Skip to content

Commit 50668b9

Browse files
jiparisjiparis
authored
feat(policies): GetPolicy endpoint to resolve remote policies (#1219)
Signed-off-by: Jose I. Paris <[email protected]>
1 parent cca71e5 commit 50668b9

File tree

14 files changed

+837
-374
lines changed

14 files changed

+837
-374
lines changed

app/controlplane/api/controlplane/v1/workflow_run.pb.go

Lines changed: 494 additions & 340 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/controlplane/v1/workflow_run.proto

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,9 @@ service AttestationService {
3333
// This one is kept since it leverages robot-accounts in the context of a workflow
3434
rpc GetUploadCreds(AttestationServiceGetUploadCredsRequest) returns (AttestationServiceGetUploadCredsResponse);
3535
rpc Cancel(AttestationServiceCancelRequest) returns (AttestationServiceCancelResponse);
36+
37+
// Get policies from remote providers
38+
rpc GetPolicy(AttestationServiceGetPolicyRequest) returns (AttestationServiceGetPolicyResponse);
3639
}
3740

3841
// Administrative service for the operator
@@ -41,6 +44,18 @@ service WorkflowRunService {
4144
rpc View(WorkflowRunServiceViewRequest) returns (WorkflowRunServiceViewResponse);
4245
}
4346

47+
message AttestationServiceGetPolicyRequest {
48+
// Provider name. If not set, the default provider will be used
49+
string provider = 1;
50+
51+
// Policy name (it must exist in the provider)
52+
string policy_name = 2 [(buf.validate.field).string.min_len = 1];
53+
}
54+
55+
message AttestationServiceGetPolicyResponse {
56+
workflowcontract.v1.Policy policy = 1;
57+
}
58+
4459
message AttestationServiceGetContractRequest {
4560
int32 contract_revision = 1;
4661
// This parameter is not needed by Robot Account since they have the workflowID embedded.

app/controlplane/api/controlplane/v1/workflow_run_grpc.pb.go

Lines changed: 39 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/gen/frontend/controlplane/v1/workflow_run.ts

Lines changed: 189 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/cmd/wire.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ package main
2323
import (
2424
conf "github.com/chainloop-dev/chainloop/app/controlplane/internal/conf/controlplane/config/v1"
2525
"github.com/chainloop-dev/chainloop/app/controlplane/internal/dispatcher"
26+
"github.com/chainloop-dev/chainloop/app/controlplane/internal/policies"
2627
"github.com/chainloop-dev/chainloop/app/controlplane/internal/server"
2728
"github.com/chainloop-dev/chainloop/app/controlplane/internal/service"
2829
"github.com/chainloop-dev/chainloop/app/controlplane/pkg/authz"
@@ -48,10 +49,11 @@ func wireApp(*conf.Bootstrap, credentials.ReaderWriter, log.Logger, sdk.Availabl
4849
wire.Bind(new(biz.CASClient), new(*biz.CASClientUseCase)),
4950
serviceOpts,
5051
wire.Value([]biz.CASClientOpts{}),
51-
wire.FieldsOf(new(*conf.Bootstrap), "Server", "Auth", "Data", "CasServer", "ReferrerSharedIndex", "Onboarding", "PrometheusIntegration"),
52+
wire.FieldsOf(new(*conf.Bootstrap), "Server", "Auth", "Data", "CasServer", "ReferrerSharedIndex", "Onboarding", "PrometheusIntegration", "PolicyProviders"),
5253
wire.FieldsOf(new(*conf.Data), "Database"),
5354
dispatcher.New,
5455
authz.NewDatabaseEnforcer,
56+
policies.NewRegistry,
5557
newApp,
5658
newProtoValidator,
5759
newDataConf,

0 commit comments

Comments
 (0)