send root benchmark instead of multiple parent benchmarks (#1703)

* send root benchmark instead of multiple parent benchmarks * use merge instead of where exists create check
deepfence · Nov 3, 2023 · 88f69f5 · 88f69f5
1 parent 73d2178
commit 88f69f5
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/deepfence_server/handler/cloud_node.go b/deepfence_server/handler/cloud_node.go
@@ -162,7 +162,7 @@ func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http
 		}
 		logrus.Debugf("Pending scans for node: %+v", scanList)
 	}
-	logrus.Debugf("Returning response: Scan List %+v cloudtrailTrails %+v Refresh %s", scanList, cloudtrailTrails, doRefresh)
+	log.Debug().Msgf("Returning response: Scan List %+v cloudtrailTrails %+v Refresh %s", scanList, cloudtrailTrails, doRefresh)
 
 	err = httpext.JSON(w, http.StatusOK,
 		model.CloudNodeAccountRegisterResp{Data: model.CloudNodeAccountRegisterRespData{Scans: scanList,

diff --git a/deepfence_server/model/cloud_node.go b/deepfence_server/model/cloud_node.go
@@ -492,7 +492,7 @@ func GetActiveCloudControls(ctx context.Context, complianceTypes []string, cloud
 
 	var res neo4j.Result
 	res, err = tx.Run(`
-		MATCH (n:CloudComplianceBenchmark) -[:INCLUDES]-> (m:CloudComplianceControl)
+		MATCH (n:CloudComplianceBenchmark) -[:PARENT]-> (m:CloudComplianceControl)
 		WHERE m.active = true
 		AND m.disabled = false
 		AND m.compliance_type IN $compliance_types

diff --git a/deepfence_worker/cronjobs/cloud_compliance.go b/deepfence_worker/cronjobs/cloud_compliance.go
@@ -22,7 +22,8 @@ var BenchmarksAvailableMap = map[string][]string{
 	"gcp":        {"cis"},
 	"azure":      {"cis", "nist", "pci", "hipaa"},
 	"kubernetes": {"nsa-cisa"},
-	"linux":      {"hipaa", "nist", "pci", "gdpr"}}
+	"linux":      {"hipaa", "nist", "pci", "gdpr"},
+}
 
 type Benchmark struct {
 	BenchmarkId   string            `json:"benchmark_id"`
@@ -146,7 +147,7 @@ func AddCloudControls(ctx context.Context, task *asynq.Task) error {
 		MERGE (n:CloudComplianceExecutable:CloudComplianceBenchmark{
 			node_id: row.benchmark_id
 		})
-		ON CREATE 
+		ON CREATE
 			SET n.benchmark_id = row.benchmark_id,
 			n.description = row.description,
 			n.title = row.title,
@@ -179,6 +180,14 @@ func AddCloudControls(ctx context.Context, task *asynq.Task) error {
 			}
 		}
 	}
+	// connect controls to parent root benchmarks
+	if _, err = tx.Run(`
+	MATCH (n:CloudComplianceControl)
+	MATCH (b:CloudComplianceBenchmark{benchmark_id:n.parent_control_hierarchy[0]})
+	MERGE (b)-[:PARENT]->(n)`, map[string]interface{}{}); err != nil {
+		log.Error().Msgf(err.Error())
+		return nil
+	}
 	log.Info().Msgf("Updated Cloud Compliance Controls")
 	return tx.Commit()
 }