Implement profile update #1566
Merged
Implement profile update #1566
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JAORMX
force-pushed
the
profile-update
branch
3 times, most recently
from
0bbc9a1 to
1dde87f
Compare
JAORMX
force-pushed
the
profile-update
branch
from
1dde87f to
ba7bb62
Compare
Manual testing - toggling alerts on/offCreated a simple profile with only one rule: version: v1
type: profile
name: acme-github-profile
context:
provider: github
alert: "off"
remediate: "off"
repository:
- type: secret_scanning
def:
enabled: trueenrolled two repositories. Then, I updated the profile to enable alerts version: v1
type: profile
name: acme-github-profile
context:
provider: github
alert: "on"
remediate: "off"
repository:
- type: secret_scanning
def:
enabled: trueI applied the changes with the following: minder profile update -f <path/to/profile>I can see the profile was updated: Toggling the alerts on and off subsequently works as expected. |
Manual testing - adding rulesI added a rule to the aforementioned profile: version: v1
type: profile
name: acme-github-profile
context:
provider: github
alert: "on"
remediate: "off"
repository:
- type: secret_scanning
def:
enabled: true
- type: secret_push_protection
def:
enabled: trueThe update was done as follows: the output of the command already suggests that the rule was added. But let's verify the status: As we can see, it adds the new rule as expected. Also note that the usage of these rules was persisted in the database: As a final test, I added the |
Manual testing - removing rulesWith the aforementioned modified profile, I decided to remove the rule I just added. Which seemed to happen successfully: Upon further inspection, it seems that we don't remove the rule evaluations from the status. This has to be fixed We also don't yet remove the usage from the This also has to be fixed Further work is required. I'll keep this up-to-date. |
JAORMX
force-pushed
the
profile-update
branch
from
ba7bb62 to
f81c523
Compare
|
The latest PR ensures that we can also remove instantiation of the rules. This works and reflects in the database. What's missing is cleaning up rule evaluations. |
|
The latest commit fixes the last issues I saw. |
|
Found another issue, wait up: |
|
Alright! This is a summary of what was missing: We didn't have a unique index that would allow us to ensure we only have a single entity+profile I had to use a |
JAORMX
force-pushed
the
profile-update
branch
from
69143d1 to
3d287c1
Compare
|
I rebased and added missing licenses |
jhrozek
reviewed
Nov 9, 2023
| profiles, err := s.store.GetProfileByProjectAndID(ctx, db.GetProfileByProjectAndIDParams{ | ||
| prof, err := getProfilePBFromDB(ctx, parsedProfileID, entityCtx, s.store) | ||
| if err != nil { | ||
| if errors.Is(err, sql.ErrNoRows) || strings.Contains(err.Error(), "not found") { |
There was a problem hiding this comment.
when do we get the second case? Wouldn't it be better to catch that issue by Postgres error code if that error comes directly from Postgres?
There was a problem hiding this comment.
the "not found" is not a postgres error. I just didn't create a specialized error for this 😕
JAORMX
force-pushed
the
profile-update
branch
from
3d287c1 to
3783904
Compare
JAORMX
force-pushed
the
profile-update
branch
2 times, most recently
from
6a88d39 to
e481648
Compare
jhrozek
previously approved these changes
Nov 9, 2023
|
@rdimitrov and I are gonna go through this tomorrow |
rdimitrov
requested changes
Nov 9, 2023
JAORMX
force-pushed
the
profile-update
branch
from
e481648 to
bf9cc6c
Compare
This implements the profile update method in the minder server. This was done last as it's kinda complex... as you can tell from the PR. We have to verify that the new profile is valid, that certain values like the project, name and provider don't change. Then we update the rules, and clean up the unused ones. And keep the instantiations in check. This, however, will be a very nice usability improvement. This also adds a profile update command
JAORMX
force-pushed
the
profile-update
branch
from
bf9cc6c to
28a9c1c
Compare
|
done! Now this is up with the latest changes. |
rdimitrov
approved these changes
Nov 13, 2023
jhrozek
approved these changes
Nov 13, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implements the profile update method in the minder server.
This was done last as it's kinda complex... as you can tell from the PR.
We have to verify that the new profile is valid, that certain values like the
project, name and provider don't change. Then we update the rules, and clean up
the unused ones. And keep the instantiations in check.
This, however, will be a very nice usability improvement.