biz

package
v1.41.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2025 License: Apache-2.0 Imports: 74 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Inline, embedded CAS backend
	CASBackendInline                CASBackendProvider = "INLINE"
	CASBackendInlineDefaultMaxBytes int64              = 500 * 1024 // 500KB
)
View Source 
const RandomNameMaxTries = 10

Variables

View Source 
var EmptyDefaultContract = &Contract{
	Raw: []byte("schemaVersion: v1"), Format: unmarshal.RawFormatYAML,
}

EmptyDefaultContract is the default contract that will be created if no contract is provided

View Source 
var ProviderSet = wire.NewSet(
	NewWorkflowUsecase,
	NewUserUseCase,
	NewRootAccountUseCase,
	NewWorkflowRunUseCase,
	NewOrganizationUseCase,
	NewWorkflowContractUseCase,
	NewCASCredentialsUseCase,
	NewCASBackendUseCase,
	NewOrgMetricsUseCase,
	NewIntegrationUseCase,
	NewMembershipUseCase,
	NewCASClientUseCase,
	NewOrgInvitationUseCase,
	NewAttestationUseCase,
	NewWorkflowRunExpirerUseCase,
	NewCASMappingUseCase,
	NewReferrerUseCase,
	NewAPITokenUseCase,
	NewAPITokenSyncerUseCase,
	NewAttestationStateUseCase,
	NewChainloopSigningUseCase,
	NewPrometheusUseCase,
	NewProjectVersionUseCase,
	NewProjectsUseCase,
	NewAuditorUseCase,
	NewUserAccessSyncerUseCase,
	NewGroupUseCase,
	wire.Bind(new(PromObservable), new(*PrometheusUseCase)),
	wire.Struct(new(NewIntegrationUseCaseOpts), "*"),
	wire.Struct(new(NewUserUseCaseParams), "*"),
)

ProviderSet is biz providers.

Functions

func IsErrAlreadyExists added in v0.95.6 

func IsErrAlreadyExists(err error) bool

func IsErrAttestationStateConflict added in v0.94.3 

func IsErrAttestationStateConflict(err error) bool

func IsErrInvalidTimeWindow added in v0.93.0 

func IsErrInvalidTimeWindow(err error) bool

func IsErrInvalidUUID 

func IsErrInvalidUUID(err error) bool

func IsErrNotImplemented 

func IsErrNotImplemented(err error) bool

func IsErrUnauthorized 

func IsErrUnauthorized(err error) bool

func IsErrValidation 

func IsErrValidation(err error) bool

func IsNotFound 

func IsNotFound(err error) bool

func NewErrAttestationStateConflict added in v0.94.3 

func NewErrAttestationStateConflict(got, want string) error

func NewErrReferrerAmbiguous 

func NewErrReferrerAmbiguous(digest string, kinds []string) error

func PbRoleToBiz added in v0.91.8 

func PbRoleToBiz(r pb.MembershipRole) authz.Role

func ToPtr added in v0.186.0 

func ToPtr[T any](v T) *T

func ValidateIsDNS1123 

func ValidateIsDNS1123(name string) error

func ValidateVersion added in v0.97.5 

func ValidateVersion(version string) error

ValidateVersion validates that the provided version string is in a valid format. The version string must match the following regular expression: ^[a-zA-Z0-9.\-]+$ This ensures the version only contains alphanumeric characters, dots, and hyphens.

func WithKind 

func WithKind(kind string) func(*GetFromRootFilters)

func WithPublicVisibility 

func WithPublicVisibility(public bool) func(*GetFromRootFilters)

func WithVisibleProjectIDs added in v1.12.0 

func WithVisibleProjectIDs(projectIDs map[OrgID][]ProjectID) func(*GetFromRootFilters)

WithVisibleProjectIDs sets visible projects by org for organizations with RBAC enabled for the user (role is OrgMember)

Types

type APIToken 

type APIToken struct {
	ID          uuid.UUID
	Name        string
	Description string
	// This is the JWT value returned only during creation
	JWT string
	// Tokens are scoped to organizations
	OrganizationID   uuid.UUID
	OrganizationName string
	CreatedAt        *time.Time
	// When the token expires
	ExpiresAt *time.Time
	// When the token was manually revoked
	RevokedAt  *time.Time
	LastUsedAt *time.Time
	// If the token is scoped to a project
	ProjectID   *uuid.UUID
	ProjectName *string
}

APIToken is used for unattended access to the control plane API.

type APITokenCreateOpt added in v1.29.0 

type APITokenCreateOpt func(*apiTokenOptions)

func APITokenWithProject added in v1.12.0 

func APITokenWithProject(project *Project) APITokenCreateOpt

type APITokenJWTConfig added in v1.5.0 

type APITokenJWTConfig struct {
	SymmetricHmacKey string
}

type APITokenListFilters added in v1.29.0 

type APITokenListFilters struct {
	// FilterByProjects is used to filter the result by a project list
	// If it's empty, no filter will be applied
	FilterByProjects []uuid.UUID
	// IncludeRevoked is used to include revoked tokens in the result
	IncludeRevoked bool
	// FilterByScope is used to filter the result by the scope of the token
	FilterByScope APITokenScope
}

type APITokenListOpt added in v1.29.0 

type APITokenListOpt func(*APITokenListFilters)

func WithAPITokenProjectFilter added in v1.29.0 

func WithAPITokenProjectFilter(projectIDs []uuid.UUID) APITokenListOpt

func WithAPITokenRevoked added in v1.29.0 

func WithAPITokenRevoked(includeRevoked bool) APITokenListOpt

func WithAPITokenScope added in v1.29.0 

func WithAPITokenScope(scope APITokenScope) APITokenListOpt

type APITokenRepo 

type APITokenRepo interface {
	Create(ctx context.Context, name string, description *string, expiresAt *time.Time, organizationID uuid.UUID, projectID *uuid.UUID) (*APIToken, error)
	List(ctx context.Context, orgID *uuid.UUID, filters *APITokenListFilters) ([]*APIToken, error)
	Revoke(ctx context.Context, orgID, ID uuid.UUID) error
	UpdateExpiration(ctx context.Context, ID uuid.UUID, expiresAt time.Time) error
	UpdateLastUsedAt(ctx context.Context, ID uuid.UUID, lastUsedAt time.Time) error
	FindByID(ctx context.Context, ID uuid.UUID) (*APIToken, error)
	FindByIDInOrg(ctx context.Context, orgID uuid.UUID, id uuid.UUID) (*APIToken, error)
	FindByNameInOrg(ctx context.Context, orgID uuid.UUID, name string) (*APIToken, error)
}

type APITokenScope added in v1.29.0 

type APITokenScope string
const (
	APITokenScopeProject APITokenScope = "project"
	APITokenScopeGlobal  APITokenScope = "global"
)

type APITokenSyncerUseCase 

type APITokenSyncerUseCase struct {
	// contains filtered or unexported fields
}

func NewAPITokenSyncerUseCase 

func NewAPITokenSyncerUseCase(tokenUC *APITokenUseCase) *APITokenSyncerUseCase

func (*APITokenSyncerUseCase) SyncPolicies 

func (suc *APITokenSyncerUseCase) SyncPolicies() error

Make sure all the API tokens contain the default policies NOTE: We'll remove this method once we have a proper policies management system where the user can add/remove policies

type APITokenUseCase 

type APITokenUseCase struct {
	DefaultAuthzPolicies []*authz.Policy
	// contains filtered or unexported fields
}

func NewAPITokenUseCase 

func NewAPITokenUseCase(apiTokenRepo APITokenRepo, jwtConfig *APITokenJWTConfig, authzE *authz.Enforcer, orgUseCase *OrganizationUseCase, auditorUC *AuditorUseCase, logger log.Logger) (*APITokenUseCase, error)

func (*APITokenUseCase) Create 

func (uc *APITokenUseCase) Create(ctx context.Context, name string, description *string, expiresIn *time.Duration, orgID string, opts ...APITokenCreateOpt) (*APIToken, error)

expires in is a string that can be parsed by time.ParseDuration

func (*APITokenUseCase) FindByID 

func (uc *APITokenUseCase) FindByID(ctx context.Context, id string) (*APIToken, error)

func (*APITokenUseCase) FindByIDInOrg added in v1.29.0 

func (uc *APITokenUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*APIToken, error)

func (*APITokenUseCase) FindByNameInOrg added in v0.93.0 

func (uc *APITokenUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*APIToken, error)

func (*APITokenUseCase) List 

func (uc *APITokenUseCase) List(ctx context.Context, orgID string, opts ...APITokenListOpt) ([]*APIToken, error)

func (*APITokenUseCase) RegenerateJWT added in v1.5.0 

func (uc *APITokenUseCase) RegenerateJWT(ctx context.Context, tokenID uuid.UUID, expiresIn time.Duration) (*APIToken, error)

RegenerateJWT will regenerate a new JWT for the given token. Use with caution, since old JWTs are not invalidated.

func (*APITokenUseCase) Revoke 

func (uc *APITokenUseCase) Revoke(ctx context.Context, orgID, id string) error

func (*APITokenUseCase) UpdateLastUsedAt added in v1.19.0 

func (uc *APITokenUseCase) UpdateLastUsedAt(ctx context.Context, tokenID string) error

type AddMemberToGroupOpts added in v1.12.0 

type AddMemberToGroupOpts struct {
	*IdentityReference
	// UserEmail is the email of the user to add to the group.
	UserEmail string
	// RequesterID is the ID of the user who is requesting to add the member. Optional.
	// If provided, the requester must be a maintainer or admin.
	RequesterID uuid.UUID
	// Maintainer indicates if the new member should be a maintainer.
	Maintainer bool
}

AddMemberToGroupOpts defines options for adding a member to a group.

type AddMemberToGroupResult added in v1.19.0 

type AddMemberToGroupResult struct {
	// Membership is the membership that was created or found.
	Membership *GroupMembership
	// InvitationSent indicates if an invitation was sent instead of creating a membership directly.
	InvitationSent bool
}

AddMemberToGroupResult represents the result of adding a member to a group.

type AddMemberToProjectOpts added in v1.13.0 

type AddMemberToProjectOpts struct {
	// ProjectReference is the reference to the project.
	ProjectReference *IdentityReference
	// UserEmail is the email of the user to add to the project.
	UserEmail string
	// GroupReference is the reference to the group to add to the project.
	GroupReference *IdentityReference
	// RequesterID is the ID of the user who is requesting to add the member.
	RequesterID uuid.UUID
	// Role represents the role to assign to the user in the project.
	Role authz.Role
}

AddMemberToProjectOpts defines options for adding a member to a project.

type AddMemberToProjectResult added in v1.20.0 

type AddMemberToProjectResult struct {
	// Membership is the membership that was created or found.
	Membership *ProjectMembership
	// InvitationSent indicates if an invitation was sent instead of creating a membership directly.
	InvitationSent bool
}

AddMemberToProjectResult represents the result of adding a member to a project.

type AttachOpts 

type AttachOpts struct {
	IntegrationID, WorkflowID, OrgID string
	// The integration that is being attached
	FanOutIntegration sdk.FanOut
	// The attachment configuration
	AttachmentConfig *structpb.Struct
}

type Attestation 

type Attestation struct {
	Envelope *dsse.Envelope
	Bundle   []byte
	Digest   string
}

type AttestationState 

type AttestationState struct {
	State *v1.CraftingState
	// Digest will be used for optimistic concurrency control
	Digest string
}

type AttestationStateRepo 

type AttestationStateRepo interface {
	Initialized(ctx context.Context, workflowRunID uuid.UUID) (bool, error)
	Save(ctx context.Context, workflowRunID uuid.UUID, state []byte, baseDigest string) error
	Read(ctx context.Context, workflowRunID uuid.UUID) ([]byte, string, error)
	Reset(ctx context.Context, workflowRunID uuid.UUID) error
}

type AttestationStateSaveOpts added in v0.94.3 

type AttestationStateSaveOpts struct {
	BaseDigest string
}

type AttestationStateUseCase 

type AttestationStateUseCase struct {
	// contains filtered or unexported fields
}

func NewAttestationStateUseCase 

func NewAttestationStateUseCase(repo AttestationStateRepo, wfRunRepo WorkflowRunRepo) (*AttestationStateUseCase, error)

func (*AttestationStateUseCase) Initialized 

func (uc *AttestationStateUseCase) Initialized(ctx context.Context, workflowID, runID string) (bool, error)

func (*AttestationStateUseCase) Read 

func (uc *AttestationStateUseCase) Read(ctx context.Context, workflowID, runID, passphrase string) (*AttestationState, error)

func (*AttestationStateUseCase) Reset 

func (uc *AttestationStateUseCase) Reset(ctx context.Context, workflowID, runID string) error

func (*AttestationStateUseCase) Save 

func (uc *AttestationStateUseCase) Save(ctx context.Context, workflowID, runID string, state *v1.CraftingState, passphrase string, opts ...SaveOption) error

type AttestationUseCase 

type AttestationUseCase struct {
	CASClient
	// contains filtered or unexported fields
}

func NewAttestationUseCase 

func NewAttestationUseCase(client CASClient, logger log.Logger) *AttestationUseCase

func (*AttestationUseCase) UploadAttestationToCAS added in v0.160.0 

func (uc *AttestationUseCase) UploadAttestationToCAS(ctx context.Context, content []byte, backend *CASBackend, workflowRunID string, digest v1.Hash) error

type AuditorUseCase added in v0.136.0 

type AuditorUseCase struct {
	// contains filtered or unexported fields
}

func NewAuditorUseCase added in v0.136.0 

func NewAuditorUseCase(p *auditor.AuditLogPublisher, logger log.Logger) *AuditorUseCase

func (*AuditorUseCase) Dispatch added in v0.136.0 

func (uc *AuditorUseCase) Dispatch(ctx context.Context, entry auditor.LogEntry, orgID *uuid.UUID)

