Move EngineContext into a subpackage (#3701)

This avoids a circular dependency when importing the `flags` package
into `engine`

internal/controlplane/handlers_artifacts.go

@@ -28,7 +28,7 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/stacklok/minder/internal/db"
-	"github.com/stacklok/minder/internal/engine"
+	"github.com/stacklok/minder/internal/engine/engcontext"
 	"github.com/stacklok/minder/internal/logger"
 	"github.com/stacklok/minder/internal/util"
 	"github.com/stacklok/minder/internal/util/ptr"
@@ -38,7 +38,7 @@ import (
 // ListArtifacts lists all artifacts for a given project and provider
 // nolint:gocyclo
 func (s *Server) ListArtifacts(ctx context.Context, in *pb.ListArtifactsRequest) (*pb.ListArtifactsResponse, error) {
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	projectID := entityCtx.Project.ID
 	providerName := entityCtx.Provider.Name
 
@@ -68,7 +68,7 @@ func (s *Server) GetArtifactByName(ctx context.Context, in *pb.GetArtifactByName
 		return nil, util.UserVisibleError(codes.InvalidArgument, "invalid artifact name user repoOwner/repoName/artifactName")
 	}
 
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	projectID := entityCtx.Project.ID
 	providerName := entityCtx.Provider.Name
 	providerFilter := getNameFilterParam(providerName)
@@ -135,7 +135,7 @@ func (s *Server) GetArtifactByName(ctx context.Context, in *pb.GetArtifactByName
 // GetArtifactById gets an artifact by id
 // nolint:gocyclo
 func (s *Server) GetArtifactById(ctx context.Context, in *pb.GetArtifactByIdRequest) (*pb.GetArtifactByIdResponse, error) {
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	projectID := entityCtx.Project.ID
 
 	// tag and latest versions cannot be set at same time

internal/controlplane/handlers_authz.go

@@ -32,7 +32,7 @@ import (
 	"github.com/stacklok/minder/internal/auth"
 	"github.com/stacklok/minder/internal/authz"
 	"github.com/stacklok/minder/internal/db"
-	"github.com/stacklok/minder/internal/engine"
+	"github.com/stacklok/minder/internal/engine/engcontext"
 	"github.com/stacklok/minder/internal/flags"
 	"github.com/stacklok/minder/internal/invite"
 	"github.com/stacklok/minder/internal/util"
@@ -102,7 +102,7 @@ func ProjectAuthorizationInterceptor(ctx context.Context, req interface{}, info
 		return nil, status.Errorf(codes.Internal, "error getting name for requested relation %v", relation)
 	}
 
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	server := info.Server.(*Server)
 
 	if err := server.authzClient.Check(ctx, relationName, entityCtx.Project.ID); err != nil {
@@ -135,16 +135,16 @@ func populateEntityContext(
 		}
 	}
 
-	entityCtx := &engine.EntityContext{
-		Project: engine.Project{
+	entityCtx := &engcontext.EntityContext{
+		Project: engcontext.Project{
 			ID: projectID,
 		},
-		Provider: engine.Provider{
+		Provider: engcontext.Provider{
 			Name: getProviderFromContext(req),
 		},
 	}
 
-	return engine.WithEntityContext(ctx, entityCtx), nil
+	return engcontext.WithEntityContext(ctx, entityCtx), nil
 }
 
 func getProjectIDFromContext(req any) (uuid.UUID, error) {
@@ -233,7 +233,7 @@ func (s *Server) ListRoleAssignments(
 ) (*minder.ListRoleAssignmentsResponse, error) {
 	invitations := make([]*minder.Invitation, 0)
 	// Determine the target project.
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	targetProject := entityCtx.Project.ID
 
 	as, err := s.authzClient.AssignmentsToProject(ctx, targetProject)
@@ -300,7 +300,7 @@ func (s *Server) AssignRole(ctx context.Context, req *minder.AssignRoleRequest)
 	email := req.GetRoleAssignment().GetEmail()
 
 	// Determine the target project.
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	targetProject := entityCtx.Project.ID
 
