fix: source document id must be non-null

(cherry picked from commit 877a6b8)

Author: ctron

entity/src/advisory.rs

@@ -31,7 +31,7 @@ pub struct Model {
     pub withdrawn: Option<OffsetDateTime>,
     pub title: Option<String>,
     pub labels: Labels,
-    pub source_document_id: Option<Uuid>,
+    pub source_document_id: Uuid,
 }
 
 #[cfg(feature = "async-graphql")]

entity/src/sbom.rs

@@ -19,7 +19,7 @@ pub struct Model {
     pub suppliers: Vec<String>,
     pub data_licenses: Vec<String>,
 
-    pub source_document_id: Option<Uuid>,
+    pub source_document_id: Uuid,
 
     #[cfg_attr(
         feature = "async-graphql",

migration/src/lib.rs

@@ -28,6 +28,7 @@ mod m0001130_gover_cmp;
 mod m0001140_expand_spdx_licenses_function;
 mod m0001150_case_license_text_sbom_id_function;
 mod m0001160_improve_expand_spdx_licenses_function;
+mod m0001170_non_null_source_document_id;
 
 pub struct Migrator;
 
@@ -63,6 +64,7 @@ impl MigratorTrait for Migrator {
             Box::new(m0001140_expand_spdx_licenses_function::Migration),
             Box::new(m0001150_case_license_text_sbom_id_function::Migration),
             Box::new(m0001160_improve_expand_spdx_licenses_function::Migration),
+            Box::new(m0001170_non_null_source_document_id::Migration),
         ]
     }
 }

migration/src/m0001170_non_null_source_document_id.rs

@@ -0,0 +1,63 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Advisory::Table)
+                    .modify_column(ColumnDef::new(Advisory::SourceDocumentId).not_null())
+                    .to_owned(),
+            )
+            .await?;
+
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Sbom::Table)
+                    .modify_column(ColumnDef::new(Sbom::SourceDocumentId).not_null())
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Sbom::Table)
+                    .modify_column(ColumnDef::new(Sbom::SourceDocumentId).null())
+                    .to_owned(),
+            )
+            .await?;
+
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Advisory::Table)
+                    .modify_column(ColumnDef::new(Advisory::SourceDocumentId).null())
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+}
+
+#[derive(Iden)]
+enum Advisory {
+    Table,
+    SourceDocumentId,
+}
+
+#[derive(Iden)]
+enum Sbom {
+    Table,
+    SourceDocumentId,
+}

modules/fundamental/src/advisory/endpoints/mod.rs

@@ -157,7 +157,7 @@ pub async fn delete(
             false => Ok(HttpResponse::NotFound().finish()),
             true => {
                 tx.commit().await?;
-                if let Err(e) = delete_doc(v.source_document.as_ref(), i.storage()).await {
+                if let Err(e) = delete_doc(&v.source_document, i.storage()).await {
                     log::warn!("Ignoring {e}");
                 }
                 Ok(HttpResponse::Ok().json(v))
@@ -253,19 +253,15 @@ pub async fn download(
         return Ok(HttpResponse::NotFound().finish());
     };
 
-    if let Some(doc) = &advisory.source_document {
-        let stream = ingestor
-            .storage()
-            .retrieve(doc.try_into()?)
-            .await
-            .map_err(Error::Storage)?
-            .map(|stream| stream.map_err(Error::Storage));
+    let stream = ingestor
+        .storage()
+        .retrieve(advisory.source_document.try_into()?)
+        .await
+        .map_err(Error::Storage)?
+        .map(|stream| stream.map_err(Error::Storage));
 