Dispatch logs an entry to the audit log asynchronously.

type ByStatusCount 

type ByStatusCount struct {
	Status string
	Count  int32
}

type CASBackend 

type CASBackend struct {
	ID                                uuid.UUID
	Name                              string
	Location, Description, SecretName string
	CreatedAt, ValidatedAt            *time.Time
	OrganizationID                    uuid.UUID
	ValidationStatus                  CASBackendValidationStatus
	// OCI, S3, ...
	Provider CASBackendProvider
	// Whether this is the default cas backend for the organization
	Default bool
	// it's a inline backend, the artifacts are embedded in the attestation
	Inline bool
	// It's a fallback backend, it cannot be deleted
	Fallback bool

	Limits *CASBackendLimits
}

type CASBackendCreateOpts 

type CASBackendCreateOpts struct {
	*CASBackendOpts
	Name     string
	Fallback bool
	MaxBytes int64
}

type CASBackendLimits 

type CASBackendLimits struct {
	// Max number of bytes allowed to be stored in this backend per blob
	MaxBytes int64
}

type CASBackendOpts 

type CASBackendOpts struct {
	OrgID                             uuid.UUID
	Location, SecretName, Description string
	Provider                          CASBackendProvider
	Default                           bool
}

type CASBackendProvider 

type CASBackendProvider string

func (CASBackendProvider) Values 

func (CASBackendProvider) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type CASBackendReader 

type CASBackendReader interface {
	FindDefaultBackend(ctx context.Context, orgID string) (*CASBackend, error)
	FindByIDInOrg(ctx context.Context, OrgID, ID string) (*CASBackend, error)
	PerformValidation(ctx context.Context, ID string) error
}

type CASBackendRepo 

type CASBackendRepo interface {
	FindDefaultBackend(ctx context.Context, orgID uuid.UUID) (*CASBackend, error)
	FindFallbackBackend(ctx context.Context, orgID uuid.UUID) (*CASBackend, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*CASBackend, error)
	FindByIDInOrg(ctx context.Context, OrgID, ID uuid.UUID) (*CASBackend, error)
	FindByNameInOrg(ctx context.Context, OrgID uuid.UUID, name string) (*CASBackend, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*CASBackend, error)
	UpdateValidationStatus(ctx context.Context, ID uuid.UUID, status CASBackendValidationStatus) error
	Create(context.Context, *CASBackendCreateOpts) (*CASBackend, error)
	Update(context.Context, *CASBackendUpdateOpts) (*CASBackend, error)
	Delete(ctx context.Context, ID uuid.UUID) error
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type CASBackendUpdateOpts 

type CASBackendUpdateOpts struct {
	*CASBackendOpts
	ID uuid.UUID
}

type CASBackendUseCase 

type CASBackendUseCase struct {
	MaxBytesDefault int64
	// contains filtered or unexported fields
}

func NewCASBackendUseCase 

func NewCASBackendUseCase(repo CASBackendRepo, credsRW credentials.ReaderWriter, providers backend.Providers, c *CASServerDefaultOpts, l log.Logger) (*CASBackendUseCase, error)

func (*CASBackendUseCase) Create 

func (uc *CASBackendUseCase) Create(ctx context.Context, orgID, name, location, description string, provider CASBackendProvider, creds any, defaultB bool) (*CASBackend, error)

func (*CASBackendUseCase) CreateInlineFallbackBackend 

func (uc *CASBackendUseCase) CreateInlineFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) CreateOrUpdate deprecated 

func (uc *CASBackendUseCase) CreateOrUpdate(ctx context.Context, orgID, name, username, password string, provider CASBackendProvider, defaultB bool) (*CASBackend, error)

Deprecated: use Create and update methods separately instead

func (*CASBackendUseCase) Delete 

func (uc *CASBackendUseCase) Delete(ctx context.Context, id string) error

Delete will delete the secret in the external secrets manager and the CAS backend from the database This method is used during user off-boarding

func (*CASBackendUseCase) FindByIDInOrg 

func (uc *CASBackendUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*CASBackend, error)

func (*CASBackendUseCase) FindByNameInOrg added in v0.93.0 

func (uc *CASBackendUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*CASBackend, error)

func (*CASBackendUseCase) FindDefaultBackend 

func (uc *CASBackendUseCase) FindDefaultBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) FindFallbackBackend 

func (uc *CASBackendUseCase) FindFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error)

func (*CASBackendUseCase) List 

func (uc *CASBackendUseCase) List(ctx context.Context, orgID string) ([]*CASBackend, error)

func (*CASBackendUseCase) PerformValidation 

func (uc *CASBackendUseCase) PerformValidation(ctx context.Context, id string) (err error)

Validate that the repository is valid and reachable

func (*CASBackendUseCase) SoftDelete 

func (uc *CASBackendUseCase) SoftDelete(ctx context.Context, orgID, id string) error

SoftDelete will mark the cas backend as deleted but will not delete the secret in the external secrets manager We keep it so it can be restored or referenced in the future while trying to download an asset

func (*CASBackendUseCase) Update 

func (uc *CASBackendUseCase) Update(ctx context.Context, orgID, id, description string, creds any, defaultB bool) (*CASBackend, error)

Update will update credentials, description or default status

type CASBackendValidationStatus 

type CASBackendValidationStatus string
var CASBackendValidationFailed CASBackendValidationStatus = "Invalid"
var CASBackendValidationOK CASBackendValidationStatus = "OK"

func (CASBackendValidationStatus) Values 

func (CASBackendValidationStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type CASClient 

type CASClient interface {
	CASUploader
	CASDownloader
}

type CASClientFactory 

type CASClientFactory func(conf *conf.Bootstrap_CASServer, token string) (casclient.DownloaderUploader, func(), error)

Function that returns a CAS client including a connection closer method

type CASClientOpts 

type CASClientOpts func(u *CASClientUseCase)

func WithClientFactory 

func WithClientFactory(f CASClientFactory) CASClientOpts

type CASClientUseCase 

type CASClientUseCase struct {
	// contains filtered or unexported fields
}

func NewCASClientUseCase 

func NewCASClientUseCase(credsProvider *CASCredentialsUseCase, config *conf.Bootstrap_CASServer, l log.Logger, opts ...CASClientOpts) *CASClientUseCase

func (*CASClientUseCase) Download 

func (uc *CASClientUseCase) Download(ctx context.Context, backendType, secretID string, w io.Writer, digest string) error

func (*CASClientUseCase) IsReady 

func (uc *CASClientUseCase) IsReady(ctx context.Context) (bool, error)

If the CAS server can be reached and reports readiness

func (*CASClientUseCase) Upload 

func (uc *CASClientUseCase) Upload(ctx context.Context, backendType, secretID string, content io.Reader, filename, digest string) error

The secretID is embedded in the JWT token and is used to identify the secret by the CAS server

type CASCredentialsUseCase 

type CASCredentialsUseCase struct {
	// contains filtered or unexported fields
}

func NewCASCredentialsUseCase 

func NewCASCredentialsUseCase(c *conf.Auth) (*CASCredentialsUseCase, error)

func (*CASCredentialsUseCase) GenerateTemporaryCredentials 

func (uc *CASCredentialsUseCase) GenerateTemporaryCredentials(backendRef *CASCredsOpts) (string, error)

type CASCredsOpts 

type CASCredsOpts struct {
	BackendType string // i.e OCI, S3
	SecretPath  string // path to for example the OCI secret in the vault
	Role        robotaccount.Role
	MaxBytes    int64
}

type CASDownloader 

type CASDownloader interface {
	Download(ctx context.Context, backendType, secretID string, w io.Writer, digest string) error
}

type CASMapping 

type CASMapping struct {
	ID, OrgID, WorkflowRunID uuid.UUID
	CASBackend               *CASBackend
	Digest                   string
	CreatedAt                *time.Time
	// A public mapping means that the material/attestation can be downloaded by anyone
	Public    bool
	ProjectID uuid.UUID
}

type CASMappingCreateOpts added in v1.11.0 

type CASMappingCreateOpts struct {
	WorkflowRunID *uuid.UUID
	ProjectID     *uuid.UUID
}

type CASMappingFindOptions added in v1.11.0 

type CASMappingFindOptions struct {
	Orgs       []uuid.UUID
	ProjectIDs []uuid.UUID
}

type CASMappingLookupRef 

type CASMappingLookupRef struct {
	Name, Digest string
}

type CASMappingRepo 

type CASMappingRepo interface {
	// Create a mapping with an optional workflow run id
	Create(ctx context.Context, digest string, casBackendID uuid.UUID, opts *CASMappingCreateOpts) (*CASMapping, error)
	// List all the CAS mappings for the given digest
	FindByDigest(ctx context.Context, digest string) ([]*CASMapping, error)
}

type CASMappingUseCase 

type CASMappingUseCase struct {
	// contains filtered or unexported fields
}

func NewCASMappingUseCase 

func NewCASMappingUseCase(repo CASMappingRepo, membershipUC *MembershipUseCase, logger log.Logger) *CASMappingUseCase

func (*CASMappingUseCase) Create 

func (uc *CASMappingUseCase) Create(ctx context.Context, digest string, casBackendID string, opts *CASMappingCreateOpts) (*CASMapping, error)

Create a mapping with an optional workflow run id

func (*CASMappingUseCase) FindByDigest 

func (uc *CASMappingUseCase) FindByDigest(ctx context.Context, digest string) ([]*CASMapping, error)

func (*CASMappingUseCase) FindCASMappingForDownloadByOrg 

func (uc *CASMappingUseCase) FindCASMappingForDownloadByOrg(ctx context.Context, digest string, orgs []uuid.UUID, projectIDs map[uuid.UUID][]uuid.UUID) (result *CASMapping, err error)

FindCASMappingForDownloadByOrg looks for the CAS mapping to download the referenced artifact in one of the passed organizations. The result will get filtered out if RBAC is enabled (projectIDs is not Nil)

func (*CASMappingUseCase) FindCASMappingForDownloadByUser 

func (uc *CASMappingUseCase) FindCASMappingForDownloadByUser(ctx context.Context, digest string, userID string) (*CASMapping, error)

FindCASMappingForDownloadByUser returns the CASMapping appropriate for the given digest and user. This means, in order: 1 - Any mapping that points to an organization which the user is member of. 1.1 If there are multiple mappings, it will pick the default one or the first one. 2 - Any mapping that is public.

func (*CASMappingUseCase) LookupDigestsInAttestation 

func (uc *CASMappingUseCase) LookupDigestsInAttestation(att *dsse.Envelope, digest cr_v1.Hash) ([]*CASMappingLookupRef, error)

LookupDigestsInAttestation returns a list of references to the materials that have been uploaded to CAS as well as the attestation digest itself

type CASServerDefaultOpts added in v0.146.0 

type CASServerDefaultOpts struct {
	DefaultEntryMaxSize string
}

CASServerDefaultOpts holds the default options for the CAS server

type CASUploader 

type CASUploader interface {
	Upload(ctx context.Context, backendType, secretID string, content io.Reader, filename, digest string) error
}

type Contract added in v0.96.0 

type Contract struct {
	// Raw representation of the contract in yaml, json, or cue
	// it maintain the format provided by the user
	Raw []byte
	// Detected format as provided by the user
	Format unmarshal.RawFormat
	// marhalled proto contract
	Schema *schemav1.CraftingSchema
}

func SchemaToRawContract added in v0.96.0 

func SchemaToRawContract(contract *schemav1.CraftingSchema) (*Contract, error)

SchemaToRawContract generates a default representation of a contract

func UnmarshalAndValidateRawContract added in v0.96.0 

func UnmarshalAndValidateRawContract(raw []byte, format unmarshal.RawFormat) (*Contract, error)

UnmarshalAndValidateRawContract Takes the raw contract + format and will unmarshal the contract and validate it

type ContractCreateOpts 

type ContractCreateOpts struct {
	Name        string
	OrgID       uuid.UUID
	Description *string
	// raw representation of the contract in whatever original format it was (json, yaml, ...)
	Contract *Contract
	// ProjectID indicates the project to be scoped to
	ProjectID *uuid.UUID
}

type ContractQueryOpt added in v0.122.0 

type ContractQueryOpt func(opts *ContractQueryOpts)

func WithoutReferences added in v0.122.0 

func WithoutReferences() ContractQueryOpt

type ContractQueryOpts added in v0.122.0 

type ContractQueryOpts struct {
	// SkipGetReferences will skip the get references subquery
	// The references are composed by the project name and workflow name
	SkipGetReferences bool
}

type ContractScope added in v1.27.0 

type ContractScope string

ContractScope represents a polymorphic relationship between a contract and a project or organization 

const (
	ContractScopeProject ContractScope = "project"
	ContractScopeOrg     ContractScope = "org"
)

func (ContractScope) Values added in v1.27.0 

func (ContractScope) Values() (values []string)

