Skip to content

feat(importer-rework): enhance table rule_metadata (#3863) #3885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 27 commits into
base: importer-rework
Choose a base branch
from
Open

feat(importer-rework): enhance table rule_metadata (#3863) #3885

wants to merge 27 commits into from
+177 −1

Conversation

@Imat00
Copy link
Contributor

@Imat00 Imat00 commented Nov 5, 2025
edited by tpurschke
Loading

Addresses #3863

  • Add column mgm_id INT with foreign key reference to management

  • Remove rule_uid unique constraint and its fk(temporarily)

  • Upgrade script:

    • set mgm_id in rule_metadata using existing mapping (rule_metadata.rule_uid -> rule.rule_uid)

  • Post-processing:

    • Set mgm_id as NOT NULL
    • Add unique constraint on (mgm_id, rule_uid) in rule_metadata
    • Add rule_uid unique constraint and its fk

  • update:

    • create table
    • create foreign-keys
    • create constraints
    • replace_metadata(Permissions mgm_id in rule_metadata and tracking fk for mgm_id)

Imat00 added 5 commits November 4, 2025 09:04
@Imat00
DB-changes:
05c7942 
- add mgm_id column to rule_metadata
- delete and add fk(not ready yet)
- delete and add Unique from rule_uid to (rule_uid, mgm,id)
- get data from rule table for mgm_ids in rule_metadata
@Imat00
changes DB2 - ToDo Hasura metadata Relationship bypass
6afb595
@Imat00
update: Permissions in metadata for mgm_id in rule_metadata
40882dd
@Imat00
Merge remote-tracking branch 'Cactus/importer-rework' into feature/im…
db5b115 
…porter-rework-rule_metadataEnhance
@Imat00
update foreign key on mgm_id
943770f
@Imat00 Imat00 self-assigned this Nov 5, 2025
@Imat00 Imat00 requested a review from tpurschke November 5, 2025 13:40
tpurschke
tpurschke reviewed Nov 5, 2025
View reviewed changes
Copy link
Contributor

@tpurschke tpurschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good but I need some more time for testing this. Die you try both a clean install and an upgrade?

@Imat00
Copy link
Contributor Author

Imat00 commented Nov 5, 2025

I performed a clean installation and tested the upgrade script several times.
I will also test the upgrade path.
If any issues occur, I will report them.

tpurschke
tpurschke requested changes Nov 10, 2025
View reviewed changes
Copy link
Contributor

@tpurschke tpurschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The constraint does not seem correct yet.
multiple versions of a rule with the same uid is not an issue as long as all of these occur on the same management.

tpurschke
tpurschke reviewed Nov 10, 2025
View reviewed changes
Copy link
Contributor

@tpurschke tpurschke left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

found an error in import caused by the change here, so I guess we have to adapt the importer at the same time:

2025-11-10T17:28:07+0100 [INFO ] [fwo_api.py               :_call_chunked            : 217] Processing chunked API call (upsertRuleMetadata)...
2025-11-10T17:28:07+0100 [DEBUG] [fwo_api.py               :_call_chunked            : 257] Chunk 1: 1000/9295 processed elements.
2025-11-10T17:28:07+0100 [ERROR] [fwo_api.py               :_handle_chunked_calls_res: 289] encountered error while handling chunked call: [{'message': 'Not-NULL violation. null value in column "mgm_id" of relation "rule_metadata" violates not-null constraint', 'extensions': {'path': '$.selectionSet.insert_rule_metadata.args.objects', 'code': 'constraint-violation'}}]
2025-11-10T17:28:07+0100 [ERROR] [fwo_api.py               :call                     :  84] FwoImporterError during API call: encountered error while handling chunked call: [{'message': 'Not-NULL violation. null value in column "mgm_id" of relation "rule_metadata" violates not-null constraint', 'extensions': {'path': '$.selectionSet.insert_rule_metadata.args.objects', 'code': 'constraint-violation'}}]
2025-11-10T17:28:07+0100 [ERROR] [common.py                :rollBackExceptionHandler : 185] Exception: FwoApiWriteError
2025-11-10T17:28:09+0100 [INFO ] [rollback.py              :rollbackCurrentImport    :  37] import 435 has been rolled back successfully
2025-11-10T17:28:09+0100 [INFO ] [import_state_controller.p:delete_import            : 435] removed import with id 435 completely
2025-11-10T17:28:09+0100 [INFO ] [fwo_api_call.py          :complete_import          : 329] import_management: import no. 435 for management fwmgmt01-f (id=252) threw errors, total change count: 22074, rule change count: 0, duration: 256s, ERRORS: ['FwoApiWriteError or FwoImporterError: ('failed to write new RulesMetadata: Traceback (most recent call last):\n  File "/usr/local/fworch/importer/model_controllers/fwconfig_import_rule.py", line 612, in addNewRuleMetadata\n    import_result = self.import_details.api_call.call(addNewRuleMetadataMutation, query_variables=query_variables, debug_level=self.import_details.DebugLevel, analyze_payload=True)\n                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File "/usr/local/fworch/importer/fwo_api.py", line 65, in call\n    return_object = self._call_chunked(session, query, query_variables, fwo_globals.debug_level)\n                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File "/usr/local/fworch/importer/fwo_api.py", line 252, in _call_chunked\n    return_object = self._handle_chunked_calls_response(return_object, response)\n                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File "/usr/local/fworch/importer/fwo_api.py", line 290, in _handle_chunked_calls_response\n    raise FwoImporterError(error_txt)\nfwo_exceptions.FwoImporterError: encountered error while handling chunked call: [{\'message\': \'Not-NULL violation. null value in column "mgm_id" of relation "rule_metadata" violates not-null constraint\', \'extensions\': {\'path\': \'$.selectionSet.insert_rule_metadata.args.objects\', \'code\': \'constraint-violation\'}}]\n',) - aborting import']
(importer-venv) fworch@FWORCH1:~/importer$

