diff --git a/policy/cnspec_policy.pb.go b/policy/cnspec_policy.pb.go index 43035acc..9008e700 100644 --- a/policy/cnspec_policy.pb.go +++ b/policy/cnspec_policy.pb.go @@ -492,37 +492,40 @@ func (Migration_Action) EnumDescriptor() ([]byte, []int) { type ReportingJob_Type int32 const ( - ReportingJob_UNSPECIFIED ReportingJob_Type = 0 - ReportingJob_CONTROL ReportingJob_Type = 3 - ReportingJob_POLICY ReportingJob_Type = 4 - ReportingJob_FRAMEWORK ReportingJob_Type = 5 - ReportingJob_RISK_FACTOR ReportingJob_Type = 6 - // DO NOT USE CHECK OR DATA_QUERY, THEY ARE DEPRECATED - // Here's the reason why: - // A query can be either or both. We cannot pick one in all cases - ReportingJob_CHECK ReportingJob_Type = 1 - ReportingJob_DATA_QUERY ReportingJob_Type = 2 + ReportingJob_UNSPECIFIED ReportingJob_Type = 0 + ReportingJob_CHECK ReportingJob_Type = 1 + ReportingJob_DATA_QUERY ReportingJob_Type = 2 + ReportingJob_CONTROL ReportingJob_Type = 3 + ReportingJob_POLICY ReportingJob_Type = 4 + ReportingJob_FRAMEWORK ReportingJob_Type = 5 + ReportingJob_RISK_FACTOR ReportingJob_Type = 6 + ReportingJob_CHECK_AND_DATA_QUERY ReportingJob_Type = 7 + ReportingJob_EXECUTION_QUERY ReportingJob_Type = 8 ) // Enum value maps for ReportingJob_Type. var ( ReportingJob_Type_name = map[int32]string{ 0: "UNSPECIFIED", + 1: "CHECK", + 2: "DATA_QUERY", 3: "CONTROL", 4: "POLICY", 5: "FRAMEWORK", 6: "RISK_FACTOR", - 1: "CHECK", - 2: "DATA_QUERY", + 7: "CHECK_AND_DATA_QUERY", + 8: "EXECUTION_QUERY", } ReportingJob_Type_value = map[string]int32{ - "UNSPECIFIED": 0, - "CONTROL": 3, - "POLICY": 4, - "FRAMEWORK": 5, - "RISK_FACTOR": 6, - "CHECK": 1, - "DATA_QUERY": 2, + "UNSPECIFIED": 0, + "CHECK": 1, + "DATA_QUERY": 2, + "CONTROL": 3, + "POLICY": 4, + "FRAMEWORK": 5, + "RISK_FACTOR": 6, + "CHECK_AND_DATA_QUERY": 7, + "EXECUTION_QUERY": 8, } ) @@ -7198,7 +7201,7 @@ var file_cnspec_policy_proto_rawDesc = []byte{ 0x74, 0x61, 0x51, 0x75, 0x65, 0x72, 0x79, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x22, 0xd5, 0x05, 0x0a, 0x0c, 0x52, 0x65, 0x70, 0x6f, + 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x22, 0x85, 0x06, 0x0a, 0x0c, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x6e, 0x67, 0x4a, 0x6f, 0x62, 0x12, 0x31, 0x0a, 0x15, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x76, 0x38, 0x5f, 0x69, 0x73, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, @@ -7237,13 +7240,16 @@ var file_cnspec_policy_proto_rawDesc = []byte{ 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x6e, 0x71, 0x75, 0x65, 0x72, 0x79, 0x2e, 0x65, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x2e, 0x49, 0x6d, 0x70, 0x61, 0x63, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x22, 0x6b, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, - 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x43, - 0x4f, 0x4e, 0x54, 0x52, 0x4f, 0x4c, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x4f, 0x4c, 0x49, - 0x43, 0x59, 0x10, 0x04, 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x52, 0x41, 0x4d, 0x45, 0x57, 0x4f, 0x52, - 0x4b, 0x10, 0x05, 0x12, 0x0f, 0x0a, 0x0b, 0x52, 0x49, 0x53, 0x4b, 0x5f, 0x46, 0x41, 0x43, 0x54, - 0x4f, 0x52, 0x10, 0x06, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x01, 0x12, - 0x0e, 0x0a, 0x0a, 0x44, 0x41, 0x54, 0x41, 0x5f, 0x51, 0x55, 0x45, 0x52, 0x59, 0x10, 