Skip to content

feat-ISSUE-3782-PR 1/2 adding crosstables rule - zone for destination and source #3834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 37 commits into
base: importer-rework
Choose a base branch
from
Open

feat-ISSUE-3782-PR 1/2 adding crosstables rule - zone for destination and source #3834

wants to merge 37 commits into from

Conversation

@Imat00
Copy link
Contributor

@Imat00 Imat00 commented Oct 24, 2025

  • add crosstable rule_destination_to_zone and rule_source_to_zone
  • add FKs for both to rule and zone
  • update upgrade script 9.0
  • update permissions + permissions for management and some rule_* tables

management - role reporter - select - add mgm_uid

rule - recertifier - select - add is_global and rulebase_id
rule - modeller - select - add is_global and rulebase_id

rule_from/rule_to - middleware - seelct - add cl_from_relevant_for_tenant
rule_service and more add removed in select for filtered roles

changelog_rule add cl_rule_relevant_for_tenant in select for filtered roles

@tpurschke
Copy link
Contributor

tpurschke commented Oct 26, 2025

@Imat00 sorry I also had to add some permissions - could you please resolve the resulting conflicts in your branch?
Feel free to reach out to me for any questions.

@Imat00
Copy link
Contributor Author

Imat00 commented Oct 27, 2025

@Imat00 sorry I also had to add some permissions - could you please resolve the resulting conflicts in your branch? Feel free to reach out to me for any questions.

should be done

@tpurschke
Copy link
Contributor

tpurschke commented Oct 27, 2025

@Imat00 there seems to be an issue with the metadata file (test import job fails)

@Imat00
Copy link
Contributor Author

Imat00 commented Oct 27, 2025

@Imat00 there seems to be an issue with the metadata file (test import job fails)

Yes, currently working on it

@tpurschke tpurschke marked this pull request as draft October 27, 2025 11:37
@Imat00
Copy link
Contributor Author

Imat00 commented Oct 27, 2025

Finally!
I think we should still check Permissions again.

@Imat00 Imat00 marked this pull request as ready for review October 27, 2025 13:43
Imat00 and others added 7 commits October 28, 2025 14:16
@Imat00
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
d963b48
@Imat00
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
aabbb1f
@Imat00
feat: allow rules to have multiple zones in reports
a588fd5 
CactuseSecurity#3834
@Imat00
merge: resolve conflict in ReportRules
c2d9210 
Kept incoming changes from remote and renamed local methods for clarity:
- DisplayDestinationZones() (was DisplayDestinationZone() before)
- DisplaySourceZones() (was DisplaySourceZone() before)
@Imat00
update: replace_metadata
a997e3d 
fixed: warnings
@Imat00
update: adjusted GraphQL fragments and exports for rules with multipl…
b370e53 
…e zones

- changed GraphQL fragments for rule zones
- renamed normalized rule fields from *zone to *zones
- updated export tests for rules with multiple zones
@Imat00
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
03dbe9c
@tpurschke tpurschke mentioned this pull request Nov 3, 2025
Open
Imat00 added 5 commits November 5, 2025 13:25
@Imat00
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
b75bfdc
@Imat00
rule:
495b115 
- RuleSourceZones and RuleDestinationZones changed to ZoneWrapper[]
- ZoneWrapper wraps NetworkZone for GraphQL data exchange
- Updated display and comparison logic to handle wrapped zones
@Imat00
add initial fill for rule_source_to_zone and rule_destination_to_zone…
c01074d 
… via upgrade script
@Imat00
test: adjust unit tests - use ZoneWrapper instead of NetworkZone
648ba8a
@Imat00
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
4f33d3d
@Imat00 Imat00 requested a review from Y4nnikH November 11, 2025 10:13
Imat00 and others added 13 commits November 11, 2025 11:16
@Y4nnikH
Copy link
Contributor

Y4nnikH commented Nov 12, 2025

I added the necessary changes in the importer and middleware to correctly handle multiple zones per rule source/destination. And I renamed the new tables to make it more consistent with existing similar tables.
We will add my changes into this branch before we merge the pr.

One note / inconsistency regarding the new tables: We now have a situation where we link to the crosstable rule_from_zone, like with rule_from via ids, but we do not write the zones directly into the rule as a string, like we do with rule_src. (same with rule_to_zone). This has the benefit, that we do not get a new rule version whenever the zones change. only the crosstable changes. But it would be more consistent if we also wrote the zones as string to each rule entry (or the other way around, remove the rule_src/dst/svc etc fields from the rule)

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 14, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alf-cactus alf-cactus Awaiting requested review from alf-cactus

@tpurschke tpurschke Awaiting requested review from tpurschke

@Y4nnikH Y4nnikH Awaiting requested review from Y4nnikH

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Imat00 @tpurschke @Y4nnikH