sla

package

v0.2.0 Latest Latest Go to latest Published: Apr 23, 2026 License: GPL-3.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openctemio/api

Links

Open Source Insights

Documentation ¶

Overview ¶

Package sla is the app-layer for SLA policy & compliance. It orchestrates the pkg/domain/sla aggregate (imported here as `sladom` to avoid the package-name collision) and exposes the narrow surfaces that HTTP handlers and the ingest pipeline consume.

Exported names deliberately drop the "SLA" prefix because the package name already conveys it: `sla.Service`, `sla.Applier`, `sla.CreatePolicyInput`. Callers import as:

import (
    sladom "github.com/openctemio/api/pkg/domain/sla"  // when the caller also needs the domain types
    "github.com/openctemio/api/internal/app/sla"
)

Index ¶

type Applier
- func NewApplier(calc DeadlineCalculator) *Applier
- func (a *Applier) ApplyBatch(ctx context.Context, tenantID shared.ID, findings []*vulnerability.Finding) error
type BreachOutboxAdapter
- func NewBreachOutboxAdapter(outbox NotificationEnqueuer) *BreachOutboxAdapter
- func (a *BreachOutboxAdapter) Publish(ctx context.Context, event controller.SLABreachEvent) error
type ComplianceResult
type CreatePolicyInput
type DeadlineCalculator
type NotificationEnqueuer
type Service
- func NewService(repo sladom.Repository, log *logger.Logger) *Service
type UpdatePolicyInput

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Applier ¶

type Applier struct {
	// contains filtered or unexported fields
}

Applier is the concrete implementation of the ingest package's Applier interface. Kept in the app package (not ingest) so ingest doesn't depend on Service; the calculator contract is narrow.

func NewApplier ¶

func NewApplier(calc DeadlineCalculator) *Applier

NewApplier wires the calculator into an ingest-ready applier. *Service satisfies DeadlineCalculator directly.

func (*Applier) ApplyBatch ¶

func (a *Applier) ApplyBatch(ctx context.Context, tenantID shared.ID, findings []*vulnerability.Finding) error

ApplyBatch iterates each finding, computes the deadline using priority class + severity, and writes it with SetSLADeadline. Errors on a per-finding basis are logged via the SLA service's own logger (via returned error from Calculate — this function swallows individual failures and keeps processing the rest, but returns an aggregate error if ALL failed).

A NULL asset id on a finding is acceptable — the underlying service falls back to the tenant default policy.

type BreachOutboxAdapter ¶

type BreachOutboxAdapter struct {
	// contains filtered or unexported fields
}

BreachOutboxAdapter satisfies controller.SLABreachPublisher by translating each breach event into an outbox notification. Wire via SLAEscalationController.SetBreachPublisher(adapter).

func NewBreachOutboxAdapter ¶

func NewBreachOutboxAdapter(outbox NotificationEnqueuer) *BreachOutboxAdapter

NewBreachOutboxAdapter wires the enqueuer into the adapter.

func (*BreachOutboxAdapter) Publish ¶

func (a *BreachOutboxAdapter) Publish(ctx context.Context, event controller.SLABreachEvent) error

Publish enqueues a single breach notification. Implements controller.SLABreachPublisher.

Severity is fixed at "high" — SLA breach is always notable; channels can still filter it out via their integration config.

type ComplianceResult ¶

type ComplianceResult struct {
	IsCompliant      bool
	Status           string // on_track, warning, overdue, exceeded
	DeadlineAt       time.Time
	DaysRemaining    int
	PercentElapsed   float64
	EscalationNeeded bool
}

CheckSLACompliance checks if a finding is within SLA compliance.

type CreatePolicyInput ¶

type CreatePolicyInput struct {
	TenantID            string `validate:"required,uuid"`
	AssetID             string `validate:"omitempty,uuid"` // Optional, nil for tenant default
	Name                string `validate:"required,min=1,max=100"`
	Description         string `validate:"max=500"`
	IsDefault           bool
	CriticalDays        int `validate:"required,min=1,max=365"`
	HighDays            int `validate:"required,min=1,max=365"`
	MediumDays          int `validate:"required,min=1,max=365"`
	LowDays             int `validate:"required,min=1,max=365"`
	InfoDays            int `validate:"required,min=1,max=365"`
	WarningThresholdPct int `validate:"min=0,max=100"`
	EscalationEnabled   bool
	EscalationConfig    map[string]any
}

CreatePolicyInput represents the input for creating an SLA policy.

type DeadlineCalculator ¶

type DeadlineCalculator interface {
	CalculateSLADeadlineForPriority(
		ctx context.Context,
		tenantID, assetID, priorityClass string,
		severity vulnerability.Severity,
		detectedAt time.Time,
	) (time.Time, error)
}

DeadlineCalculator is the narrow surface the applier needs. The production implementation is *Service; tests inject a fake so they don't have to stand up the full service graph.

type NotificationEnqueuer ¶

type NotificationEnqueuer interface {
	Enqueue(ctx context.Context, params outbox.EnqueueParams) error
}

NotificationEnqueuer is the narrow surface the BreachOutboxAdapter needs. *outbox.Service satisfies it directly.

