Skip to content

feat-ISSUE-3782-PR 1/2 adding crosstables rule - zone for destination and source #3834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 37 commits into
base: importer-rework
Choose a base branch
from
Open

feat-ISSUE-3782-PR 1/2 adding crosstables rule - zone for destination and source #3834

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
9c63cfa
add crosstables with fks, upgrade script und permissions
Oct 24, 2025
d31351a
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Oct 24, 2025
dcf393c
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Oct 27, 2025
c8fa4eb
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Oct 27, 2025
4e1b673
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Oct 27, 2025
bab4ef0
changed metadata.json
Oct 27, 2025
812a8b0
merge metadata
Oct 27, 2025
5873c1e
update replace_metadata
Oct 27, 2025
d963b48
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Oct 28, 2025
aabbb1f
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Oct 31, 2025
a588fd5
feat: allow rules to have multiple zones in reports
Imat00 Oct 31, 2025
c2d9210
merge: resolve conflict in ReportRules
Imat00 Oct 31, 2025
a997e3d
update: replace_metadata
Imat00 Oct 31, 2025
b370e53
update: adjusted GraphQL fragments and exports for rules with multipl…
Imat00 Oct 31, 2025
03dbe9c
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Oct 31, 2025
b75bfdc
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Nov 5, 2025
495b115
rule:
Imat00 Nov 6, 2025
c01074d
add initial fill for rule_source_to_zone and rule_destination_to_zone…
Imat00 Nov 6, 2025
648ba8a
test: adjust unit tests - use ZoneWrapper instead of NetworkZone
Imat00 Nov 6, 2025
4f33d3d
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Nov 6, 2025
acf2a98
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Nov 11, 2025
063d876
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Nov 11, 2025
c39d571
Merge remote-tracking branch 'CactuseSecurity/importer-rework' into f…
Y4nnikH Nov 12, 2025
32e626f
feat(db): more consistent naming
Y4nnikH Nov 12, 2025
1e24021
feat(db): more consistent naming
Y4nnikH Nov 12, 2025
24731fc
feat(db): more consistent naming
Y4nnikH Nov 12, 2025
b68687d
feat: more consistent naming
Y4nnikH Nov 12, 2025
863508d
feat(middleware): match naming to normalized config in importer
Y4nnikH Nov 12, 2025
101f080
fix(api): rollback zone refs
Y4nnikH Nov 12, 2025
fb34195
feat(importer): handle multiple zones per rule from/to
Y4nnikH Nov 12, 2025
bd01851
feat(imporer): ensure zone order in rules
Y4nnikH Nov 12, 2025
cd4c387
feat(db): more consistent naming
Y4nnikH Nov 12, 2025
ebf4508
fix(importer): exclude zone fields from equality comparison in RuleNo…
Y4nnikH Nov 12, 2025
24c0933
Merge branch 'importer-rework' into feature/3782-crosstablesRulesZone
Imat00 Nov 13, 2025
073a0ce
upgrade-Script - make sure column exists
Imat00 Nov 13, 2025
589b273
changed variable Names
Imat00 Nov 13, 2025
0541af5
add comment in Script
Imat00 Nov 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
739 changes: 604 additions & 135 deletions roles/api/files/replace_metadata.json
View file
Open in desktop

Large diffs are not rendered by default.