 	// Ensure user is not updating their own role
@@ -496,7 +496,7 @@ func (s *Server) RemoveRole(ctx context.Context, req *minder.RemoveRoleRequest)
 	sub := req.GetRoleAssignment().GetSubject()
 	email := req.GetRoleAssignment().GetEmail()
 	// Determine the target project.
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	targetProject := entityCtx.Project.ID
 
 	// Ensure user is not updating their own role
@@ -613,7 +613,7 @@ func (s *Server) UpdateRole(ctx context.Context, req *minder.UpdateRoleRequest)
 	sub := req.GetSubject()
 
 	// Determine the target project.
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	targetProject := entityCtx.Project.ID
 
 	if sub == "" {

internal/controlplane/handlers_authz_test.go

@@ -43,7 +43,7 @@ import (
 	"github.com/stacklok/minder/internal/authz"
 	"github.com/stacklok/minder/internal/authz/mock"
 	"github.com/stacklok/minder/internal/db"
-	"github.com/stacklok/minder/internal/engine"
+	"github.com/stacklok/minder/internal/engine/engcontext"
 	"github.com/stacklok/minder/internal/flags"
 	"github.com/stacklok/minder/internal/util"
 	minder "github.com/stacklok/minder/pkg/api/protobuf/go/minder/v1"
@@ -60,7 +60,7 @@ func (m request) GetContext() *minder.Context {
 
 // Reply type containing the detected entityContext.
 type replyType struct {
-	Context engine.EntityContext
+	Context engcontext.EntityContext
 }
 
 func TestEntityContextProjectInterceptor(t *testing.T) {
@@ -83,7 +83,7 @@ func TestEntityContextProjectInterceptor(t *testing.T) {
 		buildStubs      func(t *testing.T, store *mockdb.MockStore)
 		rpcErr          error
 		defaultProject  bool
-		expectedContext engine.EntityContext // Only if non-error
+		expectedContext engcontext.EntityContext // Only if non-error
 	}{
 		{
 			name: "not implementing proto context throws error",
@@ -102,7 +102,7 @@ func TestEntityContextProjectInterceptor(t *testing.T) {
 			name:            "non project owner bypasses interceptor",
 			req:             &request{},
 			resource:        minder.TargetResource_TARGET_RESOURCE_USER,
-			expectedContext: engine.EntityContext{},
+			expectedContext: engcontext.EntityContext{},
 		},
 		{
 			name:     "invalid request with nil context",
@@ -137,9 +137,9 @@ func TestEntityContextProjectInterceptor(t *testing.T) {
 						ID: 1,
 					}, nil)
 			},
-			expectedContext: engine.EntityContext{
+			expectedContext: engcontext.EntityContext{
 				// Uses the default project id
-				Project: engine.Project{ID: defaultProjectID},
+				Project: engcontext.Project{ID: defaultProjectID},
 			},
 		}, {
 			name: "no provider",
@@ -149,8 +149,8 @@ func TestEntityContextProjectInterceptor(t *testing.T) {
 				},
 			},
 			resource: minder.TargetResource_TARGET_RESOURCE_PROJECT,
-			expectedContext: engine.EntityContext{
-				Project: engine.Project{ID: projectID},
+			expectedContext: engcontext.EntityContext{
+				Project: engcontext.Project{ID: projectID},
 			},
 		}, {
 			name: "sets entity context",
@@ -161,9 +161,9 @@ func TestEntityContextProjectInterceptor(t *testing.T) {
 				},
 			},
 			resource: minder.TargetResource_TARGET_RESOURCE_PROJECT,
-			expectedContext: engine.EntityContext{
-				Project:  engine.Project{ID: projectID},
-				Provider: engine.Provider{Name: provider},
+			expectedContext: engcontext.EntityContext{
+				Project:  engcontext.Project{ID: projectID},
+				Provider: engcontext.Provider{Name: provider},
 			},
 		},
 	}
@@ -177,7 +177,7 @@ func TestEntityContextProjectInterceptor(t *testing.T) {
 			}
 
 			unaryHandler := func(ctx context.Context, _ interface{}) (any, error) {
-				return replyType{engine.EntityFromContext(ctx)}, nil
+				return replyType{engcontext.EntityFromContext(ctx)}, nil
 			}
 
