Deprecate the Trusty options from the protobuf (#2381)

cmd/dev/app/rule_type/rttst.go

@@ -117,7 +117,7 @@ func testCmdRun(cmd *cobra.Command, _ []string) error {
 	}
 
 	// TODO: Read this from a providers file instead so we can make it pluggable
-	eng, err := engine.NewRuleTypeEngine(p, rt, providers.NewProviderBuilder(
+	eng, err := engine.NewRuleTypeEngine(context.Background(), p, rt, providers.NewProviderBuilder(
 		&db.Provider{
 			Name:    "test",
 			Version: "v1",

docker-compose.yaml

@@ -58,7 +58,7 @@ services:
       - MINDER_AUTH_REFRESH_TOKEN_PRIVATE_KEY=/app/.ssh/refresh_token_rsa
       - MINDER_AUTH_REFRESH_TOKEN_PUBLIC_KEY=/app/.ssh/refresh_token_rsa.pub
       - MINDER_AUTH_TOKEN_KEY=/app/.ssh/token_key_passphrase
-      - MINDER_UNSTABLE_TRUSTY_ENDPOINT=https://api.trustypkg.dev
+      - MINDER_UNSTABLE_TRUSTY_ENDPOINT=https://trusty.stacklok.dev
     networks:
       - app_net
     depends_on:

internal/engine/eval/eval.go

@@ -18,8 +18,8 @@
 package eval
 
 import (
+	"context"
 	"fmt"
-	"os"
 
 	"github.com/stacklok/minder/internal/engine/eval/homoglyphs/application"
 	"github.com/stacklok/minder/internal/engine/eval/jq"
@@ -32,7 +32,11 @@ import (
 )
 
 // NewRuleEvaluator creates a new rule data evaluator
-func NewRuleEvaluator(rt *pb.RuleType, cli *providers.ProviderBuilder) (engif.Evaluator, error) {
+func NewRuleEvaluator(
+	ctx context.Context,
+	rt *pb.RuleType,
+	cli *providers.ProviderBuilder,
+) (engif.Evaluator, error) {
 	e := rt.Def.GetEval()
 	if e == nil {
 		return nil, fmt.Errorf("rule type missing eval configuration")
@@ -44,21 +48,13 @@ func NewRuleEvaluator(rt *pb.RuleType, cli *providers.ProviderBuilder) (engif.Ev
 		if rt.Def.Eval.GetJq() == nil {
 			return nil, fmt.Errorf("rule type engine missing jq configuration")
 		}
-
 		return jq.NewJQEvaluator(e.GetJq())
 	case rego.RegoEvalType:
 		return rego.NewRegoEvaluator(e.GetRego())
 	case vulncheck.VulncheckEvalType:
 		return vulncheck.NewVulncheckEvaluator(e.GetVulncheck(), cli)
 	case trusty.TrustyEvalType:
-		trustyEvalConfig := e.GetTrusty()
-		if trustyEvalConfig == nil {
-			return nil, fmt.Errorf("rule type engine missing trusty configuration")
-		}
-		if trustyEvalConfig.GetEndpoint() == "" {
-			trustyEvalConfig.Endpoint = os.Getenv("MINDER_UNSTABLE_TRUSTY_ENDPOINT")
-		}
-		return trusty.NewTrustyEvaluator(trustyEvalConfig, cli)
+		return trusty.NewTrustyEvaluator(ctx, cli)
 	case application.HomoglyphsEvalType:
 		return application.NewHomoglyphsEvaluator(e.GetHomoglyphs(), cli)
 	default:

