diff --git a/central/reports/common/query_builder.go b/central/reports/common/query_builder.go index 5de45059da538..5a95b563f9c15 100644 --- a/central/reports/common/query_builder.go +++ b/central/reports/common/query_builder.go @@ -27,17 +27,20 @@ type queryBuilder struct { collection *storage.ResourceCollection collectionQueryResolver collectionDataStore.QueryResolver dataStartTime time.Time + entityScope *storage.EntityScope } // NewVulnReportQueryBuilder builds a query builder to build scope and cve filtering queries for vuln reporting -func NewVulnReportQueryBuilder(collection *storage.ResourceCollection, vulnFilters *storage.VulnerabilityReportFilters, +func NewVulnReportQueryBuilder(collection *storage.ResourceCollection, entityScope *storage.EntityScope, vulnFilters *storage.VulnerabilityReportFilters, collectionQueryRes collectionDataStore.QueryResolver, dataStartTime time.Time) *queryBuilder { return &queryBuilder{ - vulnFilters: vulnFilters, collection: collection, + entityScope: entityScope, + vulnFilters: vulnFilters, collectionQueryResolver: collectionQueryRes, dataStartTime: dataStartTime, } + } // BuildQuery builds scope and cve filtering queries for vuln reporting @@ -46,10 +49,22 @@ func (q *queryBuilder) BuildQuery( clusters []effectiveaccessscope.Cluster, namespaces []effectiveaccessscope.Namespace, ) (*ReportQuery, error) { - deploymentsQuery, err := q.collectionQueryResolver.ResolveCollectionQuery(ctx, q.collection) - if err != nil { - return nil, err + deploymentsQuery := search.MatchNoneQuery() + var err error + if q.collection != nil { + deploymentsQuery, err = q.collectionQueryResolver.ResolveCollectionQuery(ctx, q.collection) + if err != nil { + return nil, err + } + } else { + + entityScopeQueryString, err := q.buildEntityScopeQueryString() + if err != nil { + return nil, err + } + deploymentsQuery, err = search.ParseQuery(entityScopeQueryString, search.MatchAllIfEmpty()) } + scopeQuery, err := q.buildAccessScopeQuery(clusters, namespaces) if err != nil { return nil, err @@ -66,6 +81,90 @@ func (q *queryBuilder) BuildQuery( }, nil } +func (q *queryBuilder) buildEntityScopeQueryString() (string, error) { + rules := q.entityScope.GetRules() + if len(rules) == 0 { + return "", nil + } + + var conjuncts []string + for _, rule := range rules { + fieldLabel, err := entityScopeRuleToFieldLabel(rule) + if err != nil { + return "", err + } + isLabel := fieldLabel == search.DeploymentLabel || + fieldLabel == search.NamespaceLabel || + fieldLabel == search.ClusterLabel + + values := make([]string, 0, len(rule.GetValues())) + for _, rv := range rule.GetValues() { + val := rv.GetValue() + if rv.GetMatchType() == storage.MatchType_REGEX { + val = search.RegexPrefix + val + } + values = append(values, val) + } + + if len(values) == 0 { + continue + } + + var qb *search.QueryBuilder + if isLabel { + for _, v := range values { + key, value := splitLabelValue(v) + qb = search.NewQueryBuilder().AddMapQuery(fieldLabel, key, value) + conjuncts = append(conjuncts, qb.Query()) + } + } else { + qb = search.NewQueryBuilder().AddExactMatches(fieldLabel, values...) + conjuncts = append(conjuncts, qb.Query()) + } + } + + return strings.Join(conjuncts, "+"), nil +} + +func entityScopeRuleToFieldLabel(rule *storage.EntityScopeRule) (search.FieldLabel, error) { + switch rule.GetEntity() { + case storage.EntityType_ENTITY_TYPE_DEPLOYMENT: + switch rule.GetField() { + case storage.EntityField_FIELD_NAME: + return search.DeploymentName, nil + case storage.EntityField_FIELD_LABEL: + return search.DeploymentLabel, nil + case storage.EntityField_FIELD_ANNOTATION: + return search.DeploymentAnnotation, nil + } + case storage.EntityType_ENTITY_TYPE_NAMESPACE: + switch rule.GetField() { + case storage.EntityField_FIELD_NAME: + return search.Namespace, nil + case storage.EntityField_FIELD_LABEL: + return search.NamespaceLabel, nil + case storage.EntityField_FIELD_ANNOTATION: + return search.NamespaceAnnotation, nil + } + case storage.EntityType_ENTITY_TYPE_CLUSTER: + switch rule.GetField() { + case storage.EntityField_FIELD_NAME: + return search.Cluster, nil + case storage.EntityField_FIELD_LABEL: + return search.ClusterLabel, nil + } + } + return "", fmt.Errorf("unsupported entity/field combination: %s/%s", rule.GetEntity(), rule.GetField()) +} + +func splitLabelValue(labelVal string) (string, string) { + parts := strings.SplitN(labelVal, "=", 2) + if len(parts) == 2 { + return fmt.Sprintf("%q", parts[0]), fmt.Sprintf("%q", parts[1]) + } + return fmt.Sprintf("%q", labelVal), fmt.Sprintf("%q", "") +} + func (q *queryBuilder) buildCVEAttributesQuery() (string, error) { vulnReportFilters := q.vulnFilters var conjuncts []string diff --git a/central/reports/common/query_builder_test.go b/central/reports/common/query_builder_test.go index cb30397775eae..5cd75188e3c09 100644 --- a/central/reports/common/query_builder_test.go +++ b/central/reports/common/query_builder_test.go @@ -197,3 +197,178 @@ func TestBuildAccessScopeQuery(t *testing.T) { func assertByDirectComparison(t testing.TB, expected *v1.Query, actual *v1.Query) { protoassert.Equal(t, expected, actual) } + +func TestBuildEntityScopeQueryString(t *testing.T) { + testCases := []struct { + name string + scope *storage.EntityScope + expected string + hasError bool + }{ + { + name: "Empty rules returns empty string (match all)", + scope: &storage.EntityScope{}, + expected: "", + }, + { + name: "Single namespace name rule", + scope: &storage.EntityScope{ + Rules: []*storage.EntityScopeRule{ + { + Entity: storage.EntityType_ENTITY_TYPE_NAMESPACE, + Field: storage.EntityField_FIELD_NAME, + Values: []*storage.RuleValue{ + {Value: "prod", MatchType: storage.MatchType_EXACT}, + {Value: "staging", MatchType: storage.MatchType_EXACT}, + }, + }, + }, + }, + expected: search.NewQueryBuilder().AddExactMatches(search.Namespace, "prod", "staging").Query(), + }, + { + name: "Single deployment name rule", + scope: &storage.EntityScope{ + Rules: []*storage.EntityScopeRule{ + { + Entity: storage.EntityType_ENTITY_TYPE_DEPLOYMENT, + Field: storage.EntityField_FIELD_NAME, + Values: []*storage.RuleValue{ + {Value: "web-server", MatchType: storage.MatchType_EXACT}, + }, + }, + }, + }, + expected: search.NewQueryBuilder().AddExactMatches(search.DeploymentName, "web-server").Query(), + }, + { + name: "Single cluster name rule", + scope: &storage.EntityScope{ + Rules: []*storage.EntityScopeRule{ + { + Entity: storage.EntityType_ENTITY_TYPE_CLUSTER, + Field: storage.EntityField_FIELD_NAME, + Values: []*storage.RuleValue{ + {Value: "prod-us", MatchType: storage.MatchType_EXACT}, + {Value: "prod-eu", MatchType: storage.MatchType_EXACT}, + }, + }, + }, + }, + expected: search.NewQueryBuilder().AddExactMatches(search.Cluster, "prod-us", "prod-eu").Query(), + }, + { + name: "Multiple rules are ANDed", + scope: &storage.EntityScope{ + Rules: []*storage.EntityScopeRule{ + { + Entity: storage.EntityType_ENTITY_TYPE_NAMESPACE, + Field: storage.EntityField_FIELD_NAME, + Values: []*storage.RuleValue{ + {Value: "prod", MatchType: storage.MatchType_EXACT}, + }, + }, + { + Entity: storage.EntityType_ENTITY_TYPE_DEPLOYMENT, + Field: storage.EntityField_FIELD_NAME, + Values: []*storage.RuleValue{ + {Value: "backend", MatchType: storage.MatchType_EXACT}, + {Value: "frontend", MatchType: storage.MatchType_EXACT}, + }, + }, + }, + }, + expected: search.NewQueryBuilder().AddExactMatches(search.Namespace, "prod").Query() + + "+" + + search.NewQueryBuilder().AddExactMatches(search.DeploymentName, "backend", "frontend").Query(), + }, + { + name: "Label rule uses map query", + scope: &storage.EntityScope{ + Rules: []*storage.EntityScopeRule{ + { + Entity: storage.EntityType_ENTITY_TYPE_NAMESPACE, + Field: storage.EntityField_FIELD_LABEL, + Values: []*storage.RuleValue{ + {Value: "env=prod", MatchType: storage.MatchType_EXACT}, + }, + }, + }, + }, + expected: search.NewQueryBuilder().AddMapQuery(search.NamespaceLabel, `"env"`, `"prod"`).Query(), + }, + { + name: "Regex match type adds r/ prefix", + scope: &storage.EntityScope{ + Rules: []*storage.EntityScopeRule{ + { + Entity: storage.EntityType_ENTITY_TYPE_DEPLOYMENT, + Field: storage.EntityField_FIELD_NAME, + Values: []*storage.RuleValue{ + {Value: "web-.*", MatchType: storage.MatchType_REGEX}, + }, + }, + }, + }, + expected: search.NewQueryBuilder().AddExactMatches(search.DeploymentName, "r/web-.*").Query(), + }, + { + name: "Rule with empty values is skipped", + scope: &storage.EntityScope{ + Rules: []*storage.EntityScopeRule{ + { + Entity: storage.EntityType_ENTITY_TYPE_NAMESPACE, + Field: storage.EntityField_FIELD_NAME, + Values: []*storage.RuleValue{}, + }, + }, + }, + expected: "", + }, + { + name: "Unsupported entity/field returns error", + scope: &storage.EntityScope{ + Rules: []*storage.EntityScopeRule{ + { + Entity: storage.EntityType_ENTITY_TYPE_CLUSTER, + Field: storage.EntityField_FIELD_ANNOTATION, + Values: []*storage.RuleValue{ + {Value: "team=infra", MatchType: storage.MatchType_EXACT}, + }, + }, + }, + }, + hasError: true, + }, + { + name: "Deployment annotation rule", + scope: &storage.EntityScope{ + Rules: []*storage.EntityScopeRule{ + { + Entity: storage.EntityType_ENTITY_TYPE_DEPLOYMENT, + Field: storage.EntityField_FIELD_ANNOTATION, + Values: []*storage.RuleValue{ + {Value: "owner=team-a", MatchType: storage.MatchType_EXACT}, + }, + }, + }, + }, + expected: search.NewQueryBuilder().AddExactMatches(search.DeploymentAnnotation, "owner=team-a").Query(), + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + qb := &queryBuilder{ + entityScope: tc.scope, + } + result, err := qb.buildEntityScopeQueryString() + if tc.hasError { + assert.Error(t, err) + return + } + assert.NoError(t, err) + assert.Equal(t, tc.expected, result) + }) + } +} diff --git a/central/reports/scheduler/v2/reportgenerator/report_gen_impl.go b/central/reports/scheduler/v2/reportgenerator/report_gen_impl.go index af61774326ad1..f3028153e5678 100644 --- a/central/reports/scheduler/v2/reportgenerator/report_gen_impl.go +++ b/central/reports/scheduler/v2/reportgenerator/report_gen_impl.go @@ -389,7 +389,7 @@ func (rg *reportGeneratorImpl) buildReportQueryViewBased(snap *storage.ReportSna func (rg *reportGeneratorImpl) buildReportQuery(snap *storage.ReportSnapshot, collection *storage.ResourceCollection, dataStartTime time.Time) (*common.ReportQuery, error) { - qb := common.NewVulnReportQueryBuilder(collection, snap.GetVulnReportFilters(), rg.collectionQueryResolver, + qb := common.NewVulnReportQueryBuilder(collection, snap.GetResourceScope().GetEntityScope(), snap.GetVulnReportFilters(), rg.collectionQueryResolver, dataStartTime) allClusters, allNamespaces, err := rg.getClustersAndNamespacesForSAC() if err != nil { diff --git a/central/reports/snapshot/datastore/store/postgres/store.go b/central/reports/snapshot/datastore/store/postgres/store.go index d019cc69b89cd..ca21444f36c72 100644 --- a/central/reports/snapshot/datastore/store/postgres/store.go +++ b/central/reports/snapshot/datastore/store/postgres/store.go @@ -112,10 +112,11 @@ func insertIntoReportSnapshots(batch *pgx.Batch, obj *storage.ReportSnapshot) er obj.GetRequester().GetId(), obj.GetRequester().GetName(), obj.GetAreaOfConcern(), + obj.GetResourceScope().GetCollectionId(), serialized, } - finalStr := "INSERT INTO report_snapshots (ReportId, ReportConfigurationId, Name, ReportStatus_RunState, ReportStatus_QueuedAt, ReportStatus_CompletedAt, ReportStatus_ReportRequestType, ReportStatus_ReportNotificationMethod, Requester_Id, Requester_Name, AreaOfConcern, serialized) VALUES($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) ON CONFLICT(ReportId) DO UPDATE SET ReportId = EXCLUDED.ReportId, ReportConfigurationId = EXCLUDED.ReportConfigurationId, Name = EXCLUDED.Name, ReportStatus_RunState = EXCLUDED.ReportStatus_RunState, ReportStatus_QueuedAt = EXCLUDED.ReportStatus_QueuedAt, ReportStatus_CompletedAt = EXCLUDED.ReportStatus_CompletedAt, ReportStatus_ReportRequestType = EXCLUDED.ReportStatus_ReportRequestType, ReportStatus_ReportNotificationMethod = EXCLUDED.ReportStatus_ReportNotificationMethod, Requester_Id = EXCLUDED.Requester_Id, Requester_Name = EXCLUDED.Requester_Name, AreaOfConcern = EXCLUDED.AreaOfConcern, serialized = EXCLUDED.serialized" + finalStr := "INSERT INTO report_snapshots (ReportId, ReportConfigurationId, Name, ReportStatus_RunState, ReportStatus_QueuedAt, ReportStatus_CompletedAt, ReportStatus_ReportRequestType, ReportStatus_ReportNotificationMethod, Requester_Id, Requester_Name, AreaOfConcern, ResourceScope_CollectionId, serialized) VALUES($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) ON CONFLICT(ReportId) DO UPDATE SET ReportId = EXCLUDED.ReportId, ReportConfigurationId = EXCLUDED.ReportConfigurationId, Name = EXCLUDED.Name, ReportStatus_RunState = EXCLUDED.ReportStatus_RunState, ReportStatus_QueuedAt = EXCLUDED.ReportStatus_QueuedAt, ReportStatus_CompletedAt = EXCLUDED.ReportStatus_CompletedAt, ReportStatus_ReportRequestType = EXCLUDED.ReportStatus_ReportRequestType, ReportStatus_ReportNotificationMethod = EXCLUDED.ReportStatus_ReportNotificationMethod, Requester_Id = EXCLUDED.Requester_Id, Requester_Name = EXCLUDED.Requester_Name, AreaOfConcern = EXCLUDED.AreaOfConcern, ResourceScope_CollectionId = EXCLUDED.ResourceScope_CollectionId, serialized = EXCLUDED.serialized" batch.Queue(finalStr, values...) return nil @@ -133,6 +134,7 @@ var copyColsReportSnapshots = []string{ "requester_id", "requester_name", "areaofconcern", + "resourcescope_collectionid", "serialized", } @@ -178,6 +180,7 @@ func copyFromReportSnapshots(ctx context.Context, s pgSearch.Deleter, tx *postgr obj.GetRequester().GetId(), obj.GetRequester().GetName(), obj.GetAreaOfConcern(), + obj.GetResourceScope().GetCollectionId(), serialized, }, nil }) diff --git a/generated/api/v1/report_configuration_service.swagger.json b/generated/api/v1/report_configuration_service.swagger.json index 2e9a8e2a6dea6..3022c807b13d9 100644 --- a/generated/api/v1/report_configuration_service.swagger.json +++ b/generated/api/v1/report_configuration_service.swagger.json @@ -505,6 +505,67 @@ } } }, + "storageEntityField": { + "type": "string", + "enum": [ + "FIELD_UNSET", + "FIELD_ID", + "FIELD_NAME", + "FIELD_LABEL", + "FIELD_ANNOTATION" + ], + "default": "FIELD_UNSET" + }, + "storageEntityScope": { + "type": "object", + "properties": { + "rules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/storageEntityScopeRule" + } + } + }, + "title": "EntityScope is a new scoping method using ns,deployments,clusters filters introduced in 4.11" + }, + "storageEntityScopeRule": { + "type": "object", + "properties": { + "entity": { + "$ref": "#/definitions/storageEntityType" + }, + "field": { + "$ref": "#/definitions/storageEntityField" + }, + "values": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/storageRuleValue" + } + } + }, + "title": "EntityScopeRule stores the filter as an entity field pair along with a list of values" + }, + "storageEntityType": { + "type": "string", + "enum": [ + "ENTITY_TYPE_UNSET", + "ENTITY_TYPE_DEPLOYMENT", + "ENTITY_TYPE_NAMESPACE", + "ENTITY_TYPE_CLUSTER" + ], + "default": "ENTITY_TYPE_UNSET" + }, + "storageMatchType": { + "type": "string", + "enum": [ + "EXACT", + "REGEX" + ], + "default": "EXACT" + }, "storageNotifierConfiguration": { "type": "object", "properties": { @@ -590,6 +651,20 @@ "properties": { "collectionId": { "type": "string" + }, + "entityScope": { + "$ref": "#/definitions/storageEntityScope" + } + } + }, + "storageRuleValue": { + "type": "object", + "properties": { + "value": { + "type": "string" + }, + "matchType": { + "$ref": "#/definitions/storageMatchType" } } }, @@ -688,6 +763,10 @@ }, "includeAdvisory": { "type": "boolean" + }, + "query": { + "type": "string", + "title": "this field stores enhanced filters related to image, cve etc for non collection based scopes" } } }, diff --git a/generated/storage/report_configuration.pb.go b/generated/storage/report_configuration.pb.go index df4eb32ea9f80..b4131f4944f3b 100644 --- a/generated/storage/report_configuration.pb.go +++ b/generated/storage/report_configuration.pb.go @@ -22,6 +22,113 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +type EntityType int32 + +const ( + EntityType_ENTITY_TYPE_UNSET EntityType = 0 + EntityType_ENTITY_TYPE_DEPLOYMENT EntityType = 1 + EntityType_ENTITY_TYPE_NAMESPACE EntityType = 2 + EntityType_ENTITY_TYPE_CLUSTER EntityType = 3 +) + +// Enum value maps for EntityType. +var ( + EntityType_name = map[int32]string{ + 0: "ENTITY_TYPE_UNSET", + 1: "ENTITY_TYPE_DEPLOYMENT", + 2: "ENTITY_TYPE_NAMESPACE", + 3: "ENTITY_TYPE_CLUSTER", + } + EntityType_value = map[string]int32{ + "ENTITY_TYPE_UNSET": 0, + "ENTITY_TYPE_DEPLOYMENT": 1, + "ENTITY_TYPE_NAMESPACE": 2, + "ENTITY_TYPE_CLUSTER": 3, + } +) + +func (x EntityType) Enum() *EntityType { + p := new(EntityType) + *p = x + return p +} + +func (x EntityType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (EntityType) Descriptor() protoreflect.EnumDescriptor { + return file_storage_report_configuration_proto_enumTypes[0].Descriptor() +} + +func (EntityType) Type() protoreflect.EnumType { + return &file_storage_report_configuration_proto_enumTypes[0] +} + +func (x EntityType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use EntityType.Descriptor instead. +func (EntityType) EnumDescriptor() ([]byte, []int) { + return file_storage_report_configuration_proto_rawDescGZIP(), []int{0} +} + +type EntityField int32 + +const ( + EntityField_FIELD_UNSET EntityField = 0 + EntityField_FIELD_ID EntityField = 1 + EntityField_FIELD_NAME EntityField = 2 + EntityField_FIELD_LABEL EntityField = 3 + EntityField_FIELD_ANNOTATION EntityField = 4 +) + +// Enum value maps for EntityField. +var ( + EntityField_name = map[int32]string{ + 0: "FIELD_UNSET", + 1: "FIELD_ID", + 2: "FIELD_NAME", + 3: "FIELD_LABEL", + 4: "FIELD_ANNOTATION", + } + EntityField_value = map[string]int32{ + "FIELD_UNSET": 0, + "FIELD_ID": 1, + "FIELD_NAME": 2, + "FIELD_LABEL": 3, + "FIELD_ANNOTATION": 4, + } +) + +func (x EntityField) Enum() *EntityField { + p := new(EntityField) + *p = x + return p +} + +func (x EntityField) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (EntityField) Descriptor() protoreflect.EnumDescriptor { + return file_storage_report_configuration_proto_enumTypes[1].Descriptor() +} + +func (EntityField) Type() protoreflect.EnumType { + return &file_storage_report_configuration_proto_enumTypes[1] +} + +func (x EntityField) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use EntityField.Descriptor instead. +func (EntityField) EnumDescriptor() ([]byte, []int) { + return file_storage_report_configuration_proto_rawDescGZIP(), []int{1} +} + type ReportConfiguration_ReportType int32 const ( @@ -49,11 +156,11 @@ func (x ReportConfiguration_ReportType) String() string { } func (ReportConfiguration_ReportType) Descriptor() protoreflect.EnumDescriptor { - return file_storage_report_configuration_proto_enumTypes[0].Descriptor() + return file_storage_report_configuration_proto_enumTypes[2].Descriptor() } func (ReportConfiguration_ReportType) Type() protoreflect.EnumType { - return &file_storage_report_configuration_proto_enumTypes[0] + return &file_storage_report_configuration_proto_enumTypes[2] } func (x ReportConfiguration_ReportType) Number() protoreflect.EnumNumber { @@ -95,11 +202,11 @@ func (x ReportLastRunStatus_RunStatus) String() string { } func (ReportLastRunStatus_RunStatus) Descriptor() protoreflect.EnumDescriptor { - return file_storage_report_configuration_proto_enumTypes[1].Descriptor() + return file_storage_report_configuration_proto_enumTypes[3].Descriptor() } func (ReportLastRunStatus_RunStatus) Type() protoreflect.EnumType { - return &file_storage_report_configuration_proto_enumTypes[1] + return &file_storage_report_configuration_proto_enumTypes[3] } func (x ReportLastRunStatus_RunStatus) Number() protoreflect.EnumNumber { @@ -144,11 +251,11 @@ func (x VulnerabilityReportFilters_Fixability) String() string { } func (VulnerabilityReportFilters_Fixability) Descriptor() protoreflect.EnumDescriptor { - return file_storage_report_configuration_proto_enumTypes[2].Descriptor() + return file_storage_report_configuration_proto_enumTypes[4].Descriptor() } func (VulnerabilityReportFilters_Fixability) Type() protoreflect.EnumType { - return &file_storage_report_configuration_proto_enumTypes[2] + return &file_storage_report_configuration_proto_enumTypes[4] } func (x VulnerabilityReportFilters_Fixability) Number() protoreflect.EnumNumber { @@ -190,11 +297,11 @@ func (x VulnerabilityReportFilters_ImageType) String() string { } func (VulnerabilityReportFilters_ImageType) Descriptor() protoreflect.EnumDescriptor { - return file_storage_report_configuration_proto_enumTypes[3].Descriptor() + return file_storage_report_configuration_proto_enumTypes[5].Descriptor() } func (VulnerabilityReportFilters_ImageType) Type() protoreflect.EnumType { - return &file_storage_report_configuration_proto_enumTypes[3] + return &file_storage_report_configuration_proto_enumTypes[5] } func (x VulnerabilityReportFilters_ImageType) Number() protoreflect.EnumNumber { @@ -474,8 +581,10 @@ type VulnerabilityReportFilters struct { IncludeNvdCvss bool `protobuf:"varint,9,opt,name=include_nvd_cvss,json=includeNvdCvss,proto3" json:"include_nvd_cvss,omitempty"` IncludeEpssProbability bool `protobuf:"varint,10,opt,name=include_epss_probability,json=includeEpssProbability,proto3" json:"include_epss_probability,omitempty"` IncludeAdvisory bool `protobuf:"varint,11,opt,name=include_advisory,json=includeAdvisory,proto3" json:"include_advisory,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + // this field stores enhanced filters related to image, cve etc for non collection based scopes + Query string `protobuf:"bytes,12,opt,name=query,proto3" json:"query,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *VulnerabilityReportFilters) Reset() { @@ -598,6 +707,13 @@ func (x *VulnerabilityReportFilters) GetIncludeAdvisory() bool { return false } +func (x *VulnerabilityReportFilters) GetQuery() string { + if x != nil { + return x.Query + } + return "" +} + type isVulnerabilityReportFilters_CvesSince interface { isVulnerabilityReportFilters_CvesSince() } @@ -626,6 +742,7 @@ type ResourceScope struct { // Types that are valid to be assigned to ScopeReference: // // *ResourceScope_CollectionId + // *ResourceScope_EntityScope ScopeReference isResourceScope_ScopeReference `protobuf_oneof:"scope_reference"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache @@ -677,6 +794,15 @@ func (x *ResourceScope) GetCollectionId() string { return "" } +func (x *ResourceScope) GetEntityScope() *EntityScope { + if x != nil { + if x, ok := x.ScopeReference.