0x02, 0x22, + 0x38, 0x01, 0x22, 0x9a, 0x01, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x55, + 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, + 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x44, 0x41, 0x54, 0x41, 0x5f, + 0x51, 0x55, 0x45, 0x52, 0x59, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x4f, 0x4e, 0x54, 0x52, + 0x4f, 0x4c, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x10, 0x04, + 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x52, 0x41, 0x4d, 0x45, 0x57, 0x4f, 0x52, 0x4b, 0x10, 0x05, 0x12, + 0x0f, 0x0a, 0x0b, 0x52, 0x49, 0x53, 0x4b, 0x5f, 0x46, 0x41, 0x43, 0x54, 0x4f, 0x52, 0x10, 0x06, + 0x12, 0x18, 0x0a, 0x14, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x44, 0x41, + 0x54, 0x41, 0x5f, 0x51, 0x55, 0x45, 0x52, 0x59, 0x10, 0x07, 0x12, 0x13, 0x0a, 0x0f, 0x45, 0x58, + 0x45, 0x43, 0x55, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x51, 0x55, 0x45, 0x52, 0x59, 0x10, 0x08, 0x22, 0xcc, 0x07, 0x0a, 0x06, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x63, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x6d, 0x72, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x63, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x72, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x65, diff --git a/policy/cnspec_policy.proto b/policy/cnspec_policy.proto index 043523dc..2323cc51 100644 --- a/policy/cnspec_policy.proto +++ b/policy/cnspec_policy.proto @@ -556,16 +556,14 @@ message ReportingJob { enum Type { UNSPECIFIED = 0; + CHECK = 1; + DATA_QUERY = 2; CONTROL = 3; POLICY = 4; FRAMEWORK = 5; RISK_FACTOR = 6; - - // DO NOT USE CHECK OR DATA_QUERY, THEY ARE DEPRECATED - // Here's the reason why: - // A query can be either or both. We cannot pick one in all cases - CHECK = 1; - DATA_QUERY = 2; + CHECK_AND_DATA_QUERY = 7; + EXECUTION_QUERY = 8; } string checksum = 1; diff --git a/policy/executor/graph.go b/policy/executor/graph.go index 7a7d7966..740860e3 100644 --- a/policy/executor/graph.go +++ b/policy/executor/graph.go @@ -71,7 +71,7 @@ func ExecuteFilterQueries(runtime llx.Runtime, queries []*explorer.Mquery, timeo log.Debug().Err(err).Str("mql", m.Mql).Msg("skipping filter query, not supported") continue } - builder.AddQuery(codeBundle, nil, nil) + builder.AddQuery(codeBundle, nil, nil, nil) builder.CollectScore(codeBundle.CodeV2.Id) queryMap[codeBundle.CodeV2.Id] = m @@ -117,7 +117,7 @@ func ExecuteFilterQueries(runtime llx.Runtime, queries []*explorer.Mquery, timeo func ExecuteQuery(runtime llx.Runtime, codeBundle *llx.CodeBundle, props map[string]*llx.Primitive, features cnquery.Features) (*policy.Score, map[string]*llx.RawResult, error) { builder := internal.NewBuilder() - builder.AddQuery(codeBundle, nil, props) + builder.AddQuery(codeBundle, nil, props, nil) for _, checksum := range internal.CodepointChecksums(codeBundle) { builder.CollectDatapoint(checksum) } @@ -160,8 +160,18 @@ func ExecuteQuery(runtime llx.Runtime, codeBundle *llx.CodeBundle, props map[str func builderFromResolvedPolicy(resolvedPolicy *policy.ResolvedPolicy) *internal.GraphBuilder { b := internal.NewBuilder() + rqs := resolvedPolicy.CollectorJob.ReportingQueries + if rqs == nil { + rqs = map[string]*policy.StringArray{} + } for _, eq := range resolvedPolicy.ExecutionJob.Queries { - b.AddQuery(eq.Code, eq.Properties, nil) + var