Values implement https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type ContractUpdateOpts 

type ContractUpdateOpts struct {
	Description *string
	// raw representation of the contract in whatever original format it was (json, yaml, ...)
	Contract *Contract
}

type CreateGroupOpts added in v1.11.0 

type CreateGroupOpts struct {
	// Name is the name of the group.
	Name string
	// The description is a brief description of the group.
	Description string
	// UserID is the ID of the user who owns the group.
	UserID *uuid.UUID
}

type CreateOpt 

type CreateOpt func(*createOptions)

func WithCreateInlineBackend 

func WithCreateInlineBackend() CreateOpt

Optionally create an inline CAS-backend

type DayRunsCount 

type DayRunsCount struct {
	Date   time.Time
	Totals []*ByStatusCount
}

type ErrAlreadyExists 

type ErrAlreadyExists struct {
	// contains filtered or unexported fields
}

func NewErrAlreadyExists added in v0.95.6 

func NewErrAlreadyExists(err error) ErrAlreadyExists

func NewErrAlreadyExistsStr added in v0.95.6 

func NewErrAlreadyExistsStr(errMsg string) ErrAlreadyExists

func (ErrAlreadyExists) Error added in v0.95.6 

func (e ErrAlreadyExists) Error() string

type ErrAmbiguousReferrer 

type ErrAmbiguousReferrer struct {
	// contains filtered or unexported fields
}

A referrer with the same digest points to two different artifact types and we require filtering out which one

func (ErrAmbiguousReferrer) Error 

func (e ErrAmbiguousReferrer) Error() string

type ErrAttestationStateConflict added in v0.94.3 

type ErrAttestationStateConflict struct {
	// contains filtered or unexported fields
}

func (*ErrAttestationStateConflict) Error added in v0.94.3 

func (e *ErrAttestationStateConflict) Error() string

type ErrInvalidTimeWindow added in v0.93.0 

type ErrInvalidTimeWindow struct {
	// contains filtered or unexported fields
}

func NewErrInvalidTimeWindow added in v0.93.0 

func NewErrInvalidTimeWindow(err error) ErrInvalidTimeWindow

func NewErrInvalidTimeWindowStr added in v0.93.0 

func NewErrInvalidTimeWindowStr(errMsg string) ErrInvalidTimeWindow

func (ErrInvalidTimeWindow) Error added in v0.93.0 

func (e ErrInvalidTimeWindow) Error() string

type ErrInvalidUUID 

type ErrInvalidUUID struct {
	// contains filtered or unexported fields
}

func NewErrInvalidUUID 

func NewErrInvalidUUID(err error) ErrInvalidUUID

func (ErrInvalidUUID) Error 

func (e ErrInvalidUUID) Error() string

type ErrNotFound 

type ErrNotFound struct {
	// contains filtered or unexported fields
}

func NewErrNotFound 

func NewErrNotFound(entity string) ErrNotFound

func (ErrNotFound) Error 

func (e ErrNotFound) Error() string

type ErrNotImplemented 

type ErrNotImplemented struct {
	// contains filtered or unexported fields
}

func NewErrNotImplemented 

func NewErrNotImplemented(msg string) ErrNotImplemented

func (ErrNotImplemented) Error 

func (e ErrNotImplemented) Error() string

type ErrUnauthorized 

type ErrUnauthorized struct {
	// contains filtered or unexported fields
}

func NewErrUnauthorized 

func NewErrUnauthorized(err error) ErrUnauthorized

func NewErrUnauthorizedStr 

func NewErrUnauthorizedStr(errMsg string) ErrUnauthorized

func (ErrUnauthorized) Error 

func (e ErrUnauthorized) Error() string

type ErrValidation 

type ErrValidation struct {
	// contains filtered or unexported fields
}

func NewErrValidation 

func NewErrValidation(err error) ErrValidation

func NewErrValidationStr 

func NewErrValidationStr(errMsg string) ErrValidation

func (ErrValidation) Error 

func (e ErrValidation) Error() string

type GetFromRootFilter 

type GetFromRootFilter func(*GetFromRootFilters)

type GetFromRootFilters 

type GetFromRootFilters struct {
	// RootKind is the kind of the root referrer, i.e ATTESTATION
	RootKind *string
	// Wether to filter by visibility or not
	Public *bool
	// ProjectIDs stores visible projects by org for the requesting user.
	// If an org entry doesn't exist, it means that RBAC is not applied, hence all projects in that org are visible
	ProjectIDs map[OrgID][]ProjectID
}

type Group added in v1.11.0 

type Group struct {
	// ID is the unique identifier for the group.
	ID uuid.UUID
	// Name is the name of the group.
	Name string
	// The Description is a brief description of the group.
	Description string
	// Members is a list of group memberships, which includes the users who are members of the group.
	Members []*GroupMembership
	// MemberCount is the total number of members in the group.
	MemberCount int
	// Organization is the organization to which the group belongs.
	Organization *Organization
	// CreatedAt is the timestamp when the group was created.
	CreatedAt *time.Time
	// UpdatedAt is the timestamp when the group was last updated.
	UpdatedAt *time.Time
	// DeletedAt is the timestamp when the group was deleted, if applicable.
	DeletedAt *time.Time
}

type GroupMembership added in v1.11.0 

type GroupMembership struct {
	// User is the user who is a member of the group.
	User *User
	// Maintainer indicates if the user is a maintainer of the group.
	Maintainer bool
	// CreatedAt is the timestamp when the user was added to the group.
	CreatedAt *time.Time
	// UpdatedAt is the timestamp when the membership was last updated.
	UpdatedAt *time.Time
	// DeletedAt is the timestamp when the membership was deleted, if applicable.
	DeletedAt *time.Time
}

GroupMembership represents a membership of a user in a group.

type GroupProjectInfo added in v1.30.0 

type GroupProjectInfo struct {
	// ID is the unique identifier of the project
	ID uuid.UUID
	// Name is the name of the project
	Name string
	// Description is the description of the project
	Description string
	// Role represents the role of the group in the project (admin or viewer)
	Role authz.Role
	// LatestVersionID is the ID of the latest version of the project, if available
	LatestVersionID *uuid.UUID
	// CreatedAt is the timestamp when the membership was created
	CreatedAt *time.Time
}

GroupProjectInfo represents detailed information about a project that a group is a member of

type GroupRepo added in v1.11.0 

type GroupRepo interface {
	// List retrieves a list of groups in the organization, optionally filtered by name, description, and owner.
	List(ctx context.Context, orgID uuid.UUID, filterOpts *ListGroupOpts, paginationOpts *pagination.OffsetPaginationOpts) ([]*Group, int, error)
	// Create creates a new group.
	Create(ctx context.Context, orgID uuid.UUID, opts *CreateGroupOpts) (*Group, error)
	// Update updates an existing group.
	Update(ctx context.Context, orgID uuid.UUID, groupID uuid.UUID, opts *UpdateGroupOpts) (*Group, error)
	// FindByOrgAndID finds a group by its organization ID and group ID.
	FindByOrgAndID(ctx context.Context, orgID uuid.UUID, groupID uuid.UUID) (*Group, error)
	// FindByOrgAndName finds a group by its organization ID and group name.
	FindByOrgAndName(ctx context.Context, orgID uuid.UUID, name string) (*Group, error)
	// FindGroupMembershipByGroupAndID finds a group membership by group ID and user ID.
	FindGroupMembershipByGroupAndID(ctx context.Context, groupID uuid.UUID, userID uuid.UUID) (*GroupMembership, error)
	// SoftDelete soft-deletes a group by marking it as deleted.
	SoftDelete(ctx context.Context, orgID uuid.UUID, groupID uuid.UUID) error
	// ListMembers retrieves a list of members in a group, optionally filtered by maintainer status.
	ListMembers(ctx context.Context, orgID uuid.UUID, groupID uuid.UUID, opts *ListMembersOpts, paginationOpts *pagination.OffsetPaginationOpts) ([]*GroupMembership, int, error)
	// AddMemberToGroup adds a user to a group, optionally specifying if they are a maintainer.
	AddMemberToGroup(ctx context.Context, orgID uuid.UUID, groupID uuid.UUID, userID uuid.UUID, maintainer bool) (*GroupMembership, error)
	// RemoveMemberFromGroup removes a user from a group.
	RemoveMemberFromGroup(ctx context.Context, orgID uuid.UUID, groupID uuid.UUID, userID uuid.UUID) error
	// UpdateMemberMaintainerStatus updates the maintainer status of a group member.
	UpdateMemberMaintainerStatus(ctx context.Context, orgID uuid.UUID, groupID uuid.UUID, userID uuid.UUID, isMaintainer bool) error
	// ListPendingInvitationsByGroup retrieves a list of pending invitations for a group
	ListPendingInvitationsByGroup(ctx context.Context, orgID uuid.UUID, groupID uuid.UUID, paginationOpts *pagination.OffsetPaginationOpts) ([]*OrgInvitation, int, error)
	// ListProjectsByGroup retrieves a list of projects that a group is a member of with pagination.
	ListProjectsByGroup(ctx context.Context, orgID uuid.UUID, groupID uuid.UUID, visibleProjectIDs []uuid.UUID, paginationOpts *pagination.OffsetPaginationOpts) ([]*GroupProjectInfo, int, error)
	// UpdateGroupMemberCount updates the member count of a group.
	UpdateGroupMemberCount(ctx context.Context, groupID uuid.UUID) error
}

type GroupUseCase added in v1.11.0 

type GroupUseCase struct {
	// contains filtered or unexported fields
}

func NewGroupUseCase added in v1.11.0 

func NewGroupUseCase(logger log.Logger, groupRepo GroupRepo, membershipRepo MembershipRepo, userRepo UserRepo, orgInvitationUC *OrgInvitationUseCase, auditorUC *AuditorUseCase, invitationRepo OrgInvitationRepo, enforcer *authz.Enforcer, membershipUseCase *MembershipUseCase) *GroupUseCase

func (*GroupUseCase) AddMemberToGroup added in v1.12.0 

func (uc *GroupUseCase) AddMemberToGroup(ctx context.Context, orgID uuid.UUID, opts *AddMemberToGroupOpts) (*AddMemberToGroupResult, error)

AddMemberToGroup adds a user to a group. If RequesterID is provided, the requester must be either a maintainer of the group or have RoleOwner/RoleAdmin in the organization. Returns AddMemberToGroupResult which indicates whether a membership was created or an invitation was sent.

func (*GroupUseCase) Create added in v1.11.0 

func (uc *GroupUseCase) Create(ctx context.Context, orgID uuid.UUID, name string, description string, userID *uuid.UUID) (*Group, error)

Create creates a new group in the organization.

func (*GroupUseCase) Delete added in v1.12.0 

func (uc *GroupUseCase) Delete(ctx context.Context, orgID uuid.UUID, opts *IdentityReference) error

Delete soft-deletes a group by marking it as deleted using the provided options.

func (*GroupUseCase) Get added in v1.12.0 

func (uc *GroupUseCase) Get(ctx context.Context, orgID uuid.UUID, opts *IdentityReference) (*Group, error)

Get retrieves a group by its organization ID and either group ID or group name.

func (*GroupUseCase) List added in v1.11.0 

func (uc *GroupUseCase) List(ctx context.Context, orgID uuid.UUID, filterOpts *ListGroupOpts, paginationOpts *pagination.OffsetPaginationOpts) ([]*Group, int, error)

func (*GroupUseCase) ListMembers added in v1.11.0 

func (uc *GroupUseCase) ListMembers(ctx context.Context, orgID uuid.UUID, opts *ListMembersOpts, paginationOpts *pagination.OffsetPaginationOpts) ([]*GroupMembership, int, error)

ListMembers retrieves a list of members in a group, optionally filtered by maintainer status and email.

func (*GroupUseCase) ListPendingInvitations added in v1.19.0 

func (uc *GroupUseCase) ListPendingInvitations(ctx context.Context, orgID uuid.UUID, groupID *uuid.UUID, groupName *string, paginationOpts *pagination.OffsetPaginationOpts) ([]*OrgInvitation, int, error)

ListPendingInvitations retrieves a list of pending invitations for a group.

func (*GroupUseCase) ListProjectsByGroup added in v1.30.0 

func (uc *GroupUseCase) ListProjectsByGroup(ctx context.Context, orgID uuid.UUID, opts *ListProjectsByGroupOpts, paginationOpts *pagination.OffsetPaginationOpts) ([]*GroupProjectInfo, int, error)

ListProjectsByGroup retrieves a list of projects that a group is a member of with pagination.

func (*GroupUseCase) RemoveMemberFromGroup added in v1.12.0 

func (uc *GroupUseCase) RemoveMemberFromGroup(ctx context.Context, orgID uuid.UUID, opts *RemoveMemberFromGroupOpts) error

RemoveMemberFromGroup removes a user from a group. The requester must be either a maintainer of the group or have RoleOwner/RoleAdmin in the organization.

func (*GroupUseCase) Update added in v1.11.0 

func (uc *GroupUseCase) Update(ctx context.Context, orgID uuid.UUID, idReference *IdentityReference, opts *UpdateGroupOpts) (*Group, error)

Update updates an existing group in the organization using the provided options.

