stormchaser-engine 1.4.2

A robust, distributed workflow engine for event-driven and human-triggered workflows.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

use anyhow::Result;
use stormchaser_dsl::ast;
use stormchaser_model::dsl::{OutputExtraction, RestApiSpec};
use tracing::warn;

pub async fn persist_step_outputs(
    tx: &mut sqlx::PgConnection,
    step_id: stormchaser_model::StepInstanceId,
    outputs: Option<&serde_json::Map<String, serde_json::Value>>,
    dsl_step: Option<&ast::Step>,
) -> Result<()> {
    let Some(outputs) = outputs else {
        return Ok(());
    };
    let rest_api_sensitivity = rest_api_output_sensitivity(dsl_step);

    for (key, value) in outputs {
        crate::db::upsert_step_output_with_sensitivity(
            &mut *tx,
            step_id,
            key,
            value,
            rest_api_sensitivity.get(key).copied().unwrap_or(false),
        )
        .await?;
    }

    Ok(())
}

fn rest_api_output_sensitivity(
    dsl_step: Option<&ast::Step>,
) -> std::collections::HashMap<String, bool> {
    let Some(step) = dsl_step else {
        return std::collections::HashMap::new();
    };

    if step.r#type != "RestApi" {
        return std::collections::HashMap::new();
    }

    match serde_json::from_value::<RestApiSpec>(step.spec.clone()) {
        Ok(spec) => spec
            .extractors
            .unwrap_or_default()
            .into_iter()
            .map(|extractor| (extractor.name, extractor.sensitive.unwrap_or(false)))
            .collect(),
        Err(error) => {
            warn!(
                step_name = %step.name,
                ?error,
                "Failed to parse RestApi spec while determining output sensitivity"
            );
            std::collections::HashMap::new()
        }
    }
}

pub fn setup_terraform_outputs(step: &mut ast::Step) {
    if step.r#type == "TerraformApply" {
        step.outputs.push(OutputExtraction {
            name: "terraform".to_string(),
            source: "stdout".to_string(),
            marker: Some("--- TF OUTPUTS ---".to_string()),
            format: Some("json".to_string()),
            regex: Some(r"--- TF OUTPUTS ---\s*(.*)".to_string()),
            group: Some(1),
            sensitive: Some(false),
        });
    } else if step.r#type == "TerraformPlan" {
        step.outputs.push(OutputExtraction {
            name: "plan_summary".to_string(),
            source: "stdout".to_string(),
            marker: Some("--- TF PLAN SUMMARY ---".to_string()),
            format: Some("string".to_string()),
            regex: Some(r"--- TF PLAN SUMMARY ---\s*(.*)".to_string()),
            group: Some(1),
            sensitive: Some(false),
        });
        step.outputs.push(OutputExtraction {
            name: "plan_json".to_string(),
            source: "stdout".to_string(),
            marker: Some("--- TF PLAN JSON ---".to_string()),
            format: Some("json".to_string()),
            regex: Some(r"--- TF PLAN JSON ---\s*(.*)".to_string()),
            group: Some(1),
            sensitive: Some(false),
        });
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use serde_json::json;
    use std::collections::HashMap;
    use stormchaser_model::dsl::RestApiResponseExtractor;

    #[test]
    fn test_rest_api_output_sensitivity_reads_extractor_flags() {
        let step = ast::Step {
            name: "fetch_data".to_string(),
            r#type: "RestApi".to_string(),
            condition: None,
            params: HashMap::new(),
            spec: json!({
                "url": "https://api.example.com",
                "extractors": [
                    RestApiResponseExtractor {
                        name: "token".to_string(),
                        format: Some("json".to_string()),
                        json_pointer: Some("/data/token".to_string()),
                        regex: None,
                        group: None,
                        sensitive: Some(true),
                    },
                    RestApiResponseExtractor {
                        name: "id".to_string(),
                        format: Some("json".to_string()),
                        json_pointer: Some("/data/id".to_string()),
                        regex: None,
                        group: None,
                        sensitive: Some(false),
                    }
                ]
            }),
            strategy: None,
            aggregation: Vec::new(),
            iterate: None,
            iterate_as: None,
            steps: None,
            next: Vec::new(),
            on_failure: None,
            aliases: std::collections::HashMap::new(),
            retry: None,
            timeout: None,
            allow_failure: None,
            start_marker: None,
            end_marker: None,
            outputs: Vec::new(),
            reports: Vec::new(),
            artifacts: None,
        };

        let sensitivity = rest_api_output_sensitivity(Some(&step));

        assert_eq!(sensitivity.get("token"), Some(&true));
        assert_eq!(sensitivity.get("id"), Some(&false));
    }
}