(*ResourceScope_EntityScope); ok { + return x.EntityScope + } + } + return nil +} + type isResourceScope_ScopeReference interface { isResourceScope_ScopeReference() } @@ -685,8 +811,120 @@ type ResourceScope_CollectionId struct { CollectionId string `protobuf:"bytes,1,opt,name=collection_id,json=collectionId,proto3,oneof" search:"Collection ID"` // @gotags: search:"Collection ID" } +type ResourceScope_EntityScope struct { + EntityScope *EntityScope `protobuf:"bytes,2,opt,name=entity_scope,json=entityScope,proto3,oneof"` +} + func (*ResourceScope_CollectionId) isResourceScope_ScopeReference() {} +func (*ResourceScope_EntityScope) isResourceScope_ScopeReference() {} + +// EntityScope is a new scoping method using ns,deployments,clusters filters introduced in 4.11 +type EntityScope struct { + state protoimpl.MessageState `protogen:"open.v1"` + Rules []*EntityScopeRule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EntityScope) Reset() { + *x = EntityScope{} + mi := &file_storage_report_configuration_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EntityScope) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EntityScope) ProtoMessage() {} + +func (x *EntityScope) ProtoReflect() protoreflect.Message { + mi := &file_storage_report_configuration_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EntityScope.ProtoReflect.Descriptor instead. +func (*EntityScope) Descriptor() ([]byte, []int) { + return file_storage_report_configuration_proto_rawDescGZIP(), []int{4} +} + +func (x *EntityScope) GetRules() []*EntityScopeRule { + if x != nil { + return x.Rules + } + return nil +} + +// EntityScopeRule stores the filter as an entity field pair along with a list of values +type EntityScopeRule struct { + state protoimpl.MessageState `protogen:"open.v1"` + Entity EntityType `protobuf:"varint,1,opt,name=entity,proto3,enum=storage.EntityType" json:"entity,omitempty"` + Field EntityField `protobuf:"varint,2,opt,name=field,proto3,enum=storage.EntityField" json:"field,omitempty"` + Values []*RuleValue `protobuf:"bytes,3,rep,name=values,proto3" json:"values,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EntityScopeRule) Reset() { + *x = EntityScopeRule{} + mi := &file_storage_report_configuration_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EntityScopeRule) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EntityScopeRule) ProtoMessage() {} + +func (x *EntityScopeRule) ProtoReflect() protoreflect.Message { + mi := &file_storage_report_configuration_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EntityScopeRule.ProtoReflect.Descriptor instead. +func (*EntityScopeRule) Descriptor() ([]byte, []int) { + return file_storage_report_configuration_proto_rawDescGZIP(), []int{5} +} + +func (x *EntityScopeRule) GetEntity() EntityType { + if x != nil { + return x.Entity + } + return EntityType_ENTITY_TYPE_UNSET +} + +func (x *EntityScopeRule) GetField() EntityField { + if x != nil { + return x.Field + } + return EntityField_FIELD_UNSET +} + +func (x *EntityScopeRule) GetValues() []*RuleValue { + if x != nil { + return x.Values + } + return nil +} + // filter for view based reports type ViewBasedVulnerabilityReportFilters struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -698,7 +936,7 @@ type ViewBasedVulnerabilityReportFilters struct { func (x *ViewBasedVulnerabilityReportFilters) Reset() { *x = ViewBasedVulnerabilityReportFilters{} - mi := &file_storage_report_configuration_proto_msgTypes[4] + mi := &file_storage_report_configuration_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -710,7 +948,7 @@ func (x *ViewBasedVulnerabilityReportFilters) String() string { func (*ViewBasedVulnerabilityReportFilters) ProtoMessage() {} func (x *ViewBasedVulnerabilityReportFilters) ProtoReflect() protoreflect.Message { - mi := &file_storage_report_configuration_proto_msgTypes[4] + mi := &file_storage_report_configuration_proto_msgTypes[6] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -723,7 +961,7 @@ func (x *ViewBasedVulnerabilityReportFilters) ProtoReflect() protoreflect.Messag // Deprecated: Use ViewBasedVulnerabilityReportFilters.ProtoReflect.Descriptor instead. func (*ViewBasedVulnerabilityReportFilters) Descriptor() ([]byte, []int) { - return file_storage_report_configuration_proto_rawDescGZIP(), []int{4} + return file_storage_report_configuration_proto_rawDescGZIP(), []int{6} } func (x *ViewBasedVulnerabilityReportFilters) GetQuery() string { @@ -744,7 +982,7 @@ var File_storage_report_configuration_proto protoreflect.FileDescriptor const file_storage_report_configuration_proto_rawDesc = "" + "\n" + - "\"storage/report_configuration.proto\x12\astorage\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x11storage/cve.proto\x1a+storage/report_notifier_configuration.proto\x1a\x12storage/role.proto\x1a\x16storage/schedule.proto\x1a\x12storage/user.proto\"\xa0\x06\n" + + "\"storage/report_configuration.proto\x12\astorage\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x11storage/cve.proto\x1a+storage/report_notifier_configuration.proto\x1a!storage/resource_collection.proto\x1a\x12storage/role.proto\x1a\x16storage/schedule.proto\x1a\x12storage/user.proto\"\xa0\x06\n" + "\x13ReportConfiguration\x12\x0e\n" + "\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" + "\x04name\x18\x02 \x01(\tR\x04name\x12 \n" + @@ -772,7 +1010,7 @@ const file_storage_report_configuration_proto_rawDesc = "" + "\terror_msg\x18\x03 \x01(\tR\berrorMsg\"%\n" + "\tRunStatus\x12\v\n" + "\aSUCCESS\x10\x00\x12\v\n" + - "\aFAILURE\x10\x01\"\xa2\x06\n" + + "\aFAILURE\x10\x01\"\xb8\x06\n" + "\x1aVulnerabilityReportFilters\x12N\n" + "\n" + "fixability\x18\x01 \x01(\x0e2..storage.VulnerabilityReportFilters.FixabilityR\n" + @@ -790,7 +1028,8 @@ const file_storage_report_configuration_proto_rawDesc = "" + "\x10include_nvd_cvss\x18\t \x01(\bR\x0eincludeNvdCvss\x128\n" + "\x18include_epss_probability\x18\n" + " \x01(\bR\x16includeEpssProbability\x12)\n" + - "\x10include_advisory\x18\v \x01(\bR\x0fincludeAdvisory\"4\n" + + "\x10include_advisory\x18\v \x01(\bR\x0fincludeAdvisory\x12\x14\n" + + "\x05query\x18\f \x01(\tR\x05query\"4\n" + "\n" + "Fixability\x12\b\n" + "\x04BOTH\x10\x00\x12\v\n" + @@ -800,13 +1039,33 @@ const file_storage_report_configuration_proto_rawDesc = "" + "\bDEPLOYED\x10\x00\x12\v\n" + "\aWATCHED\x10\x01B\f\n" + "\n" + - "cves_since\"I\n" + + "cves_since\"\x84\x01\n" + "\rResourceScope\x12%\n" + - "\rcollection_id\x18\x01 \x01(\tH\x00R\fcollectionIdB\x11\n" + - "\x0fscope_reference\"\x8b\x01\n" + + "\rcollection_id\x18\x01 \x01(\tH\x00R\fcollectionId\x129\n" + + "\fentity_scope\x18\x02 \x01(\v2\x14.storage.EntityScopeH\x00R\ventityScopeB\x11\n" + + "\x0fscope_reference\"=\n" + + "\vEntityScope\x12.\n" + + "\x05rules\x18\x01 \x03(\v2\x18.storage.EntityScopeRuleR\x05rules\"\x96\x01\n" + + "\x0fEntityScopeRule\x12+\n" + + "\x06entity\x18\x01 \x01(\x0e2\x13.storage.EntityTypeR\x06entity\x12*\n" + + "\x05field\x18\x02 \x01(\x0e2\x14.storage.EntityFieldR\x05field\x12*\n" + + "\x06values\x18\x03 \x03(\v2\x12.storage.RuleValueR\x06values\"\x8b\x01\n" + "#ViewBasedVulnerabilityReportFilters\x12\x14\n" + "\x05query\x18\x01 \x01(\tR\x05query\x12N\n" + - "\x12access_scope_rules\x18\x02 \x03(\v2 .storage.SimpleAccessScope.RulesR\x10accessScopeRulesB.\n" + + "\x12access_scope_rules\x18\x02 \x03(\v2 .storage.SimpleAccessScope.RulesR\x10accessScopeRules*s\n" + + "\n" + + "EntityType\x12\x15\n" + + "\x11ENTITY_TYPE_UNSET\x10\x00\x12\x1a\n" + + "\x16ENTITY_TYPE_DEPLOYMENT\x10\x01\x12\x19\n" + + "\x15ENTITY_TYPE_NAMESPACE\x10\x02\x12\x17\n" + + "\x13ENTITY_TYPE_CLUSTER\x10\x03*c\n" + + "\vEntityField\x12\x0f\n" + + "\vFIELD_UNSET\x10\x00\x12\f\n" + + "\bFIELD_ID\x10\x01\x12\x0e\n" + + "\n" + + "FIELD_NAME\x10\x02\x12\x0f\n" + + "\vFIELD_LABEL\x10\x03\x12\x14\n" + + "\x10FIELD_ANNOTATION\x10\x04B.\n" + "\x19io.stackrox.proto.storageZ\x11./storage;storageb\x06proto3" var ( @@ -821,49 +1080,59 @@ func file_storage_report_configuration_proto_rawDescGZIP() []byte { return file_storage_report_configuration_proto_rawDescData } -var file_storage_report_configuration_proto_enumTypes = make([]protoimpl.EnumInfo, 4) -var file_storage_report_configuration_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_storage_report_configuration_proto_enumTypes = make([]protoimpl.EnumInfo, 6) +var file_storage_report_configuration_proto_msgTypes = make([]protoimpl.MessageInfo, 7) var file_storage_report_configuration_proto_goTypes = []any{ - (ReportConfiguration_ReportType)(0), // 0: storage.ReportConfiguration.ReportType - (ReportLastRunStatus_RunStatus)(0), // 1: storage.ReportLastRunStatus.RunStatus - (VulnerabilityReportFilters_Fixability)(0), // 2: storage.VulnerabilityReportFilters.Fixability - (VulnerabilityReportFilters_ImageType)(0), // 3: storage.VulnerabilityReportFilters.ImageType - (*ReportConfiguration)(nil), // 4: storage.ReportConfiguration - (*ReportLastRunStatus)(nil), // 5: storage.ReportLastRunStatus - (*VulnerabilityReportFilters)(nil), // 6: storage.VulnerabilityReportFilters - (*ResourceScope)(nil), // 7: storage.ResourceScope - (*ViewBasedVulnerabilityReportFilters)(nil), // 8: storage.ViewBasedVulnerabilityReportFilters - (*EmailNotifierConfiguration)(nil), // 9: storage.EmailNotifierConfiguration - (*Schedule)(nil), // 10: storage.Schedule - (*timestamppb.Timestamp)(nil), // 11: google.protobuf.Timestamp - (*NotifierConfiguration)(nil), // 12: storage.NotifierConfiguration - (*SlimUser)(nil), // 13: storage.SlimUser - (VulnerabilitySeverity)(0), // 14: storage.VulnerabilitySeverity - (*SimpleAccessScope_Rules)(nil), // 15: storage.SimpleAccessScope.Rules + (EntityType)(0), // 0: storage.EntityType + (EntityField)(0), // 1: storage.EntityField + (ReportConfiguration_ReportType)(0), // 2: storage.ReportConfiguration.ReportType + (ReportLastRunStatus_RunStatus)(0), // 3: storage.ReportLastRunStatus.RunStatus + (VulnerabilityReportFilters_Fixability)(0), // 4: storage.VulnerabilityReportFilters.Fixability + (VulnerabilityReportFilters_ImageType)(0), // 5: storage.VulnerabilityReportFilters.ImageType + (*ReportConfiguration)(nil), // 6: storage.ReportConfiguration + (*ReportLastRunStatus)(nil), // 7: storage.ReportLastRunStatus + (*VulnerabilityReportFilters)(nil), // 8: storage.VulnerabilityReportFilters + (*ResourceScope)(nil), // 9: storage.ResourceScope + (*EntityScope)(nil), // 10: storage.EntityScope + (*EntityScopeRule)(nil), // 11: storage.EntityScopeRule + (*ViewBasedVulnerabilityReportFilters)(nil), // 12: storage.ViewBasedVulnerabilityReportFilters + (*EmailNotifierConfiguration)(nil), // 