feat(V2): RHINENG-11269 use the V2 models for SSG import

Author: skateman

app/models/v2/profile.rb

@@ -30,5 +30,14 @@ def variant_for_minor(version)
             os_minor_versions: { os_minor_version: version }
           )
     end
+
+    def self.from_parser(obj, existing: nil, security_guide_id: nil, value_overrides: nil)
+      record = existing || new(ref_id: obj.id, security_guide_id: security_guide_id)
+
+      record.assign_attributes(title: obj.title, description: obj.description,
+                               value_overrides: value_overrides, upstream: false)
+
+      record
+    end
   end
 end

app/models/v2/rule.rb

@@ -10,6 +10,8 @@ class Rule < ApplicationRecord
 
     indexable_by :ref_id, &->(scope, value) { scope.find_by!(ref_id: value.try(:gsub, '-', '.')) }
 
+    attr_accessor :op_source
+
     # rubocop:disable Metrics/AbcSize
     def self.sorted_severities(table = arel_table)
       Arel.sql(
@@ -71,5 +73,21 @@ def remediation_issue_id
     def self.short_ref_id(ref_id)
       ref_id.downcase[SHORT_REF_ID_RE] || ref_id
     end
+
+    # rubocop:disable Metrics/ParameterLists
+    def self.from_parser(obj, existing: nil, rule_group_id: nil,
+                         security_guide_id: nil, precedence: nil, value_checks: nil)
+      record = existing || new(ref_id: obj.id, security_guide_id: security_guide_id)
+
+      record.op_source = obj
+
+      record.assign_attributes(title: obj.title, description: obj.description, rationale: obj.rationale,
+                               severity: obj.severity, precedence: precedence, rule_group_id: rule_group_id,
+                               upstream: false, value_checks: value_checks, identifier: obj.identifier&.to_h,
+                               references: obj.references.map(&:to_h), remediation_available: false)
+
+      record
+    end
+    # rubocop:enable Metrics/ParameterLists
   end
 end

app/models/v2/rule_group.rb

@@ -16,5 +16,14 @@ class RuleGroup < ApplicationRecord
 
     searchable_by :title, %i[like unlike eq ne]
     searchable_by :ref_id, %i[like unlike]
+
+    def self.from_parser(obj, existing: nil, security_guide_id: nil, parent_id: nil, precedence: nil)
+      record = existing || new(ref_id: obj.id, security_guide_id: security_guide_id)
+
+      record.assign_attributes(title: obj.title, description: obj.description, rationale: obj.rationale,
+                               precedence: precedence, parent_id: parent_id)
+
+      record
+    end
   end
 end

app/models/v2/security_guide.rb

@@ -39,5 +39,11 @@ class SecurityGuide < ApplicationRecord
     def self.os_versions
       reselect(:os_major_version).distinct.reorder(:os_major_version).map(&:os_major_version)
     end
+
+    def self.from_parser(obj)
+      record = find_or_initialize_by(ref_id: obj.id, version: obj.version)
+      record.assign_attributes(title: obj.title, description: obj.description)
+      record
+    end
   end
 end

app/models/v2/value_definition.rb

@@ -15,6 +15,8 @@ class ValueDefinition < ApplicationRecord
     searchable_by :title, %i[like unlike eq ne]
     searchable_by :ref_id, %i[like unlike]
 
+    attr_accessor :op_source
+
     def validate_value(value)
       return false unless value.is_a?(String)
 