func (*GroupUseCase) UpdateMemberMaintainerStatus added in v1.22.0 

func (uc *GroupUseCase) UpdateMemberMaintainerStatus(ctx context.Context, orgID uuid.UUID, opts *UpdateMemberMaintainerStatusOpts) error

UpdateMemberMaintainerStatus updates the maintainer status of a group member. The requester must be either a maintainer of the group or have RoleOwner/RoleAdmin in the organization. nolint: gocyclo

func (*GroupUseCase) ValidateGroupIdentifier added in v1.12.0 

func (uc *GroupUseCase) ValidateGroupIdentifier(ctx context.Context, orgID uuid.UUID, groupID *uuid.UUID, groupName *string) (uuid.UUID, error)

ValidateGroupIdentifier validates and resolves the group ID or name to a group ID. Returns an error if both are nil or if the resolved group does not exist. TODO: change to return the group since this is very inefficient in some cases

type IdentityReference added in v1.12.0 

type IdentityReference struct {
	// ID is the unique identifier of the identity
	ID *uuid.UUID
	// Name is the name of the identity
	Name *string
}

IdentityReference represents a reference to an identity, which can be any entity in the system.

type Integration 

type Integration struct {
	ID uuid.UUID
	// Kind is the type of the integration, it matches the registered plugin ID
	Kind string
	// Name is a unique identifier for the integration registration
	Name string
	// Description is a human readable description of the integration registration
	// It helps to differentiate different instances of the same kind
	Description string
	// Registration Configuration, usually JSON marshalled
	Config []byte
	// Identifier to the external provider where any secret information is stored
	SecretName string
	CreatedAt  *time.Time
}

type IntegrationAndAttachment 

type IntegrationAndAttachment struct {
	*Integration
	*IntegrationAttachment
}

type IntegrationAttachment 

type IntegrationAttachment struct {
	ID                        uuid.UUID
	CreatedAt                 *time.Time
	Config                    []byte
	WorkflowID, IntegrationID uuid.UUID
}

type IntegrationAttachmentRepo 

type IntegrationAttachmentRepo interface {
	Create(ctx context.Context, integrationID, workflowID uuid.UUID, config []byte) (*IntegrationAttachment, error)
	List(ctx context.Context, orgID uuid.UUID, opts *ListAttachmentsOpts) ([]*IntegrationAndAttachment, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*IntegrationAttachment, error)
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type IntegrationCreateOpts 

type IntegrationCreateOpts struct {
	// Unique name of the registration
	// used to declaratively reference the integration
	Name                          string
	Kind, Description, SecretName string
	OrgID                         uuid.UUID
	Config                        []byte
}

type IntegrationRepo 

type IntegrationRepo interface {
	Create(ctx context.Context, opts *IntegrationCreateOpts) (*Integration, error)
	List(ctx context.Context, orgID uuid.UUID) ([]*Integration, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*Integration, error)
	FindByNameInOrg(ctx context.Context, orgID uuid.UUID, ID string) (*Integration, error)
	SoftDelete(ctx context.Context, ID uuid.UUID) error
}

type IntegrationUseCase 

type IntegrationUseCase struct {
	// contains filtered or unexported fields
}

func NewIntegrationUseCase 

func NewIntegrationUseCase(opts *NewIntegrationUseCaseOpts) *IntegrationUseCase

func (*IntegrationUseCase) AttachToWorkflow 

func (uc *IntegrationUseCase) AttachToWorkflow(ctx context.Context, opts *AttachOpts) (*IntegrationAttachment, error)

- Integration and workflows exists in current organization - Run specific validation for the integration - Persist integration attachment

func (*IntegrationUseCase) Delete 

func (uc *IntegrationUseCase) Delete(ctx context.Context, orgID, integrationID string) error

func (*IntegrationUseCase) Detach 

func (uc *IntegrationUseCase) Detach(ctx context.Context, orgID, attachmentID string) error

Detach integration from workflow

func (*IntegrationUseCase) FindByIDInOrg 

func (uc *IntegrationUseCase) FindByIDInOrg(ctx context.Context, orgID, id string) (*Integration, error)

func (*IntegrationUseCase) FindByNameInOrg added in v0.93.0 

func (uc *IntegrationUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*Integration, error)

func (*IntegrationUseCase) GetAttachment added in v1.11.0 

func (uc *IntegrationUseCase) GetAttachment(ctx context.Context, orgID, attID uuid.UUID) (*IntegrationAttachment, error)

func (*IntegrationUseCase) List 

func (uc *IntegrationUseCase) List(ctx context.Context, orgID string) ([]*Integration, error)

func (*IntegrationUseCase) ListAttachments 

func (uc *IntegrationUseCase) ListAttachments(ctx context.Context, orgID string, opts *ListAttachmentsOpts) ([]*IntegrationAndAttachment, error)

List attachments returns the list of attachments for a given organization and optionally workflow

func (*IntegrationUseCase) RegisterAndSave 

func (uc *IntegrationUseCase) RegisterAndSave(ctx context.Context, orgID, name, description string, i sdk.FanOut, regConfig *structpb.Struct) (*Integration, error)

Persist the secret and integration with its configuration in the database

type InvitationCreateOpt 

type InvitationCreateOpt func(*invitationCreateOpts)

func WithInvitationContext added in v1.19.0 

func WithInvitationContext(ctx *OrgInvitationContext) InvitationCreateOpt

WithInvitationContext allows passing additional context when creating an invitation This context will be taken into account when accepting the invitation

func WithInvitationRole 

func WithInvitationRole(r authz.Role) InvitationCreateOpt

type ListAttachmentsOpts added in v1.11.0 

type ListAttachmentsOpts struct {
	// limit search for a particular workflow
	WorkflowID *uuid.UUID
	// limit search in a list of projects. Note that `nil` is no filter
	ProjectIDs []uuid.UUID
}

type ListByOrgOpts added in v1.34.1 

type ListByOrgOpts struct {
	// MembershipID the ID of the membership to filter by
	MembershipID *uuid.UUID
	// Name the name of the user to filter memberships by
	Name *string
	// Email the email of the user to filter memberships by
	Email *string
	// Role the role of the user to filter memberships by
	Role *authz.Role
}

ListByOrgOpts are the options to filter memberships of an organization

type ListGroupOpts added in v1.11.0 

type ListGroupOpts struct {
	// Name is the name of the group to filter by.
	Name string
	// Description is the description of the group to filter by.
	Description string
	// MemberEmail is the email of the member to filter by.
	MemberEmail string
	// UserID is the ID of the user to filter by.
	UserID *uuid.UUID
}

ListGroupOpts defines options for listing groups.

type ListMembersOpts added in v1.11.0 

type ListMembersOpts struct {
	*IdentityReference
	// Maintainers indicate whether to filter the members by their maintainer status.
	Maintainers *bool
	// MemberEmail is the email of the member to filter by.
	MemberEmail *string
	// RequesterID is the ID of the user who is requesting to list mmebers. Optional.
	// If provided, the requester must be a maintainer or admin.
	RequesterID uuid.UUID
}

ListMembersOpts defines options for listing members of a group.

type ListProjectsByGroupOpts added in v1.30.0 

type ListProjectsByGroupOpts struct {
	// Group reference
	*IdentityReference
	// FilterByProject is a list of project IDs to filter the results by.
	FilterByProject []uuid.UUID
}

ListProjectsByGroupOpts defines options for listing projects by group.

type Membership 

type Membership struct {
	ID, OrganizationID   uuid.UUID
	Current              bool
	CreatedAt, UpdatedAt *time.Time
	Org                  *Organization
	User                 *User
	Role                 authz.Role
	// polymorphic membership
	MembershipType authz.MembershipType
	MemberID       uuid.UUID
	ResourceType   authz.ResourceType
	ResourceID     uuid.UUID
	ParentID       *uuid.UUID
}

type MembershipCreateOpt 

type MembershipCreateOpt func(*membershipCreateOpts)

func WithCurrentMembership 

func WithCurrentMembership() MembershipCreateOpt

func WithMembershipRole 

func WithMembershipRole(r authz.Role) MembershipCreateOpt

type MembershipRepo 

type MembershipRepo interface {
	FindByUser(ctx context.Context, userID uuid.UUID) ([]*Membership, error)
	FindByOrgIDAndUserEmail(ctx context.Context, orgID uuid.UUID, userEmail string) (*Membership, error)
	FindByUserAndResourceID(ctx context.Context, userID, resourceID uuid.UUID) (*Membership, error)
	FindByOrg(ctx context.Context, orgID uuid.UUID, opts *ListByOrgOpts, paginationOpts *pagination.OffsetPaginationOpts) ([]*Membership, int, error)
	FindByIDInUser(ctx context.Context, userID, ID uuid.UUID) (*Membership, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*Membership, error)
	FindByOrgAndUser(ctx context.Context, orgID, userID uuid.UUID) (*Membership, error)
	FindByOrgNameAndUser(ctx context.Context, orgName string, userID uuid.UUID) (*Membership, error)
	SetCurrent(ctx context.Context, ID uuid.UUID) (*Membership, error)
	SetRole(ctx context.Context, ID uuid.UUID, role authz.Role) (*Membership, error)
	Create(ctx context.Context, orgID, userID uuid.UUID, current bool, role authz.Role) (*Membership, error)
	Delete(ctx context.Context, ID uuid.UUID) error

	ListAllByUser(ctx context.Context, userID uuid.UUID) ([]*Membership, error)
	// ListGroupMembershipsByUser returns all memberships of the users inherited from groups
	ListGroupMembershipsByUser(ctx context.Context, userID uuid.UUID) ([]*Membership, error)
	ListAllByResource(ctx context.Context, rt authz.ResourceType, id uuid.UUID) ([]*Membership, error)
	AddResourceRole(ctx context.Context, orgID uuid.UUID, resourceType authz.ResourceType, resID uuid.UUID, mType authz.MembershipType, memberID uuid.UUID, role authz.Role, parentID *uuid.UUID) error
}

type MembershipUseCase 

type MembershipUseCase struct {
	// contains filtered or unexported fields
}

func NewMembershipUseCase 

func NewMembershipUseCase(repo MembershipRepo, orgUC *OrganizationUseCase, auditor *AuditorUseCase, userRepo UserRepo, logger log.Logger) *MembershipUseCase

func (*MembershipUseCase) ByOrg 

func (uc *MembershipUseCase) ByOrg(ctx context.Context, orgID string, opts *ListByOrgOpts, paginationOpts *pagination.OffsetPaginationOpts) ([]*Membership, int, error)

func (*MembershipUseCase) ByUser 

func (uc *MembershipUseCase) ByUser(ctx context.Context, userID string) ([]*Membership, error)

func (*MembershipUseCase) Create 

func (uc *MembershipUseCase) Create(ctx context.Context, orgID, userID string, opts ...MembershipCreateOpt) (*Membership, error)

func (*MembershipUseCase) DeleteOther 

func (uc *MembershipUseCase) DeleteOther(ctx context.Context, orgID, userID, membershipID string) error

DeleteOther just deletes a membership from the database but ensures that the user is not deleting itself from the org

func (*MembershipUseCase) FindByOrgAndUser 

func (uc *MembershipUseCase) FindByOrgAndUser(ctx context.Context, orgID, userID string) (*Membership, error)

func (*MembershipUseCase) FindByOrgNameAndUser added in v0.109.0 

func (uc *MembershipUseCase) FindByOrgNameAndUser(ctx context.Context, orgName, userID string) (*Membership, error)

func (*MembershipUseCase) GetOrgsAndRBACInfoForUser added in v1.27.0 

func (uc *MembershipUseCase) GetOrgsAndRBACInfoForUser(ctx context.Context, userID uuid.UUID) ([]uuid.UUID, map[uuid.UUID][]uuid.UUID, error)

func (*MembershipUseCase) Leave added in v1.41.0 

func (uc *MembershipUseCase) Leave(ctx context.Context, userID, membershipID string) error

Leave allows a user to leave an organization with proper owner validation This function never automatically deletes organizations

func (*MembershipUseCase) ListAllMembershipsForUser added in v1.11.0 

func (uc *MembershipUseCase) ListAllMembershipsForUser(ctx context.Context, userID uuid.UUID) ([]*Membership, error)

ListAllMembershipsForUser retrieves all memberships for a user, including both direct memberships and those inherited from groups

func (*MembershipUseCase) SetCurrent 

func (uc *MembershipUseCase) SetCurrent(ctx context.Context, userID, membershipID string) (*Membership, error)

SetCurrent sets the current membership for the user and unsets the previous one

func (*MembershipUseCase) SetProjectOwner added in v1.11.0 

func (uc *MembershipUseCase) SetProjectOwner(ctx context.Context, orgID, projectID, userID uuid.UUID) error