internal/engine/eval/eval_test.go

@@ -18,6 +18,7 @@
 package eval_test
 
 import (
+	"context"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -82,7 +83,7 @@ func TestNewRuleEvaluatorWorks(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 
-			got, err := eval.NewRuleEvaluator(tt.args.rt, nil)
+			got, err := eval.NewRuleEvaluator(context.Background(), tt.args.rt, nil)
 			assert.NoError(t, err, "unexpected error")
 			assert.NotNil(t, got, "unexpected nil")
 		})
@@ -157,7 +158,7 @@ func TestNewRuleEvaluatorFails(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 
-			got, err := eval.NewRuleEvaluator(tt.args.rt, nil)
+			got, err := eval.NewRuleEvaluator(context.Background(), tt.args.rt, nil)
 			assert.Error(t, err, "should have errored")
 			assert.Nil(t, got, "should be nil")
 		})

internal/engine/eval/trusty/trusty.go

@@ -18,6 +18,7 @@ package trusty
 import (
 	"context"
 	"fmt"
+	"os"
 	"strings"
 
 	"github.com/rs/zerolog"
@@ -32,7 +33,9 @@ import (
 
 const (
 	// TrustyEvalType is the type of the trusty evaluator
-	TrustyEvalType = "trusty"
+	TrustyEvalType       = "trusty"
+	trustyEndpointURL    = "https://trusty.stacklok.dev"
+	trustyEndpointEnvVar = "MINDER_UNSTABLE_TRUSTY_ENDPOINT"
 )
 
 // Evaluator is the trusty evaluator
@@ -42,16 +45,19 @@ type Evaluator struct {
 }
 
 // NewTrustyEvaluator creates a new trusty evaluator
-func NewTrustyEvaluator(
-	pie *pb.RuleType_Definition_Eval_Trusty,
-	pbuild *providers.ProviderBuilder,
-) (*Evaluator, error) {
+func NewTrustyEvaluator(ctx context.Context, pbuild *providers.ProviderBuilder) (*Evaluator, error) {
 	if pbuild == nil {
 		return nil, fmt.Errorf("provider builder is nil")
 	}
 
-	if pie.GetEndpoint() == "" {
-		return nil, fmt.Errorf("endpoint is not set")
+	// Read the trusty endpoint from the environment
+	trustyEndpoint := os.Getenv(trustyEndpointEnvVar)
+	// If the environment variable is not set, use the default endpoint
+	if trustyEndpoint == "" {
+		trustyEndpoint = trustyEndpointURL
+		zerolog.Ctx(ctx).Info().Str("trusty-endpoint", trustyEndpoint).Msg("using default trusty endpoint")
+	} else {
+		zerolog.Ctx(ctx).Info().Str("trusty-endpoint", trustyEndpoint).Msg("using trusty endpoint from environment")
 	}
 
 	ghcli, err := pbuild.GetGitHub(context.Background())
@@ -61,7 +67,7 @@ func NewTrustyEvaluator(
 
 	return &Evaluator{
 		cli:      ghcli,
-		endpoint: pie.GetEndpoint(),
+		endpoint: trustyEndpoint,
 	}, nil
 }
 

internal/engine/executor.go

@@ -311,7 +311,7 @@ func (e *Executor) getEvaluator(
 	params.RuleType = rt
 
 	// Create the rule type engine
-	rte, err := NewRuleTypeEngine(profile, rt, cli)
+	rte, err := NewRuleTypeEngine(ctx, profile, rt, cli)
 	if err != nil {
 		return nil, nil, fmt.Errorf("error creating rule type engine: %w", err)
 	}

internal/engine/rule_types.go

@@ -177,6 +177,7 @@ type RuleTypeEngine struct {
 
 // NewRuleTypeEngine creates a new rule type engine
 func NewRuleTypeEngine(
+	ctx context.Context,
 	p *minderv1.Profile,
 	rt *minderv1.RuleType,
 	cli *providers.ProviderBuilder,
@@ -191,7 +192,7 @@ func NewRuleTypeEngine(
 		return nil, fmt.Errorf("cannot create rule data ingest: %w", err)
 	}
 
-	reval, err := eval.NewRuleEvaluator(rt, cli)
+	reval, err := eval.NewRuleEvaluator(ctx, rt, cli)
 	if err != nil {
 		return nil, fmt.Errorf("cannot create rule evaluator: %w", err)
 	}