Migrate from sasahasarabonov/openai-go to tml/langchaingo

[santoshkal]

This PR migrates the LLM library sashasarabonov/openai-go to tmc/langchaingo
Fixes: [#261](#261 (comment)

Refactor LLM client and interaction for genval and genai commands.

[dryrunsecurity]

DryRun Security Summary

The code changes encompass comprehensive updates across various components, including improvements to Dockerfile and Terraform validation, Kubernetes deployment configuration, and LLM integration, while focusing on enhancing the application's security, maintainability, and functionality through the implementation of AI-based remediation capabilities and updated dependencies.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of updates across various components of the application. The changes focus on improving the application's security, maintainability, and functionality, particularly in the areas of Dockerfile validation, Terraform validation, Kubernetes deployment configuration, and large language model (LLM) integration.

Key highlights include:

1. Linter Configuration: The changes in the .ci.yml file remove the ineffassign linter, which may impact code quality and should be carefully reviewed.
2. Dockerfile Validation and Remediation: The celval_dockerfileval.go file introduces the ability to validate Dockerfiles against CEL policies and automatically remediate any issues using an AI-based model.
3. Terraform Validation and Remediation: The celval_terraform.go file adds the capability to validate Terraform files against CEL policies and remediate the identified issues using an AI-based model.
4. Kubernetes Deployment Configuration: The finalDeployment.json and finalDeployment.yaml files update the Kubernetes deployment configuration, including the use of a specific Nginx version, which is a security best practice.
5. LLM Integration: The changes in the go.mod, llm/assistant.go, llm/llmbackend.go, llm/types.go, llm/takeaction.go, and related files introduce the integration of LLMs, such as OpenAI and Ollama, for various application functionalities.

Overall, the code changes in this pull request appear to be focused on improving the security, maintainability, and functionality of the application. However, it's important to thoroughly review the changes and their potential security implications, such as input validation, API key management, and the security of the LLM integration.

Files Changed:

• .ci.yml: Changes to the linter configuration, including the removal of the ineffassign linter.
• cmd/celval_dockerfileval.go: Improvements to the Dockerfile validation and remediation functionality.
• cmd/celval_terraform.go: Enhancements to the Terraform validation and remediation functionality.
• cmd/celval_infrafile.go: Updates to the Kubernetes and related manifest validation and remediation process.
• cmd/opts.go: Changes to the parseModel function, which may impact the LLM integration.
• cmd/genai.go: Removal of the go-openai dependency and modifications to the appliedModel variable.
• cmd/regoval_infrafile.go: Improvements to the handling of YAML and JSON formats in the Kubernetes manifest validation process.
• cmd/regoval_dockerfileval.go: Updates to the Dockerfile validation and remediation functionality.
• cmd/regoval_terraform.go: Enhancements to the Terraform validation and remediation process.
• go.mod and go.sum: Updates to the project's dependencies, including the addition of the langchaingo library.
• llm/assistant.go, llm/llmbackend.go, llm/types.go, and llm/takeaction.go: Changes related to the integration of LLMs, such as OpenAI and Ollama.
• finalDeployment.json and finalDeployment.yaml: Updates to the Kubernetes deployment configuration, including the use of a specific Nginx version.
• templates/inputs/validation_configs/rego/rego-k8s.yaml: Changes to the Kubernetes validation configuration, including the output format and the language model used.
• pkg/parser/inputparser.go: Updates to the handling of YAML to JSON conversion in the input processing.

Code Analysis

We ran 9 analyzers against 20 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

View PR in the DryRun Dashboard.