@@ -27,5 +29,13 @@ def validate_value(value)
         true
       end
     end
+
+    def self.from_parser(obj, existing: nil, security_guide_id: nil)
+      record = existing || new(ref_id: obj.id, security_guide_id: security_guide_id)
+      record.op_source = obj
+      record.assign_attributes(title: obj.title, description: obj.description,
+                               value_type: obj.type, default_value: obj.value)
+      record
+    end
   end
 end

app/services/concerns/xccdf/benchmarks.rb

@@ -26,7 +26,7 @@ def test_result_profile
         name: @test_result_file.test_result.profile_id
       ).find_or_initialize_by(
         ref_id: @test_result_file.test_result.profile_id,
-        benchmark: benchmark
+        benchmark_id: security_guide.id
       )
     end
   end

app/services/concerns/xccdf/hosts.rb

@@ -7,11 +7,11 @@ module ProfileOsMinorVersions
 
     included do
       def save_profile_os_minor_versions
-        ::ProfileOsMinorVersion.transaction do
+        ::V2::ProfileOsMinorVersion.transaction do
           # Delete all existing mappings for the given benchmark
           old_profile_os_minor_versions.delete_all
           # Import the new mappings
-          ::ProfileOsMinorVersion.import!(new_profile_os_minor_versions)
+          ::V2::ProfileOsMinorVersion.import!(new_profile_os_minor_versions)
         end
       end
 
@@ -20,18 +20,18 @@ def save_profile_os_minor_versions
       def new_profile_os_minor_versions
         @profiles.flat_map do |profile|
           os_minor_versions.map do |os_minor_version|
-            ::ProfileOsMinorVersion.new(profile: profile, os_minor_version: os_minor_version)
+            ::V2::ProfileOsMinorVersion.new(profile: profile, os_minor_version: os_minor_version)
           end
         end
       end
 
       def old_profile_os_minor_versions
-        @old_profile_os_minor_versions ||= ::ProfileOsMinorVersion.where(profile: @profiles.map(&:id))
+        @old_profile_os_minor_versions ||= ::V2::ProfileOsMinorVersion.where(profile: @profiles.map(&:id))
       end
 
       def os_minor_versions
-        SupportedSsg.by_ssg_version(true)[@benchmark.version]
-                    .select { |ssg| ssg.os_major_version == @benchmark.os_major_version }
+        SupportedSsg.by_ssg_version(true)[@security_guide.version]
+                    .select { |ssg| ssg.os_major_version == @security_guide.os_major_version }
                     .map(&:os_minor_version)
       end
     end

app/services/concerns/xccdf/profile_os_minor_versions.rb

@@ -7,15 +7,14 @@ module ProfileRules
 
     included do
       def save_profile_rules
-        ::ProfileRule.transaction do
-          ::ProfileRule.import!(profile_rules,
-                                on_duplicate_key_update: {
-                                  conflict_target: %i[rule_id profile_id],
-                                  columns: %i[rule_id profile_id]
-                                })
+        ::V2::ProfileRule.transaction do
+          ::V2::ProfileRule.import!(profile_rules,
+                                    on_duplicate_key_update: {
+                                      conflict_target: %i[rule_id profile_id],
+                                      columns: %i[rule_id profile_id]
+                                    })
 
-          base = ::ProfileRule.joins(profile: :benchmark)
-                              .where('profiles.parent_profile_id' => nil)
+          base = ::V2::ProfileRule.joins(profile: :security_guide)
 
           profile_rule_links_to_remove(base).delete_all
         end
@@ -36,7 +35,7 @@ def profile_rules
 
       def profile_rule_links_to_remove(base)
         grouped_rules = profile_rules.group_by(&:profile_id)
-        grouped_rules.reduce(ProfileRule.none) do |query, (profile_id, prs)|
+        grouped_rules.reduce(V2::ProfileRule.none) do |query, (profile_id, prs)|
           query.or(
             base.where(profile_id: profile_id)
                 .where.not(rule_id: prs.map(&:rule_id))

app/services/concerns/xccdf/profile_rules.rb

@@ -8,27 +8,26 @@ module Profiles
     included do
       def profiles
         @profiles ||= @op_profiles.map do |op_profile|
-          ::Profile.from_openscap_parser(
+          ::V2::Profile.from_parser(
             op_profile,
             existing: old_profiles[op_profile.id],
-            benchmark_id: @benchmark&.id,
+            security_guide_id: @security_guide.id,
             value_overrides: value_overrides(op_profile)
           )
         end
       end
 
       def save_profiles
         # Import the new records first with validation
-        ::Profile.import!(new_profiles, ignore: true)
+        ::V2::Profile.import!(new_profiles, ignore: true)
 
