Recover rule by rule recertification

roles/common/files/fwo-api-calls/owner/getRuleOwnerships.graphql

@@ -3,7 +3,6 @@ query getRuleOwnerships ($ownerId: Int!) {
   rule_owner (where: {owner_id: {_eq: $ownerId}} order_by: { rule_metadata_id: asc }){
     rule_metadatum {
       rule_metadata_id
-      dev_id
       rule_uid
     }
   }

roles/common/files/fwo-api-calls/recertification/clearOpenRecerts.graphql

@@ -1,8 +1,7 @@
-mutation clearOpenRecerts($ownerId: Int, $mgmId: Int) {
+mutation clearOpenRecerts($ownerId: Int) {
   delete_recertification(
     where: {
       owner_id: { _eq: $ownerId }
-      rule_metadatum: { device: { mgm_id: { _eq: $mgmId } } }
       recert_date: { _is_null: true }
     }
   ) {

roles/common/files/fwo-api-calls/recertification/getOpenRecerts.graphql

@@ -1,4 +1,4 @@
-query getFutureRecertsForOwners($ownerId: Int!, $mgmId: Int!) {
+query getOpenRecerts($ownerId: Int!, $mgmId: Int!) {
   recert_get_one_owner_one_mgm(
     where: { recert_date: { _is_null: true } }
     args: { i_mgm_id: $mgmId, i_owner_id: $ownerId }
@@ -13,5 +13,6 @@ query getFutureRecertsForOwners($ownerId: Int!, $mgmId: Int!) {
     next_recert_date
     recert_date
     comment
+	owner_recert_id
   }
 }

roles/common/files/fwo-api-calls/recertification/recertify.graphql

@@ -19,7 +19,4 @@ mutation recertify(
     ) {
       affected_rows
     }
-  ) {
-    affected_rows
-  }
 }

roles/database/files/sql/creation/fworch-views-materialized.sql

@@ -158,13 +158,13 @@ DROP FUNCTION purge_view_rule_with_owner();
 -- SmallOwnerChange: add MATERIALIZED for large installations
 CREATE MATERIALIZED VIEW view_rule_with_owner AS
 	SELECT DISTINCT ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, ar.rule_last_certifier,
-	r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.dev_id, r.mgm_id, r.rule_uid,
+	r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.mgm_id, r.rule_uid,
 	r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg,
 	r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule
 	FROM ( SELECT DISTINCT * FROM v_rule_with_rule_owner AS rul UNION SELECT DISTINCT * FROM v_rule_with_ip_owner AS ips) AS ar
 	LEFT JOIN rule AS r USING (rule_id)
 	GROUP BY ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, ar.rule_last_certifier,
-		r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.dev_id, r.mgm_id, r.rule_uid,
+		r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.mgm_id, r.rule_uid,
 		r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg,
 		r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule;
 

roles/database/files/sql/idempotent/fworch-rule-recert.sql

@@ -106,7 +106,7 @@ BEGIN
 					b_never_recertified := TRUE;
 					SELECT INTO t_rule_created rule_metadata.rule_created
 						FROM rule
-						LEFT JOIN rule_metadata ON (rule.rule_uid=rule_metadata.rule_uid AND rule.dev_id=rule_metadata.dev_id)
+						LEFT JOIN rule_metadata ON (rule.rule_uid=rule_metadata.rule_uid)
 						WHERE rule_id=r_rule.rule_id;
 				END IF;
 