6 changes: 5 additions & 1 deletion roles/common/files/fwo-api-calls/import/rollbackImport.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
mutation rollbackImport($importId: bigint!) {
delete_rule(where: {rule_create: {_eq: $importId}}) { affected_rows }
delete_rulebase(where: {created: {_eq: $importId}}) { affected_rows }
delete_rulebase_link(where: {created: {_eq: $importId}}) { affected_rows }
delete_object(where: {obj_create: {_eq: $importId}}) { affected_rows }
Expand All @@ -18,7 +17,10 @@ mutation rollbackImport($importId: bigint!) {
delete_rule_nwobj_resolved(where: {created: {_eq: $importId}}) { affected_rows }
delete_rule_svc_resolved(where: {created: {_eq: $importId}}) { affected_rows }
delete_rule_user_resolved(where: {created: {_eq: $importId}}) { affected_rows }
delete_rule_from_zone(where: {created: {_eq: $importId}}) { affected_rows }
delete_rule_to_zone(where: {created: {_eq: $importId}}) { affected_rows }
delete_rule_enforced_on_gateway(where: {created: {_eq: $importId}}) { affected_rows }
delete_rule(where: {rule_create: {_eq: $importId}}) { affected_rows }
update_rule(where: {removed: {_eq: $importId}}, _set: {removed: null}) { affected_rows }
update_rulebase(where: {removed: {_eq: $importId}}, _set: {removed: null}) { affected_rows }
update_rulebase_link(where: {removed: {_eq: $importId}}, _set: {removed: null}) { affected_rows }
Expand All @@ -38,6 +40,8 @@ mutation rollbackImport($importId: bigint!) {
update_rule_nwobj_resolved(where: {removed: {_eq: $importId}}, _set: {removed: null}) { affected_rows }
update_rule_svc_resolved(where: {removed: {_eq: $importId}}, _set: {removed: null}) { affected_rows }
update_rule_user_resolved(where: {removed: {_eq: $importId}}, _set: {removed: null}) { affected_rows }
update_rule_from_zone(where: {removed: {_eq: $importId}}, _set: {removed: null}) { affected_rows }
update_rule_to_zone(where: {removed: {_eq: $importId}}, _set: {removed: null}) { affected_rows }
update_rule_enforced_on_gateway(where: {removed: {_eq: $importId}}, _set: {removed: null}) { affected_rows }
delete_import_control(where: {control_id: {_eq: $importId}}) { affected_rows }
}
12 changes: 8 additions & 4 deletions roles/common/files/fwo-api-calls/report/getManagementForLatestNormalizedConfig.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,11 +120,15 @@ fragment ruleFragment on rule {
rule_last_hit
}
rule_comment
src_zone: zone {
zone_name
rule_from_zones {
zone {
zone_name
}
}
dst_zone: zoneByRuleToZone {
zone_name
rule_to_zones {
zone {
zone_name
}
}
section_header: rule_head_text
}
Expand Down
13 changes: 9 additions & 4 deletions roles/common/files/fwo-api-calls/report/getManagementForNormalizedConfig.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,11 +167,15 @@ fragment ruleFragment on rule {
rule_last_hit
}
rule_comment
src_zone: zone {
zone_name
rule_from_zones {
zone {
zone_name
}
}
dst_zone: zoneByRuleToZone {
zone_name
rule_to_zones {
zone {
zone_name
}
}
section_header: rule_head_text
}
Expand All @@ -193,6 +197,7 @@ fragment deviceFragment on device {
}