notifies []string + if sa := rqs[eq.Code.GetCodeV2().GetId()]; sa != nil { + if len(sa.Items) > 0 { + notifies = sa.Items + } + } + b.AddQuery(eq.Code, eq.Properties, nil, notifies) } for _, rj := range resolvedPolicy.CollectorJob.ReportingJobs { diff --git a/policy/executor/internal/builder.go b/policy/executor/internal/builder.go index b276841f..feaf9287 100644 --- a/policy/executor/internal/builder.go +++ b/policy/executor/internal/builder.go @@ -21,6 +21,7 @@ type query struct { codeBundle *llx.CodeBundle requiredProps map[string]string resolvedProperties map[string]*llx.Primitive + notifies []string } type GraphBuilder struct { @@ -75,11 +76,12 @@ func NewBuilder() *GraphBuilder { } // AddQuery adds the provided code to be executed to the graph -func (b *GraphBuilder) AddQuery(c *llx.CodeBundle, propertyChecksums map[string]string, resolvedProperties map[string]*llx.Primitive) { +func (b *GraphBuilder) AddQuery(c *llx.CodeBundle, propertyChecksums map[string]string, resolvedProperties map[string]*llx.Primitive, notifies []string) { b.queries = append(b.queries, query{ codeBundle: c, requiredProps: propertyChecksums, resolvedProperties: resolvedProperties, + notifies: notifies, }) } @@ -192,6 +194,8 @@ func (b *GraphBuilder) Build(runtime llx.Runtime, assetMrn string) (*GraphExecut } } + reportingQueryForReportingJob := map[string]string{} + reportingQueryNodeByCodeId := map[string]string{} for queryID, q := range queries { canRun := checkVersion(q.codeBundle, mondooVersion) if canRun { @@ -199,7 +203,13 @@ func (b *GraphBuilder) Build(runtime llx.Runtime, assetMrn string) (*GraphExecut } else { unrunnableQueries = append(unrunnableQueries, q) } - ge.addReportingQueryNode(queryID, q) + n := ge.addReportingQueryNode(queryID, q) + reportingQueryNodeByCodeId[q.codeBundle.GetCodeV2().GetId()] = n.id + if len(q.notifies) > 0 { + for _, notify := range q.notifies { + reportingQueryForReportingJob[notify] = n.id + } + } } scoresToCollect := make([]string, len(b.collectScoreQrIDs)) @@ -208,12 +218,19 @@ func (b *GraphBuilder) Build(runtime llx.Runtime, assetMrn string) (*GraphExecut copy(datapointsToCollect, b.collectDatapointChecksums) for _, rj := range b.reportingJobs { - _, isQuery := queries[rj.QrId] scoresToCollect = append(scoresToCollect, rj.Uuid) for datapointChecksum := range rj.Datapoints { datapointsToCollect = append(datapointsToCollect, datapointChecksum) } - ge.addReportingJobNode(assetMrn, rj.Uuid, rj, isQuery) + rq := reportingQueryForReportingJob[rj.Uuid] + if rq == "" { + // If a reporting query didn't explicitly notify this reporting job, but + // we have a reporting job for it, we will add it. + // For example, when we have risk factors, this will happen + rq = reportingQueryNodeByCodeId[rj.QrId] + } + + ge.addReportingJobNode(assetMrn, rj.Uuid, rj, rq) } for _, queryID := range scoresToCollect { @@ -295,11 +312,6 @@ func (ge *GraphExecutor) createFinisherNode(r progress.Progress) { } func (ge *GraphExecutor) addExecutionQueryNode(queryID string, q query, resolvedProperties map[string]*llx.Primitive, datapointTypeMap map[string]string) { - n, ok := ge.nodes[NodeID(queryID)] - if ok { - return - } - codeBundle := q.codeBundle nodeData := &ExecutionQueryNodeData{ @@ -310,7 +322,7 @@ func (ge *GraphExecutor) addExecutionQueryNode(queryID