SetProjectOwner sets the project owner (admin role). It skips the operation if an owner exists already

func (*MembershipUseCase) UpdateRole 

func (uc *MembershipUseCase) UpdateRole(ctx context.Context, orgID, userID, membershipID string, role authz.Role) (*Membership, error)

type MembershipsRBAC added in v1.11.0 

type MembershipsRBAC interface {
	ListAllMembershipsForUser(ctx context.Context, userID uuid.UUID) ([]*Membership, error)
}

type NewIntegrationUseCaseOpts 

type NewIntegrationUseCaseOpts struct {
	IRepo   IntegrationRepo
	IaRepo  IntegrationAttachmentRepo
	WfRepo  WorkflowRepo
	CredsRW credentials.ReaderWriter
	Logger  log.Logger
}

type NewUserUseCaseParams 

type NewUserUseCaseParams struct {
	UserRepo            UserRepo
	MembershipUseCase   *MembershipUseCase
	OrganizationUseCase *OrganizationUseCase
	OnboardingConfig    []*config.OnboardingSpec
	Logger              log.Logger
	AuditorUseCase      *AuditorUseCase
	UserAccessSyncer    *UserAccessSyncerUseCase
}

type OrgID added in v1.12.0 

type OrgID = uuid.UUID

type OrgInvitation 

type OrgInvitation struct {
	ID            uuid.UUID
	Org           *Organization
	Sender        *User
	ReceiverEmail string
	CreatedAt     *time.Time
	Status        OrgInvitationStatus
	Role          authz.Role
	// Context is a JSON field that can be used to store additional information
	Context *OrgInvitationContext
}

type OrgInvitationContext added in v1.19.0 

type OrgInvitationContext struct {
	// GroupIDToJoin is the ID of the group to join when accepting the invitation
	GroupIDToJoin *uuid.UUID `json:"group_id_to_join,omitempty"`
	// GroupMaintainer indicates if the user should be added as a maintainer of the group
	GroupMaintainer bool `json:"group_maintainer,omitempty"`
	// ProjectIDToJoin is the ID of the project to join when accepting the invitation
	ProjectIDToJoin *uuid.UUID `json:"project_id_to_join,omitempty"`
	// ProjectRole is the role to assign to the user in the project
	ProjectRole authz.Role `json:"project_role,omitempty"`
	// ExternalMetadata can be used to store additional information
	ExternalMetadata json.RawMessage `json:"external_metadata,omitempty"`
}

OrgInvitationContext is used to pass additional context when accepting an invitation

type OrgInvitationRepo 

type OrgInvitationRepo interface {
	Create(ctx context.Context, orgID, senderID uuid.UUID, receiverEmail string, role authz.Role, invCtx *OrgInvitationContext) (*OrgInvitation, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*OrgInvitation, error)
	PendingInvitation(ctx context.Context, orgID uuid.UUID, receiverEmail string) (*OrgInvitation, error)
	PendingInvitations(ctx context.Context, receiverEmail string) ([]*OrgInvitation, error)
	SoftDelete(ctx context.Context, id uuid.UUID) error
	ListByOrg(ctx context.Context, org uuid.UUID) ([]*OrgInvitation, error)
	ChangeStatus(ctx context.Context, ID uuid.UUID, status OrgInvitationStatus) error
}

type OrgInvitationStatus 

type OrgInvitationStatus string
var (
	OrgInvitationStatusPending  OrgInvitationStatus = "pending"
	OrgInvitationStatusAccepted OrgInvitationStatus = "accepted"
)

func (OrgInvitationStatus) Values 

func (OrgInvitationStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type OrgInvitationUseCase 

type OrgInvitationUseCase struct {
	// contains filtered or unexported fields
}

func NewOrgInvitationUseCase 

func NewOrgInvitationUseCase(r OrgInvitationRepo, mRepo MembershipRepo, uRepo UserRepo, auditorUC *AuditorUseCase, groupRepo GroupRepo, projectRepo ProjectsRepo, l log.Logger) (*OrgInvitationUseCase, error)

func (*OrgInvitationUseCase) AcceptInvitation 

func (uc *OrgInvitationUseCase) AcceptInvitation(ctx context.Context, invitationID string) error

func (*OrgInvitationUseCase) AcceptPendingInvitations 

func (uc *OrgInvitationUseCase) AcceptPendingInvitations(ctx context.Context, receiverEmail string) error

AcceptPendingInvitations accepts all pending invitations for a given user email

func (*OrgInvitationUseCase) Create 

func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, receiverEmail string, createOpts ...InvitationCreateOpt) (*OrgInvitation, error)

func (*OrgInvitationUseCase) FindByID 

func (uc *OrgInvitationUseCase) FindByID(ctx context.Context, invitationID string) (*OrgInvitation, error)

func (*OrgInvitationUseCase) ListByOrg 

func (uc *OrgInvitationUseCase) ListByOrg(ctx context.Context, orgID string) ([]*OrgInvitation, error)

func (*OrgInvitationUseCase) Revoke 

func (uc *OrgInvitationUseCase) Revoke(ctx context.Context, orgID, invitationID string) error

Revoke an invitation by ID only if the user is the one who created it

type OrgMetricsRepo 

type OrgMetricsRepo interface {
	// Total number of runs within the provided time window (from now)
	RunsTotal(ctx context.Context, orgID uuid.UUID, timeWindow *TimeWindow, projectIDs []uuid.UUID) (int32, error)
	// Total number by run status
	RunsByStatusTotal(ctx context.Context, orgID uuid.UUID, timeWindow *TimeWindow, projectIDs []uuid.UUID) (map[string]int32, error)
	RunsByRunnerTypeTotal(ctx context.Context, orgID uuid.UUID, timeWindow *TimeWindow, projectIDs []uuid.UUID) (map[string]int32, error)
	TopWorkflowsByRunsCount(ctx context.Context, orgID uuid.UUID, numWorkflows int, timeWindow *TimeWindow, projectIDs []uuid.UUID) ([]*TopWorkflowsByRunsCountItem, error)
	DailyRunsCount(ctx context.Context, orgID, workflowID uuid.UUID, timeWindow *TimeWindow, projectIDs []uuid.UUID) ([]*DayRunsCount, error)
}

type OrgMetricsUseCase 

type OrgMetricsUseCase struct {
	// contains filtered or unexported fields
}

func NewOrgMetricsUseCase 

func NewOrgMetricsUseCase(r OrgMetricsRepo, orgRepo OrganizationRepo, wfUseCase *WorkflowUseCase, l log.Logger) (*OrgMetricsUseCase, error)

func (*OrgMetricsUseCase) DailyRunsCount 

func (uc *OrgMetricsUseCase) DailyRunsCount(ctx context.Context, orgID string, workflowID *string, timeWindow *TimeWindow, projectIDs []uuid.UUID) ([]*DayRunsCount, error)

DailyRunsCount returns the number of runs per day within the provided time window (from now) Optionally filtered by workflowID

func (*OrgMetricsUseCase) GetLastWorkflowStatusByRun added in v0.94.0 

func (uc *OrgMetricsUseCase) GetLastWorkflowStatusByRun(ctx context.Context, orgName string) ([]*prometheuscollector.WorkflowLastStatusByRunReport, error)

GetLastWorkflowStatusByRun returns the last status of each workflow by its last run It only returns workflows with at least one run and skips workflows with initialized runs

func (*OrgMetricsUseCase) RunsTotal 

func (uc *OrgMetricsUseCase) RunsTotal(ctx context.Context, orgID string, timeWindow *TimeWindow, projectIDs []uuid.UUID) (int32, error)

func (*OrgMetricsUseCase) RunsTotalByRunnerType 

func (uc *OrgMetricsUseCase) RunsTotalByRunnerType(ctx context.Context, orgID string, timeWindow *TimeWindow, projectIDs []uuid.UUID) (map[string]int32, error)

func (*OrgMetricsUseCase) RunsTotalByStatus 

func (uc *OrgMetricsUseCase) RunsTotalByStatus(ctx context.Context, orgID string, timeWindow *TimeWindow, projectIDs []uuid.UUID) (map[string]int32, error)

func (*OrgMetricsUseCase) TopWorkflowsByRunsCount 

func (uc *OrgMetricsUseCase) TopWorkflowsByRunsCount(ctx context.Context, orgID string, numWorkflows int, timeWindow *TimeWindow, projectIDs []uuid.UUID) ([]*TopWorkflowsByRunsCountItem, error)

type Organization 

type Organization struct {
	ID, Name  string
	CreatedAt *time.Time
	UpdatedAt *time.Time
	// BlockOnPolicyViolation blocks the workflow run if policy evaluation fails
	BlockOnPolicyViolation bool
	// PoliciesAllowedHostnames is an array of hostnames that are allowed to be used in the policies
	PoliciesAllowedHostnames []string
}

type OrganizationRepo 

type OrganizationRepo interface {
	FindByID(ctx context.Context, orgID uuid.UUID) (*Organization, error)
	FindByName(ctx context.Context, name string) (*Organization, error)
	Create(ctx context.Context, name string) (*Organization, error)
	Update(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string) (*Organization, error)
	Delete(ctx context.Context, ID uuid.UUID) error
}

type OrganizationUseCase 

type OrganizationUseCase struct {
	// contains filtered or unexported fields
}

func NewOrganizationUseCase 

func NewOrganizationUseCase(repo OrganizationRepo, repoUC *CASBackendUseCase, auditor *AuditorUseCase, iUC *IntegrationUseCase, mRepo MembershipRepo, onboardingConfig []*config.OnboardingSpec, l log.Logger) *OrganizationUseCase

func (*OrganizationUseCase) AutoOnboardOrganizations added in v0.91.8 

func (uc *OrganizationUseCase) AutoOnboardOrganizations(ctx context.Context, userID string) error

AutoOnboardOrganizations creates the organizations specified in the onboarding config and assigns the user to them with the specified role if they are not already a member.

func (*OrganizationUseCase) Create 

func (uc *OrganizationUseCase) Create(ctx context.Context, name string, opts ...CreateOpt) (*Organization, error)

Create an organization with the given name

func (*OrganizationUseCase) CreateWithRandomName 

func (uc *OrganizationUseCase) CreateWithRandomName(ctx context.Context, opts ...CreateOpt) (*Organization, error)

func (*OrganizationUseCase) Delete 

func (uc *OrganizationUseCase) Delete(ctx context.Context, id string) error

Delete deletes an organization and all relevant data This includes: - The organization - The associated repositories - The associated integrations The reason for just deleting these two associated components only is because they have external secrets that need to be deleted as well, and for that we leverage their own delete methods The rest of the data gets removed by the database cascade delete

func (*OrganizationUseCase) DeleteByUser added in v1.41.0 

func (uc *OrganizationUseCase) DeleteByUser(ctx context.Context, orgName, userID string) error

DeleteByUser deletes an organization initiated by a user with owner validation Only organization owners can delete an organization

func (*OrganizationUseCase) FindByID 

func (uc *OrganizationUseCase) FindByID(ctx context.Context, id string) (*Organization, error)

func (*OrganizationUseCase) FindByName added in v0.153.0 

func (uc *OrganizationUseCase) FindByName(ctx context.Context, name string) (*Organization, error)

func (*OrganizationUseCase) Update 

func (uc *OrganizationUseCase) Update(ctx context.Context, userID, orgName string, blockOnPolicyViolation *bool, policiesAllowedHostnames []string) (*Organization, error)

type Project added in v0.97.5 

type Project struct {
	// ID is the unique identifier of the project
	ID uuid.UUID
	// Name is the name of the project
	Name string
	// OrgID is the organization that this project belongs to
	OrgID uuid.UUID
	// CreatedAt is the time when the project was created
	CreatedAt *time.Time
	// UpdatedAt is the time when the project was last updated
	UpdatedAt *time.Time
}

Project is a project in the organization

type ProjectID added in v1.12.0 

type ProjectID = uuid.UUID

type ProjectMembership added in v1.13.0 

type ProjectMembership struct {
	// User is the user who is a member of the project (nil for group memberships).
	User *User
	// Group is the group that is a member of the project (nil for user memberships).
	Group *Group
	// MembershipType indicates if this is a user or group membership.
	MembershipType authz.MembershipType
	// Role represents the role of the user/group in the project (admin or viewer).
	Role authz.Role
	// LatestProjectVersionID is the ID of the latest project version this membership is associated with.
	LatestProjectVersionID *uuid.UUID
	// CreatedAt is the timestamp when the user/group was added to the project.
	CreatedAt *time.Time
	// UpdatedAt is the timestamp when the membership was last updated.
	UpdatedAt *time.Time
	// ParentID is the parent membership object used for nested memberships, if applicable
	ParentID *uuid.UUID
	// ParentResourceID identifies the parent resource of this membership, if applicable
	ParentResourceID *uuid.UUID
}

ProjectMembership represents a membership of a user or group in a project.

type ProjectUseCase added in v0.97.5 

type ProjectUseCase struct {
	// contains filtered or unexported fields
}

ProjectUseCase is a use case for projects

func NewProjectsUseCase added in v0.97.5 

func NewProjectsUseCase(logger log.Logger, projectsRepository ProjectsRepo, membershipRepository MembershipRepo, auditorUC *AuditorUseCase, groupUC *GroupUseCase, membershipUC *MembershipUseCase, orgInvitationUC *OrgInvitationUseCase, orgInvitationRepo OrgInvitationRepo, enforcer *authz.Enforcer) *ProjectUseCase

func (*ProjectUseCase) AddMemberToProject added in v1.13.0 

func (uc *ProjectUseCase) AddMemberToProject(ctx context.Context, orgID uuid.UUID, opts *AddMemberToProjectOpts) (*AddMemberToProjectResult, error)

AddMemberToProject adds a user or group to a project. Returns AddMemberToProjectResult which indicates whether a membership was created or an invitation was sent.

func (*ProjectUseCase) Create added in v0.98.0 

func (uc *ProjectUseCase) Create(ctx context.Context, orgID, name string) (*Project, error)

func (*ProjectUseCase) FindProjectByReference added in v0.97.5 

func (uc *ProjectUseCase) FindProjectByReference(ctx context.Context, orgID string, reference *IdentityReference) (*Project, error)

