Proposal: RPC Action

Open jeffmendoza opened this issue 3 years ago • 2 comments

As originally described in the README:

rpc: Allstar would send an rpc to some organization-specific system.

This proposal is for a new action (in addition to the current log/issue/fix) to be called rpc. As currently, individual policies can be set to different actions. When the action is set to rpc for a policy, Allstar will send a gRPC message to the configured external system. The external system must implement the gRPC service defined by Allstar.

The OrgConfig would now include:

rpcEndpoint: myserver.foo:1234

And RepoConfig would allow override as usual.

My current draft for the gPRC interface is

// AlertRequest is sent from Allstar to the alert plugin every time a repo is scanned where the repo is enabled and action=rpc.
message AlertRequest {

  // GitHub owner is the org or user name owning the repo
  string owner_name = 1;

  // Name of GitHub repo the alert is about
  string repo_name = 2;

  // Name of the Allstar Policy the alert is about
  string policy_name = 3;

  // If Pass is false, details contains the information to pass to the user about how to understand the policy failure
  string details = 4;

  // Pass is the result of the policy check. The plugin can open/close issues/messages/etc. based on this value.
  bool pass = 5;
}

// AlertResponse is returned from the alert sink server
message AlertResponse {
}

// AlertSink defines the interface that a custom Allstar plugin should implement to accept rpc alerts from Allstar.
service AlertSink {
  rpc Alert(AlertRequest) returns (AlertResponse);
}

As described in the proto, Allstar would send an alert with every scan. This would allow integrations to do something when a repo goes from out of compliance to in compliance.

This feature would be less-useful to users of the public Allstar instance. Likely they would want to keep their org-config in a private repo, as their endpoint would need to be open to the internet, which would allow the possibility of spam.

For Allstar app operators, an operator option will be provided for the gRPC connection to be made with different types of credentials, such as Google's oauth2 default credentials, which supports service accounts and Workload Identity Federation. Other credential types could easily be added (here is an example of an authplugin pattern).

In the future we could add a more-secure way to use the public instance. Possibilities include signing the payloads with an Allstar keypair, or a provided secret key.

Aug 02 '22 22:08 jeffmendoza

In the future we could add a more-secure way to use the public instance. Possibilities include signing the payloads with an Allstar keypair, or a provided secret key.

It might be nice to have the server verify Allstar's certificate at the TLS layer.

Relevant resources:

Server: This comment and issue for retrieving connection certificates from grpc-go Context: https://github.com/grpc/grpc-go/issues/111#issuecomment-301246485
credentials.NewClientTLSFromCert
grpc.WithTransportCredentials

Aug 03 '22 00:08 ethan7g