Preserve the framework dependencies in the reporting structure #636
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There are major changes here:
First, compliance frameworks were not connected to the root reporting job. On the backend, we iterate from the root reporting job to figure out all reporting jobs that get saved. Without this, we don't save the compliance frameworks or controls
Second change is the structure of the framework dependencies is preserved in the reporting jobs. For example, asset frameworks point to the space framework which point to the global framework which point to some actual frameworks. This keeps it consistent with the way handle policies.
One issue I ran into was that we have space/asset frameworks and space/asset policies. I chose to not create separate reporting jobs for those because having multiple reporting jobs with the same query is likely to break something. Instead, the policies would just get attached to the existing policy jobs, but the impact is set to unscored