string, q query, resolved runQueue: ge.executionManager.runQueue, } - n = &Node{ + n := &Node{ id: NodeID(string(ExecutionQueryNodeType) + "/" + queryID), nodeType: ExecutionQueryNodeType, data: nodeData, @@ -357,10 +369,10 @@ func (ge *GraphExecutor) addExecutionQueryNode(queryID string, q query, resolved ge.nodes[n.id] = n } -func (ge *GraphExecutor) addReportingQueryNode(queryID string, q query) { +func (ge *GraphExecutor) addReportingQueryNode(queryID string, q query) *Node { n, ok := ge.nodes[NodeID(queryID)] if ok { - return + return n } nodeData := &ReportingQueryNodeData{ @@ -387,14 +399,20 @@ func (ge *GraphExecutor) addReportingQueryNode(queryID string, q query) { } ge.nodes[n.id] = n + + return n } -func (ge *GraphExecutor) addReportingJobNode(assetMrn string, reportingJobID string, rj *policy.ReportingJob, isQuery bool) { - n, ok := ge.nodes[NodeID(reportingJobID)] +func (ge *GraphExecutor) addReportingJobNode(assetMrn string, reportingJobID string, rj *policy.ReportingJob, reportingQueryForReportingJob string) { + _, ok := ge.nodes[NodeID(reportingJobID)] if ok { return } + forwardScore := rj.Type == policy.ReportingJob_CHECK || + rj.Type == policy.ReportingJob_DATA_QUERY || + rj.Type == policy.ReportingJob_CHECK_AND_DATA_QUERY || + rj.Type == policy.ReportingJob_EXECUTION_QUERY queryID := rj.QrId // TODO: This needs to be handled by the server so as not to // break existing clients. The function that was doing the @@ -406,13 +424,13 @@ func (ge *GraphExecutor) addReportingJobNode(assetMrn string, reportingJobID str nodeData := &ReportingJobNodeData{ queryID: queryID, - isQuery: isQuery, + forwardScore: forwardScore, rjType: rj.Type, childScores: map[string]*reportingJobResult{}, datapoints: map[string]*reportingJobDatapoint{}, featureFlagFailErrors: ge.featureFlagFailErrors, } - n = &Node{ + n := &Node{ id: NodeID(reportingJobID), nodeType: ReportingJobNodeType, data: nodeData, @@ -427,16 +445,9 @@ func (ge *GraphExecutor) addReportingJobNode(assetMrn string, reportingJobID str ge.addEdge(n.id, NodeID(e)) } - if isQuery { - // The specs of the reporting job doesn't contain the query - // Not all rj.QrIds are represented in the graph, only those - // that correspond to actual queries. For example, a QrId that - // is a policy is not represented as a node directly in the graph. - // So, this is special handling to make sure the reporting job - // knows that a reporting query is going to send it information - // and that it needs to use that information to calculate its score - nodeData.childScores[rj.QrId] = &reportingJobResult{} - ge.addEdge(NodeID(rj.QrId), n.id) + if reportingQueryForReportingJob != "" { + nodeData.childScores[reportingQueryForReportingJob] = &reportingJobResult{} + ge.addEdge(NodeID(reportingQueryForReportingJob), n.id) } for childReportingJobID, ss := range rj.ChildJobs { @@ -451,7 +462,7 @@ func (ge *GraphExecutor) addReportingJobNode(assetMrn string, reportingJobID str } func (ge *GraphExecutor) addDatapointNode(datapointChecksum string, expectedType *string, res *llx.RawResult) { - n, ok := ge.nodes[NodeID(datapointChecksum)] + _, ok := ge.nodes[NodeID(datapointChecksum)] if ok { return } @@ -461,7 +472,7 @@ func (ge *GraphExecutor) addDatapointNode(datapointChecksum string, expectedType isReported: