assignment

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2026 License: GPL-3.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CreateRuleInput 

type CreateRuleInput struct {
	TenantID      string                             `json:"-"`
	Name          string                             `json:"name" validate:"required,min=2,max=200"`
	Description   string                             `json:"description" validate:"max=1000"`
	Priority      int                                `json:"priority"`
	Conditions    accesscontrol.AssignmentConditions `json:"conditions"`
	TargetGroupID string                             `json:"target_group_id" validate:"required,uuid"`
	Options       accesscontrol.AssignmentOptions    `json:"options"`
}

CreateRuleInput represents the input for creating an assignment rule.

type Engine 

type Engine struct {
	// contains filtered or unexported fields
}

Engine evaluates assignment rules against findings and returns the list of matching groups with their options.

func NewEngine 

func NewEngine(acRepo accesscontrol.Repository, log *logger.Logger) *Engine

NewEngine creates a new Engine.

func (*Engine) EvaluateRules 

func (e *Engine) EvaluateRules(ctx context.Context, tenantID shared.ID, finding *vulnerability.Finding) ([]Result, error)

EvaluateRules evaluates all active assignment rules for a tenant against a finding. Rules are evaluated in priority order (highest first). All matching rules contribute their target group to the result set (no short-circuiting).

func (*Engine) MatchesConditions 

func (e *Engine) MatchesConditions(conds accesscontrol.AssignmentConditions, finding *vulnerability.Finding, assetType ...string) bool

MatchesConditions checks if a finding matches the given conditions. All non-empty condition fields must match (AND logic). Empty conditions = catch-all (always matches). assetType is optional — pass the asset's type when available for AssetTypes condition evaluation.

type ListRulesInput 

type ListRulesInput struct {
	TenantID      string
	IsActive      *bool
	TargetGroupID *string
	Search        string
	Limit         int
	Offset        int
	OrderBy       string
	OrderDesc     bool
}

ListRulesInput represents the input for listing assignment rules.

type ListRulesOutput 

type ListRulesOutput struct {
	Rules      []*accesscontrol.AssignmentRule
	TotalCount int64
}

ListRulesOutput represents the output for listing assignment rules.

type Result 

type Result struct {
	GroupID shared.ID
	RuleID  shared.ID
	Options accesscontrol.AssignmentOptions
}

Result represents a single rule match with its target group and options.

type RuleService 

type RuleService struct {
	// contains filtered or unexported fields
}

RuleService handles assignment rule business operations.

func NewRuleService 

func NewRuleService(
	acRepo accesscontrol.Repository,
	groupRepo group.Repository,
	log *logger.Logger,
) *RuleService

NewRuleService creates a new RuleService.

func (*RuleService) CreateRule 

func (s *RuleService) CreateRule(ctx context.Context, input CreateRuleInput, createdBy string) (*accesscontrol.AssignmentRule, error)

CreateRule creates a new assignment rule.

func (*RuleService) DeleteRule 

func (s *RuleService) DeleteRule(ctx context.Context, tenantIDStr, ruleID string) error

DeleteRule deletes an assignment rule.

func (*RuleService) GetRule 

func (s *RuleService) GetRule(ctx context.Context, tenantIDStr, ruleID string) (*accesscontrol.AssignmentRule, error)

GetRule retrieves an assignment rule by ID.

func (*RuleService) ListRules 

func (s *RuleService) ListRules(ctx context.Context, input ListRulesInput) (*ListRulesOutput, error)

ListRules lists assignment rules with filtering.

func (*RuleService) SetAssignmentEngine 

func (s *RuleService) SetAssignmentEngine(engine *Engine)

SetAssignmentEngine sets the assignment engine for TestRule evaluation.

func (*RuleService) SetFindingRepository 

func (s *RuleService) SetFindingRepository(repo vulnerability.FindingRepository)

SetFindingRepository sets the finding repository for TestRule evaluation.

func (*RuleService) TestRule 

func (s *RuleService) TestRule(ctx context.Context, tenantIDStr, ruleID string) (*TestRuleResult, error)

TestRule evaluates a rule against recent findings (dry run). If assignmentEngine and findingRepo are configured, it fetches recent findings and evaluates the rule conditions against them.

func (*RuleService) UpdateRule 

func (s *RuleService) UpdateRule(ctx context.Context, tenantIDStr, ruleID string, input UpdateRuleInput) (*accesscontrol.AssignmentRule, error)

UpdateRule updates an existing assignment rule.

type TestRuleFindingSummary 

type TestRuleFindingSummary struct {
	ID       string `json:"id"`
	Severity string `json:"severity"`
	Source   string `json:"source"`
	ToolName string `json:"tool_name"`
	Message  string `json:"message"`
}

TestRuleFindingSummary represents a finding matched during rule testing.

type TestRuleResult 

type TestRuleResult struct {
	RuleID           string                   `json:"rule_id"`
	RuleName         string                   `json:"rule_name"`
	MatchingFindings int64                    `json:"matching_findings"`
	TargetGroupID    string                   `json:"target_group_id"`
	SampleFindings   []TestRuleFindingSummary `json:"sample_findings,omitempty"`
}

TestRuleResult represents the result of testing a rule against existing findings.

type UpdateRuleInput 

type UpdateRuleInput struct {
	Name          *string                             `json:"name" validate:"omitempty,min=2,max=200"`
	Description   *string                             `json:"description" validate:"omitempty,max=1000"`
	Priority      *int                                `json:"priority"`
	IsActive      *bool                               `json:"is_active"`
	Conditions    *accesscontrol.AssignmentConditions `json:"conditions"`
	TargetGroupID *string                             `json:"target_group_id" validate:"omitempty,uuid"`
	Options       *accesscontrol.AssignmentOptions    `json:"options"`
}

UpdateRuleInput represents the input for updating an assignment rule.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.