FindProjectByReference finds a project by reference, which can be either a project name or a project ID.

func (*ProjectUseCase) ListMembers added in v1.13.0 

func (uc *ProjectUseCase) ListMembers(ctx context.Context, orgID uuid.UUID, projectRef *IdentityReference, paginationOpts *pagination.OffsetPaginationOpts) ([]*ProjectMembership, int, error)

ListMembers lists the members of a project with pagination.

func (*ProjectUseCase) ListPendingInvitations added in v1.20.0 

func (uc *ProjectUseCase) ListPendingInvitations(ctx context.Context, orgID uuid.UUID, projectRef *IdentityReference, paginationOpts *pagination.OffsetPaginationOpts) ([]*OrgInvitation, int, error)

ListPendingInvitations retrieves a list of pending invitations for a project.

func (*ProjectUseCase) RemoveMemberFromProject added in v1.13.0 

func (uc *ProjectUseCase) RemoveMemberFromProject(ctx context.Context, orgID uuid.UUID, opts *RemoveMemberFromProjectOpts) error

RemoveMemberFromProject removes a user or group from a project.

func (*ProjectUseCase) UpdateMemberRole added in v1.17.0 

func (uc *ProjectUseCase) UpdateMemberRole(ctx context.Context, orgID uuid.UUID, opts *UpdateMemberRoleOpts) error

UpdateMemberRole updates the role of a user or group in a project.

func (*ProjectUseCase) ValidateProjectIdentifier added in v1.13.0 

func (uc *ProjectUseCase) ValidateProjectIdentifier(ctx context.Context, orgID uuid.UUID, projectRef *IdentityReference) (uuid.UUID, error)

ValidateProjectIdentifier validates and resolves the project reference to a project ID.

type ProjectVersion added in v0.97.5 

type ProjectVersion struct {
	// ID is the UUID of the project version.
	ID uuid.UUID
	// Version is the version of the project.
	Version string
	// Prerelease indicates whether the version is a prerelease.
	Prerelease bool
	// TotalWorkflowRuns is the total number of workflow runs for this version.
	TotalWorkflowRuns int
	// CreatedAt is the time when the project version was created.
	CreatedAt *time.Time
	// ReleasedAt is the time when the version was released.
	ReleasedAt *time.Time
	ProjectID  uuid.UUID
}

type ProjectVersionRepo added in v0.97.5 

type ProjectVersionRepo interface {
	FindByProjectAndVersion(ctx context.Context, projectID uuid.UUID, version string) (*ProjectVersion, error)
	Update(ctx context.Context, versionID uuid.UUID, updates *ProjectVersionUpdateOpts) (*ProjectVersion, error)
	Create(ctx context.Context, projectID uuid.UUID, version string, prerelease bool) (*ProjectVersion, error)
}

type ProjectVersionUpdateOpts added in v0.98.0 

type ProjectVersionUpdateOpts struct {
	Prerelease *bool
}

type ProjectVersionUseCase added in v0.97.5 

type ProjectVersionUseCase struct {
	// contains filtered or unexported fields
}

func NewProjectVersionUseCase added in v0.97.5 

func NewProjectVersionUseCase(repo ProjectVersionRepo, l log.Logger) *ProjectVersionUseCase

func (*ProjectVersionUseCase) Create added in v0.98.0 

func (uc *ProjectVersionUseCase) Create(ctx context.Context, projectID, version string, prerelease bool) (*ProjectVersion, error)

func (*ProjectVersionUseCase) FindByProjectAndVersion added in v0.97.5 

func (uc *ProjectVersionUseCase) FindByProjectAndVersion(ctx context.Context, projectID string, version string) (*ProjectVersion, error)

func (*ProjectVersionUseCase) UpdateReleaseStatus added in v0.98.0 

func (uc *ProjectVersionUseCase) UpdateReleaseStatus(ctx context.Context, version string, isRelease bool) (*ProjectVersion, error)

type ProjectsRepo added in v0.97.5 

type ProjectsRepo interface {
	FindProjectByOrgIDAndName(ctx context.Context, orgID uuid.UUID, projectName string) (*Project, error)
	FindProjectByOrgIDAndID(ctx context.Context, orgID uuid.UUID, projectID uuid.UUID) (*Project, error)
	Create(ctx context.Context, orgID uuid.UUID, name string) (*Project, error)
	ListProjectsByOrgID(ctx context.Context, orgID uuid.UUID) ([]*Project, error)
	// ListMembers retrieves a list of members in a project, optionally filtered by admin status.
	ListMembers(ctx context.Context, orgID uuid.UUID, projectID uuid.UUID, paginationOpts *pagination.OffsetPaginationOpts) ([]*ProjectMembership, int, error)
	// AddMemberToProject adds a user or group to a project with a specific role.
	AddMemberToProject(ctx context.Context, orgID uuid.UUID, projectID uuid.UUID, memberID uuid.UUID, membershipType authz.MembershipType, role authz.Role) (*ProjectMembership, error)
	// RemoveMemberFromProject removes a user or group from a project.
	RemoveMemberFromProject(ctx context.Context, orgID uuid.UUID, projectID uuid.UUID, memberID uuid.UUID, membershipType authz.MembershipType) error
	// UpdateMemberRoleInProject updates the role of a user or group in a project.
	UpdateMemberRoleInProject(ctx context.Context, orgID uuid.UUID, projectID uuid.UUID, memberID uuid.UUID, membershipType authz.MembershipType, newRole authz.Role) (*ProjectMembership, error)
	// FindProjectMembershipByProjectAndID finds a project membership by project ID and member ID (user or group).
	FindProjectMembershipByProjectAndID(ctx context.Context, orgID uuid.UUID, projectID uuid.UUID, memberID uuid.UUID, membershipType authz.MembershipType) (*ProjectMembership, error)
	// ListPendingInvitationsByProject retrieves a list of pending invitations for a project.
	ListPendingInvitationsByProject(ctx context.Context, orgID uuid.UUID, projectID uuid.UUID, paginationOpts *pagination.OffsetPaginationOpts) ([]*OrgInvitation, int, error)
}

ProjectsRepo is a repository for projects

type PromObservable added in v0.95.0 

type PromObservable interface {
	ObserveAttestationIfNeeded(ctx context.Context, run *WorkflowRun, status WorkflowRunStatus) bool
}

type PrometheusUseCase added in v0.94.0 

type PrometheusUseCase struct {
	// contains filtered or unexported fields
}

PrometheusUseCase is a use case for Prometheus where some metrics are exposed

func NewPrometheusUseCase added in v0.94.0 

func NewPrometheusUseCase(conf []*conf.PrometheusIntegrationSpec, orgUseCase *OrganizationUseCase, orgMetricsUseCase *OrgMetricsUseCase, logger log.Logger) *PrometheusUseCase

NewPrometheusUseCase creates a new PrometheusUseCase

func (*PrometheusUseCase) GetRegistryByOrganizationName added in v0.94.0 

func (uc *PrometheusUseCase) GetRegistryByOrganizationName(orgName string) *registry.PrometheusRegistry

GetRegistryByOrganizationName returns a registry by organization name

func (*PrometheusUseCase) ObserveAttestationIfNeeded added in v0.95.0 

func (uc *PrometheusUseCase) ObserveAttestationIfNeeded(ctx context.Context, run *WorkflowRun, status WorkflowRunStatus) bool

Record an attestation if the run exists and there is a registry for the organization

func (*PrometheusUseCase) OrganizationHasRegistry added in v0.94.0 

func (uc *PrometheusUseCase) OrganizationHasRegistry(orgName string) bool

OrganizationHasRegistry checks if an organization has a registry

type Referrer 

type Referrer struct {
	Digest string
	Kind   string
	// Wether the item is downloadable from CAS or not
	Downloadable bool
	// If this referrer is part of a public workflow
	InPublicWorkflow bool
	References       []*Referrer

	Metadata, Annotations map[string]string
}

func (*Referrer) MapID 

func (r *Referrer) MapID() string

type ReferrerRepo 

type ReferrerRepo interface {
	Save(ctx context.Context, input []*Referrer, workflowID uuid.UUID) error
	// GetFromRoot returns the referrer identified by the provided content digest, including its first-level references
	// For example if sha:deadbeef represents an attestation, the result will contain the attestation + materials associated to it
	// OrgIDs represent an allowList of organizations where the referrers should be looked for
	GetFromRoot(ctx context.Context, digest string, orgIDs []uuid.UUID, filters ...GetFromRootFilter) (*StoredReferrer, error)
	// Exist Checks if a given referrer by digest exist.
	// The query can be scoped further down if needed by providing the kind or visibility status
	Exist(ctx context.Context, digest string, filters ...GetFromRootFilter) (bool, error)
}

type ReferrerUseCase 

type ReferrerUseCase struct {
	// contains filtered or unexported fields
}

func NewReferrerUseCase 

func NewReferrerUseCase(repo ReferrerRepo, wfRepo WorkflowRepo, membershipUseCase *MembershipUseCase, indexCfg *conf.ReferrerSharedIndex, l log.Logger) (*ReferrerUseCase, error)

func (*ReferrerUseCase) ExtractAndPersist 

func (s *ReferrerUseCase) ExtractAndPersist(ctx context.Context, att *dsse.Envelope, digest cr_v1.Hash, workflowID string) error

ExtractAndPersist extracts the referrers (subject + materials) from the given attestation and store it as part of the referrers index table

func (*ReferrerUseCase) GetFromRoot 

func (s *ReferrerUseCase) GetFromRoot(ctx context.Context, digest, rootKind string, orgIDs []uuid.UUID, projectIDs map[OrgID][]ProjectID) (*StoredReferrer, error)

func (*ReferrerUseCase) GetFromRootInPublicSharedIndex 

func (s *ReferrerUseCase) GetFromRootInPublicSharedIndex(ctx context.Context, digest, rootKind string) (*StoredReferrer, error)

Get the list of public referrers from organizations that have been allowed to be shown in a shared index NOTE: This is a public endpoint under /discover/[sha256:deadbeef]

func (*ReferrerUseCase) GetFromRootUser 

func (s *ReferrerUseCase) GetFromRootUser(ctx context.Context, digest, rootKind, userID string) (*StoredReferrer, error)

GetFromRootUser returns the referrer identified by the provided content digest, including its first-level references For example if sha:deadbeef represents an attestation, the result will contain the attestation + materials associated to it It only returns referrers that belong to organizations the user is member of

type RemotePolicy added in v0.96.5 

type RemotePolicy struct {
	ProviderRef *policies.PolicyReference
	Policy      *schemav1.Policy
}

type RemotePolicyGroup added in v0.96.14 

type RemotePolicyGroup struct {
	ProviderRef *policies.PolicyReference
	PolicyGroup *schemav1.PolicyGroup
}

type RemoveMemberFromGroupOpts added in v1.12.0 

type RemoveMemberFromGroupOpts struct {
	*IdentityReference
	// UserEmail is the email of the user to remove from the group.
	UserEmail string
	// RequesterID is the ID of the user who is requesting to remove the member. Optional.
	// If provided, the requester must be a maintainer or admin.
	RequesterID uuid.UUID
}

RemoveMemberFromGroupOpts defines options for removing a member from a group.

type RemoveMemberFromProjectOpts added in v1.13.0 

type RemoveMemberFromProjectOpts struct {
	// ProjectReference is the reference to the project.
	ProjectReference *IdentityReference
	// UserEmail is the email of the user to remove from the project.
	UserEmail string
	// GroupReference is the reference to the group to remove from the project.
	GroupReference *IdentityReference
	// RequesterID is the ID of the user who is requesting to remove the member.
	RequesterID uuid.UUID
}

RemoveMemberFromProjectOpts defines options for removing a member from a project.

type RobotAccount 

type RobotAccount struct {
	Name                 string
	ID                   uuid.UUID
	JWT                  string
	WorkflowID           uuid.UUID
	CreatedAt, RevokedAt *time.Time
}

type RobotAccountRepo 

type RobotAccountRepo interface {
	Create(ctx context.Context, name string, workflowID uuid.UUID) (*RobotAccount, error)
	List(ctx context.Context, workflowID uuid.UUID, includeRevoked bool) ([]*RobotAccount, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*RobotAccount, error)
	Revoke(ctx context.Context, orgID, ID uuid.UUID) error
}

type RobotAccountUseCase 

type RobotAccountUseCase struct {
	// contains filtered or unexported fields
}

func NewRootAccountUseCase 

func NewRootAccountUseCase(robotAccountRepo RobotAccountRepo, workflowRepo WorkflowRepo, conf *conf.Auth, logger log.Logger) *RobotAccountUseCase

func (*RobotAccountUseCase) Create 

func (uc *RobotAccountUseCase) Create(ctx context.Context, name string, orgID, workflowID string) (*RobotAccount, error)

func (*RobotAccountUseCase) FindByID 

func (uc *RobotAccountUseCase) FindByID(ctx context.Context, id string) (*RobotAccount, error)

func (*RobotAccountUseCase) List 

func (uc *RobotAccountUseCase) List(ctx context.Context, orgID, workflowID string, includeRevoked bool) ([]*RobotAccount, error)

func (*RobotAccountUseCase) Revoke 

func (uc *RobotAccountUseCase) Revoke(ctx context.Context, orgID, id string) error

type RunListFilters 

type RunListFilters struct {
	WorkflowID *uuid.UUID
	VersionID  *uuid.UUID
	Status     WorkflowRunStatus
	ProjectIDs []uuid.UUID
}

type SaveOption added in v0.94.3 

type SaveOption func(*AttestationStateSaveOpts)

func WithAttStateBaseDigest added in v0.94.3 

func WithAttStateBaseDigest(digest string) SaveOption

type ScopedEntity added in v1.27.0 

type ScopedEntity struct {
	// Type is the type of the scoped entity i.e project or org
	Type string
	// ID is the id of the scoped entity
	ID uuid.UUID
	// Name is the name of the scoped entity
	Name string
}

type SigningUseCase 

type SigningUseCase struct {
	CAs                  *ca.CertificateAuthorities
	TimestampAuthorities []*TimestampAuthority
	// contains filtered or unexported fields
}

func NewChainloopSigningUseCase 

func NewChainloopSigningUseCase(config *conf.Bootstrap, l log.Logger) (*SigningUseCase, error)

func (*SigningUseCase) CreateSigningCert 

func (s *SigningUseCase) CreateSigningCert(ctx context.Context, orgID string, csrRaw []byte) ([]string, error)

