Documentation
¶
Overview ¶
Package v1 for providers provides the public interfaces for the providers implemented by minder. The providers are the sources of the data that is used by the rules.
Package v1 for providers provides the public interfaces for the providers implemented by minder. The providers are the sources of the data that is used by the rules.
Index ¶
- Constants
- Variables
- func As[T Provider](provider Provider) (T, error)
- func ParseAndValidate(rawConfig json.RawMessage, to any) error
- type ArtifactProvider
- type Credential
- type EntityCreationOptions
- type GetArtifactVersionsFilter
- type Git
- type GitCredential
- type GitHub
- type GitHubCredential
- type GitLabCredential
- type ImageLister
- type OAuth2TokenCredential
- type OCI
- type Provider
- type REST
- type RepoLister
- type RestCredential
Constants ¶
View Source
const ( // CredentialStateSet is the state of a credential when it is set CredentialStateSet = "set" // CredentialStateUnset is the state of a credential when it is unset CredentialStateUnset = "unset" // CredentialStateNotApplicable is the state of a credential when it is not applicable CredentialStateNotApplicable = "not_applicable" )
View Source
const (
V1 = "v1"
)
V1 is the version of the providers interface
Variables ¶
View Source
var ( // ErrProviderGitBranchNotFound is returned when the branch is not found ErrProviderGitBranchNotFound = errors.New("branch not found") // ErrRepositoryEmpty is returned when the repository is empty ErrRepositoryEmpty = errors.New("repository is empty") // ErrRepositoryTooLarge is returned when the configured size limit is exceeded ErrRepositoryTooLarge = errors.New("repository is too large to clone") )
View Source
var ( // ArtifactTypeContainerRetentionPeriod represents the retention period for container artifacts ArtifactTypeContainerRetentionPeriod = time.Now().AddDate(0, -6, 0) )
View Source
var ErrEntityNotFound = errors.New("entity not found")
ErrEntityNotFound is the error returned when an entity is not found
View Source
var ErrUnsupportedEntity = errors.New("entity not supported by provider")
ErrUnsupportedEntity is used when a provider is asked to register an entity type which it does not recognize.
Functions ¶
func ParseAndValidate ¶
func ParseAndValidate(rawConfig json.RawMessage, to any) error
ParseAndValidate parses the given provider configuration and validates it.
Types ¶
type ArtifactProvider ¶
type ArtifactProvider interface {
// GetArtifactVersions returns the versions of the given artifact.
GetArtifactVersions(ctx context.Context, artifact *minderv1.Artifact,
filter GetArtifactVersionsFilter) ([]*minderv1.ArtifactVersion, error)
}
ArtifactProvider is the interface for artifact providers. This will contain methods for interacting with artifacts.
type Credential ¶
type Credential interface {
}
Credential is the general interface for all credentials
type EntityCreationOptions ¶ added in v0.1.2
type EntityCreationOptions struct {
// Whether to call RegisterEntity (e.g., create webhooks for repositories)
RegisterWithProvider bool
// Whether to publish reconciliation events (trigger policy evaluation)
PublishReconciliationEvent bool
}
EntityCreationOptions defines default behavior for entity creation
type GetArtifactVersionsFilter ¶
type GetArtifactVersionsFilter interface {
// IsSkippable determines if an artifact should be skipped
IsSkippable(createdAt time.Time, tags []string) error
}
GetArtifactVersionsFilter is the options to filter GetArtifactVersions
type Git ¶
type Git interface {
Provider
// Clone clones a git repository. This provides a full git Repository
// which can be used to create new commits, etc.
Clone(ctx context.Context, url string, branch string) (*git.Repository, error)
}
Git is the interface for git providers
type GitCredential ¶
type GitCredential interface {
AddToPushOptions(options *git.PushOptions, owner string)
AddToCloneOptions(options *git.CloneOptions)
}
GitCredential is the interface for credentials used when performing git operations
type GitHub ¶
type GitHub interface {
Provider
RepoLister
REST
Git
ImageLister
ArtifactProvider
GetCredential() GitHubCredential
GetRepository(context.Context, string, string) (*github.Repository, error)
GetBranchProtection(context.Context, string, string, string) (*github.Protection, error)
UpdateBranchProtection(context.Context, string, string, string, *github.ProtectionRequest) error
ListPackagesByRepository(context.Context, string, string, int64, int, int) ([]*github.Package, error)
GetPackageByName(context.Context, string, string, string) (*github.Package, error)
GetPackageVersionById(context.Context, string, string, string, int64) (*github.PackageVersion, error)
GetPullRequest(context.Context, string, string, int) (*github.PullRequest, error)
CreateReview(context.Context, string, string, int, *github.PullRequestReviewRequest) (*github.PullRequestReview, error)
UpdateReview(context.Context, string, string, int, int64, string) (*github.PullRequestReview, error)
ListReviews(context.Context, string, string, int, *github.ListOptions) ([]*github.PullRequestReview, error)
DismissReview(context.Context, string, string, int, int64,
*github.PullRequestReviewDismissalRequest) (*github.PullRequestReview, error)
SetCommitStatus(context.Context, string, string, string, *github.RepoStatus) (*github.RepoStatus, error)
ListFiles(ctx context.Context, owner string, repo string, prNumber int,
perPage int, pageNumber int) ([]*github.CommitFile, *github.Response, error)
IsOrg() bool
ListHooks(ctx context.Context, owner, repo string) ([]*github.Hook, error)
DeleteHook(ctx context.Context, owner, repo string, id int64) error
EditHook(ctx context.Context, owner, repo string, id int64, hook *github.Hook) (*github.Hook, error)
CreateHook(ctx context.Context, owner, repo string, hook *github.Hook) (*github.Hook, error)
CreateSecurityAdvisory(ctx context.Context, owner, repo, severity, summary, description string,
v []*github.AdvisoryVulnerability) (string, error)
CloseSecurityAdvisory(ctx context.Context, owner, repo, id string) error
CreatePullRequest(ctx context.Context, owner, repo, title, body, head, base string) (*github.PullRequest, error)
ClosePullRequest(ctx context.Context, owner, repo string, number int) (*github.PullRequest, error)
ListPullRequests(ctx context.Context, owner, repo string, opt *github.PullRequestListOptions) ([]*github.PullRequest, error)
GetUserId(ctx context.Context) (int64, error)
GetName(ctx context.Context) (string, error)
GetLogin(ctx context.Context) (string, error)
GetPrimaryEmail(ctx context.Context) (string, error)
CreateIssueComment(ctx context.Context, owner, repo string, number int, comment string) (*github.IssueComment, error)
ListIssueComments(ctx context.Context, owner, repo string, number int,
opts *github.IssueListCommentsOptions,
) ([]*github.IssueComment, error)
UpdateIssueComment(ctx context.Context, owner, repo string, number int64, comment string) error
AddAuthToPushOptions(ctx context.Context, options *git.PushOptions) error
StartCheckRun(context.Context, string, string, *github.CreateCheckRunOptions) (*github.CheckRun, error)
UpdateCheckRun(context.Context, string, string, int64, *github.UpdateCheckRunOptions) (*github.CheckRun, error)
}
GitHub is the interface for interacting with the GitHub REST API Add methods here for interacting with the GitHub Rest API
type GitHubCredential ¶
type GitHubCredential interface {
RestCredential
GitCredential
OAuth2TokenCredential
GetCacheKey() string
// as we add new OCI providers this will change to a procedure / mutator, right now it's GitHub specific
GetAsContainerAuthenticator(owner string) authn.Authenticator
}
GitHubCredential is the interface for credentials used when interacting with GitHub
type GitLabCredential ¶
type GitLabCredential interface {
RestCredential
GitCredential
OAuth2TokenCredential
}
GitLabCredential is the interface for credentials used when interacting with GitLab
type ImageLister ¶
type ImageLister interface {
Provider
// ListImages lists the images available for the provider
ListImages(ctx context.Context) ([]string, error)
// GetNamespaceURL returns the repository URL
GetNamespaceURL() string
}
ImageLister is the interface for listing images
type OAuth2TokenCredential ¶
type OAuth2TokenCredential interface {
GetAsOAuth2TokenSource() oauth2.TokenSource
}
OAuth2TokenCredential is the interface for credentials that are OAuth2 tokens
type OCI ¶
type OCI interface {
Provider
ArtifactProvider
// GetDigest returns the digest for the given tag of the given container in the given namespace
// for the OCI provider.
GetDigest(ctx context.Context, name, tag string) (string, error)
// GetReferrer returns the referrer for the given tag of the given container in the given namespace
// for the OCI provider. It returns the referrer as a golang struct given the OCI spec.