res != nil, res: res, } - n = &Node{ + n := &Node{ id: NodeID(datapointChecksum), nodeType: DatapointNodeType, data: nodeData, diff --git a/policy/executor/internal/builder_test.go b/policy/executor/internal/builder_test.go index dac4a7dd..bdf043f2 100644 --- a/policy/executor/internal/builder_test.go +++ b/policy/executor/internal/builder_test.go @@ -87,7 +87,7 @@ func TestBuilder(t *testing.T) { }}, Checksums: map[uint64]string{1: "checksum1", 2: "pqep"}, }, - }, nil, nil) + }, nil, nil, nil) b.AddQuery( &llx.CodeBundle{ @@ -98,7 +98,7 @@ func TestBuilder(t *testing.T) { }}, Checksums: map[uint64]string{1: "checksum2"}, }, - }, map[string]string{"prop": "checksum1"}, nil) + }, map[string]string{"prop": "checksum1"}, nil, []string{"query1rj"}) b.AddQuery( &llx.CodeBundle{ @@ -112,7 +112,7 @@ func TestBuilder(t *testing.T) { }, }, nil, map[string]*llx.Primitive{ "resolvedprop": llx.StringPrimitive("hello"), - }) + }, []string{"query2rj"}) b.AddDatapointType("checksum3", string(types.Bool)) b.AddQuery( @@ -124,7 +124,7 @@ func TestBuilder(t *testing.T) { }}, Checksums: map[uint64]string{1: "checksum5"}, }, - }, nil, nil) + }, nil, nil, nil) b.CollectDatapoint("checksum5") b.AddQuery( @@ -136,7 +136,7 @@ func TestBuilder(t *testing.T) { }}, Checksums: map[uint64]string{1: "checksum6"}, }, - }, nil, nil) + }, nil, nil, nil) b.AddQuery( &llx.CodeBundle{ @@ -148,7 +148,7 @@ func TestBuilder(t *testing.T) { Checksums: map[uint64]string{1: "checksum5", 2: "checksum7"}, }, MinMondooVersion: "9999.9999.9999", - }, nil, nil) + }, nil, nil, nil) b.AddReportingJob(&policy.ReportingJob{ QrId: "query1", diff --git a/policy/executor/internal/nodes.go b/policy/executor/internal/nodes.go index 78179b65..cb19666a 100644 --- a/policy/executor/internal/nodes.go +++ b/policy/executor/internal/nodes.go @@ -418,7 +418,7 @@ type reportingJobResult struct { type ReportingJobNodeData struct { queryID string scoringSystem explorer.ScoringSystem - isQuery bool + forwardScore bool rjType policy.ReportingJob_Type childScores map[NodeID]*reportingJobResult @@ -522,21 +522,42 @@ func (nodeData *ReportingJobNodeData) score() (*policy.Score, error) { } } - if nodeData.isQuery { - // if this reporting job represents a reporting query, we want to add that - // datapoints calculation, but return the score as is - - if nodeData.childScores[nodeData.queryID] == nil { - panic("invalid reporting job") - } + if nodeData.forwardScore { var s *policy.Score - if v := nodeData.childScores[nodeData.queryID].score; v == nil { + + if len(nodeData.childScores) == 0 { s = &policy.Score{ - QrId: nodeData.queryID, - Type: policy.ScoreType_Result, + QrId: nodeData.queryID, + Type: policy.ScoreType_Unscored, + ScoreCompletion: 100, } } else { - s = proto.Clone(v).(*policy.Score) + if len(nodeData.childScores) != 1 { + panic("invalid reporting job") + } + var child string + for k := range nodeData.childScores { + child = k + } + if c := nodeData.childScores[child]; c.score == nil { + s = &policy.Score{ + QrId: nodeData.queryID, + Type: policy.ScoreType_Result, + } + } else { + s = proto.Clone(c.score).