Documentation
¶
Overview ¶
Package interfaces contains the interfaces for the Minder policy engine.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrEvaluationFailed = errors.New("evaluation failure")
ErrEvaluationFailed is an error that occurs during evaluation of a rule.
var ErrEvaluationSkipped = errors.New("evaluation skipped")
ErrEvaluationSkipped specifies that the rule was evaluated but skipped.
Functions ¶
Types ¶
type EvalError ¶ added in v0.1.1
EvalError is an interface providing additional details from Evaluator.Eval() errors when the evaluation determines that the rule is violated.
type EvaluationResult ¶ added in v0.0.81
type EvaluationResult struct {
// Output is the output of the evaluation. This contains a list of additional
// information about the evaluation, which may be used in downstream actions.
Output any
}
EvaluationResult is the result of an evaluation
type Evaluator ¶
type Evaluator interface {
Eval(ctx context.Context, profile map[string]any, entity protoreflect.ProtoMessage, data *Ingested) (*EvaluationResult, error)
}
Evaluator is the interface for a rule type evaluator
`profile` is a set of parameters exposed to the rule evaluation by the rule engine `entity` is one of minderv1.Repository or minderv1.Artifact `data` is the data ingested
type GitHubIssuePRClient ¶ added in v0.1.0
type GitHubIssuePRClient interface {
ListReviews(ctx context.Context, owner, repo string, number int, opts *github.ListOptions) (
[]*github.PullRequestReview, error)
CreateReview(ctx context.Context, owner, repo string, number int, review *github.PullRequestReviewRequest) (
*github.PullRequestReview, error)
DismissReview(ctx context.Context, owner, repo string, number int, reviewID int64,
req *github.PullRequestReviewDismissalRequest) (
*github.PullRequestReview, error)
SetCommitStatus(ctx context.Context, owner, repo string, sha string, status *github.RepoStatus) (*github.RepoStatus, error)
ListIssueComments(ctx context.Context, owner, repo string, number int, opts *github.IssueListCommentsOptions) (
[]*github.IssueComment, error)
CreateIssueComment(ctx context.Context, owner, repo string, number int, comment string) (*github.IssueComment, error)
UpdateIssueComment(ctx context.Context, owner, repo string, id int64, comment string) error
}
GitHubIssuePRClient is a subset of the Provider interface that is used for managing issue and PR comments (which are partially, but not fully interchangeable).
type GitHubListAndClone ¶ added in v0.1.0
type GitHubListAndClone interface {
ListFiles(ctx context.Context, owner, repo string, prNumber int, perPage, page int) (
[]*github.CommitFile, *github.Response, error)
Clone(ctx context.Context, repoURL, ref string) (*git.Repository, error)
}
GitHubListAndClone is an interface that defines the methods needed to list files in a GitHub pull request
type GitProvider ¶ added in v0.1.0
type GitProvider interface {
// Clone clones a git repository. This provides a full git Repository
// which can be used to create new commits, etc.
Clone(ctx context.Context, url string, branch string) (*git.Repository, error)
}
GitProvider is a subset of the Provider interface that is used for git ingestion for rules.
type Ingested ¶ added in v0.0.89
type Ingested struct {
// Object is the object that was ingested. Normally comes from an external
// system like an HTTP server.
Object any
// Fs is the filesystem that was created as a result of the ingestion. This
// is normally used by the evaluator to do rule evaluation. The filesystem
// may be a git repo, or a memory filesystem.
Fs billy.Filesystem
// BaseFs is the base filesystem for a pull request. It can be used in the
// evaluator for diffing the PR target files against the base files.
BaseFs billy.Filesystem
// Storer is the git storer that was created as a result of the ingestion.
// FIXME: It might be cleaner to either wrap both Fs and Storer in a struct
// or pass out the git.Repository structure instead of the storer.
Storer storage.Storer
// Checkpoint is the checkpoint at which the ingestion was done. This is
// used to persist the state of the entity at ingestion time.
Checkpoint *checkpoints.CheckpointEnvelopeV1
}
Ingested is the result of an ingester
func (*Ingested) GetCheckpoint ¶ added in v0.0.89
func (r *Ingested) GetCheckpoint() *checkpoints.CheckpointEnvelopeV1
GetCheckpoint returns the checkpoint of the result
type Ingester ¶
type Ingester interface {
// Ingest does the actual data ingestion for a rule type
Ingest(ctx context.Context, ent protoreflect.ProtoMessage, params map[string]any) (*Ingested, error)
// GetType returns the type of the ingester
GetType() string
// GetConfig returns the config for the ingester
GetConfig() protoreflect.ProtoMessage
}
Ingester is the interface for a rule type ingester
type Option ¶ added in v0.1.1
Option is a function that takes an evaluator and does some unspecified operation to it, returning an error in case of failure.
type Provider ¶ added in v0.1.0
type Provider interface {
}
Provider is a slice of the github.com/mindersec/minder/pkg/providers/v1.Provider interface which contains only the methods needed for engine evaluation. (currently none)
type RESTProvider ¶ added in v0.1.0
type RESTProvider interface {
GetBaseURL() string
NewRequest(method, url string, body any) (*http.Request, error)
Do(ctx context.Context, req *http.Request) (*http.Response, error)
}
RESTProvider is a subset of the Provider interface used for REST API ingestion.
type ResultSink ¶
type ResultSink interface {
SetIngestResult(*Ingested)
}
ResultSink sets the result of an ingestion
type SelfAwareness ¶ added in v0.1.0
type SelfAwareness interface {
// GetUserId returns the ID of the authenticated user.
GetUserId(ctx context.Context) (int64, error)
}
SelfAwareness is needed in the PAT token authentication flow to switch between comments and pull request reviews, since you can't review your own pull requests.
Source Files