13: storage.EmailNotifierConfiguration + (*Schedule)(nil), // 14: storage.Schedule + (*timestamppb.Timestamp)(nil), // 15: google.protobuf.Timestamp + (*NotifierConfiguration)(nil), // 16: storage.NotifierConfiguration + (*SlimUser)(nil), // 17: storage.SlimUser + (VulnerabilitySeverity)(0), // 18: storage.VulnerabilitySeverity + (*SimpleAccessScope_Rules)(nil), // 19: storage.SimpleAccessScope.Rules + (*RuleValue)(nil), // 20: storage.RuleValue } var file_storage_report_configuration_proto_depIdxs = []int32{ - 0, // 0: storage.ReportConfiguration.type:type_name -> storage.ReportConfiguration.ReportType - 6, // 1: storage.ReportConfiguration.vuln_report_filters:type_name -> storage.VulnerabilityReportFilters - 9, // 2: storage.ReportConfiguration.email_config:type_name -> storage.EmailNotifierConfiguration - 10, // 3: storage.ReportConfiguration.schedule:type_name -> storage.Schedule - 5, // 4: storage.ReportConfiguration.last_run_status:type_name -> storage.ReportLastRunStatus - 11, // 5: storage.ReportConfiguration.last_successful_run_time:type_name -> google.protobuf.Timestamp - 7, // 6: storage.ReportConfiguration.resource_scope:type_name -> storage.ResourceScope - 12, // 7: storage.ReportConfiguration.notifiers:type_name -> storage.NotifierConfiguration - 13, // 8: storage.ReportConfiguration.creator:type_name -> storage.SlimUser - 1, // 9: storage.ReportLastRunStatus.report_status:type_name -> storage.ReportLastRunStatus.RunStatus - 11, // 10: storage.ReportLastRunStatus.last_run_time:type_name -> google.protobuf.Timestamp - 2, // 11: storage.VulnerabilityReportFilters.fixability:type_name -> storage.VulnerabilityReportFilters.Fixability - 14, // 12: storage.VulnerabilityReportFilters.severities:type_name -> storage.VulnerabilitySeverity - 3, // 13: storage.VulnerabilityReportFilters.image_types:type_name -> storage.VulnerabilityReportFilters.ImageType - 11, // 14: storage.VulnerabilityReportFilters.since_start_date:type_name -> google.protobuf.Timestamp - 15, // 15: storage.VulnerabilityReportFilters.access_scope_rules:type_name -> storage.SimpleAccessScope.Rules - 15, // 16: storage.ViewBasedVulnerabilityReportFilters.access_scope_rules:type_name -> storage.SimpleAccessScope.Rules - 17, // [17:17] is the sub-list for method output_type - 17, // [17:17] is the sub-list for method input_type - 17, // [17:17] is the sub-list for extension type_name - 17, // [17:17] is the sub-list for extension extendee - 0, // [0:17] is the sub-list for field type_name + 2, // 0: storage.ReportConfiguration.type:type_name -> storage.ReportConfiguration.ReportType + 8, // 1: storage.ReportConfiguration.vuln_report_filters:type_name -> storage.VulnerabilityReportFilters + 13, // 2: storage.ReportConfiguration.email_config:type_name -> storage.EmailNotifierConfiguration + 14, // 3: storage.ReportConfiguration.schedule:type_name -> storage.Schedule + 7, // 4: storage.ReportConfiguration.last_run_status:type_name -> storage.ReportLastRunStatus + 15, // 5: storage.ReportConfiguration.last_successful_run_time:type_name -> google.protobuf.Timestamp + 9, // 6: storage.ReportConfiguration.resource_scope:type_name -> storage.ResourceScope + 16, // 7: storage.ReportConfiguration.notifiers:type_name -> storage.NotifierConfiguration + 17, // 8: storage.ReportConfiguration.creator:type_name -> storage.SlimUser + 3, // 9: storage.ReportLastRunStatus.report_status:type_name -> storage.ReportLastRunStatus.RunStatus + 15, // 10: storage.ReportLastRunStatus.last_run_time:type_name -> google.protobuf.Timestamp + 4, // 11: storage.VulnerabilityReportFilters.fixability:type_name -> storage.VulnerabilityReportFilters.Fixability + 18, // 12: storage.VulnerabilityReportFilters.severities:type_name -> storage.VulnerabilitySeverity + 5, // 13: storage.VulnerabilityReportFilters.image_types:type_name -> storage.VulnerabilityReportFilters.ImageType + 15, // 14: storage.VulnerabilityReportFilters.since_start_date:type_name -> google.protobuf.Timestamp + 19, // 15: storage.VulnerabilityReportFilters.access_scope_rules:type_name -> storage.SimpleAccessScope.Rules + 10, // 16: storage.ResourceScope.entity_scope:type_name -> storage.EntityScope + 11, // 17: storage.EntityScope.rules:type_name -> storage.EntityScopeRule + 0, // 18: storage.EntityScopeRule.entity:type_name -> storage.EntityType + 1, // 19: storage.EntityScopeRule.field:type_name -> storage.EntityField + 20, // 20: storage.EntityScopeRule.values:type_name -> storage.RuleValue + 19, // 21: storage.ViewBasedVulnerabilityReportFilters.access_scope_rules:type_name -> storage.SimpleAccessScope.Rules + 22, // [22:22] is the sub-list for method output_type + 22, // [22:22] is the sub-list for method input_type + 22, // [22:22] is the sub-list for extension type_name + 22, // [22:22] is the sub-list for extension extendee + 0, // [0:22] is the sub-list for field type_name } func init() { file_storage_report_configuration_proto_init() } @@ -873,6 +1142,7 @@ func file_storage_report_configuration_proto_init() { } file_storage_cve_proto_init() file_storage_report_notifier_configuration_proto_init() + file_storage_resource_collection_proto_init() file_storage_role_proto_init() file_storage_schedule_proto_init() file_storage_user_proto_init() @@ -887,14 +1157,15 @@ func file_storage_report_configuration_proto_init() { } file_storage_report_configuration_proto_msgTypes[3].OneofWrappers = []any{ (*ResourceScope_CollectionId)(nil), + (*ResourceScope_EntityScope)(nil), } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_storage_report_configuration_proto_rawDesc), len(file_storage_report_configuration_proto_rawDesc)), - NumEnums: 