(*policy.Score) + s.QrId = nodeData.queryID + if s.Type == policy.ScoreType_Result { + // We cant just forward the score if impact is set and we have a result. + // We still need to apply impact to the score + if c.impact != nil && c.impact.Value != nil { + floor := 100 - uint32(c.impact.Value.Value) + if floor > s.Value { + s.Value = floor + } + } + } + } } // TODO: It's unclear if we should do this if the score is skipped or errored diff --git a/policy/executor/internal/nodes_test.go b/policy/executor/internal/nodes_test.go index 66ccd1fe..d8f861c3 100644 --- a/policy/executor/internal/nodes_test.go +++ b/policy/executor/internal/nodes_test.go @@ -1034,7 +1034,7 @@ func TestReportingJobNode(t *testing.T) { t.Run("when isQuery", func(t *testing.T) { t.Run("when score", func(t *testing.T) { nodeData := newNodeData() - nodeData.isQuery = true + nodeData.forwardScore = true nodeData.childScores = map[NodeID]*reportingJobResult{ nodeData.queryID: {}, } @@ -1059,7 +1059,7 @@ func TestReportingJobNode(t *testing.T) { }) t.Run("when result", func(t *testing.T) { nodeData := newNodeData() - nodeData.isQuery = true + nodeData.forwardScore = true nodeData.childScores = map[NodeID]*reportingJobResult{ nodeData.queryID: { score: &policy.Score{ diff --git a/policy/resolved_policy_builder.go b/policy/resolved_policy_builder.go index e90a03e8..b0e5a277 100644 --- a/policy/resolved_policy_builder.go +++ b/policy/resolved_policy_builder.go @@ -322,10 +322,16 @@ func (n *rpBuilderGenericQueryNode) isPrunable() bool { func (n *rpBuilderGenericQueryNode) build(rp *ResolvedPolicy, data *rpBuilderData) error { reportingJobUUID := data.relativeChecksum(n.queryMrn) - // Because a query can be both a scoring query and a data query, UNSPECIFIED is used - // for the reporting job type. We need to get rid of the specific types for check and - // data query and have something that can be both - addReportingJob(n.queryMrn, true, reportingJobUUID, ReportingJob_UNSPECIFIED, rp, true) + rjType := ReportingJob_UNSPECIFIED + switch n.queryType { + case queryTypeScoring: + rjType = ReportingJob_CHECK + case queryTypeData: + rjType = ReportingJob_DATA_QUERY + case queryTypeBoth: + rjType = ReportingJob_CHECK_AND_DATA_QUERY + } + addReportingJob(n.queryMrn, true, reportingJobUUID, rjType, rp, true) // Add scoring queries to the reporting queries section if n.queryType == queryTypeScoring || n.queryType == queryTypeBoth { @@ -379,7 +385,7 @@ func (n *rpBuilderExecutionQueryNode) build(rp *ResolvedPolicy, data *rpBuilderD codeIdReportingJobUUID := data.relativeChecksum(n.query.CodeId) // Create a reporting job for the code id - codeIdReportingJob := addReportingJob(n.query.CodeId, false, codeIdReportingJobUUID, ReportingJob_UNSPECIFIED, rp, false) + codeIdReportingJob := addReportingJob(n.query.CodeId, false, codeIdReportingJobUUID, ReportingJob_EXECUTION_QUERY, rp, false) // Connect the datapoints to the reporting job err = connectDatapointsToReportingJob(executionQuery, codeIdReportingJob, rp.CollectorJob.Datapoints) if err != nil { diff --git a/policy/resolver.go b/policy/resolver.go index 666b1e58..ce95c191 100644 --- a/policy/resolver.go +++ b/policy/resolver.go @@ -33,7 +33,7 @@ const ( // This can be updated, e.g., when we change how the report jobs are generated // A change of this string will force an update of all the stored resolved policies RESOLVER_VERSION = "v2024-08-29" - RESOLVER_VERSION_NG = "v2024-11-11" + RESOLVER_VERSION_NG = "v2024-11-25" ) type AssetMutation struct {