
vulncheck Package vulncheck provides the vulnerability check evaluator	Package vulncheck provides the vulnerability check evaluator
ingestcache Package ingestcache a cache that is used to cache the results of ingesting data.	Package ingestcache a cache that is used to cache the results of ingesting data.
ingester Package ingester provides necessary interfaces and implementations for ingesting data for rules.	Package ingester provides necessary interfaces and implementations for ingesting data for rules.
artifact Package artifact provides the artifact ingestion engine	Package artifact provides the artifact ingestion engine
builtin Package builtin provides the builtin ingestion engine	Package builtin provides the builtin ingestion engine
diff Package diff provides the diff rule data ingest engine	Package diff provides the diff rule data ingest engine
git Package git provides the git rule data ingest engine	Package git provides the git rule data ingest engine
rest Package rest provides the REST rule data ingest engine	Package rest provides the REST rule data ingest engine
interfaces Package interfaces provides necessary interfaces and implementations for implementing engine plugins	Package interfaces provides necessary interfaces and implementations for implementing engine plugins