Merge pull request #7 from nsmith5/stdout-output

WIP: stdout output

agent.go

@@ -6,12 +6,14 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/nsmith5/rekor-sidekick/outputs"
 	"github.com/nsmith5/rekor-sidekick/rekor"
 )
 
 type agent struct {
 	rc       *rekor.Client
 	policies []policy
+	outs     []outputs.Output
 
 	quit chan struct{}
 }
@@ -25,9 +27,23 @@ func newAgent(c config) (*agent, error) {
 
 	policies := c.Policies
 
+	fmt.Println("debug: outputs in config", c.Outputs)
+
+	var outs []outputs.Output
+	for name, conf := range c.Outputs {
+		output, err := outputs.LoadDriver(name, conf)
+		if err != nil {
+			// Huh... log this issue I guess?
+			continue
+		}
+		outs = append(outs, output)
+	}
+
+	fmt.Printf("debug: output drivers %#v\n", outs)
+
 	quit := make(chan struct{})
 
-	return &agent{rc, policies, quit}, nil
+	return &agent{rc, policies, outs, quit}, nil
 }
 
 // run starts off the agent. The call blocks or exits returning an error
@@ -55,31 +71,51 @@ func (a *agent) run() error {
 			if err != nil {
 				if err == rekor.ErrEntryDoesntExist {
 					// Log doesn't exist yet, lets just wait 10 seconds and try again
+					fmt.Println("debug: no entry available. time to snooze")
 					time.Sleep(10 * time.Second)
 
 				} else {
 					// Lets assume a temporary outage and retry with exponential backoff
+					fmt.Println("debug: outage! backoff started")
 					time.Sleep(currentBackoff * time.Second)
 					currentBackoff *= 2
 				}
 				break
 			}
 
+			fmt.Println("debug: got an entry!")
+
 			// Incase we just recovered from a temporary outage, lets reset the backoff
 			currentBackoff = initialBackoff
 
 			// Policy checks!
 			for _, p := range a.policies {
+				fmt.Printf("debug: iterating policies")
+
 				violation, err := p.allowed(entry)
 				if err != nil {
 					// huh... what to do here?
 					continue
 				}
 
 				if violation {
-					// TODO: Send to outputs!
-					fmt.Printf("Entry %#v violated policy %s\n", entry, p.Name)
-					time.Sleep(5 * time.Second)
+					fmt.Println("debug: violation!")
+					for _, out := range a.outs {
+						// TODO: Populate the rekor URL!
+						e := outputs.Event{
+							Name:        p.Name,
+							Description: p.Description,
+							RekorURL:    `dunno...`,
+						}
+
+						// TODO: Do something on send failure
+						err = out.Send(e)
+						if err != nil {
+							fmt.Println("debug: error sending output")
+						} else {
+							fmt.Println("debug: successful sent output")
+						}
+					}
 				}
 			}
 		}

config.go

@@ -1,6 +1,7 @@
 package main
 
 type config struct {
-	RekorServerURL string   `yaml:"rekorServerURL"`
-	Policies       []policy `yaml:"policies"`
+	RekorServerURL string                            `yaml:"rekorServerURL"`
+	Policies       []policy                          `yaml:"policies"`
+	Outputs        map[string]map[string]interface{} `yaml:"outputs"`
 }

etc/config.yaml

@@ -1,4 +1,5 @@
 rekorServerURL: https://rekor.sigstore.dev
+
 policies:
 - name: x509-used
   description: |-
@@ -8,7 +9,7 @@ policies:
     default allow = false
     allow {
       format := input.spec.signature.format
-      format != "x509"
+      format == "x509"
     }
 - name: allow-all
   description: |-
@@ -17,3 +18,6 @@ policies:
     package auth
     default allow = true
 
+outputs:
+  stdout:
+    enabled: true

main.go

@@ -1,5 +1,11 @@
 package main
 
+import (
+	// Loading output drivers
+	_ "github.com/nsmith5/rekor-sidekick/outputs"
+	_ "github.com/nsmith5/rekor-sidekick/outputs/stdout"
+)
+
 func main() {
 	cmd := newCLI()
 	cmd.Execute()

outputs/interface.go

@@ -0,0 +1,11 @@
+package outputs
+
+type Event struct {
+	Name        string
+	Description string
+	RekorURL    string
+}
+
+type Output interface {
+	Send(Event) error
+}

outputs/registry.go

@@ -0,0 +1,30 @@
+package outputs
+
+import (
+	"errors"
+	"fmt"
+)
+
+type CreatorFunc func(map[string]interface{}) (Output, error)
+
+var drivers map[string]CreatorFunc
+
+func init() {
+	drivers = make(map[string]CreatorFunc)
+}
+
+func RegisterDriver(name string, maker CreatorFunc) {
+	fmt.Println("debug: registering driver", name)
+	drivers[name] = maker
+}
+
+func LoadDriver(name string, conf map[string]interface{}) (Output, error) {
+	f, ok := drivers[name]
+	if !ok {
+		fmt.Println("debug: failed to load driver", name)
+		return nil, errors.New(`driver doesn't exist or wasn't loaded`)
+	}
+
+	fmt.Println("debug: loading driver", name)
+	return f(conf)
+}

outputs/stdout/stdout.go

@@ -0,0 +1,28 @@
+package stdout
+
+import (
+	"fmt"
+
+	"github.com/nsmith5/rekor-sidekick/outputs"
+)
+
+type impl struct{}
+
+func (i impl) Send(e outputs.Event) error {
+	fmt.Printf(
+		`{"name": "%s", "description": "%s", rekorURL: "%s"}`,
+		e.Name,
+		e.Description,
+		e.RekorURL,
+	)
+	fmt.Println()
+	return nil
+}
+
+func New(map[string]interface{}) (outputs.Output, error) {
+	return &impl{}, nil
+}
+
+func init() {
+	outputs.RegisterDriver("stdout", outputs.CreatorFunc(New))
+}