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

Service handles SLA policy-related business operations.

func NewService ¶

func NewService(repo sladom.Repository, log *logger.Logger) *Service

NewService creates a new Service.

func (*Service) CalculateSLADeadline ¶

func (s *Service) CalculateSLADeadline(ctx context.Context, tenantID, assetID string, severity vulnerability.Severity, detectedAt time.Time) (time.Time, error)

CalculateSLADeadline calculates the SLA deadline for a finding based on its severity.

func (*Service) CalculateSLADeadlineForPriority ¶

func (s *Service) CalculateSLADeadlineForPriority(
	ctx context.Context,
	tenantID, assetID string,
	priorityClass string,
	severity vulnerability.Severity,
	detectedAt time.Time,
) (time.Time, error)

CalculateSLADeadlineForPriority computes the SLA deadline honouring CTEM priority class first (P0..P3) with a fallback to severity-based days.

F3: this is the canonical entry point for new code. Prefer it over CalculateSLADeadline, which retains the severity-only path for backward compatibility with legacy callers that have no priority class.

func (*Service) CheckSLACompliance ¶

func (s *Service) CheckSLACompliance(
	ctx context.Context,
	tenantID, assetID string,
	severity vulnerability.Severity,
	detectedAt time.Time,
	resolvedAt *time.Time,
) (*ComplianceResult, error)

CheckSLACompliance checks the SLA status of a finding.

func (*Service) CreateDefaultTenantPolicy ¶

func (s *Service) CreateDefaultTenantPolicy(ctx context.Context, tenantID string) (*sladom.Policy, error)

CreateDefaultTenantPolicy creates a default SLA policy for a new tenant.

func (*Service) CreateSLAPolicy ¶

func (s *Service) CreateSLAPolicy(ctx context.Context, input CreatePolicyInput) (*sladom.Policy, error)

CreateSLAPolicy creates a new SLA policy.

func (*Service) DeleteSLAPolicy ¶

func (s *Service) DeleteSLAPolicy(ctx context.Context, policyID, tenantID string) error

DeleteSLAPolicy deletes an SLA policy by ID.

func (*Service) GetAssetSLAPolicy ¶

func (s *Service) GetAssetSLAPolicy(ctx context.Context, tenantID, assetID string) (*sladom.Policy, error)

GetAssetSLAPolicy retrieves the effective SLA policy for an asset. Returns asset-specific policy if exists, otherwise tenant default.

func (*Service) GetSLAPolicy ¶

func (s *Service) GetSLAPolicy(ctx context.Context, policyID string) (*sladom.Policy, error)

GetSLAPolicy retrieves an SLA policy by ID.

func (*Service) GetTenantDefaultPolicy ¶

func (s *Service) GetTenantDefaultPolicy(ctx context.Context, tenantID string) (*sladom.Policy, error)

GetTenantDefaultPolicy retrieves the default SLA policy for a tenant.

func (*Service) ListTenantPolicies ¶

func (s *Service) ListTenantPolicies(ctx context.Context, tenantID string) ([]*sladom.Policy, error)

ListTenantPolicies retrieves all SLA policies for a tenant.

func (*Service) UpdateSLAPolicy ¶

func (s *Service) UpdateSLAPolicy(ctx context.Context, policyID, tenantID string, input UpdatePolicyInput) (*sladom.Policy, error)

UpdateSLAPolicy updates an existing SLA policy.

type UpdatePolicyInput ¶

type UpdatePolicyInput struct {
	Name                *string `validate:"omitempty,min=1,max=100"`
	Description         *string `validate:"omitempty,max=500"`
	IsDefault           *bool
	CriticalDays        *int `validate:"omitempty,min=1,max=365"`
	HighDays            *int `validate:"omitempty,min=1,max=365"`
	MediumDays          *int `validate:"omitempty,min=1,max=365"`
	LowDays             *int `validate:"omitempty,min=1,max=365"`
	InfoDays            *int `validate:"omitempty,min=1,max=365"`
	WarningThresholdPct *int `validate:"omitempty,min=0,max=100"`
	EscalationEnabled   *bool
	EscalationConfig    map[string]any
	IsActive            *bool
}

UpdatePolicyInput represents the input for updating an SLA policy.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL