ISSUE-2199: Migrate to use Enum fields instead of strings (#2174)

* ISSUE-2199: Pushing changes * add enums for request structs * add cloud-resource completion api * revert benchmark_types enum * add support for string array in openapi spec --------- Co-authored-by: gnmahanth <mahanth@deepfence.io>
deepfence · Jun 6, 2024 · 0f4178d · 0f4178d
1 parent 8dd26ca
commit 0f4178d
Show file tree

Hide file tree

Showing 8 changed files with 41 additions and 15 deletions.
diff --git a/deepfence_server/apiDocs/operation.go b/deepfence_server/apiDocs/operation.go
@@ -908,6 +908,9 @@ func (d *OpenAPIDocs) AddCompletionOperations() {
 	d.AddOperation("completeCloudCompliance", http.MethodPost, "/deepfence/complete/cloud-compliance",
 		"Get Completion for cloud compliance fields", "Complete cloud compliance info",
 		http.StatusOK, []string{tagCompletion}, bearerToken, new(CompletionNodeFieldReq), new(CompletionNodeFieldRes))
+	d.AddOperation("completeCloudResources", http.MethodPost, "/deepfence/complete/cloud-resources",
+		"Get Completion for cloud resources fields", "Complete cloud resources info",
+		http.StatusOK, []string{tagCompletion}, bearerToken, new(CompletionNodeFieldReq), new(CompletionNodeFieldRes))
 	d.AddOperation("completeComplianceInfo", http.MethodPost, "/deepfence/complete/compliance",
 		"Get Completion for compliance fields", "Complete compliance info",
 		http.StatusOK, []string{tagCompletion}, bearerToken, new(CompletionNodeFieldReq), new(CompletionNodeFieldRes))

diff --git a/deepfence_server/handler/completion.go b/deepfence_server/handler/completion.go
@@ -30,6 +30,10 @@ func (h *Handler) CompleteCloudComplianceInfo(w http.ResponseWriter, r *http.Req
 	genericCompleteInfoHandler[model.CloudCompliance](w, r, h)
 }
 
+func (h *Handler) CompleteCloudResource(w http.ResponseWriter, r *http.Request) {
+	genericCompleteInfoHandler[model.CloudResource](w, r, h)
+}
+
 func (h *Handler) CompletePodInfo(w http.ResponseWriter, r *http.Request) {
 	genericCompleteInfoHandler[model.Pod](w, r, h)
 }

diff --git a/deepfence_server/handler/scan_reports.go b/deepfence_server/handler/scan_reports.go
@@ -460,9 +460,9 @@ func (h *Handler) StartComplianceScanHandler(w http.ResponseWriter, r *http.Requ
 	if scanTrigger.NodeType == controls.ResourceTypeToString(controls.CloudAccount) ||
 		scanTrigger.NodeType == controls.ResourceTypeToString(controls.KubernetesCluster) ||
 		scanTrigger.NodeType == controls.ResourceTypeToString(controls.Host) {
-		scanIds, bulkID, err = StartMultiCloudComplianceScan(ctx, nodes, reqs.BenchmarkTypes, reqs.IsPriority)
+		scanIds, bulkID, err = StartMultiCloudComplianceScan(ctx, nodes, model.BenchmarkTypeToArray(reqs.BenchmarkTypes), reqs.IsPriority)
 	} else {
-		scanIds, bulkID, err = startMultiComplianceScan(ctx, nodes, reqs.BenchmarkTypes)
+		scanIds, bulkID, err = startMultiComplianceScan(ctx, nodes, model.BenchmarkTypeToArray(reqs.BenchmarkTypes))
 		scanStatusType = utils.ComplianceScanStatus
 	}
 	if err != nil {

diff --git a/deepfence_server/model/cloud_node.go b/deepfence_server/model/cloud_node.go
@@ -50,7 +50,7 @@ type CloudNodeAccountRegisterReq struct {
 }
 
 type CloudNodeAccountsListReq struct {
-	CloudProvider string      `json:"cloud_provider"`
+	CloudProvider string      `json:"cloud_provider" enum:"aws,gcp,azure,linux,kubernetes,aws_org,gcp_org" required:"true"`
 	Window        FetchWindow `json:"window" required:"true"`
 }
 