CreateSigningCert signs a certificate request with a configured CA, and returns the full certificate chain

func (*SigningUseCase) GetCurrentTSA added in v0.170.0 

func (s *SigningUseCase) GetCurrentTSA() *TimestampAuthority

func (*SigningUseCase) GetSigningCA added in v1.0.0 

func (s *SigningUseCase) GetSigningCA() ca.CertificateAuthority

GetSigningCA returns the current CA authority (if any) used for signing

func (*SigningUseCase) GetTrustedRoot added in v0.162.0 

func (s *SigningUseCase) GetTrustedRoot(ctx context.Context) (*TrustedRoot, error)

type StoredReferrer 

type StoredReferrer struct {
	*Referrer
	ID        uuid.UUID
	CreatedAt *time.Time
	// Fully expanded list of 1-level off references
	References                      []*StoredReferrer
	OrgIDs, WorkflowIDs, ProjectIDs []uuid.UUID
}

Actual referrer stored in the DB which includes a nested list of storedReferences

type TimeWindow added in v0.93.0 

type TimeWindow struct {
	From time.Time
	To   time.Time
}

TimeWindow represents in time.Time format not in time.Duration

func (*TimeWindow) Validate added in v0.93.0 

func (tw *TimeWindow) Validate() error

Validate validates the time window checking From and To are set

type TimestampAuthority added in v0.170.0 

type TimestampAuthority struct {
	Issuer    bool
	URL       *url.URL
	CertChain []*x509.Certificate
}

type TopWorkflowsByRunsCountItem 

type TopWorkflowsByRunsCountItem struct {
	Workflow *Workflow
	ByStatus map[string]int32
	Total    int32
}

type TrustedRoot added in v0.162.0 

type TrustedRoot struct {
	// map of keyID and PEM encoded certificates
	Keys map[string][]string
	// Timestamp Authorities
	TimestampAuthorities map[string][]string
}

type UpdateGroupOpts added in v1.11.0 

type UpdateGroupOpts struct {
	// NewDescription is the new description of the group.
	NewDescription *string
	// NewName is the new name of the group.
	NewName *string
}

UpdateGroupOpts defines options for updating a group.

type UpdateMemberMaintainerStatusOpts added in v1.22.0 

type UpdateMemberMaintainerStatusOpts struct {
	// Group reference
	*IdentityReference
	// UserReference is used to identify the user whose maintainer status is to be updated
	UserReference *IdentityReference
	// RequesterID is the ID of the user who is requesting to update the maintainer status. Optional.
	// If provided, the requester must be a maintainer or admin.
	RequesterID uuid.UUID
	// IsMaintainer is the new maintainer status for the user.
	IsMaintainer bool
}

UpdateMemberMaintainerStatusOpts defines options for updating a member's maintainer status in a group.

type UpdateMemberRoleOpts added in v1.17.0 

type UpdateMemberRoleOpts struct {
	// ProjectReference is the reference to the project.
	ProjectReference *IdentityReference
	// UserEmail is the email of the user whose role to update.
	UserEmail string
	// GroupReference is the reference to the group whose role to update.
	GroupReference *IdentityReference
	// RequesterID is the ID of the user who is requesting to update the role.
	RequesterID uuid.UUID
	// NewRole represents the new role to assign to the member in the project.
	NewRole authz.Role
}

UpdateMemberRoleOpts defines options for updating a member's role in a project.

type UpsertByEmailOpts added in v1.5.0 

type UpsertByEmailOpts struct {
	// DisableAutoOnboarding, if set to true, will skip the auto-onboarding process
	DisableAutoOnboarding *bool
	FirstName             *string
	LastName              *string
	SSOGroups             []string
}

type User 

type User struct {
	ID                  string
	FirstName           string
	LastName            string
	Email               string
	CreatedAt           *time.Time
	UpdatedAt           *time.Time
	HasRestrictedAccess *bool
}

type UserAccessSyncerUseCase added in v0.186.0 

type UserAccessSyncerUseCase struct {
	// contains filtered or unexported fields
}

func NewUserAccessSyncerUseCase added in v0.186.0 

func NewUserAccessSyncerUseCase(logger log.Logger, userRepo UserRepo, allowList *conf.AllowList) *UserAccessSyncerUseCase

func (*UserAccessSyncerUseCase) SyncUserAccess added in v1.3.0 

func (u *UserAccessSyncerUseCase) SyncUserAccess(ctx context.Context) error

SyncUserAccess syncs the access restriction status of all users based on the allowlist into their DB entries If allowDbOverrides is true, the access restriction status of users that have the access property set to null will be updated If allowDbOverrides is true, the DB entries of all users will be updated to match the allowlist

func (*UserAccessSyncerUseCase) UpdateUserAccessRestriction added in v1.3.0 

func (u *UserAccessSyncerUseCase) UpdateUserAccessRestriction(ctx context.Context, user *User) (*User, error)

UpdateUserAccessRestriction updates the access restriction status of a user

type UserOrgFinder 

type UserOrgFinder interface {
	FindByID(ctx context.Context, userID string) (*User, error)
	CurrentMembership(ctx context.Context, userID string) (*Membership, error)
	MembershipInOrg(ctx context.Context, userID string, orgName string) (*Membership, error)
}

type UserRepo 

type UserRepo interface {
	CreateByEmail(ctx context.Context, email string, firstName, lastName *string) (*User, error)
	FindByEmail(ctx context.Context, email string) (*User, error)
	FindByID(ctx context.Context, userID uuid.UUID) (*User, error)
	Delete(ctx context.Context, userID uuid.UUID) error
	FindAll(ctx context.Context, pagination *pagination.OffsetPaginationOpts) ([]*User, int, error)
	UpdateAccess(ctx context.Context, userID uuid.UUID, isAccessRestricted bool) (*User, error)
	UpdateNameAndLastName(ctx context.Context, userID uuid.UUID, firstName, lastName *string) (*User, error)
	HasUsersWithAccessPropertyNotSet(ctx context.Context) (bool, error)
	FindUsersWithAccessPropertyNotSet(ctx context.Context) ([]*User, error)
}

type UserUseCase 

type UserUseCase struct {
	// contains filtered or unexported fields
}

func NewUserUseCase 

func NewUserUseCase(opts *NewUserUseCaseParams) *UserUseCase

func (*UserUseCase) CurrentMembership 

func (uc *UserUseCase) CurrentMembership(ctx context.Context, userID string) (*Membership, error)

Find the membership associated with the user that's marked as current If none is selected, it will pick the first one and set it as current

func (*UserUseCase) DeleteUser 

func (uc *UserUseCase) DeleteUser(ctx context.Context, userID string) error

DeleteUser deletes the user, related memberships and organization if needed Safe approach: blocks deletion if user is sole owner of any organizations

func (*UserUseCase) FindByID 

func (uc *UserUseCase) FindByID(ctx context.Context, userID string) (*User, error)

func (*UserUseCase) MembershipInOrg added in v0.140.0 

func (uc *UserUseCase) MembershipInOrg(ctx context.Context, userID string, orgName string) (*Membership, error)

func (*UserUseCase) UpsertByEmail added in v1.5.0 

func (uc *UserUseCase) UpsertByEmail(ctx context.Context, email string, opts *UpsertByEmailOpts) (*User, error)

UpsertByEmail finds or creates a user by email. By default, it will auto-onboard the user to the organizations defined in the configuration. If disableAutoOnboarding is set to true, it will skip the auto-onboarding process.

type VerificationResult added in v0.164.0 

type VerificationResult struct {
	Result        bool
	FailureReason string
}

type Workflow 

type Workflow struct {
	Name, Description, Team, Project string
	CreatedAt                        *time.Time
	RunsCounter                      int
	LastRun                          *WorkflowRun
	ID, ContractID, OrgID            uuid.UUID
	ContractName                     string
	// Latest available contract revision
	ContractRevisionLatest int
	// Public means that the associated workflow runs, attestations and materials
	// are reachable by other users, regardless of their organization
	// This field is also used to calculate if an user can download attestations/materials from the CAS
	Public    bool
	ProjectID uuid.UUID
}

type WorkflowContract 

type WorkflowContract struct {
	ID                      uuid.UUID
	Name                    string
	Description             string
	LatestRevision          int
	LatestRevisionCreatedAt *time.Time
	CreatedAt               *time.Time
	UpdatedAt               *time.Time
	// WorkflowRefs is the list of workflows associated with this contract
	WorkflowRefs []*WorkflowRef
	// entity the contract is scoped to, if not set it's scoped to the organization
	ScopedEntity *ScopedEntity
}

func (*WorkflowContract) IsGlobalScoped added in v1.27.0 

func (c *WorkflowContract) IsGlobalScoped() bool

func (*WorkflowContract) IsProjectScoped added in v1.27.0 

func (c *WorkflowContract) IsProjectScoped() bool

type WorkflowContractCreateOpts 

type WorkflowContractCreateOpts struct {
	OrgID, Name string
	RawSchema   []byte
	Description *string
	ProjectID   *uuid.UUID
	// Make sure that the name is unique in the organization
	AddUniquePrefix bool
}

type WorkflowContractListFilters added in v1.27.0 

type WorkflowContractListFilters struct {
	// FilterByProjects is used to filter the result by a project list
	// If it's empty, no filter will be applied
	FilterByProjects []uuid.UUID
}

type WorkflowContractRepo 

type WorkflowContractRepo interface {
	Create(ctx context.Context, opts *ContractCreateOpts) (*WorkflowContract, error)
	List(ctx context.Context, orgID uuid.UUID, filter *WorkflowContractListFilters) ([]*WorkflowContract, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*WorkflowContract, error)
	FindByNameInOrg(ctx context.Context, orgID uuid.UUID, name string) (*WorkflowContract, error)
	Describe(ctx context.Context, orgID, contractID uuid.UUID, revision int, opts ...ContractQueryOpt) (*WorkflowContractWithVersion, error)
	FindVersionByID(ctx context.Context, versionID uuid.UUID) (*WorkflowContractWithVersion, error)
	Update(ctx context.Context, orgID uuid.UUID, name string, opts *ContractUpdateOpts) (*WorkflowContractWithVersion, error)
	SoftDelete(ctx context.Context, contractID uuid.UUID) error
}

type WorkflowContractUpdateOpts 

type WorkflowContractUpdateOpts struct {
	RawSchema   []byte
	Description *string
}

type WorkflowContractUseCase 

type WorkflowContractUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowContractUseCase 

func NewWorkflowContractUseCase(repo WorkflowContractRepo, policyRegistry *policies.Registry, auditorUC *AuditorUseCase, logger log.Logger) *WorkflowContractUseCase

func (*WorkflowContractUseCase) Create 

func (uc *WorkflowContractUseCase) Create(ctx context.Context, opts *WorkflowContractCreateOpts) (*WorkflowContract, error)

we currently only support schema v1

func (*WorkflowContractUseCase) Delete 

func (uc *WorkflowContractUseCase) Delete(ctx context.Context, orgID, contractID string) error

Delete soft-deletes the entry

func (*WorkflowContractUseCase) Describe 

func (uc *WorkflowContractUseCase) Describe(ctx context.Context, orgID, contractID string, revision int, opts ...ContractQueryOpt) (*WorkflowContractWithVersion, error)

func (*WorkflowContractUseCase) FindByIDInOrg 

func (uc *WorkflowContractUseCase) FindByIDInOrg(ctx context.Context, orgID, contractID string) (*WorkflowContract, error)

func (*WorkflowContractUseCase) FindByNameInOrg added in v0.93.0 

func (uc *WorkflowContractUseCase) FindByNameInOrg(ctx context.Context, orgID, name string) (*WorkflowContract, error)

func (*WorkflowContractUseCase) FindVersionByID 

func (uc *WorkflowContractUseCase) FindVersionByID(ctx context.Context, versionID string) (*WorkflowContractWithVersion, error)

func (*WorkflowContractUseCase) GetPolicy added in v0.95.7 

func (uc *WorkflowContractUseCase) GetPolicy(providerName, policyName, policyOrgName, currentOrgName, token string) (*RemotePolicy, error)

