Skip to content

Commit

Permalink
Include reporting jobs in graph execution checksum for resolved policy
Browse files Browse the repository at this point in the history
Signed-off-by: Christian Zunker <[email protected]>
  • Loading branch information
czunker committed Aug 28, 2024
1 parent 92be54e commit 6180370
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 9 deletions.
9 changes: 9 additions & 0 deletions policy/reportingjob.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,5 +37,14 @@ func (r *ReportingJob) RefreshChecksum() {
checksum = checksum.Add(notify[i])
}
}

{
mrns := make([]string, len(r.Mrns))
copy(mrns, r.Mrns)
sort.Strings(mrns)
for i := range mrns {
checksum = checksum.Add(mrns[i])
}
}
r.Checksum = checksum.String()
}
27 changes: 18 additions & 9 deletions policy/resolver.go
Original file line number Diff line number Diff line change
Expand Up @@ -650,21 +650,30 @@ func (s *LocalServices) tryResolve(ctx context.Context, bundleMrn string, assetF
Str("bundle", bundleMrn).
Msg("resolver> phase 5: resolve controls [ok]")

// phase 6: refresh all checksums
s.refreshChecksums(executionJob, collectorJob)

// the final phases are done in the DataLake
for _, rj := range collectorJob.ReportingJobs {
rj.RefreshChecksum()
}

// phase 6: refresh all checksums
// This uses the ReportingJobs checksums, so calculate them first.
s.refreshChecksums(executionJob, collectorJob)

// resolvedPolicyExecutionChecksum is the GraphExceutionChecksum of the policy and the framework
// it does not change if any of the jobs changes, only if the policy or the framework changes
rpChecksumInclJobs := checksums.New
rpChecksumInclJobs.Add(resolvedPolicyExecutionChecksum)

Check failure on line 665 in policy/resolver.go

View workflow job for this annotation

GitHub Actions / golangci-lint

SA4017: Add doesn't have side effects and its return value is ignored (staticcheck)
rpChecksumInclJobs.Add(executionJob.Checksum)

Check failure on line 666 in policy/resolver.go

View workflow job for this annotation

GitHub Actions / golangci-lint

SA4017: Add doesn't have side effects and its return value is ignored (staticcheck)
rpChecksumInclJobs.Add(collectorJob.Checksum)

Check failure on line 667 in policy/resolver.go

View workflow job for this annotation

GitHub Actions / golangci-lint

SA4017: Add doesn't have side effects and its return value is ignored (staticcheck)

resolvedPolicy := ResolvedPolicy{
GraphExecutionChecksum: resolvedPolicyExecutionChecksum,
Filters: matchingFilters,
FiltersChecksum: assetFiltersChecksum,
ExecutionJob: executionJob,
CollectorJob: collectorJob,
ReportingJobUuid: reportingJob.Uuid,
GraphExecutionChecksum: rpChecksumInclJobs.String(),
// GraphExecutionChecksum: resolvedPolicyExecutionChecksum,
Filters: matchingFilters,
FiltersChecksum: assetFiltersChecksum,
ExecutionJob: executionJob,
CollectorJob: collectorJob,
ReportingJobUuid: reportingJob.Uuid,
}

err = s.DataLake.SetResolvedPolicy(ctx, bundleMrn, &resolvedPolicy, V2Code, false)
Expand Down

0 comments on commit 6180370

Please sign in to comment.