🧹 Report checks by mrn when used by controls

For frameworks reporting, we want the ability to display how checks scored for a control. We aggregate the information by check. In some cases, we have checks that have different MRNs but the same code. This makes it difficult to separate these. This change modifies the reporting structure for controls. We don't directly send the check score to the control. Instead, a new reporting job is inserted that reports to the query mrn. And then that reports to the control.
mondoohq · Aug 1, 2023 · 17cceb7 · 17cceb7
1 parent 352eec9
commit 17cceb7
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 7 deletions.
diff --git a/policy/resolver.go b/policy/resolver.go
@@ -1536,6 +1536,18 @@ func (s *LocalServices) jobsToControls(cache *frameworkResolverCache, framework
  continue
  }
 
+ // Create a reporting job from the query code id to one with the mrn.
+ // This isn't 100% correct. We don't keep track of all the queries that
+ // have the same code id.
+ uuid := cache.relativeChecksum(query.Mrn)
+ queryJob := &ReportingJob{
+ Uuid: uuid,
+ QrId: query.Mrn,
+ ChildJobs: map[string]*explorer.Impact{},
+ Type: ReportingJob_CHECK,
+ }
+ nuJobs[uuid] = queryJob
+
  for i := range targets {
  controlMrn := targets[i]
  // skip controls which are part of a FrameworkGroup with type DISABLE
@@ -1546,8 +1558,11 @@ func (s *LocalServices) jobsToControls(cache *frameworkResolverCache, framework
  }
  controlJob := ensureControlJob(cache, nuJobs, controlMrn, framework, frameworkGroupByControlMrn)
 
- controlJob.ChildJobs[rj.Uuid] = nil
- rj.Notify = append(rj.Notify, controlJob.Uuid)
+ queryJob.ChildJobs[rj.Uuid] = nil
+ rj.Notify = append(rj.Notify, queryJob.Uuid)
+
+ controlJob.ChildJobs[queryJob.Uuid] = nil
+ queryJob.Notify = append(queryJob.Notify, controlJob.Uuid)
  }
  }
 

diff --git a/policy/resolver_test.go b/policy/resolver_test.go
@@ -607,7 +607,7 @@ framework_maps:
  })
  require.NoError(t, err)
  require.NotNil(t, rp)
- require.Len(t, rp.CollectorJob.ReportingJobs, 9)
+ require.Len(t, rp.CollectorJob.ReportingJobs, 12)
  var frameworkJob *policy.ReportingJob
  for _, rj := range rp.CollectorJob.ReportingJobs {
  if rj.QrId == "//test.sth/framework/mondoo-ucf" {
@@ -647,7 +647,7 @@ framework_maps:
  })
  require.NoError(t, err)
  require.NotNil(t, rp)
- require.Len(t, rp.CollectorJob.ReportingJobs, 9)
+ require.Len(t, rp.CollectorJob.ReportingJobs, 12)
  var frameworkJob *policy.ReportingJob
  for _, rj := range rp.CollectorJob.ReportingJobs {
  if rj.QrId == "//test.sth/framework/mondoo-ucf" {
@@ -685,7 +685,7 @@ framework_maps:
  })
  require.NoError(t, err)
  require.NotNil(t, rp)
- require.Len(t, rp.CollectorJob.ReportingJobs, 9)
+ require.Len(t, rp.CollectorJob.ReportingJobs, 12)
  var frameworkJob *policy.ReportingJob
  for _, rj := range rp.CollectorJob.ReportingJobs {
  if rj.QrId == "//test.sth/framework/mondoo-ucf" {
@@ -723,7 +723,7 @@ framework_maps:
  })
  require.NoError(t, err)
  require.NotNil(t, rp)
- require.Len(t, rp.CollectorJob.ReportingJobs, 8)
+ require.Len(t, rp.CollectorJob.ReportingJobs, 11)
  var frameworkJob *policy.ReportingJob
  for _, rj := range rp.CollectorJob.ReportingJobs {
  if rj.QrId == "//test.sth/framework/mondoo-ucf" {
@@ -755,7 +755,7 @@ framework_maps:
  })
  require.NoError(t, err)
  require.NotNil(t, rp)
- require.Len(t, rp.CollectorJob.ReportingJobs, 9)
+ require.Len(t, rp.CollectorJob.ReportingJobs, 12)
  var frameworkJob *policy.ReportingJob
  for _, rj := range rp.CollectorJob.ReportingJobs {
  if rj.QrId == "//test.sth/framework/mondoo-ucf" {