 			ctrl := gomock.NewController(t)
@@ -226,25 +226,25 @@ func TestProjectAuthorizationInterceptor(t *testing.T) {
 
 	testCases := []struct {
 		name      string
-		entityCtx *engine.EntityContext
+		entityCtx *engcontext.EntityContext
 		resource  minder.TargetResource
 		rpcErr    error
 	}{
 		{
 			name:      "anonymous bypasses interceptor",
-			entityCtx: &engine.EntityContext{},
+			entityCtx: &engcontext.EntityContext{},
 			resource:  minder.TargetResource_TARGET_RESOURCE_NONE,
 		},
 		{
 			name:      "non project owner bypasses interceptor",
 			resource:  minder.TargetResource_TARGET_RESOURCE_USER,
-			entityCtx: &engine.EntityContext{},
+			entityCtx: &engcontext.EntityContext{},
 		},
 		{
 			name:     "not authorized on project error",
 			resource: minder.TargetResource_TARGET_RESOURCE_PROJECT,
-			entityCtx: &engine.EntityContext{
-				Project: engine.Project{
+			entityCtx: &engcontext.EntityContext{
+				Project: engcontext.Project{
 					ID: projectID,
 				},
 			},
@@ -255,8 +255,8 @@ func TestProjectAuthorizationInterceptor(t *testing.T) {
 		{
 			name:     "authorized on project",
 			resource: minder.TargetResource_TARGET_RESOURCE_PROJECT,
-			entityCtx: &engine.EntityContext{
-				Project: engine.Project{
+			entityCtx: &engcontext.EntityContext{
+				Project: engcontext.Project{
 					ID: defaultProjectID,
 				},
 			},
@@ -272,15 +272,15 @@ func TestProjectAuthorizationInterceptor(t *testing.T) {
 			}
 
 			unaryHandler := func(ctx context.Context, _ interface{}) (any, error) {
-				return replyType{engine.EntityFromContext(ctx)}, nil
+				return replyType{engcontext.EntityFromContext(ctx)}, nil
 			}
 			server := Server{
 				authzClient: &mock.SimpleClient{
 					Allowed: []uuid.UUID{defaultProjectID},
 				},
 			}
 			ctx := withRpcOptions(context.Background(), rpcOptions)
-			ctx = engine.WithEntityContext(ctx, tc.entityCtx)
+			ctx = engcontext.WithEntityContext(ctx, tc.entityCtx)
 			ctx = auth.WithAuthTokenContext(ctx, userJWT)
 			_, err := ProjectAuthorizationInterceptor(ctx, request{}, &grpc.UnaryServerInfo{
 				Server: &server,
@@ -505,8 +505,8 @@ func TestRoleManagement(t *testing.T) {
 
 			ctx := context.Background()
 			ctx = auth.WithAuthTokenContext(ctx, user)
-			ctx = engine.WithEntityContext(ctx, &engine.EntityContext{
-				Project: engine.Project{
+			ctx = engcontext.WithEntityContext(ctx, &engcontext.EntityContext{
+				Project: engcontext.Project{
 					ID: project,
 				},
 			})

internal/controlplane/handlers_entities.go

@@ -24,7 +24,7 @@ import (
 	"google.golang.org/grpc/codes"
 
 	"github.com/stacklok/minder/internal/db"
-	"github.com/stacklok/minder/internal/engine"
+	"github.com/stacklok/minder/internal/engine/engcontext"
 	"github.com/stacklok/minder/internal/events"
 	"github.com/stacklok/minder/internal/logger"
 	"github.com/stacklok/minder/internal/providers"
@@ -44,7 +44,7 @@ func (s *Server) ReconcileEntityRegistration(
 ) (*pb.ReconcileEntityRegistrationResponse, error) {
 	l := zerolog.Ctx(ctx).With().Logger()
 
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	projectID := entityCtx.Project.ID
 
 	logger.BusinessRecord(ctx).Project = projectID

internal/controlplane/handlers_entities_test.go

@@ -22,7 +22,7 @@ import (
 	"go.uber.org/mock/gomock"
 
