ROX-33655: Query changes for enhanced filters#19881
Open
ksurabhi91 wants to merge 2 commits intomasterfrom
Open
ROX-33655: Query changes for enhanced filters#19881ksurabhi91 wants to merge 2 commits intomasterfrom
ksurabhi91 wants to merge 2 commits intomasterfrom
Conversation
|
Skipping CI for Draft Pull Request. |
Contributor
🚀 Build Images ReadyImages are ready for commit 64893a1. To use with deploy scripts: export MAIN_IMAGE_TAG=4.11.x-609-g64893a10df |
dd7d511 to
75378cb
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #19881 +/- ##
==========================================
- Coverage 49.61% 49.58% -0.04%
==========================================
Files 2765 2764 -1
Lines 208541 208466 -75
==========================================
- Hits 103464 103359 -105
- Misses 97401 97451 +50
+ Partials 7676 7656 -20
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
4588ba5 to
ce311ef
Compare
d05c96a to
e89acd6
Compare
e89acd6 to
b463795
Compare
Contributor
📝 WalkthroughSummary by CodeRabbitRelease Notes
WalkthroughThe changes add entity-scoped query support to the vulnerability report query builder, allowing reports to be scoped by entity-specific rules (cluster, namespace, deployment) instead of only by resource collections. The builder now accepts an Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 minutes 🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
central/reports/scheduler/schedule.go (1)
338-347:⚠️ Potential issue | 🟠 MajorEntity-scoped reports still hard-depend on a collection here.
Lines 339-345 always fetch
rc.GetScopeId()and fail if no collection exists. BecauseBuildQueryprefers a non-nil collection overentityScope, this means the new entity-scope path is never reached when a collection is still present, and entity-scoped configs without a collection fail before query building.Suggested fix
func (s *scheduler) getReportData(ctx context.Context, rc *storage.ReportConfiguration) ([]common.DeployedImagesResult, error) { - collection, found, err := s.collectionDatastore.Get(ctx, rc.GetScopeId()) - if err != nil { - return nil, errors.Wrapf(err, "error building report query: unable to get the collection %s", rc.GetScopeId()) - } - if !found { - return nil, errors.Errorf("error building report query: collection with id %s not found", rc.GetScopeId()) - } + var ( + collection *storage.ResourceCollection + found bool + err error + ) + if rc.GetResourceScope().GetEntityScope() == nil { + collection, found, err = s.collectionDatastore.Get(ctx, rc.GetScopeId()) + if err != nil { + return nil, errors.Wrapf(err, "error building report query: unable to get the collection %s", rc.GetScopeId()) + } + if !found { + return nil, errors.Errorf("error building report query: collection with id %s not found", rc.GetScopeId()) + } + } rQuery, err := s.buildReportQuery(ctx, rc, collection)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@central/reports/scheduler/schedule.go` around lines 338 - 347, getReportData currently always fetches a collection via collectionDatastore.Get(rc.GetScopeId()) and errors if not found, which blocks the entity-scoped path; change getReportData so that when the ReportConfiguration rc represents an entity-scoped report (check rc.IsEntityScoped() or the equivalent flag on rc) you do not hard-fail when collectionDatastore.Get returns !found but instead call s.buildReportQuery(ctx, rc, nil) (or pass a nil collection) so buildReportQuery can use the entityScope; only treat missing collection as an error for non-entity-scoped configs and keep existing error wrapping for real Get errors from collectionDatastore.Get.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@central/reports/common/query_builder.go`:
- Around line 176-200: The current loop builds a single query from
rule.GetValues()[0] and mishandles map fields and mixed match types; instead,
for each rule you must construct a separate proto query for each RuleValue
(using storage.MatchType_REGEX on that RuleValue), taking care for isMapField to
call splitLabelValue on the raw value to get key and value then apply regex
prefix only to the value part if needed (do not prefix the key), collect those
per-value queries, OR them together into one rule-level query (e.g. using
search.NewQueryBuilder().AddOr(...) or equivalent) and then append that single
ORed query to conjuncts so the rule-level queries are ANDed correctly; use
search.NewQueryBuilder().AddMapQuery, AddStrings, AddExactMatches and ProtoQuery
for the per-value builders and splitLabelValue to locate the label key/value.
---
Outside diff comments:
In `@central/reports/scheduler/schedule.go`:
- Around line 338-347: getReportData currently always fetches a collection via
collectionDatastore.Get(rc.GetScopeId()) and errors if not found, which blocks
the entity-scoped path; change getReportData so that when the
ReportConfiguration rc represents an entity-scoped report (check
rc.IsEntityScoped() or the equivalent flag on rc) you do not hard-fail when
collectionDatastore.Get returns !found but instead call s.buildReportQuery(ctx,
rc, nil) (or pass a nil collection) so buildReportQuery can use the entityScope;
only treat missing collection as an error for non-entity-scoped configs and keep
existing error wrapping for real Get errors from collectionDatastore.Get.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: 1631a6b2-cb6e-45fd-9715-62fd8073474d
📒 Files selected for processing (7)
central/reports/common/query_builder.gocentral/reports/common/query_builder_test.gocentral/reports/scheduler/schedule.gocentral/reports/scheduler/v2/reportgenerator/report_gen_impl.gocentral/reports/scheduler/v2/reportgenerator/report_gen_impl_flat_data_model_test.gocentral/reports/scheduler/v2/reportgenerator/report_gen_view_based_test.gocentral/reports/scheduler/v2/reportgenerator/testutils.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is part 1 of ROX-33655 that updates the query builder to use the new
entityScopemethod combined with aquerystring containing enhanced filters for building report data queries. When a user selects entity scope for scoping reports, the new path is used; when a user selects a collection as the scoping method, report generation continues to work as previously implemented with legacy filters and collections.There will be follow up PRs for scheduler changes and benchmark test
Testing and quality
Added integration tests and unit tests
Automated testing
How I validated my change
change me!