@@ -141,7 +141,7 @@ BEGIN
 							i_owner_id AS owner_id
 						FROM view_rule_with_owner 
 						LEFT JOIN rule USING (rule_id)
-						LEFT JOIN rule_metadata ON (rule.rule_uid=rule_metadata.rule_uid AND rule.dev_id=rule_metadata.dev_id)
+						LEFT JOIN rule_metadata ON (rule.rule_uid=rule_metadata.rule_uid)
 						WHERE view_rule_with_owner.rule_id=r_rule.rule_id AND view_rule_with_owner.owner_id IS NULL;
 				ELSE
 					INSERT INTO recertification (rule_metadata_id, next_recert_date, rule_id, ip_match, owner_id)
@@ -152,7 +152,7 @@ BEGIN
 							i_owner_id AS owner_id
 						FROM view_rule_with_owner 
 						LEFT JOIN rule USING (rule_id)
-						LEFT JOIN rule_metadata ON (rule.rule_uid=rule_metadata.rule_uid AND rule.dev_id=rule_metadata.dev_id)
+						LEFT JOIN rule_metadata ON (rule.rule_uid=rule_metadata.rule_uid)
 						WHERE view_rule_with_owner.rule_id=r_rule.rule_id AND view_rule_with_owner.owner_id=i_owner_id;
 				END IF;
 			ELSE
@@ -226,11 +226,12 @@ BEGIN
 					SELECT I.start_time::timestamp + make_interval (days => o.recert_interval) AS value
 					UNION
 					SELECT C.recert_date + make_interval (days => o.recert_interval) AS value
-				) AS temp_table))
+				) AS temp_table)),
+			NULL::bigint AS owner_recert_id
 		FROM 
 			view_rule_with_owner V 
 			LEFT JOIN rule R USING (rule_id)			
-			LEFT JOIN rule_metadata M ON (R.rule_uid=M.rule_uid AND R.dev_id=M.dev_id)
+			LEFT JOIN rule_metadata M ON (R.rule_uid=M.rule_uid)
 			LEFT JOIN owner O ON (O.id=0)
 			LEFT JOIN import_control I ON (R.rule_create=I.control_id)
 			LEFT JOIN recertification C ON (M.rule_metadata_id=C.rule_metadata_id)
@@ -253,11 +254,12 @@ BEGIN
 					SELECT I.start_time::timestamp + make_interval (days => o.recert_interval) AS value
 					UNION
 					SELECT C.recert_date + make_interval (days => o.recert_interval) AS value
-				) AS temp_table))
+				) AS temp_table)),
+			NULL::bigint AS owner_recert_id
 		FROM 
 			view_rule_with_owner V 
 			LEFT JOIN rule R USING (rule_id)			
-			LEFT JOIN rule_metadata M ON (R.rule_uid=M.rule_uid AND R.dev_id=M.dev_id)
+			LEFT JOIN rule_metadata M ON (R.rule_uid=M.rule_uid)
 			LEFT JOIN owner O ON (V.owner_id=O.id)
 			LEFT JOIN import_control I ON (R.rule_create=I.control_id)
 			LEFT JOIN recertification C ON (M.rule_metadata_id=C.rule_metadata_id)

roles/database/files/sql/idempotent/fworch-texts.sql

@@ -562,6 +562,8 @@ INSERT INTO txt VALUES ('check_times', 			'German',	'Prüfung Datumswerte');
 INSERT INTO txt VALUES ('check_times', 			'English',	'Check time values');
 INSERT INTO txt VALUES ('select_device',		'German', 	'Device(s) auswählen');
 INSERT INTO txt VALUES ('select_device',		'English', 	'Select device(s)');
+INSERT INTO txt VALUES ('select_management',	'German', 	'Management(s) auswählen');
+INSERT INTO txt VALUES ('select_management',	'English', 	'Select management(s)');
 INSERT INTO txt VALUES ('tenant_vis_devices',   'German', 	'Mandanten-Firewalls');
 INSERT INTO txt VALUES ('tenant_vis_devices',	'English', 	'Tenant firewalls');
 INSERT INTO txt VALUES ('edit_vis_devices',		'German', 	'Devices für Mandant');
@@ -1276,6 +1278,8 @@ INSERT INTO txt VALUES ('edit_interface', 	    'German',	'Schnittstelle bearbeit
 INSERT INTO txt VALUES ('edit_interface', 	    'English',	'Edit Interface');
 INSERT INTO txt VALUES ('delete_interface', 	'German',	'Schnittstelle löschen');
 INSERT INTO txt VALUES ('delete_interface', 	'English',	'Delete Interface');
+INSERT INTO txt VALUES ('propose_alternative', 	'German',	'Alternative vorschlagen');
+INSERT INTO txt VALUES ('propose_alternative', 	'English',	'Propose alternative');
 INSERT INTO txt VALUES ('insert_forbidden', 	'German',	'Einfügen verboten');
 INSERT INTO txt VALUES ('insert_forbidden', 	'English',	'Insert forbidden');
 INSERT INTO txt VALUES ('func_reason', 	        'German',	'Fachliche Begründung');

