Skip to content

Commit

Permalink
feat(V2): RHINENG-11269 use the V2 models for SSG import
Browse files Browse the repository at this point in the history
  • Loading branch information
skateman committed Oct 9, 2024
1 parent 505c9ee commit 1b6bea7
Show file tree
Hide file tree
Showing 30 changed files with 179 additions and 1,528 deletions.
9 changes: 9 additions & 0 deletions app/models/v2/profile.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,14 @@ def variant_for_minor(version)
os_minor_versions: { os_minor_version: version }
)
end

def self.from_parser(obj, existing: nil, security_guide_id: nil, value_overrides: nil)
record = existing || new(ref_id: obj.id, security_guide_id: security_guide_id)

record.assign_attributes(title: obj.title, description: obj.description,
value_overrides: value_overrides, upstream: false)

record
end
end
end
18 changes: 18 additions & 0 deletions app/models/v2/rule.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ class Rule < ApplicationRecord

indexable_by :ref_id, &->(scope, value) { scope.find_by!(ref_id: value.try(:gsub, '-', '.')) }

attr_accessor :op_source

# rubocop:disable Metrics/AbcSize
def self.sorted_severities(table = arel_table)
Arel.sql(
Expand Down Expand Up @@ -70,5 +72,21 @@ def remediation_issue_id
def self.short_ref_id(ref_id)
ref_id.downcase[SHORT_REF_ID_RE] || ref_id
end

# rubocop:disable Metrics/ParameterLists
def self.from_parser(obj, existing: nil, rule_group_id: nil,
security_guide_id: nil, precedence: nil, value_checks: nil)
record = existing || new(ref_id: obj.id, security_guide_id: security_guide_id)

record.op_source = obj

record.assign_attributes(title: obj.title, description: obj.description, rationale: obj.rationale,
severity: obj.severity, precedence: precedence, rule_group_id: rule_group_id,
upstream: false, value_checks: value_checks, identifier: obj.identifier&.to_h,
references: obj.references.map(&:to_h), remediation_available: false)

record
end
# rubocop:enable Metrics/ParameterLists
end
end
9 changes: 9 additions & 0 deletions app/models/v2/rule_group.rb
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,14 @@ class RuleGroup < ApplicationRecord

searchable_by :title, %i[like unlike eq ne in notin]
searchable_by :ref_id, %i[like unlike]

def self.from_parser(obj, existing: nil, security_guide_id: nil, parent_id: nil, precedence: nil)
record = existing || new(ref_id: obj.id, security_guide_id: security_guide_id)

record.assign_attributes(title: obj.title, description: obj.description, rationale: obj.rationale,
precedence: precedence, parent_id: parent_id)

record
end
end
end
6 changes: 6 additions & 0 deletions app/models/v2/security_guide.rb
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@ def self.os_versions
reselect(:os_major_version).distinct.reorder(:os_major_version).map(&:os_major_version)
end

def self.from_parser(obj)
record = find_or_initialize_by(ref_id: obj.id, version: obj.version)
record.assign_attributes(title: obj.title, description: obj.description)
record
end

# Builds the hierarchical structure of groups and rules
def rule_tree
cached_rules = rules.order(:precedence).select(:id, :rule_group_id).group_by(&:rule_group_id)
Expand Down
10 changes: 10 additions & 0 deletions app/models/v2/value_definition.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ class ValueDefinition < ApplicationRecord
searchable_by :title, %i[like unlike eq ne in notin]
searchable_by :ref_id, %i[like unlike]

attr_accessor :op_source

def validate_value(value)
return false unless value.is_a?(String)

Expand All @@ -27,5 +29,13 @@ def validate_value(value)
true
end
end

def self.from_parser(obj, existing: nil, security_guide_id: nil)
record = existing || new(ref_id: obj.id, security_guide_id: security_guide_id)
record.op_source = obj
record.assign_attributes(title: obj.title, description: obj.description,
value_type: obj.type, default_value: obj.value)
record
end
end
end
48 changes: 0 additions & 48 deletions app/services/concerns/xccdf/benchmarks.rb

This file was deleted.

2 changes: 1 addition & 1 deletion app/services/concerns/xccdf/hosts.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ def test_result_profile
name: @test_result_file.test_result.profile_id
).find_or_initialize_by(
ref_id: @test_result_file.test_result.profile_id,
benchmark: benchmark
benchmark_id: security_guide.id
)
end
end
Expand Down
12 changes: 6 additions & 6 deletions app/services/concerns/xccdf/profile_os_minor_versions.rb
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ module ProfileOsMinorVersions

included do
def save_profile_os_minor_versions
::ProfileOsMinorVersion.transaction do
::V2::ProfileOsMinorVersion.transaction do
# Delete all existing mappings for the given benchmark
old_profile_os_minor_versions.delete_all
# Import the new mappings
::ProfileOsMinorVersion.import!(new_profile_os_minor_versions)
::V2::ProfileOsMinorVersion.import!(new_profile_os_minor_versions)
end
end