GetPolicy retrieves a policy from a policy provider

func (*WorkflowContractUseCase) GetPolicyGroup added in v0.96.14 

func (uc *WorkflowContractUseCase) GetPolicyGroup(providerName, groupName, groupOrgName, currentOrgName, token string) (*RemotePolicyGroup, error)

func (*WorkflowContractUseCase) List 

func (uc *WorkflowContractUseCase) List(ctx context.Context, orgID string, opts ...WorkflowListOpt) ([]*WorkflowContract, error)

func (*WorkflowContractUseCase) Update 

func (uc *WorkflowContractUseCase) Update(ctx context.Context, orgID, name string, opts *WorkflowContractUpdateOpts) (*WorkflowContractWithVersion, error)

func (*WorkflowContractUseCase) ValidateContractPolicies added in v0.96.0 

func (uc *WorkflowContractUseCase) ValidateContractPolicies(rawSchema []byte, token string) error

func (*WorkflowContractUseCase) ValidatePolicyAttachment added in v0.144.0 

func (uc *WorkflowContractUseCase) ValidatePolicyAttachment(providerName string, att *schemav1.PolicyAttachment, token string) error

type WorkflowContractVersion 

type WorkflowContractVersion struct {
	ID        uuid.UUID
	Revision  int
	CreatedAt *time.Time
	Schema    *Contract
}

type WorkflowContractWithVersion 

type WorkflowContractWithVersion struct {
	Contract *WorkflowContract
	Version  *WorkflowContractVersion
}

type WorkflowCreateOpts 

type WorkflowCreateOpts struct {
	Name, OrgID, Project, Team, ContractName, Description string
	ContractID                                            string
	// ContractBytes is the raw contract bytes that can be used to create or update the contract
	ContractBytes []byte
	// DetectedContract is the detected contract from the contract bytes
	DetectedContract *Contract
	// Public means that the associated workflow runs, attestations and materials
	// are reachable by other users, regardless of their organization
	Public bool

	// Owner identifies the user to be marked as owner of the project
	Owner *uuid.UUID
}

TODO: move to pointer properties to handle empty values

type WorkflowListOpt added in v1.27.0 

type WorkflowListOpt func(opts *WorkflowContractListFilters)

func WithProjectFilter added in v1.27.0 

func WithProjectFilter(projectIDs []uuid.UUID) WorkflowListOpt

type WorkflowListOpts added in v0.109.0 

type WorkflowListOpts struct {
	// WorkflowName is the name of the workflow
	WorkflowName string
	// WorkflowDescription is the description of the workflow
	WorkflowDescription string
	// WorkflowTeam is the team of the workflow
	WorkflowTeam string
	// WorkflowProjectNames is the project name of the workflow
	WorkflowProjectNames []string
	// WorkflowPublic is the flag to filter public workflows
	WorkflowPublic *bool
	// WorkflowActiveWindow is the active window of the workflow
	WorkflowRunRunnerType string
	// WorkflowActiveWindow is the active window of the workflow
	WorkflowActiveWindow *TimeWindow
	// WorkflowRunStatus is the status of the workflow runs to return
	WorkflowRunLastStatus WorkflowRunStatus
	// JSONFilters is the filters to apply to the JSON fields
	JSONFilters []*jsonfilter.JSONFilter
	// ProjectIDs is used to filter the result by a project list
	// Note that a `nil` value means "no filter", and an empty slice will cause an empty result
	ProjectIDs []uuid.UUID
}

WorkflowListOpts is the options to filter the list of workflows

type WorkflowRef added in v0.96.19 

type WorkflowRef struct {
	ID          uuid.UUID
	Name        string
	ProjectName string
}

WorkflowRef is a reference to a workflow With combination of the name and the project, it should be unique

type WorkflowRepo 

type WorkflowRepo interface {
	Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error)
	Update(ctx context.Context, id uuid.UUID, opts *WorkflowUpdateOpts) (*Workflow, error)
	List(ctx context.Context, orgID uuid.UUID, filter *WorkflowListOpts, pagination *pagination.OffsetPaginationOpts) ([]*Workflow, int, error)
	GetOrgScoped(ctx context.Context, orgID, workflowID uuid.UUID) (*Workflow, error)
	GetOrgScopedByProjectAndName(ctx context.Context, orgID uuid.UUID, projectName, workflowName string) (*Workflow, error)
	IncRunsCounter(ctx context.Context, workflowID uuid.UUID) error
	FindByID(ctx context.Context, workflowID uuid.UUID) (*Workflow, error)
	SoftDelete(ctx context.Context, workflowID uuid.UUID) error
}

type WorkflowRun 

type WorkflowRun struct {
	ID                    uuid.UUID
	State, Reason         string
	CreatedAt, FinishedAt *time.Time
	Workflow              *Workflow
	RunURL, RunnerType    string
	ContractVersionID     uuid.UUID
	Attestation           *Attestation
	CASBackends           []*CASBackend
	// The revision of the contract that was used
	ContractRevisionUsed int
	// The max revision of the contract at the time of the run
	ContractRevisionLatest int
	ProjectVersion         *ProjectVersion
}

type WorkflowRunCreateOpts 

type WorkflowRunCreateOpts struct {
	WorkflowID       string
	ContractRevision *WorkflowContractWithVersion
	RunnerRunURL     string
	RunnerType       string
	CASBackendID     uuid.UUID
	ProjectVersion   string
}

type WorkflowRunExpirerOpts 

type WorkflowRunExpirerOpts struct {
	// Maximum time threshold for what a workflowRun will be considered expired
	ExpirationWindow time.Duration
	CheckInterval    time.Duration
}

type WorkflowRunExpirerUseCase 

type WorkflowRunExpirerUseCase struct {
	PromObservable PromObservable
	// contains filtered or unexported fields
}

func NewWorkflowRunExpirerUseCase 

func NewWorkflowRunExpirerUseCase(wfrRepo WorkflowRunRepo, po PromObservable, logger log.Logger) *WorkflowRunExpirerUseCase

func (*WorkflowRunExpirerUseCase) ExpirationSweep 

func (uc *WorkflowRunExpirerUseCase) ExpirationSweep(ctx context.Context, olderThan time.Time) error

ExpirationSweep looks for runs older than the provider time and marks them as expired

func (*WorkflowRunExpirerUseCase) Run 

func (uc *WorkflowRunExpirerUseCase) Run(ctx context.Context, opts *WorkflowRunExpirerOpts)

type WorkflowRunRepo 

type WorkflowRunRepo interface {
	Create(ctx context.Context, opts *WorkflowRunRepoCreateOpts) (*WorkflowRunRepoCreateResult, error)
	FindByID(ctx context.Context, ID uuid.UUID) (*WorkflowRun, error)
	FindByAttestationDigest(ctx context.Context, digest string) (*WorkflowRun, error)
	FindByIDInOrg(ctx context.Context, orgID, ID uuid.UUID) (*WorkflowRun, error)
	MarkAsFinished(ctx context.Context, ID uuid.UUID, status WorkflowRunStatus, reason string) error
	SaveAttestation(ctx context.Context, ID uuid.UUID, att *dsse.Envelope, digest string) error
	SaveBundle(ctx context.Context, ID uuid.UUID, bundle []byte) error
	GetBundle(ctx context.Context, wrID uuid.UUID) ([]byte, error)
	List(ctx context.Context, orgID uuid.UUID, f *RunListFilters, p *pagination.CursorOptions) ([]*WorkflowRun, string, error)
	// List the runs that have not finished and are older than a given time
	ListNotFinishedOlderThan(ctx context.Context, olderThan time.Time, limit int) ([]*WorkflowRun, error)
	// Set run as expired
	Expire(ctx context.Context, id uuid.UUID) error
}

type WorkflowRunRepoCreateOpts 

type WorkflowRunRepoCreateOpts struct {
	WorkflowID, SchemaVersionID  uuid.UUID
	RunURL, RunnerType           string
	Backends                     []uuid.UUID
	LatestRevision, UsedRevision int
	ProjectVersion               string
}

type WorkflowRunRepoCreateResult added in v1.41.0 

type WorkflowRunRepoCreateResult struct {
	Run            *WorkflowRun
	Project        *Project
	VersionCreated bool
}

type WorkflowRunStatus 

type WorkflowRunStatus string
const (
	WorkflowRunInitialized WorkflowRunStatus = "initialized"
	WorkflowRunSuccess     WorkflowRunStatus = "success"
	WorkflowRunError       WorkflowRunStatus = "error"
	WorkflowRunExpired     WorkflowRunStatus = "expired"
	WorkflowRunCancelled   WorkflowRunStatus = "canceled"
)

func (WorkflowRunStatus) Values 

func (WorkflowRunStatus) Values() (kinds []string)

Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues

type WorkflowRunUseCase 

type WorkflowRunUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowRunUseCase 

func NewWorkflowRunUseCase(wfrRepo WorkflowRunRepo, wfRepo WorkflowRepo, suc *SigningUseCase, auditorUC *AuditorUseCase, logger log.Logger) (*WorkflowRunUseCase, error)

func (*WorkflowRunUseCase) Create 

func (uc *WorkflowRunUseCase) Create(ctx context.Context, opts *WorkflowRunCreateOpts) (*WorkflowRun, error)

Create will add a new WorkflowRun, associate it to a schemaVersion and increment the counter in the associated workflow

func (*WorkflowRunUseCase) ExistsInWorkflow 

func (uc *WorkflowRunUseCase) ExistsInWorkflow(ctx context.Context, workflowID, id string) (bool, error)

The workflowRun belongs to the provided workflowRun

func (*WorkflowRunUseCase) GetByDigestInOrgOrPublic 

func (uc *WorkflowRunUseCase) GetByDigestInOrgOrPublic(ctx context.Context, orgID, digest string) (*WorkflowRun, error)

func (*WorkflowRunUseCase) GetByIDInOrg 

func (uc *WorkflowRunUseCase) GetByIDInOrg(ctx context.Context, orgID, runID string) (*WorkflowRun, error)

Returns the workflow run with the provided ID if it belongs to the org

func (*WorkflowRunUseCase) GetByIDInOrgOrPublic 

func (uc *WorkflowRunUseCase) GetByIDInOrgOrPublic(ctx context.Context, orgID, runID string) (*WorkflowRun, error)

Returns the workflow run with the provided ID if it belongs to the org or its public

func (*WorkflowRunUseCase) List 

func (uc *WorkflowRunUseCase) List(ctx context.Context, orgID string, f *RunListFilters, p *pagination.CursorOptions) ([]*WorkflowRun, string, error)

List the workflowruns associated with an org and optionally filtered by a workflow

func (*WorkflowRunUseCase) MarkAsFinished 

func (uc *WorkflowRunUseCase) MarkAsFinished(ctx context.Context, id string, status WorkflowRunStatus, reason string) error

func (*WorkflowRunUseCase) SaveAttestation 

func (uc *WorkflowRunUseCase) SaveAttestation(ctx context.Context, id string, envelope, bundle []byte) (*v1.Hash, error)

func (*WorkflowRunUseCase) Verify added in v0.164.0 

func (uc *WorkflowRunUseCase) Verify(ctx context.Context, run *WorkflowRun) (*VerificationResult, error)

type WorkflowRunWithContract 

type WorkflowRunWithContract struct {
	*WorkflowRun
	*WorkflowContractVersion
}

type WorkflowUpdateOpts 

type WorkflowUpdateOpts struct {
	Team, Description, ContractID *string
	Public                        *bool
}

type WorkflowUseCase 

type WorkflowUseCase struct {
	// contains filtered or unexported fields
}

func NewWorkflowUsecase 

func NewWorkflowUsecase(wfr WorkflowRepo, projectsRepo ProjectsRepo, schemaUC *WorkflowContractUseCase, auditorUC *AuditorUseCase, membershipUC *MembershipUseCase, logger log.Logger) *WorkflowUseCase

func (*WorkflowUseCase) Create 

func (uc *WorkflowUseCase) Create(ctx context.Context, opts *WorkflowCreateOpts) (*Workflow, error)

func (*WorkflowUseCase) Delete 

func (uc *WorkflowUseCase) Delete(ctx context.Context, orgID, workflowID string) error

Delete soft-deletes the entry

func (*WorkflowUseCase) FindByID 

func (uc *WorkflowUseCase) FindByID(ctx context.Context, workflowID string) (*Workflow, error)

func (*WorkflowUseCase) FindByIDInOrg 

func (uc *WorkflowUseCase) FindByIDInOrg(ctx context.Context, orgID, workflowID string) (*Workflow, error)

func (*WorkflowUseCase) FindByNameInOrg 

func (uc *WorkflowUseCase) FindByNameInOrg(ctx context.Context, orgID, projectName, workflowName string) (*Workflow, error)

func (*WorkflowUseCase) IncRunsCounter 

func (uc *WorkflowUseCase) IncRunsCounter(ctx context.Context, workflowID string) error

func (*WorkflowUseCase) List 

func (uc *WorkflowUseCase) List(ctx context.Context, orgID string, filterOpts *WorkflowListOpts, paginationOpts *pagination.OffsetPaginationOpts) ([]*Workflow, int, error)

List returns a list of workflows and the total count of workflows

func (*WorkflowUseCase) Update 

func (uc *WorkflowUseCase) Update(ctx context.Context, orgID, workflowID string, opts *WorkflowUpdateOpts) (*Workflow, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.