workflow

package
v1.18.0-rc.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 11, 2026 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var EscapeLike = strings.NewReplacer(`\`, `\\`, `%`, `\%`, `_`, `\_`).Replace

EscapeLike escapes the SQL LIKE wildcards (%, _) and the backslash escape character itself so a substring can be embedded as a literal in a LIKE pattern.

Functions

func ActivityCompletionAttestations 

func ActivityCompletionAttestations(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string) []*protos.ActivityCompletionAttestation

ActivityCompletionAttestations returns every ActivityCompletionAttestation present on Task{Completed,Failed} events stored in the given workflow instance's history.

func AssertSignerCertificateStripped 

func AssertSignerCertificateStripped(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string)

AssertSignerCertificateStripped verifies that no completion events in the given workflow instance's history still carry a signerCertificate companion field. The companion is wire-only - it must always be cleared before persisting the event so the cert lives only once in ext-sigcert.

func CertificateCount 

func CertificateCount(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string) int

CertificateCount returns the number of signing certificate entries stored for the given workflow instance.

func ChildCompletionAttestations 

func ChildCompletionAttestations(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string) []*protos.ChildCompletionAttestation

ChildCompletionAttestations returns every ChildCompletionAttestation present on ChildWorkflowInstance{Completed,Failed} events stored in the given workflow instance's history.

func ChildInstanceIDFromHistory 

func ChildInstanceIDFromHistory(t *testing.T, ctx context.Context, db *sqlite.SQLite, parentInstanceID string) string

ChildInstanceIDFromHistory pulls the child workflow's InstanceID out of the parent workflow's persisted history, by searching for the ChildWorkflowInstanceCreated event. Returns empty string when not yet present (parent hasn't reached the child-creation event).

func CountHistoryEventsMatching added in v1.17.7 

func CountHistoryEventsMatching(t *testing.T, ctx context.Context, cl *client.TaskHubGrpcClient, id api.InstanceID, pred func(*protos.HistoryEvent) bool) int

CountHistoryEventsMatching returns the number of events in the workflow's history (as exposed via GetInstanceHistory) that satisfy pred.

func CountHistoryEventsOfType 

func CountHistoryEventsOfType[T any](t *testing.T, ctx context.Context, client *client.TaskHubGrpcClient, id api.InstanceID) int

func CountPropagatedHistoryRows 

func CountPropagatedHistoryRows(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string) int

CountPropagatedHistoryRows counts persisted propagated-history rows whose key contains the given instanceID substring. Used by tests that need to confirm the child has stored its IncomingHistory before proceeding (e.g. tampering with it).

func ExtSigCertCount 

func ExtSigCertCount(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string) int

ExtSigCertCount returns the number of external (foreign) signing certificate entries (ext-sigcert-NNNNNN keys) stored for the given workflow instance. Foreign certs are absorbed on inbox ingestion of completion events that carry attestations from child workflows and activities.

func ForgeChunkWithSpiffePath 

func ForgeChunkWithSpiffePath(t *testing.T, sen *sentry.Sentry, chunk *protos.PropagatedHistoryChunk, spiffePath string)

ForgeChunkWithSpiffePath rewrites a single PropagatedHistoryChunk so its signing material attests to spiffe://<sentry-trust-domain><spiffePath> - a cert that the test framework's Sentry would not have issued in production (e.g. wrong namespace) but that nevertheless chains cleanly to that Sentry's trust anchor.

The leaf cert is freshly issued against Sentry's IssChain, and a fresh HistorySignature over chunk.RawEvents is produced with the matching private key, then written into chunk.RawSignatures. The result: the receiver's chain-of-trust verification and per-signature cryptographic verification both succeed; only the SPIFFE identity check (app or namespace component) can fire. This isolates the identity gate from the chain gate in tampering tests.

Mutates chunk in place. Caller should set the modified chunk back into the persisted PropagatedHistory before re-loading.

func GetLastHistoryEventOfType 

func GetLastHistoryEventOfType[T any](t *testing.T, ctx context.Context, client *client.TaskHubGrpcClient, id api.InstanceID) *protos.HistoryEvent

func HistoryCount 

func HistoryCount(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string) int

HistoryCount returns the number of history entries stored for the given workflow instance.

func InjectInboxEvent added in v1.17.7 

func InjectInboxEvent(t *testing.T, ctx context.Context, db *sqlite.SQLite, daprd *daprd.Daprd, instanceID string, evt *protos.HistoryEvent)

InjectInboxEvent appends evt to the workflow actor's persisted inbox in the SQLite state store and increments the metadata's InboxLength by one. The caller is responsible for invalidating the actor's in-memory cache (e.g. via daprd.Restart) before relying on the injection to take effect.