@tpurschke tpurschke marked this pull request as draft November 10, 2025 16:46
@Imat00
Copy link
Contributor Author

Imat00 commented Nov 11, 2025

found an error in import caused by the change here, so I guess we have to adapt the importer at the same time:

2025-11-10T17:28:07+0100 [INFO ] [fwo_api.py               :_call_chunked            : 217] Processing chunked API call (upsertRuleMetadata)...
2025-11-10T17:28:07+0100 [DEBUG] [fwo_api.py               :_call_chunked            : 257] Chunk 1: 1000/9295 processed elements.
2025-11-10T17:28:07+0100 [ERROR] [fwo_api.py               :_handle_chunked_calls_res: 289] encountered error while handling chunked call: [{'message': 'Not-NULL violation. null value in column "mgm_id" of relation "rule_metadata" violates not-null constraint', 'extensions': {'path': '$.selectionSet.insert_rule_metadata.args.objects', 'code': 'constraint-violation'}}]
2025-11-10T17:28:07+0100 [ERROR] [fwo_api.py               :call                     :  84] FwoImporterError during API call: encountered error while handling chunked call: [{'message': 'Not-NULL violation. null value in column "mgm_id" of relation "rule_metadata" violates not-null constraint', 'extensions': {'path': '$.selectionSet.insert_rule_metadata.args.objects', 'code': 'constraint-violation'}}]
2025-11-10T17:28:07+0100 [ERROR] [common.py                :rollBackExceptionHandler : 185] Exception: FwoApiWriteError
2025-11-10T17:28:09+0100 [INFO ] [rollback.py              :rollbackCurrentImport    :  37] import 435 has been rolled back successfully
2025-11-10T17:28:09+0100 [INFO ] [import_state_controller.p:delete_import            : 435] removed import with id 435 completely
2025-11-10T17:28:09+0100 [INFO ] [fwo_api_call.py          :complete_import          : 329] import_management: import no. 435 for management fwmgmt01-f (id=252) threw errors, total change count: 22074, rule change count: 0, duration: 256s, ERRORS: ['FwoApiWriteError or FwoImporterError: ('failed to write new RulesMetadata: Traceback (most recent call last):\n  File "/usr/local/fworch/importer/model_controllers/fwconfig_import_rule.py", line 612, in addNewRuleMetadata\n    import_result = self.import_details.api_call.call(addNewRuleMetadataMutation, query_variables=query_variables, debug_level=self.import_details.DebugLevel, analyze_payload=True)\n                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File "/usr/local/fworch/importer/fwo_api.py", line 65, in call\n    return_object = self._call_chunked(session, query, query_variables, fwo_globals.debug_level)\n                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File "/usr/local/fworch/importer/fwo_api.py", line 252, in _call_chunked\n    return_object = self._handle_chunked_calls_response(return_object, response)\n                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File "/usr/local/fworch/importer/fwo_api.py", line 290, in _handle_chunked_calls_response\n    raise FwoImporterError(error_txt)\nfwo_exceptions.FwoImporterError: encountered error while handling chunked call: [{\'message\': \'Not-NULL violation. null value in column "mgm_id" of relation "rule_metadata" violates not-null constraint\', \'extensions\': {\'path\': \'$.selectionSet.insert_rule_metadata.args.objects\', \'code\': \'constraint-violation\'}}]\n',) - aborting import']
(importer-venv) fworch@FWORCH1:~/importer$

'Not-NULL violation. null value in column "mgm_id" of relation "rule_metadata" violates not-null constraint' is caused by the change that made mgm_id in rule_metadata NOT NULL. We can discuss how to handle it.

@Imat00 Imat00 marked this pull request as ready for review November 11, 2025 15:06
tpurschke
tpurschke requested changes Nov 11, 2025
View reviewed changes
Copy link
Contributor

@tpurschke tpurschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see below - displaying violations that prevent an update would be helpful

@Imat00
add Exceptions with list:
b3d600f 
- missing Rule_uid from rule_metadata on rule
-  of Rule_uid and multiple mgm_id(s)
@Imat00
Merge branch 'feature/importer-rework-rule_metadataEnhance' of https:…
98bcb31 
…//github.com/Imat00/firewall-orchestrator into feature/importer-rework-rule_metadataEnhance
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 12, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Imat00 Imat00 requested review from Y4nnikH and tpurschke November 12, 2025 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tpurschke tpurschke Awaiting requested review from tpurschke

@Y4nnikH Y4nnikH Awaiting requested review from Y4nnikH

Requested changes must be addressed to merge this pull request.

Assignees

@Imat00 Imat00

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Imat00 @tpurschke