Add data sources to ruletype API (#5019)

* Add data sources to ruletype API This adds the ability for the eval engine to reference data sources to be instantiated. this allows us to explicitly declare what data sources a rule type needs which will in turn be used to keep track of dependencies. Only declared ruletypes will be registered in the per-rule data source registry. Data sources are declared in ruletypes by name. The API was built in a way that we can eventually add other reference means other than names; but names will do for now. Note that name validation was also changed to reflect that we only accept lowercase characters for data source names. Signed-off-by: Juan Antonio Osorio <[email protected]> * Gate data source references in rule types with feature flag Signed-off-by: Juan Antonio Osorio <[email protected]> --------- Signed-off-by: Juan Antonio Osorio <[email protected]>
mindersec · Nov 22, 2024 · 0c315ea · 0c315ea
1 parent be22925
commit 0c315ea
Show file tree

Hide file tree

Showing 5 changed files with 2,077 additions and 1,935 deletions.
diff --git a/docs/docs/ref/proto.md b/docs/docs/ref/proto.md
diff --git a/internal/controlplane/handlers_ruletype.go b/internal/controlplane/handlers_ruletype.go
@@ -23,6 +23,7 @@ import (
 
 	"github.com/mindersec/minder/internal/db"
 	"github.com/mindersec/minder/internal/engine/engcontext"
+	"github.com/mindersec/minder/internal/flags"
 	"github.com/mindersec/minder/internal/logger"
 	"github.com/mindersec/minder/internal/util"
 	minderv1 "github.com/mindersec/minder/pkg/api/protobuf/go/minder/v1"
@@ -174,6 +175,11 @@ func (s *Server) CreateRuleType(
 		return nil, util.UserVisibleError(codes.InvalidArgument, "%s", err)
 	}
 
+	ds := crt.GetRuleType().GetDef().GetEval().GetDataSources()
+	if len(ds) > 0 && !flags.Bool(ctx, s.featureFlags, flags.DataSources) {
+		return nil, status.Errorf(codes.Unavailable, "DataSources feature is disabled")
+	}
+
 	newRuleType, err := db.WithTransaction(s.store, func(qtx db.ExtendQuerier) (*minderv1.RuleType, error) {
 		return s.ruleTypes.CreateRuleType(ctx, projectID, uuid.Nil, crt.GetRuleType(), qtx)
 	})
@@ -214,6 +220,11 @@ func (s *Server) UpdateRuleType(
 		return nil, util.UserVisibleError(codes.InvalidArgument, "%s", err)
 	}
 
+	ds := urt.GetRuleType().GetDef().GetEval().GetDataSources()
+	if len(ds) > 0 && !flags.Bool(ctx, s.featureFlags, flags.DataSources) {
+		return nil, status.Errorf(codes.Unavailable, "DataSources feature is disabled")
+	}
+
 	updatedRuleType, err := db.WithTransaction(s.store, func(qtx db.ExtendQuerier) (*minderv1.RuleType, error) {
 		return s.ruleTypes.UpdateRuleType(ctx, projectID, uuid.Nil, urt.GetRuleType(), qtx)
 	})

diff --git a/pkg/api/openapi/minder/v1/minder.swagger.json b/pkg/api/openapi/minder/v1/minder.swagger.json