 	"github.com/stacklok/minder/internal/db"
-	"github.com/stacklok/minder/internal/engine"
+	"github.com/stacklok/minder/internal/engine/engcontext"
 	mockevents "github.com/stacklok/minder/internal/events/mock"
 	mockgh "github.com/stacklok/minder/internal/providers/github/mock"
 	mockmanager "github.com/stacklok/minder/internal/providers/manager/mock"
@@ -97,8 +97,8 @@ func TestServer_ReconcileEntityRegistration(t *testing.T) {
 			ctrl := gomock.NewController(t)
 			defer ctrl.Finish()
 
-			ctx := engine.WithEntityContext(context.Background(), &engine.EntityContext{
-				Project: engine.Project{ID: projectID},
+			ctx := engcontext.WithEntityContext(context.Background(), &engcontext.EntityContext{
+				Project: engcontext.Project{ID: projectID},
 			})
 
 			manager := mockmanager.NewMockProviderManager(ctrl)

internal/controlplane/handlers_evalstatus.go

@@ -26,7 +26,7 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/stacklok/minder/internal/db"
-	"github.com/stacklok/minder/internal/engine"
+	"github.com/stacklok/minder/internal/engine/engcontext"
 	minderv1 "github.com/stacklok/minder/pkg/api/protobuf/go/minder/v1"
 )
 
@@ -36,7 +36,7 @@ func (s *Server) ListEvaluationResults(
 	ctx context.Context,
 	in *minderv1.ListEvaluationResultsRequest,
 ) (*minderv1.ListEvaluationResultsResponse, error) {
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	projectID := entityCtx.Project.ID
 
 	if _, err := uuid.Parse(in.GetProfile()); err != nil && in.GetProfile() != "" {

internal/controlplane/handlers_oauth.go

@@ -39,7 +39,7 @@ import (
 	"github.com/stacklok/minder/internal/auth"
 	mcrypto "github.com/stacklok/minder/internal/crypto"
 	"github.com/stacklok/minder/internal/db"
-	"github.com/stacklok/minder/internal/engine"
+	"github.com/stacklok/minder/internal/engine/engcontext"
 	"github.com/stacklok/minder/internal/logger"
 	"github.com/stacklok/minder/internal/providers"
 	"github.com/stacklok/minder/internal/providers/credentials"
@@ -55,7 +55,7 @@ import (
 // nolint:gocyclo
 func (s *Server) GetAuthorizationURL(ctx context.Context,
 	req *pb.GetAuthorizationURLRequest) (*pb.GetAuthorizationURLResponse, error) {
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	projectID := entityCtx.Project.ID
 
 	var providerName string
@@ -469,7 +469,7 @@ func (s *Server) handleAppInstallWithoutInvite(ctx context.Context, token *oauth
 // StoreProviderToken stores the provider token for a project
 func (s *Server) StoreProviderToken(ctx context.Context,
 	in *pb.StoreProviderTokenRequest) (*pb.StoreProviderTokenResponse, error) {
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	projectID := entityCtx.Project.ID
 	providerName := entityCtx.Provider.Name
 
@@ -541,7 +541,7 @@ func (s *Server) StoreProviderToken(ctx context.Context,
 // Deprecated: Use VerifyProviderCredential instead
 func (s *Server) VerifyProviderTokenFrom(ctx context.Context,
 	in *pb.VerifyProviderTokenFromRequest) (*pb.VerifyProviderTokenFromResponse, error) {
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	projectID := entityCtx.Project.ID
 	providerName := entityCtx.Provider.Name
 
@@ -605,7 +605,7 @@ func (s *Server) VerifyProviderTokenFrom(ctx context.Context,
 // VerifyProviderCredential verifies the provider credential has been created for the matching enrollment nonce
 func (s *Server) VerifyProviderCredential(ctx context.Context,
 	in *pb.VerifyProviderCredentialRequest) (*pb.VerifyProviderCredentialResponse, error) {
-	entityCtx := engine.EntityFromContext(ctx)
+	entityCtx := engcontext.EntityFromContext(ctx)
 	projectID := entityCtx.Project.ID
 
 	enrollmentNonce := in.EnrollmentNonce