fragment ruleBaseLinkFragment on rulebase_link {
gw_id
rule {
rule_uid
}
Expand Down
18 changes: 11 additions & 7 deletions roles/common/files/fwo-api-calls/rule/fragments/ruleDetails.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,12 @@ fragment ruleDetails on rule {
rule_comment
rule_track
rule_disabled
src_zone: zone {
zone_name
zone_id
}
rule_from_zones {
zone {
zone_name
zone_id
}
}
active
rule_create
rule_last_seen
Expand Down Expand Up @@ -41,9 +43,11 @@ fragment ruleDetails on rule {
...networkObjectDetails
}
}
dst_zone: zoneByRuleToZone {
zone_name
zone_id
rule_to_zones {
zone {
zone_name
zone_id
}
}
rule_tos(where: {
active: { _eq: $active }
Expand Down
18 changes: 11 additions & 7 deletions roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsChangesNew.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,12 @@
rule_comment
rule_track
rule_disabled
src_zone: zone {
zone_name
zone_id
}
rule_from_zones {
zone {
zone_name
zone_id
}
}
rule_metadatum {
rule_metadata_id
rule_created
Expand Down Expand Up @@ -49,9 +51,11 @@
...networkObjectDetailsChangesNew
}
}
dst_zone: zoneByRuleToZone {
zone_name
zone_id
rule_to_zones {
zone {
zone_name
zone_id
}
}
rule_tos(where: {
active: { _eq: $active }
Expand Down
18 changes: 11 additions & 7 deletions roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsChangesOld.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,12 @@
rule_comment
rule_track
rule_disabled
src_zone: zone {
zone_name
zone_id
}
rule_from_zones {
zone {
zone_name
zone_id
}
}
rule_metadatum {
rule_metadata_id
rule_created
Expand Down Expand Up @@ -49,9 +51,11 @@
...networkObjectDetailsChangesOld
}
}
dst_zone: zoneByRuleToZone {
zone_name
zone_id
rule_to_zones {
zone {
zone_name
zone_id
}
}
rule_tos(where: {
active: { _eq: $active }
Expand Down
20 changes: 12 additions & 8 deletions roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsForReport.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,13 @@
section_header: rule_head_text
rule_comment
rule_track
rule_disabled
src_zone: zone {
zone_name
zone_id
}
rule_disabled
rule_from_zones {
zone {
zone_name
zone_id
}
}
rule_metadatum {
rule_metadata_id
rule_created
Expand Down Expand Up @@ -51,9 +53,11 @@
...networkObjectDetails
}
}
dst_zone: zoneByRuleToZone {
zone_name
zone_id
rule_to_zones {
zone {
zone_name
zone_id
}
}
rule_tos(where: {
rt_create: { _lte: $import_id_end }
Expand Down
18 changes: 11 additions & 7 deletions roles/common/files/fwo-api-calls/rule/fragments/ruleOverview.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,12 @@ fragment ruleOverview on rule {
rule_comment
rule_track
rule_disabled
src_zone: zone {
zone_name
zone_id
}
rule_from_zones {
zone {
zone_name
zone_id
}
}
rule_metadatum {
rule_metadata_id
rule_created
Expand Down Expand Up @@ -52,9 +54,11 @@ fragment ruleOverview on rule {
...networkObjectOverview
}
}
dst_zone: zoneByRuleToZone {
zone_name
zone_id
rule_to_zones {
zone {
zone_name
zone_id
}
}
rule_tos(where: {
rt_create: { _lte: $import_id_end }
Expand Down
18 changes: 11 additions & 7 deletions roles/common/files/fwo-api-calls/rule/fragments/ruleOverviewChangesNew.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,12 @@ fragment ruleOverviewChangesNew on rule {
rule_comment
rule_track
rule_disabled
src_zone: zone {
zone_name
zone_id
}
rule_from_zones {
zone {
zone_name
zone_id
}
}
rule_metadatum {
rule_metadata_id
rule_created
Expand Down Expand Up @@ -46,9 +48,11 @@ fragment ruleOverviewChangesNew on rule {
...networkObjectOverview
}
}
dst_zone: zoneByRuleToZone {
zone_name
zone_id
rule_to_zones {
zone {
zone_name
zone_id
}
}
rule_tos(where: {
active: { _eq: $active }
Expand Down
18 changes: 11 additions & 7 deletions roles/common/files/fwo-api-calls/rule/fragments/ruleOverviewChangesOld.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,12 @@ fragment ruleOverviewChangesOld on rule {
rule_comment
rule_track
rule_disabled
src_zone: zone {
zone_name
zone_id
}
rule_from_zones {
zone {
zone_name
zone_id
}
}
rule_metadatum {
rule_metadata_id
rule_created
Expand Down Expand Up @@ -46,9 +48,11 @@ fragment ruleOverviewChangesOld on rule {
...networkObjectOverview
}
}
dst_zone: zoneByRuleToZone {
zone_name
zone_id
rule_to_zones {
zone {
zone_name
zone_id
}
}
rule_tos(where: {
active: { _eq: $active }
Expand Down
8 changes: 8 additions & 0 deletions roles/common/files/fwo-api-calls/rule/insertRuleRefs.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ mutation insertRuleRefs(
$ruleNwObjResolveds: [rule_nwobj_resolved_insert_input!]!
$ruleSvcResolveds: [rule_svc_resolved_insert_input!]!
$ruleUserResolveds: [rule_user_resolved_insert_input!]!
$ruleFromZones: [rule_from_zone_insert_input!]!
$ruleToZones: [rule_to_zone_insert_input!]!
) {
insert_rule_from(objects: $ruleFroms) {
affected_rows
Expand All @@ -24,4 +26,10 @@ mutation insertRuleRefs(
insert_rule_user_resolved(objects: $ruleUserResolveds) {
affected_rows
}
insert_rule_from_zone(objects: $ruleFromZones) {
affected_rows
}
insert_rule_to_zone(objects: $ruleToZones) {
affected_rows
}
}
18 changes: 18 additions & 0 deletions roles/common/files/fwo-api-calls/rule/updateRuleRefs.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ mutation updateRuleRefs(
$ruleNwObjResolveds: [rule_nwobj_resolved_bool_exp!]
$ruleSvcResolveds: [rule_svc_resolved_bool_exp!]!
$ruleUserResolveds: [rule_user_resolved_bool_exp!]!
$ruleFromZones: [rule_from_zone_bool_exp!]
$ruleToZones: [rule_to_zone_bool_exp!]
) {
update_rule_from(where: {
_or: $ruleFroms
Expand Down Expand Up @@ -58,4 +60,20 @@ mutation updateRuleRefs(
}) {
affected_rows
}
update_rule_from_zone(where: {
_or: $ruleFromZones
removed: {_is_null: true}
}, _set: {
removed: $importId
}) {
affected_rows
}
update_rule_to_zone(where: {
_or: $ruleToZones
removed: {_is_null: true}
}, _set: {
removed: $importId
}) {
affected_rows
}
}
10 changes: 10 additions & 0 deletions roles/database/files/sql/creation/fworch-create-foreign-keys.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,11 @@ Alter table "rulebase_link" add CONSTRAINT fk_rulebase_link_created_import_contr
Alter table "rulebase_link" add CONSTRAINT fk_rulebase_link_removed_import_control_control_id
foreign key ("removed") references "import_control" ("control_id") on update restrict on delete cascade;