// TODO - Define the referrer struct
GetReferrer(ctx context.Context, name, tag, artifactType string) (any, error)
// GetManifest returns the manifest for the given tag of the given container in the given namespace
// for the OCI provider. It returns the manifest as a golang struct given the OCI spec.
// TODO - Define the manifest struct
GetManifest(ctx context.Context, name, tag string) (*v1.Manifest, error)
// GetRegistry returns the registry name
GetRegistry() string
// GetAuthenticator returns the authenticator for the OCI provider
GetAuthenticator() (authn.Authenticator, error)
}
OCI is the interface for interacting with OCI registries
type Provider ¶
type Provider interface {
// CreationOptions returns default options for creating entities of the given type.
// Returns nil if the entity type is not supported by this provider.
// These options define whether the provider should register the entity (e.g., create webhooks)
// and whether reconciliation events should be published for policy evaluation.
CreationOptions(entType minderv1.Entity) *EntityCreationOptions
// FetchAllProperties fetches all properties for the given entity
FetchAllProperties(
ctx context.Context, getByProps *properties.Properties, entType minderv1.Entity, cachedProps *properties.Properties,
) (*properties.Properties, error)
// GetEntityName forms an entity name from the given properties
// The name is used to identify the entity within minder and is how
// it will be stored in the database.
GetEntityName(entType minderv1.Entity, props *properties.Properties) (string, error)
// SupportsEntity returns true if the provider supports the given entity type
SupportsEntity(entType minderv1.Entity) bool
// RegisterEntity ensures that the service provider has the necessary information
// to know that the entity is handled by Minder. This could be creating a webhook
// for a particular repository or artifact, tagging a resource in some way, or
// even a no-op.
//
// If the provider is able to register the entity, it should return the full set
// of properties (including ones fetched from the provider backend) and a `nil`
// error. If the entity is not supported by the current provider, the provider
// MUST return a nil properties set and an UnsupportedEntity error (or a wrapped
// version thereof). If the entity is supported but the registration fails for
// for some reason, the original properties and the failure error should be returned.
//
// Note that the provider might choose to update the properties of the entity
// adding the information about the registration. e.g. The webhook ID and URL.
RegisterEntity(ctx context.Context, entType minderv1.Entity, props *properties.Properties) (*properties.Properties, error)
// DeregisterEntity rolls back the registration of the entity. This could be deleting
// a webhook for a particular repository or artifact. Note that this assumes a pre-registered
// entity and thus requires the entity to have been registered before. Therefore, you should
// either call this after RegisterEntity or after a FetchAllProperties call on an already
// registered entity.
//
// When implementing, try to make this idempotent. That is, if the entity is already deregistered,
// (e.g. a webhook is already deleted), then this should not return an error.
DeregisterEntity(ctx context.Context, entType minderv1.Entity, props *properties.Properties) error
// PropertiesToProtoMessage is the interface for converting properties to an entity-typed
// proto message (e.g. Repository, Artifact, etc.). Different providers may use different
// property names for entity fields that are in the entity-specific message (e.g.
// github/pull_number vs gitlab/merge_request_number, or github/repo_owner +
// github/repo_name vs gitlab/namespace + gitlab/project_name). We hope this is a
// transitional state until we can get rid of the typed proto messages in EntityInfoWrapper
// and the engine, but for now, each provider may have a custom mapping here for each
// supported message type.
PropertiesToProtoMessage(entType minderv1.Entity, props *properties.Properties) (protoreflect.ProtoMessage, error)
}
Provider is the general interface for all providers
type REST ¶
type REST interface {
Provider
// GetBaseURL returns the base URL for the REST API.
GetBaseURL() string
// NewRequest creates an HTTP request.
NewRequest(method, url string, body any) (*http.Request, error)
// Do executes an HTTP request.
Do(ctx context.Context, req *http.Request) (*http.Response, error)
}
REST is the trait interface for interacting with an REST API.
type RepoLister ¶
type RepoLister interface {
Provider
ListAllRepositories(context.Context) ([]*minderv1.Repository, error)
}
RepoLister is the interface for listing repositories
type RestCredential ¶
RestCredential is the interface for credentials used in REST requests
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package mock_v1 is a generated GoMock package.
|
Package mock_v1 is a generated GoMock package. |
|
Package testing provides common functions which can be used to implement provider tests.
|
Package testing provides common functions which can be used to implement provider tests. |
Click to show internal directories.
Click to hide internal directories.