@@ -155,7 +155,7 @@ type PendingCloudComplianceScan struct {
 type CloudNodeControlReq struct {
 	NodeID         string `json:"node_id"`
 	CloudProvider  string `json:"cloud_provider" required:"true" enum:"aws,gcp,azure,linux,kubernetes"`
-	ComplianceType string `json:"compliance_type" required:"true"`
+	ComplianceType string `json:"compliance_type" enum:"hipaa,gdpr,pci,nist,cis,soc_2,nsa-cisa" required:"true"`
 }
 
 type CloudNodeEnableDisableReq struct {

diff --git a/deepfence_server/model/lookup.go b/deepfence_server/model/lookup.go
@@ -379,7 +379,7 @@ type CloudResource struct {
 	Type                        string `json:"node_type" required:"true"`
 	TypeLabel                   string `json:"type_label" required:"true"`
 	AccountID                   string `json:"account_id" required:"true"`
-	CloudProvider               string `json:"cloud_provider" required:"true"`
+	CloudProvider               string `json:"cloud_provider" validate:"required,oneof=aws gcp azure" required:"true" enum:"aws,gcp,azure"`
 	CloudRegion                 string `json:"cloud_region" required:"true"`
 	CloudCompliancesCount       int64  `json:"cloud_compliances_count" required:"true"`
 	CloudComplianceScanStatus   string `json:"cloud_compliance_scan_status" required:"true"`

diff --git a/deepfence_server/model/scans.go b/deepfence_server/model/scans.go
@@ -67,15 +67,33 @@ type NodeIdentifier struct {
 	NodeType string `json:"node_type" required:"true" enum:"image,host,container,cloud_account,cluster,registry,pod"`
 }
 
+// required to generate proper openapi spec
+type BenchmarkType string
+
+// TODO: add new compliance type here
+func (bt BenchmarkType) Enum() []interface{} {
+	return []interface{}{"hipaa", "gdpr", "pci", "nist", "cis", "soc_2", "nsa-cisa"}
+}
+
+func BenchmarkTypeToArray(bt []BenchmarkType) []string {
+	bs := []string{}
+	if len(bt) > 0 {
+		for _, b := range bt {
+			bs = append(bs, string(b))
+		}
+	}
+	return bs
+}
+
 type ComplianceBenchmarkTypes struct {
-	BenchmarkTypes []string `json:"benchmark_types" required:"true"`
+	BenchmarkTypes []BenchmarkType `json:"benchmark_types" required:"true"`
 }
 