roles/database/files/upgrade/9.0.sql

@@ -1683,4 +1683,18 @@ insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufac
 
 insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device)
     VALUES (29,'Cisco Asa on FirePower','9','Cisco','',false,true,false)
-    ON CONFLICT (dev_typ_id) DO NOTHING;
+    ON CONFLICT (dev_typ_id) DO NOTHING;
+
+
+DROP MATERIALIZED VIEW IF EXISTS view_rule_with_owner;
+CREATE MATERIALIZED VIEW view_rule_with_owner AS
+	SELECT DISTINCT ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, ar.rule_last_certifier,
+	r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.mgm_id, r.rule_uid,
+	r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg,
+	r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule
+	FROM ( SELECT DISTINCT * FROM v_rule_with_rule_owner AS rul UNION SELECT DISTINCT * FROM v_rule_with_ip_owner AS ips) AS ar
+	LEFT JOIN rule AS r USING (rule_id)
+	GROUP BY ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, ar.rule_last_certifier,
+		r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.mgm_id, r.rule_uid,
+		r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg,
+		r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule;

roles/lib/files/FWO.Data/FwoOwner.cs

@@ -50,7 +50,7 @@ public class FwoOwner : FwoOwnerBase
 
         public bool RecertOverdue { get; set; } = false;
         public bool RecertUpcoming { get; set; } = false;
-        public long LastRecertId { get; set; } = 0;
+        public long? LastRecertId { get; set; }
 
         public FwoOwner()
         { }

roles/lib/files/FWO.Data/Report/DeviceFilter.cs

@@ -13,7 +13,10 @@ public class ManagementSelect
         [JsonProperty("name"), JsonPropertyName("name")]
         public string? Name { get; set; }
 
-        [JsonProperty("devices"), JsonPropertyName("devices")]
+        [JsonProperty("uid"), JsonPropertyName("uid")]
+        public string Uid { get; set; } = "";
+
+		[JsonProperty("devices"), JsonPropertyName("devices")]
         public List<DeviceSelect> Devices { get; set; } = [];
 
         public ElementReference? UiReference { get; set; }

roles/lib/files/FWO.Data/RuleMetadata.cs

@@ -41,9 +41,6 @@ public class RuleMetadata
         [JsonProperty("recert_history"), JsonPropertyName("recert_history")]
         public List<Recertification> RecertHistory { get; set; } = [];
 
-        [JsonProperty("dev_id"), JsonPropertyName("dev_id")]
-        public int DeviceId { get; set; }
-
         [JsonProperty("rule_uid"), JsonPropertyName("rule_uid")]
         public string? Uid { get; set; } = "";
 

roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs

@@ -21,7 +21,28 @@ public class DynGraphqlQuery(string rawInput)
         public string UserObjWhereStatement { get; set; } = "";
         public string ConnectionWhereStatement { get; set; } = "";
         public string OwnerWhereStatement { get; set; } = "";
-        public string OpenRulesTable { get; set; } = "rules(";
+        public string OpenRuleBaseTable { get; set; } = $@" rulebase_links {{
+                                linkType: stm_link_type  {{
+                                    name
+                                    id
+                                }}
+                                link_type
+                                is_initial
+                                is_global
+                                is_section
+                                gw_id
+                                from_rule_id
+                                from_rulebase_id
+                                to_rulebase_id
+                                created
+                                removed
+                            }}
+                        }}
+                        rulebases {{
+                            name
+                            uid
+                            id ";
+        public string OpenRulesTable { get; set; } = $@" rules (";
         public string OpenChangeLogRulesTable { get; set; } = "changelog_rules(";
         public List<string> QueryParameters { get; set; } =
         [
@@ -138,33 +159,13 @@ query rulesReport ({paramString})
                         id: mgm_id
                         uid: mgm_uid
                         name: mgm_name
-                        devices ({GetDevWhereFilter(ref query, filter.ReportParams.DeviceFilter)})
+                        devices ({GetDevWhereFilter(filter.ReportParams.DeviceFilter)})
                         {{
                             id: dev_id
                             name: dev_name
                             uid: dev_uid
-                            rulebase_links {{
-                                linkType: stm_link_type  {{
-                                    name
-                                    id
-                                }}
-                                link_type
-                                is_initial
-                                is_global
-                                is_section
-                                gw_id
-                                from_rule_id
-                                from_rulebase_id
-                                to_rulebase_id
-                                created
-                                removed
-                            }}
-                        }}
-                        rulebases {{
-                            name
-                            uid
-                            id
-                            rules (
+                            {query.OpenRuleBaseTable}
+                            {query.OpenRulesTable}
                                 {limitOffsetString}
                                 where: {{ access_rule: {{_eq: true}} {query.RuleWhereStatement} }} 
                                 order_by: {{ rule_num_numeric: asc }} )
@@ -192,6 +193,7 @@ query rulesCertReport({paramString})
                         {{
                             id: dev_id
                             name: dev_name
+                            {query.OpenRuleBaseTable}
                             {query.OpenRulesTable}
                                 where: {{ 
                                     rule_metadatum: {{ recertifications_aggregate: {{ count: {{ filter: {{ _and: [{{owner: $ownerWhere}}, {{recert_date: {{_is_null: true}}}}, {{next_recert_date: {{_lte: $refdate1}}}}]}}, predicate: {{_gt: 0}}}}}}}}
@@ -273,6 +275,7 @@ query natRulesReport ({paramString})
                         {{
                             id: dev_id
                             name: dev_name
+                            {query.OpenRuleBaseTable}
                             {query.OpenRulesTable}
                                 {limitOffsetString}
                                 where: {{  nat_rule: {{_eq: true}}, ruleByXlateRule: {{}} {query.RuleWhereStatement} }} 
@@ -410,14 +413,16 @@ private static void SetRuleRecertFilter(ref DynGraphqlQuery query, ModellingFilt
         {
             query.RuleWhereStatement += $" {{ rule_metadatum: {{ recertifications: {{ owner_recert_id: {{_eq: {modellingFilter.OwnerRecertId} }}, recertified: {{ _eq: true }} }} }} }}";
         }
+
         private static void SetDeviceFilter(ref DynGraphqlQuery query, DeviceFilter? deviceFilter)
         {
             if (deviceFilter != null)
             {
                 query.RelevantManagementIds = deviceFilter.GetSelectedManagements();
             }
         }
-        private static string GetDevWhereFilter(ref DynGraphqlQuery query, DeviceFilter? deviceFilter)
+
+        private static string GetDevWhereFilter(DeviceFilter deviceFilter)
         {
             string devWhereStatement = devWhereStringStart;
             bool first = true;
@@ -628,15 +633,14 @@ private static void SetOwnerFilter(ref DynGraphqlQuery query, ModellingFilter? m
             if (modellingFilter != null)
             {
                 // currently overruling tenant filter!!
-                // query.OpenRulesTable = $"rules: get_rules_for_owner(args: {{ownerid: {modellingFilter.SelectedOwner.Id} }}, ";
-                query.OpenRulesTable = $@"
+                query.OpenRuleBaseTable = $@"
                                         rulebase_links(order_by: {{order_no: asc}}) {{
                                             rulebase_id
                                             order_no
                                             rulebase {{
                                                 id
-                                                name
-                                                rules: get_rules_for_owner(args: {{ownerid: {modellingFilter.SelectedOwner.Id} }}, ";
+                                                name ";
+                query.OpenRulesTable = $@" rules: get_rules_for_owner(args: {{ownerid: {modellingFilter.SelectedOwner.Id} }}, ";
                 query.SelectedOwner = modellingFilter.SelectedOwner;
             }
         }