Skip to content

feat(importer): update removed rulebases in db #3894

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: importer-rework
Choose a base branch
from
Open

feat(importer): update removed rulebases in db #3894

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3746e4e
feat(importer): update removed rulebases in db
Y4nnikH Nov 7, 2025
4d2dd92
Merge branch 'importer-rework' into feat/import-set-rulebases-removed
Y4nnikH Nov 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 29 additions & 2 deletions roles/importer/files/importer/model_controllers/fwconfig_import_rule.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ def updateRulebaseDiffs(self, prevConfig: FwConfigNormalized):
ruleUidsInBoth: dict[str, list[str]] = {}
previous_rulebase_uids: list[str] = []
current_rulebase_uids: list[str] = []
removed_rulebase_uids: list[str] = []
new_hit_information = []

rule_order_diffs: dict[str, dict[str, list[str]]] = self.rule_order_service.update_rule_order_diffs(self.import_details.DebugLevel)
Expand All @@ -88,13 +89,12 @@ def updateRulebaseDiffs(self, prevConfig: FwConfigNormalized):
for rulebase_uid in previous_rulebase_uids:
current_rulebase = self.normalized_config.get_rulebase(rulebase_uid)
if current_rulebase is None:
removed_rulebase_uids.append(rulebase_uid)
continue # rulebase has been deleted
if rulebase_uid in current_rulebase_uids:
# deal with policies contained both in this and previous config
previous_rulebase = prevConfig.get_rulebase(rulebase_uid)
ruleUidsInBoth.update({ rulebase_uid: list(current_rulebase.rules.keys() & previous_rulebase.rules.keys()) }) # type: ignore
else:
logger.info(f"previous rulebase has been deleted: {current_rulebase.name} (id:{rulebase_uid})")

# find changed rules
for rulebase_uid in ruleUidsInBoth:
Expand Down Expand Up @@ -128,6 +128,7 @@ def updateRulebaseDiffs(self, prevConfig: FwConfigNormalized):
num_new_refs = self.add_new_refs(prevConfig)

num_deleted_rules, removed_rule_ids = self.mark_rules_removed(rule_order_diffs["deleted_rule_uids"])
num_removed_rulebases = self.mark_rulebases_removed(removed_rulebase_uids)
Copy link

Copilot AI Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The variable num_removed_rulebases is assigned but never used. Consider adding it to the statistics tracking (similar to how num_deleted_rules is added to RuleDeleteCount on line 140) or logging the count of removed rulebases for visibility.

Copilot uses AI. Check for mistakes.
num_removed_refs = self.remove_outdated_refs(prevConfig)

_, num_moved_rules, _ = self.verify_rules_moved(changedRuleUids)
Expand Down Expand Up @@ -355,6 +356,7 @@ def get_outdated_refs_to_remove(self, prev_rule: RuleNormalized, rule: RuleNorma
return refs_to_remove

def remove_outdated_refs(self, prev_config: FwConfigNormalized):
"""Remove all outdated nwobj/svc/(user) references, including resolved ones, for changed and removed rules."""
all_refs_to_remove = {ref_type: [] for ref_type in RefType}
for prev_rulebase in prev_config.rulebases:
rules = next((rb.rules for rb in self.normalized_config.rulebases if rb.uid == prev_rulebase.uid), {})
Expand Down Expand Up @@ -788,6 +790,31 @@ def mark_rules_removed(self, removedRuleUids: dict[str, list[str]]) -> tuple[int

return changes, collectedRemovedRuleIds

def mark_rulebases_removed(self, removedRulebaseUids: list[str]) -> int:
logger = getFwoLogger()
Copy link

Copilot AI Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The variable logger is declared but never used in this function. Consider removing it or adding appropriate logging statements (e.g., logging when rulebases are successfully marked as removed).

Copilot uses AI. Check for mistakes.
changes = 0

if len(removedRulebaseUids) == 0:
return 0

Copy link

Copilot AI Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trailing whitespace detected on this line. Please remove it to maintain code cleanliness.

Suggested change

Copilot uses AI. Check for mistakes.
removeMutation = """
mutation markRulebasesRemoved($importId: bigint!, $mgmId: Int!, $uids: [String!]!) {
update_rulebase(where: {removed: { _is_null: true }, uid: {_in: $uids}, mgm_id: {_eq: $mgmId}}, _set: {removed: $importId}) {
affected_rows
}
}
"""
query_variables = { 'importId': self.import_details.ImportId,
'mgmId': self.import_details.MgmDetails.CurrentMgmId,
'uids': removedRulebaseUids }
try:
removeResult = self.import_details.api_call.call(removeMutation, query_variables=query_variables)
except Exception:
raise FwoApiWriteError(f"failed to remove rulebases: {str(traceback.format_exc())}")
if 'errors' in removeResult:
raise FwoApiWriteError(f"failed to remove rulebases: {str(removeResult['errors'])}")
changes = int(removeResult['data']['update_rulebase']['affected_rows'])
return changes

def create_new_rule_version(self, rule_uids: dict[str, list[str]]) -> tuple[int, list[int], list[dict]]:
"""
Expand Down
Loading