         # Update the fields on existing profiles, validation is not necessary
-        ::Profile.import(old_profiles.values,
-                         on_duplicate_key_update: {
-                           conflict_target: %i[ref_id benchmark_id],
-                           columns: %i[name value_overrides],
-                           index_predicate: 'parent_profile_id IS NULL'
-                         },
-                         validate: false)
+        ::V2::Profile.import(old_profiles.values,
+                             on_duplicate_key_update: {
+                               conflict_target: %i[ref_id security_guide_id],
+                               columns: %i[name value_overrides]
+                             },
+                             validate: false)
       end
 
       private
@@ -38,8 +37,8 @@ def new_profiles
       end
 
       def old_profiles
-        @old_profiles ||= ::Profile.where(
-          ref_id: @op_profiles.map(&:id), benchmark: @benchmark&.id, parent_profile_id: nil
+        @old_profiles ||= ::V2::Profile.where(
+          ref_id: @op_profiles.map(&:id), security_guide_id: @security_guide.id
         ).index_by(&:ref_id)
       end
 

app/services/concerns/xccdf/profiles.rb

@@ -7,31 +7,35 @@ module RuleGroups
 
     included do
       def save_rule_groups
-        @rule_groups ||= @op_rule_groups.each_with_index.map do |op_rule_group, idx|
-          ::RuleGroup.from_openscap_parser(op_rule_group,
-                                           existing: old_rule_groups[op_rule_group.id],
-                                           precedence: idx, benchmark_id: @benchmark&.id)
-        end
-
-        ::RuleGroup.import!(new_rule_groups, ignore: true)
+        ::V2::RuleGroup.import!(new_rule_groups, ignore: true)
 
         # Overwite a superset of old_rule_groups because the IDs of the ancestors are not
         # available in the first import! above
-        ::RuleGroup.import(rule_groups_with_ancestry, on_duplicate_key_update: {
-                             conflict_target: %i[ref_id benchmark_id],
-                             columns: %i[description rationale precedence ancestry]
-                           }, validate: false)
+        ::V2::RuleGroup.import(rule_groups_with_ancestry, on_duplicate_key_update: {
+                                 conflict_target: %i[ref_id security_guide_id],
+                                 columns: %i[description rationale precedence ancestry]
+                               }, validate: false)
       end
 
       private
 
+      def rule_groups
+        @rule_groups ||= @op_rule_groups.each_with_index.map do |op_rule_group, idx|
+          ::V2::RuleGroup.from_parser(
+            op_rule_group,
+            existing: old_rule_groups[op_rule_group.id], precedence: idx,
+            security_guide_id: @security_guide.id
+          )
+        end
+      end
+
       def new_rule_groups
-        @new_rule_groups ||= @rule_groups.select(&:new_record?)
+        @new_rule_groups ||= rule_groups.select(&:new_record?)
       end
 
       def old_rule_groups
-        @old_rule_groups ||= ::RuleGroup.where(
-          ref_id: @op_rule_groups.map(&:id), benchmark: @benchmark&.id
+        @old_rule_groups ||= ::V2::RuleGroup.where(
+          ref_id: @op_rule_groups.map(&:id), security_guide_id: @security_guide.id
         ).index_by(&:ref_id)
       end
 
@@ -50,7 +54,7 @@ def rule_groups_with_ancestry
       end
 
       def rule_group_for(ref_id:)
-        @cached_rule_groups ||= @rule_groups.index_by(&:ref_id)
+        @cached_rule_groups ||= rule_groups.index_by(&:ref_id)
         @cached_rule_groups[ref_id]
       end
     end