Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix scope_filter planning #174

Merged
merged 3 commits into from
Aug 18, 2023
Merged

Fix scope_filter planning #174

merged 3 commits into from
Aug 18, 2023

Conversation

asaba-hashi
Copy link
Contributor

@asaba-hashi asaba-hashi commented Jun 12, 2023
edited
Loading

This PR:

  • Adds RequireReplace for framework item relations to help with deletion. This doesn't guarantee that framework items will be deleted first, but helps with the common use cases where they directly reference resource_frameworks in the same workspace.
  • Switching back and forth between Referenced and Inline questions is resulting in some inconsistent behavior, so added a check and setting RequiresReplace to be more predictable.
  • Makes scope_filters Computed as the most straightforward way to allow it being unset (nil) to not generate changes when the response from the server (b/c of how graphql works) is an empty list ([]).

@asaba-hashi asaba-hashi requested a review from a team June 12, 2023 19:22
@asaba-hashi asaba-hashi changed the title Adds RequiresReplace for framework item relationships. Adds RequiresReplace for framework item relationships and fix scope_filter planing Jun 13, 2023
@asaba-hashi asaba-hashi force-pushed the asaba-hashi-bump-framework-for-defaults branch from 6f288a9 to 62f3a34 Compare June 23, 2023 15:29
@asaba-hashi asaba-hashi changed the title Adds RequiresReplace for framework item relationships and fix scope_filter planing Adds RequiresReplace for framework item relationships and fix scope_filter planning Jun 23, 2023
@asaba-hashi asaba-hashi mentioned this pull request Jun 23, 2023
Closed
@asaba-hashi asaba-hashi marked this pull request as draft June 30, 2023 21:49
@asaba-hashi
Copy link
Contributor Author

Moving this to draft to try to split into smaller chunks.

@asaba-hashi asaba-hashi mentioned this pull request Jun 30, 2023
Merged
@asaba-hashi asaba-hashi force-pushed the asaba-hashi-bump-framework-for-defaults branch from bd51ed7 to aa7cf0f Compare August 9, 2023 14:44
@asaba-hashi asaba-hashi marked this pull request as ready for review August 9, 2023 14:59
@asaba-hashi
Copy link
Contributor Author

@zemberdotnet This has been rebased and is ready for review.

@zemberdotnet
Copy link
Member

Switching back and forth between Referenced and Inline questions is resulting in some inconsistent behavior, so added a check and setting RequiresReplace to be more predictable.

I think we should check this doesn't have any interaction with the record history feature of questions. It would be unfortunate to make a change that ended up losing the evaluation history of the question.

What problems did you experience switching between the two?

@asaba-hashi
Copy link
Contributor Author

What problems did you experience switching between the two?

The reported error is:

"input: Error updating rule instance"

This is the test terraform to cause it. Either start with question_id and change to query or start with queries and change to question_id to trigger the error:

resource "jupiterone_question" "test" {
  title = "test-asaba"
  description = "test-referenced-rule"
  
  query {
      name    = "query0"
      query   = "Find DataStore with classification=('critical' or 'sensitive' or 'confidential' or 'restricted') and encrypted!=true"
      version = "v1"
  }

}

resource "jupiterone_rule" "test" {
  name             = "test-asaba"
  description      = "test"
  polling_interval = "ONE_DAY"

  #question_id = jupiterone_question.test.id
  question {
    queries {
      name    = "query0"
      query   = "Find DataStore with classification=('critical' or 'sensitive' or 'confidential' or 'restricted') and encrypted!=true"
      version = "v1"
    }
  }

  tags = ["exampletag"]

  outputs = [
    "queries.query0.total",
    "alertLevel"
  ]

  operations = [
    {
      when = jsonencode({
        "type" : "FILTER",
        "specVersion" : 1,
        "condition" : [
          "AND",
          [
            "queries.query0.total",
            "<",
            1000
          ]
        ]
      }),
      actions = [
        jsonencode({
          "targetValue" : "INFO",
          "type" : "SET_PROPERTY",
          "targetProperty" : "alertLevel"
        }),
        jsonencode({
          "type" : "CREATE_ALERT"
        }),
      ]
    }
  ]
}

@asaba-hashi asaba-hashi mentioned this pull request Aug 14, 2023
Open
@asaba-hashi asaba-hashi changed the title Adds RequiresReplace for framework item relationships and fix scope_filter planning Fix scope_filter planning Aug 15, 2023
@zemberdotnet zemberdotnet merged commit dfa807a into JupiterOne:main Aug 18, 2023
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zemberdotnet zemberdotnet zemberdotnet approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@asaba-hashi @zemberdotnet