 type ScanStatus string
 
 type ScanInfo struct {
 	ScanID         string           `json:"scan_id" required:"true"`
-	Status         string           `json:"status" required:"true"`
+	Status         string           `json:"status" validate:"required,oneof=COMPLETE STARTING IN_PROGRESS ERROR CANCEL_PENDING CANCELLING CANCELLED DELETE_PENDING" required:"true" enum:"COMPLETE,STARTING,IN_PROGRESS,ERROR,CANCEL_PENDING,CANCELLING,CANCELLED,DELETE_PENDING"`
 	StatusMessage  string           `json:"status_message" required:"true"`
 	UpdatedAt      int64            `json:"updated_at" required:"true" format:"int64"`
 	CreatedAt      int64            `json:"created_at" required:"true" format:"int64"`
@@ -277,7 +295,7 @@ type Secret struct {
 	MatchedContent        string      `json:"matched_content" required:"true"`
 	Masked                bool        `json:"masked" required:"true"`
 	UpdatedAt             int64       `json:"updated_at" required:"true"`
-	Level                 string      `json:"level" required:"true"`
+	Level                 string      `json:"level" validate:"required,oneof=critical high medium low unknown" required:"true" enum:"critical,high,medium,low,unknown"`
 	Score                 float64     `json:"score" required:"true"`
 	RuleID                int32       `json:"rule_id" required:"true"`
 	Name                  string      `json:"name" required:"true"`
@@ -331,7 +349,7 @@ func (SecretRule) GetJSONCategory() string {
 type Vulnerability struct {
 	NodeID                 string        `json:"node_id" required:"true"`
 	CveID                  string        `json:"cve_id" required:"true"`
-	CveSeverity            string        `json:"cve_severity" required:"true"`
+	CveSeverity            string        `json:"cve_severity" validate:"required,oneof=critical high medium low unknown" required:"true" enum:"critical,high,medium,low,unknown"`
 	CveCausedByPackage     string        `json:"cve_caused_by_package" required:"true"`
 	CveCausedByPackagePath string        `json:"cve_caused_by_package_path" required:"true"`
 	CveContainerLayer      string        `json:"cve_container_layer" required:"true"`
@@ -408,7 +426,7 @@ type Malware struct {
 	Class            string        `json:"class" required:"true"`
 	CompleteFilename string        `json:"complete_filename" required:"true"`
 	FileSevScore     int           `json:"file_sev_score" required:"true"`
-	FileSeverity     string        `json:"file_severity" required:"true"`
+	FileSeverity     string        `json:"file_severity" validate:"required,oneof=critical high medium low unknown" required:"true" enum:"critical,high,medium,low,unknown"`
 	ImageLayerID     string        `json:"image_layer_id" required:"true"`
 	NodeID           string        `json:"node_id" required:"true"`
 	RuleID           string        `json:"rule_id" required:"true"`
@@ -484,8 +502,8 @@ type Compliance struct {
 	TestRationale       string      `json:"test_rationale" required:"true"`
 	TestSeverity        string      `json:"test_severity" required:"true"`
 	TestDesc            string      `json:"test_desc" required:"true"`
-	Status              string      `json:"status" required:"true"`
-	ComplianceCheckType string      `json:"compliance_check_type" required:"true"`
+	Status              string      `json:"status" required:"true" enum:"pass,fail,warn,info,note"`
+	ComplianceCheckType string      `json:"compliance_check_type" required:"true" enum:"hipaa,gdpr,pci,nist"`
 	ComplianceNodeID    string      `json:"node_id" required:"true"`
 	ComplianceNodeType  string      `json:"node_type" required:"true"`
 	Masked              bool        `json:"masked" required:"true"`
@@ -541,13 +559,13 @@ type CloudCompliance struct {
 	Count               int32       `json:"count,omitempty" required:"true"`
 	Reason              string      `json:"reason" required:"true"`
 	Resource            string      `json:"resource" required:"true"`
-	Status              string      `json:"status" required:"true"`
+	Status              string      `json:"status" required:"true" enum:"alarm,skip,ok,info"`
 	Region              string      `json:"region" required:"true"`
 	AccountID           string      `json:"account_id" required:"true"`
 	Group               string      `json:"group" required:"true"`
 	Service             string      `json:"service" required:"true"`
 	Title               string      `json:"title" required:"true"`
-	ComplianceCheckType string      `json:"compliance_check_type" required:"true"`
+	ComplianceCheckType string      `json:"compliance_check_type" required:"true" enum:"hipaa,gdpr,pci,nist,cis,soc_2,nsa-cisa"`
 	CloudProvider       string      `json:"cloud_provider" required:"true"`
 	NodeName            string      `json:"node_name" required:"true"`
 	NodeID              string      `json:"node_id" required:"true"`

diff --git a/deepfence_server/router/router.go b/deepfence_server/router/router.go
@@ -265,6 +265,7 @@ func SetupRoutes(r *chi.Mux, serverPort string, serveOpenapiDocs bool, ingestC c
 				r.Post("/vulnerability", dfHandler.CompleteVulnerabilityInfo)
 				r.Post("/host", dfHandler.CompleteHostInfo)
 				r.Post("/cloud-compliance", dfHandler.CompleteCloudComplianceInfo)
+				r.Post("/cloud-resources", dfHandler.CompleteCloudResource)
 				r.Post("/compliance", dfHandler.CompleteComplianceInfo)
 				r.Post("/pod", dfHandler.CompletePodInfo)
 				r.Post("/container", dfHandler.CompleteContainerInfo)

diff --git a/deepfence_worker/cronjobs/scheduled_tasks.go b/deepfence_worker/cronjobs/scheduled_tasks.go
@@ -237,7 +237,7 @@ func runCustomScheduledTasks(ctx context.Context, messagePayload map[string]inte
 			log.Warn().Msgf("Invalid benchmarkType for compliance scan, job id: %d", scheduleJobId)
 			return nil
 		}
-		_, _, err := handler.StartMultiCloudComplianceScan(ctx, nodeIds, payload.BenchmarkTypes, false)
+		_, _, err := handler.StartMultiCloudComplianceScan(ctx, nodeIds, model.BenchmarkTypeToArray(payload.BenchmarkTypes), false)
 		if err != nil {
 			return err
 		}