Documentation
¶
Index ¶
- func IsTamperMarker(e *backend.HistoryEvent) bool
- type Options
- type State
- func (s *State) AddSignature(sig *backend.HistorySignature, raw []byte)
- func (s *State) AddSigningCertificate(cert *backend.SigningCertificate)
- func (s *State) AddToHistory(e *backend.HistoryEvent)
- func (s *State) AddToInbox(e *backend.HistoryEvent)
- func (s *State) ApplyRuntimeStateChanges(rs *backend.WorkflowRuntimeState)
- func (s *State) ClearInbox()
- func (s *State) FromWorkflowState(state *protos.BackendWorkflowState)
- func (s *State) GetPurgeRequest(actorID string) (*api.TransactionalRequest, error)
- func (s *State) GetSaveRequest(actorID string) (*api.TransactionalRequest, error)
- func (s *State) HistoryAddedCount() int
- func (s *State) Reset()
- func (s *State) ResetChangeTracking()
- func (s *State) SetIncomingHistory(ph *protos.PropagatedHistory)
- func (s *State) SetMarshaledNewHistory(raw [][]byte)
- func (s *State) String() string
- func (s *State) ToWorkflowState() *protos.BackendWorkflowState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsTamperMarker ¶
func IsTamperMarker(e *backend.HistoryEvent) bool
IsTamperMarker reports whether e is the well-known terminal event written by MarkAsTamperFailed to record that the workflow's persisted state was detected as tampered. It is identified by an ExecutionCompleted with status FAILED and FailureDetails.ErrorType set to wferrors.ErrorTypeHistoryTampered. Loaders use this check to bypass signature verification on workflows that have already been terminally failed by tamper detection — without the bypass, the broken signature chain would block every subsequent load.
Types ¶
type State ¶
type State struct {
Inbox []*backend.HistoryEvent
History []*backend.HistoryEvent
SigningCertificates []*backend.SigningCertificate
Signatures []*backend.HistorySignature
CustomStatus *wrapperspb.StringValue
Generation uint64
// RawHistory holds the raw bytes of history events as loaded from the
// state store. These are used for signature verification to verify
// against the actual persisted bytes.
RawHistory [][]byte
// RawSignatures holds the raw serialized bytes of each HistorySignature
// as loaded from the state store or returned by SignResult.RawSignature.
// These are the single source of truth for digest computation in chain
// linking and must be preserved exactly as stored.
RawSignatures [][]byte
// IncomingHistory is the propagated history this workflow received from
// its caller. Stored as a separate state key, NOT as part of history
// events. Set once at workflow creation, never modified.
IncomingHistory *protos.PropagatedHistory
// contains filtered or unexported fields
}
func LoadWorkflowState ¶
func MarkAsTamperFailed ¶
func MarkAsTamperFailed(ctx context.Context, astate state.Interface, actorID string, opts Options, prior *State, cause error) (*State, error)
MarkAsTamperFailed appends a single terminal ExecutionCompleted(FAILED) event to the workflow's history to record that its persisted state was detected as tampered. The original (untrusted) history, inbox, signatures, and certs are left intact for forensics — only the marker event is added, and it is not signed. Subsequent loads detect the marker via IsTamperMarker and bypass signature verification, so the workflow surfaces as terminally FAILED with wferrors.ErrorTypeHistoryTampered in its FailureDetails.
MarkAsTamperFailed is idempotent: if prior already ends in a tamper marker the state is returned unchanged with no store write.
func (*State) AddSignature ¶
func (s *State) AddSignature(sig *backend.HistorySignature, raw []byte)
func (*State) AddSigningCertificate ¶
func (s *State) AddSigningCertificate(cert *backend.SigningCertificate)
func (*State) AddToHistory ¶ added in v1.16.0
func (s *State) AddToHistory(e *backend.HistoryEvent)
func (*State) AddToInbox ¶
func (s *State) AddToInbox(e *backend.HistoryEvent)
func (*State) ApplyRuntimeStateChanges ¶
func (s *State) ApplyRuntimeStateChanges(rs *backend.WorkflowRuntimeState)
func (*State) ClearInbox ¶
func (s *State) ClearInbox()
func (*State) FromWorkflowState ¶ added in v1.16.0
func (s *State) FromWorkflowState(state *protos.BackendWorkflowState)
func (*State) GetPurgeRequest ¶
func (s *State) GetPurgeRequest(actorID string) (*api.TransactionalRequest, error)
func (*State) GetSaveRequest ¶
func (s *State) GetSaveRequest(actorID string) (*api.TransactionalRequest, error)
func (*State) HistoryAddedCount ¶
HistoryAddedCount returns the number of history events added since the last save or reset. Used by the orchestrator to know how many events need signing.
func (*State) ResetChangeTracking ¶
func (s *State) ResetChangeTracking()
ResetChangeTracking resets the change tracking counters. This should be called after a save request.
func (*State) SetIncomingHistory ¶
func (s *State) SetIncomingHistory(ph *protos.PropagatedHistory)
SetIncomingHistory sets the received propagated history on the state.
func (*State) SetMarshaledNewHistory ¶
SetMarshaledNewHistory stores pre-marshaled bytes for newly added history events. These bytes will be used by GetSaveRequest instead of re-marshaling, ensuring the persisted bytes match exactly what was signed.
func (*State) ToWorkflowState ¶ added in v1.16.0
func (s *State) ToWorkflowState() *protos.BackendWorkflowState
Source Files
Directories