ALTER TABLE "rule_to_zone"
ADD CONSTRAINT fk_rule_to_zone_rule_id_rule_rule_id FOREIGN KEY ("rule_id") REFERENCES "rule" ("rule_id");
ALTER TABLE "rule_to_zone"
ADD CONSTRAINT fk_rule_to_zone_zone_id_zone_zone_id FOREIGN KEY ("zone_id") REFERENCES "zone" ("zone_id");

Alter table "rule_from" add foreign key ("obj_id") references "object" ("obj_id") on update restrict on delete cascade;
Alter table "rule_from" add foreign key ("rf_create") references "import_control" ("control_id") on update restrict on delete cascade;
Alter table "rule_from" add foreign key ("rf_last_seen") references "import_control" ("control_id") on update restrict on delete cascade;
Expand Down Expand Up @@ -143,6 +148,11 @@ Alter table "rule_service" add foreign key ("rs_last_seen") references "import_
Alter table "rule_service" add foreign key ("rule_id") references "rule" ("rule_id") on update restrict on delete cascade;
Alter table "rule_service" add foreign key ("svc_id") references "service" ("svc_id") on update restrict on delete cascade;

ALTER TABLE "rule_from_zone"
ADD CONSTRAINT fk_rule_from_zone_rule_id_rule_rule_id FOREIGN KEY ("rule_id") REFERENCES "rule" ("rule_id");
ALTER TABLE "rule_from_zone"
ADD CONSTRAINT fk_rule_from_zone_zone_id_zone_zone_id FOREIGN KEY ("zone_id") REFERENCES "zone" ("zone_id");

Alter table "rule_svc_resolved" add foreign key ("svc_id") references "service" ("svc_id") on update restrict on delete cascade;
Alter table "rule_svc_resolved" add foreign key ("rule_id") references "rule" ("rule_id") on update restrict on delete cascade;
Alter table "rule_svc_resolved" add foreign key ("mgm_id") references "management" ("mgm_id") on update restrict on delete cascade;
Expand Down
Loading
Loading