Expand All @@ -20,18 +20,18 @@ def save_profile_os_minor_versions
def new_profile_os_minor_versions
@profiles.flat_map do |profile|
os_minor_versions.map do |os_minor_version|
::ProfileOsMinorVersion.new(profile: profile, os_minor_version: os_minor_version)
::V2::ProfileOsMinorVersion.new(profile: profile, os_minor_version: os_minor_version)
end
end
end

def old_profile_os_minor_versions
@old_profile_os_minor_versions ||= ::ProfileOsMinorVersion.where(profile: @profiles.map(&:id))
@old_profile_os_minor_versions ||= ::V2::ProfileOsMinorVersion.where(profile: @profiles.map(&:id))
end

def os_minor_versions
SupportedSsg.by_ssg_version(true)[@benchmark.version]
.select { |ssg| ssg.os_major_version == @benchmark.os_major_version }
SupportedSsg.by_ssg_version(true)[@security_guide.version]
.select { |ssg| ssg.os_major_version == @security_guide.os_major_version }
.map(&:os_minor_version)
end
end
Expand Down
17 changes: 8 additions & 9 deletions app/services/concerns/xccdf/profile_rules.rb
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,14 @@ module ProfileRules

included do
def save_profile_rules
::ProfileRule.transaction do
::ProfileRule.import!(profile_rules,
on_duplicate_key_update: {
conflict_target: %i[rule_id profile_id],
columns: %i[rule_id profile_id]
})
::V2::ProfileRule.transaction do
::V2::ProfileRule.import!(profile_rules,
on_duplicate_key_update: {
conflict_target: %i[rule_id profile_id],
columns: %i[rule_id profile_id]
})

base = ::ProfileRule.joins(profile: :benchmark)
.where('profiles.parent_profile_id' => nil)
base = ::V2::ProfileRule.joins(profile: :security_guide)

profile_rule_links_to_remove(base).delete_all
end
Expand All @@ -36,7 +35,7 @@ def profile_rules

def profile_rule_links_to_remove(base)
grouped_rules = profile_rules.group_by(&:profile_id)
grouped_rules.reduce(ProfileRule.none) do |query, (profile_id, prs)|
grouped_rules.reduce(V2::ProfileRule.none) do |query, (profile_id, prs)|
query.or(
base.where(profile_id: profile_id)
.where.not(rule_id: prs.map(&:rule_id))
Expand Down
23 changes: 11 additions & 12 deletions app/services/concerns/xccdf/profiles.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,27 +8,26 @@ module Profiles
included do
def profiles
@profiles ||= @op_profiles.map do |op_profile|
::Profile.from_openscap_parser(
::V2::Profile.from_parser(
op_profile,
existing: old_profiles[op_profile.id],
benchmark_id: @benchmark&.id,
security_guide_id: @security_guide.id,
value_overrides: value_overrides(op_profile)
)
end
end

def save_profiles
# Import the new records first with validation
::Profile.import!(new_profiles, ignore: true)
::V2::Profile.import!(new_profiles, ignore: true)

# Update the fields on existing profiles, validation is not necessary
::Profile.import(old_profiles.values,
on_duplicate_key_update: {
conflict_target: %i[ref_id benchmark_id],
columns: %i[name value_overrides],
index_predicate: 'parent_profile_id IS NULL'
},
validate: false)
::V2::Profile.import(old_profiles.values,
on_duplicate_key_update: {
conflict_target: %i[ref_id security_guide_id],
columns: %i[name value_overrides]
},
validate: false)
end

private
Expand All @@ -38,8 +37,8 @@ def new_profiles
end

def old_profiles
@old_profiles ||= ::Profile.where(
ref_id: @op_profiles.map(&:id), benchmark: @benchmark&.id, parent_profile_id: nil
@old_profiles ||= ::V2::Profile.where(
ref_id: @op_profiles.map(&:id), security_guide_id: @security_guide.id
).index_by(&:ref_id)
end

Expand Down
54 changes: 0 additions & 54 deletions app/services/concerns/xccdf/rule_group_relationships.rb

This file was deleted.

34 changes: 19 additions & 15 deletions app/services/concerns/xccdf/rule_groups.rb
Original file line number Diff line number Diff line change
Expand Up @@ -7,31 +7,35 @@ module RuleGroups

included do
def save_rule_groups
@rule_groups ||= @op_rule_groups.each_with_index.map do |op_rule_group, idx|
::RuleGroup.from_openscap_parser(op_rule_group,
existing: old_rule_groups[op_rule_group.id],
precedence: idx, benchmark_id: @benchmark&.id)
end

::RuleGroup.import!(new_rule_groups, ignore: true)
::V2::RuleGroup.import!(new_rule_groups, ignore: true)

# Overwite a superset of old_rule_groups because the IDs of the ancestors are not
# available in the first import! above
::RuleGroup.import(rule_groups_with_ancestry, on_duplicate_key_update: {
conflict_target: %i[ref_id benchmark_id],
columns: %i[description rationale precedence ancestry]
}, validate: false)
::V2::RuleGroup.import(rule_groups_with_ancestry, on_duplicate_key_update: {
conflict_target: %i[ref_id security_guide_id],
columns: %i[description rationale precedence ancestry]
}, validate: false)
end

private

def rule_groups
@rule_groups ||= @op_rule_groups.each_with_index.map do |op_rule_group, idx|
::V2::RuleGroup.from_parser(
op_rule_group,
existing: old_rule_groups[op_rule_group.id], precedence: idx,
security_guide_id: @security_guide.id
)
end
end

def new_rule_groups
@new_rule_groups ||= @rule_groups.select(&:new_record?)
@new_rule_groups ||= rule_groups.select(&:new_record?)
end

def old_rule_groups
@old_rule_groups ||= ::RuleGroup.where(
ref_id: @op_rule_groups.map(&:id), benchmark: @benchmark&.id
@old_rule_groups ||= ::V2::RuleGroup.where(
ref_id: @op_rule_groups.map(&:id), security_guide_id: @security_guide.id
).index_by(&:ref_id)
end

Expand All @@ -50,7 +54,7 @@ def rule_groups_with_ancestry
end

def rule_group_for(ref_id:)
@cached_rule_groups ||= @rule_groups.index_by(&:ref_id)
@cached_rule_groups ||= rule_groups.index_by(&:ref_id)
@cached_rule_groups[ref_id]
end
end
Expand Down
Loading

0 comments on commit 1b6bea7

Please sign in to comment.