Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add guidance to rule types #797

Merged
merged 1 commit into from
Aug 30, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions database/migrations/000001_init.up.sql
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,7 @@ CREATE TABLE rule_type (
provider TEXT NOT NULL,
group_id INTEGER NOT NULL REFERENCES groups(id) ON DELETE CASCADE,
description TEXT NOT NULL,
guidance TEXT NOT NULL,
definition JSONB NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW()
Expand Down
3 changes: 2 additions & 1 deletion database/query/rule_types.sql
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ INSERT INTO rule_type (
provider,
group_id,
description,
definition) VALUES ($1, $2, $3, $4, sqlc.arg(definition)::jsonb) RETURNING *;
guidance,
definition) VALUES ($1, $2, $3, $4, $5, sqlc.arg(definition)::jsonb) RETURNING *;

-- name: ListRuleTypesByProviderAndGroup :many
SELECT * FROM rule_type WHERE provider = $1 AND group_id = $2;
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/protodocs/proto.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions examples/github/rule-types/secret_scanning.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ context:
provider: github
group: Root Group
description: Verifies that secret scanning is enabled for a given repository.
guidance: |
Secret scanning is a feature that scans repositories for secrets and alerts
the repository owner when a secret is found. To enable this feature in github,
you must enable it in the repository settings. See the GitHub documentation
for more information. [1]
[1] https://docs.github.com/en/github/administering-a-repository/about-secret-scanning
def:
# Defines the section of the pipeline the rule will appear in.
# This will affect the template that is used to render multiple parts
Expand Down
1 change: 1 addition & 0 deletions internal/engine/rule_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,7 @@ func RuleTypePBFromDB(rt *db.RuleType, ectx *EntityContext) (*pb.RuleType, error
Group: &gname,
},
Description: rt.Description,
Guidance: rt.Guidance,
Def: def,
}, nil
}
Expand Down
12 changes: 12 additions & 0 deletions pkg/controlplane/handlers_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -408,6 +408,16 @@ func (s *Server) GetPolicyStatusById(ctx context.Context,

rulestats = make([]*pb.RuleEvaluationStatus, 0, len(dbrulestat))
for _, rs := range dbrulestat {
var guidance string
if rs.EvalStatus == db.EvalStatusTypesFailure || rs.EvalStatus == db.EvalStatusTypesError {
ruleTypeInfo, err := s.store.GetRuleTypeByID(ctx, rs.RuleTypeID)
if err != nil {
log.Printf("error getting rule type info: %v", err)
} else {
guidance = ruleTypeInfo.Guidance
}
}

st := &pb.RuleEvaluationStatus{
PolicyId: in.PolicyId,
RuleId: rs.RuleTypeID,
Expand All @@ -421,6 +431,7 @@ func (s *Server) GetPolicyStatusById(ctx context.Context,
"repo_owner": rs.RepoOwner,
"provider": rs.Provider,
},
Guidance: guidance,
LastUpdated: timestamppb.New(rs.LastUpdated),
}

Expand Down Expand Up @@ -603,6 +614,7 @@ func (s *Server) CreateRuleType(ctx context.Context, crt *pb.CreateRuleTypeReque
GroupID: entityCtx.GetGroup().GetID(),
Description: in.GetDescription(),
Definition: def,
Guidance: in.GetGuidance(),
})
if err != nil {
return nil, status.Errorf(codes.Unknown, "failed to create rule type: %s", err)
Expand Down
1 change: 1 addition & 0 deletions pkg/db/models.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 11 additions & 4 deletions pkg/db/rule_types.sql.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions pkg/generated/openapi/mediator/v1/mediator.swagger.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading