domain

package
v0.21.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2026 License: MIT Imports: 3 Imported by: 0

Documentation

Overview

Package domain defines shared business types, errors, and interfaces. this package has zero internal imports and serves as the dependency inversion layer for the application.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ValidationError = validationError{}
	AuthError       = authError{}
	APIError        = apiError{}
	ConfigError     = configError{}
)

domain type instances for error marking

View Source 
var (
	ErrMissingPRData       = errors.Mark(errors.New("pr data missing"), ValidationError)
	ErrInvalidSignature    = errors.Mark(errors.New("invalid webhook signature"), AuthError)
	ErrMissingSignature    = errors.Mark(errors.New("signature missing but secret configured"), AuthError)
	ErrUnexpectedSignature = errors.Mark(errors.New("signature provided but secret not configured"), AuthError)
	ErrTeamNotFound        = errors.Mark(errors.New("github team not found"), APIError)
	ErrGroupNotFound       = errors.Mark(errors.New("okta group not found"), APIError)
	ErrInvalidPattern      = errors.Mark(errors.New("invalid regex pattern"), ValidationError)
	ErrEmptyPattern        = errors.Mark(errors.New("pattern cannot be empty"), ValidationError)
	ErrClientNotInit       = errors.Mark(errors.New("client not initialized"), ConfigError)
	ErrInvalidEventType    = errors.Mark(errors.New("unknown event type"), ValidationError)
	ErrMissingOAuthCreds   = errors.Mark(errors.New("must provide either api token or oauth credentials"), ConfigError)
)

sentinel errors for common failure cases

Functions

This section is empty.

Types

type ComplianceViolation 

type ComplianceViolation struct {
	Type        string
	Description string
}

ComplianceViolation represents a single branch protection rule violation.

type GitHubClient 

type GitHubClient interface {
	// CheckPRCompliance verifies if a merged PR met branch protection
	// requirements.
	CheckPRCompliance(ctx context.Context, owner, repo string, prNumber int) (*PRComplianceResult, error)

	// GetOrCreateTeam fetches an existing team by slug or creates it if
	// missing.
	GetOrCreateTeam(ctx context.Context, teamName, privacy string) (*github.Team, error)

	// SyncTeamMembers adds and removes members to match desired state.
	SyncTeamMembers(ctx context.Context, teamSlug string, desiredMembers []string, safetyThreshold float64) (*TeamSyncResult, error)

	// GetTeamMembers returns GitHub usernames of all team members.
	GetTeamMembers(ctx context.Context, teamSlug string) ([]string, error)

	// ListOrgMembers returns all organization members excluding external
	// collaborators.
	ListOrgMembers(ctx context.Context) ([]string, error)

	// IsExternalCollaborator checks if a user is an outside collaborator
	// rather than an organization member.
	IsExternalCollaborator(ctx context.Context, username string) (bool, error)

	// GetAppSlug fetches the GitHub App slug identifier.
	GetAppSlug(ctx context.Context) (string, error)

	// GetOrg returns the GitHub organization name.
	GetOrg() string
}

GitHubClient defines the interface for GitHub API operations. implemented by internal/github/client.Client.

type GroupInfo 

type GroupInfo struct {
	ID                      string
	Name                    string
	Members                 []string
	SkippedNoGitHubUsername []string
}

GroupInfo contains Okta group details and member list.

type GroupMembersResult 

type GroupMembersResult struct {
	Members                 []string
	SkippedNoGitHubUsername []string
}

GroupMembersResult contains the results of fetching group members.

type Notifier 

type Notifier interface {
	// NotifyPRBypass sends a notification when branch protection is
	// bypassed.
	NotifyPRBypass(ctx context.Context, result *PRComplianceResult, repoFullName string) error

	// NotifyOktaSync sends a notification with Okta sync results.
	NotifyOktaSync(ctx context.Context, reports []*SyncReport, githubOrg string) error

	// NotifyOrphanedUsers sends a notification about organization members
	// not in any synced teams.
	NotifyOrphanedUsers(ctx context.Context, report *OrphanedUsersReport) error
}

Notifier defines the interface for sending notifications. implemented by internal/notifiers.SlackNotifier.

type OktaClient 

type OktaClient interface {
	// GetGroupsByPattern fetches all Okta groups matching a regex pattern.
	GetGroupsByPattern(ctx context.Context, pattern string) ([]*GroupInfo, error)

	// GetGroupInfo fetches details for a single Okta group by name.
	GetGroupInfo(ctx context.Context, groupName string) (*GroupInfo, error)
}

OktaClient defines the interface for Okta API operations. implemented by internal/okta.Client.

type OrphanedUsersReport 

type OrphanedUsersReport struct {
	OrphanedUsers []string
}

OrphanedUsersReport contains users who are org members but not in any synced teams.

type PRComplianceResult 

type PRComplianceResult struct {
	PR               *github.PullRequest
	BaseBranch       string
	Protection       *github.Protection
	BranchRules      *github.BranchRules
	Violations       []ComplianceViolation
	UserHasBypass    bool
	UserBypassReason string
}

PRComplianceResult contains PR compliance check results including violations and user bypass permissions.

func (*PRComplianceResult) HasViolations 

func (r *PRComplianceResult) HasViolations() bool

HasViolations returns true if any compliance violations were detected.

func (*PRComplianceResult) WasBypassed 

func (r *PRComplianceResult) WasBypassed() bool

WasBypassed returns true if violations exist and user had bypass permission.

type SyncReport 

type SyncReport struct {
	Rule                       string
	OktaGroup                  string
	GitHubTeam                 string
	MembersAdded               []string
	MembersRemoved             []string
	MembersSkippedExternal     []string
	MembersSkippedNoGHUsername []string
	Errors                     []string
}

SyncReport contains the results of syncing a single Okta group to GitHub team.

func (*SyncReport) HasChanges 

func (r *SyncReport) HasChanges() bool

HasChanges returns true if members were added or removed.

func (*SyncReport) HasErrors 

func (r *SyncReport) HasErrors() bool

HasErrors returns true if any errors occurred during sync.

type SyncResult 

type SyncResult struct {
	Reports       []*SyncReport
	OrphanedUsers *OrphanedUsersReport
}

SyncResult contains all sync reports and orphaned users report.

type SyncRule 

type SyncRule struct {
	Name                string `json:"name"`
	Enabled             *bool  `json:"enabled,omitempty"`
	OktaGroupPattern    string `json:"okta_group_pattern,omitempty"`
	OktaGroupName       string `json:"okta_group_name,omitempty"`
	GitHubTeamPrefix    string `json:"github_team_prefix,omitempty"`
	GitHubTeamName      string `json:"github_team_name,omitempty"`
	StripPrefix         string `json:"strip_prefix,omitempty"`
	SyncMembers         *bool  `json:"sync_members,omitempty"`
	CreateTeamIfMissing bool   `json:"create_team_if_missing"`
	TeamPrivacy         string `json:"team_privacy,omitempty"`
}

SyncRule defines how to sync Okta groups to GitHub teams.

func (SyncRule) GetName 

func (r SyncRule) GetName() string

GetName returns the rule name, defaulting to GitHubTeamName if not set.

func (SyncRule) IsEnabled 

func (r SyncRule) IsEnabled() bool

IsEnabled returns true if the rule is enabled (defaults to true).

func (SyncRule) ShouldSyncMembers 

func (r SyncRule) ShouldSyncMembers() bool

ShouldSyncMembers returns true if members should be synced (defaults to true).

type TeamSyncResult 

type TeamSyncResult struct {
	TeamName               string
	MembersAdded           []string
	MembersRemoved         []string
	MembersSkippedExternal []string
	Errors                 []string
}

TeamSyncResult contains the results of syncing team membership.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.