-        Ok(match stream {
-            Some(s) => HttpResponse::Ok().streaming(s),
-            None => HttpResponse::NotFound().finish(),
-        })
-    } else {
-        Ok(HttpResponse::NotFound().finish())
-    }
+    Ok(match stream {
+        Some(s) => HttpResponse::Ok().streaming(s),
+        None => HttpResponse::NotFound().finish(),
+    })
 }

modules/fundamental/src/advisory/endpoints/test.rs

@@ -560,11 +560,7 @@ async fn delete_advisory(ctx: &TrustifyContext) -> Result<(), anyhow::Error> {
         .call_and_read_body_json(TestRequest::get().uri("/api/v2/advisory").to_request())
         .await;
     assert_eq!(advisory_list.total, 1);
-    let key: StorageKey = advisory_list.items[0]
-        .source_document
-        .as_ref()
-        .expect("valid document")
-        .try_into()?;
+    let key: StorageKey = advisory_list.items[0].source_document.clone().try_into()?;
     assert!(storage.retrieve(key.clone()).await?.is_some());
 
     // first delete should succeed

modules/fundamental/src/advisory/model/details/mod.rs

@@ -17,7 +17,7 @@ pub struct AdvisoryDetails {
     pub head: AdvisoryHead,
 
     #[serde(flatten)]
-    pub source_document: Option<SourceDocument>,
+    pub source_document: SourceDocument,
 
     /// Vulnerabilities addressed within this advisory.
     pub vulnerabilities: Vec<AdvisoryVulnerabilitySummary>,
@@ -60,10 +60,7 @@ impl AdvisoryDetails {
                 tx,
             )
             .await?,
-            source_document: advisory
-                .source_document
-                .as_ref()
-                .map(SourceDocument::from_entity),
+            source_document: SourceDocument::from_entity(&advisory.source_document),
             vulnerabilities,
             average_severity: None,
             average_score: None,

modules/fundamental/src/advisory/model/summary.rs

@@ -17,7 +17,7 @@ pub struct AdvisorySummary {
 
     /// Information pertaning to the underlying source document, if any.
     #[serde(flatten)]
-    pub source_document: Option<SourceDocument>,
+    pub source_document: SourceDocument,
 
     /// Average (arithmetic mean) severity of the advisory aggregated from *all* related vulnerability assertions.
     #[schema(required)]
@@ -69,10 +69,7 @@ impl AdvisorySummary {
                     tx,
                 )
                 .await?,
-                source_document: each
-                    .source_document
-                    .as_ref()
-                    .map(SourceDocument::from_entity),
+                source_document: SourceDocument::from_entity(&each.source_document),
                 average_severity: None,
                 average_score: None,
                 vulnerabilities,

modules/fundamental/src/advisory/service/mod.rs

@@ -199,7 +199,7 @@ impl AdvisoryService {
 
 #[derive(Debug)]
 pub struct AdvisoryCatcher {
-    pub source_document: Option<source_document::Model>,
+    pub source_document: source_document::Model,
     pub advisory: advisory::Model,
     pub issuer: Option<organization::Model>,
 }
@@ -211,7 +211,8 @@ impl FromQueryResult for AdvisoryCatcher {
                 res,
                 "",
                 source_document::Entity,
-            )?,
+            )?
+            .ok_or_else(|| DbErr::Custom("Missing source document".to_string()))?,
             advisory: Self::from_query_result_multi_model(res, "", advisory::Entity)?,
             issuer: Self::from_query_result_multi_model_optional(res, "", organization::Entity)?,
         })

modules/fundamental/src/advisory/service/test.rs

@@ -152,12 +152,12 @@ async fn single_advisory(ctx: &TrustifyContext) -> Result<(), anyhow::Error> {
             fetched,
             Some(AdvisoryDetails {
                 head: AdvisoryHead { .. },
-            source_document: Some(SourceDocument {
+            source_document: SourceDocument {
                 sha256,
                 sha384,
                 sha512,
                 ..
-            }),
+            },
             average_severity: None,
                 ..
             })
@@ -168,14 +168,13 @@ async fn single_advisory(ctx: &TrustifyContext) -> Result<(), anyhow::Error> {
             fetched,
             Some(AdvisoryDetails {
                 head: AdvisoryHead { .. },
-            source_document: Some(SourceDocument {
+            source_document: SourceDocument {
                 sha256,
                 sha384,
                 sha512,
                 ..
-            }),
+            },
             average_severity: None,
-
                 ..
             })
         if sha256 == jenny256.to_string() && sha384 == jenny384.to_string() && sha512 == jenny512.to_string()));