func IsChildCompletedFor added in v1.17.7 

func IsChildCompletedFor(taskScheduledID int32) func(*protos.HistoryEvent) bool

func IsChildFailedFor added in v1.17.7 

func IsChildFailedFor(taskScheduledID int32) func(*protos.HistoryEvent) bool

func IsTaskCompletedFor added in v1.17.7 

func IsTaskCompletedFor(taskScheduledID int32) func(*protos.HistoryEvent) bool

IsTaskCompletedFor returns a predicate that matches a TaskCompleted event for the given TaskScheduledId.

func IsTaskFailedFor added in v1.17.7 

func IsTaskFailedFor(taskScheduledID int32) func(*protos.HistoryEvent) bool

func IsTaskScheduledFor added in v1.17.7 

func IsTaskScheduledFor(eventID int32) func(*protos.HistoryEvent) bool

func IsTimerFiredFor added in v1.17.7 

func IsTimerFiredFor(timerID int32) func(*protos.HistoryEvent) bool

func MutateMetadata 

func MutateMetadata(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string, mutate func(*backend.BackendWorkflowStateMetadata))

MutateMetadata loads the persisted BackendWorkflowStateMetadata for the given workflow instance, applies the mutation, and writes it back. Used by negative tests that simulate state store tampering.

func ReadExtSigCerts 

func ReadExtSigCerts(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string) []*protos.ExternalSigningCertificate

ReadExtSigCerts reads and unmarshals all ExternalSigningCertificate entries for the given workflow instance.

func ReadHistoryEvents 

func ReadHistoryEvents(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string) []*protos.HistoryEvent

ReadHistoryEvents reads and unmarshals all stored history events for the given workflow instance, preserving state-store order.

func ReadPropagatedHistory 

func ReadPropagatedHistory(t *testing.T, ctx context.Context, db *sqlite.SQLite, needle string) (string, *protos.PropagatedHistory)

ReadPropagatedHistory looks up the single `propagated-history` state-store row whose key contains needle, decodes it, and returns the row key (so the caller can WriteStateValue back) plus the parsed PropagatedHistory. `needle` is typically the child workflow's instance ID (or any unique substring of its actor key) so we can disambiguate when multiple propagated-history rows exist (e.g. lineage chains).

func RemoveHistoryEvent added in v1.17.7 

func RemoveHistoryEvent(t *testing.T, ctx context.Context, db *sqlite.SQLite, daprd *daprd.Daprd, instanceID string, pred func(*protos.HistoryEvent) bool)

RemoveHistoryEvent deletes the first history event matching pred and renumbers any subsequent history-* keys to keep the sequence contiguous. The metadata's HistoryLength is decremented by one.

func SignatureCount 

func SignatureCount(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string) int

SignatureCount returns the number of signature entries stored for the given workflow instance. Use this in tests to verify signing happened or did not happen, instead of calling CountStateKeys directly with a raw key prefix string (which is error-prone).

func VerifyCertAppID 

func VerifyCertAppID(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID, expectedAppID string)

VerifyCertAppID checks that all signing certificates for a workflow instance contain a SPIFFE ID matching the expected app ID in the "default" namespace, and that each certificate has a 2-deep chain (leaf + issuer intermediate).

func VerifySignatureChain 

func VerifySignatureChain(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string, trustAnchors []byte)

VerifySignatureChain verifies the full history signature chain for a workflow instance, including cryptographic signatures and certificate chain-of-trust against the given trust anchors.

func WaitForRuntimeStatus 

func WaitForRuntimeStatus(t *testing.T, ctx context.Context, client *client.TaskHubGrpcClient, id api.InstanceID, status protos.OrchestrationStatus)

func WaitForWorkflowStartedEvent 

func WaitForWorkflowStartedEvent(t *testing.T, ctx context.Context, client *client.TaskHubGrpcClient, id api.InstanceID)

func WritePropagatedHistory 

func WritePropagatedHistory(t *testing.T, ctx context.Context, db *sqlite.SQLite, key string, ph *protos.PropagatedHistory)

WritePropagatedHistory marshals the given PropagatedHistory and writes it back to the same state-store row identified by key.

Types

type SigningData 

type SigningData struct {
	// RawSignatures are the raw serialized bytes of each HistorySignature
	// as stored. Required for digest computation in chain verification.
	RawSignatures [][]byte
	// Signatures are the parsed HistorySignature protos.
	Signatures []*protos.HistorySignature
	// Certs are the signing certificates.
	Certs []*protos.SigningCertificate
	// RawEvents are the raw serialized bytes of each history event as stored.
	RawEvents [][]byte
}

SigningData holds signatures, certificates, and raw history events for a workflow instance, loaded from the state store for verification.

func UnmarshalSigningData 

func UnmarshalSigningData(t *testing.T, ctx context.Context, db *sqlite.SQLite, instanceID string) SigningData

UnmarshalSigningData reads and unmarshals signatures, certificates, and raw history events from the SQLite state store for the given workflow instance.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.