4, - NumMessages: 5, + NumEnums: 6, + NumMessages: 7, NumExtensions: 0, NumServices: 0, }, diff --git a/generated/storage/report_configuration_vtproto.pb.go b/generated/storage/report_configuration_vtproto.pb.go index 15ebc96cb276b..9aa70cafd97d0 100644 --- a/generated/storage/report_configuration_vtproto.pb.go +++ b/generated/storage/report_configuration_vtproto.pb.go @@ -113,6 +113,7 @@ func (m *VulnerabilityReportFilters) CloneVT() *VulnerabilityReportFilters { r.IncludeNvdCvss = m.IncludeNvdCvss r.IncludeEpssProbability = m.IncludeEpssProbability r.IncludeAdvisory = m.IncludeAdvisory + r.Query = m.Query if rhs := m.Severities; rhs != nil { tmpContainer := make([]VulnerabilitySeverity, len(rhs)) copy(tmpContainer, rhs) @@ -203,6 +204,63 @@ func (m *ResourceScope_CollectionId) CloneVT() isResourceScope_ScopeReference { return r } +func (m *ResourceScope_EntityScope) CloneVT() isResourceScope_ScopeReference { + if m == nil { + return (*ResourceScope_EntityScope)(nil) + } + r := new(ResourceScope_EntityScope) + r.EntityScope = m.EntityScope.CloneVT() + return r +} + +func (m *EntityScope) CloneVT() *EntityScope { + if m == nil { + return (*EntityScope)(nil) + } + r := new(EntityScope) + if rhs := m.Rules; rhs != nil { + tmpContainer := make([]*EntityScopeRule, len(rhs)) + for k, v := range rhs { + tmpContainer[k] = v.CloneVT() + } + r.Rules = tmpContainer + } + if len(m.unknownFields) > 0 { + r.unknownFields = make([]byte, len(m.unknownFields)) + copy(r.unknownFields, m.unknownFields) + } + return r +} + +func (m *EntityScope) CloneMessageVT() proto.Message { + return m.CloneVT() +} + +func (m *EntityScopeRule) CloneVT() *EntityScopeRule { + if m == nil { + return (*EntityScopeRule)(nil) + } + r := new(EntityScopeRule) + r.Entity = m.Entity + r.Field = m.Field + if rhs := m.Values; rhs != nil { + tmpContainer := make([]*RuleValue, len(rhs)) + for k, v := range rhs { + tmpContainer[k] = v.CloneVT() + } + r.Values = tmpContainer + } + if len(m.unknownFields) > 0 { + r.unknownFields = make([]byte, len(m.unknownFields)) + copy(r.unknownFields, m.unknownFields) + } + return r +} + +func (m *EntityScopeRule) CloneMessageVT() proto.Message { + return m.CloneVT() +} + func (m *ViewBasedVulnerabilityReportFilters) CloneVT() *ViewBasedVulnerabilityReportFilters { if m == nil { return (*ViewBasedVulnerabilityReportFilters)(nil) @@ -460,6 +518,9 @@ func (this *VulnerabilityReportFilters) EqualVT(that *VulnerabilityReportFilters if this.IncludeAdvisory != that.IncludeAdvisory { return false } + if this.Query != that.Query { + return false + } return string(this.unknownFields) == string(that.unknownFields) } @@ -574,6 +635,103 @@ func (this *ResourceScope_CollectionId) EqualVT(thatIface isResourceScope_ScopeR return true } +func (this *ResourceScope_EntityScope) EqualVT(thatIface isResourceScope_ScopeReference) bool { + that, ok := thatIface.(*ResourceScope_EntityScope) + if !ok { + return false + } + if this == that { + return true + } + if this == nil && that != nil || this != nil && that == nil { + return false + } + if p, q := this.EntityScope, that.EntityScope; p != q { + if p == nil { + p = &EntityScope{} + } + if q == nil { + q = &EntityScope{} + } + if !p.EqualVT(q) { + return false + } + } + return true +} + +func (this *EntityScope) EqualVT(that *EntityScope) bool { + if this == that { + return true + } else if this == nil || that == nil { + return false + } + if len(this.Rules) != len(that.Rules) { + return false + } + for i, vx := range this.Rules { + vy := that.Rules[i] + if p, q := vx, vy; p != q { + if p == nil { + p = &EntityScopeRule{} + } + if q == nil { + q = &EntityScopeRule{} + } + if !p.EqualVT(q) { + return false + } + } + } + return string(this.unknownFields) == string(that.unknownFields) +} + +func (this *EntityScope) EqualMessageVT(thatMsg proto.Message) bool { + that, ok := thatMsg.(*EntityScope) + if !ok { + return false + } + return this.EqualVT(that) +} +func (this *EntityScopeRule) EqualVT(that *EntityScopeRule) bool { + if this == that { + return true + } else if this == nil || that == nil { + return false + } + if this.Entity != that.Entity { + return false + } + if this.Field != that.Field { + return false + } + if len(this.Values) != len(that.Values) { + return false + } + for i, vx := range this.Values { + vy := that.Values[i] + if p, q := vx, vy; p != q { + if p == nil { + p = &RuleValue{} + } + if q == nil { + q = &RuleValue{} + } + if !p.EqualVT(q) { + return false + } + } + } + return string(this.unknownFields) == string(that.unknownFields) +} + +func (this *EntityScopeRule) EqualMessageVT(thatMsg proto.Message) bool { + that, ok := thatMsg.(*EntityScopeRule) + if !ok { + return false + } + return this.EqualVT(that) +} func (this *ViewBasedVulnerabilityReportFilters) EqualVT(that *ViewBasedVulnerabilityReportFilters) bool { if this == that { return true @@ -901,6 +1059,13 @@ func (m *VulnerabilityReportFilters) MarshalToSizedBufferVT(dAtA []byte) (int, e } i -= size } + if len(m.Query) > 0 { + i -= len(m.Query) + copy(dAtA[i:], m.Query) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Query))) + i-- + dAtA[i] = 0x62 + } if m.IncludeAdvisory { i-- if m.IncludeAdvisory { @@ -1116,6 +1281,129 @@ func (m *ResourceScope_CollectionId) MarshalToSizedBufferVT(dAtA []byte) (int, e dAtA[i] = 0xa return len(dAtA) - i, nil } +func (m *ResourceScope_EntityScope) MarshalToVT(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVT(dAtA[:size]) +} + +func (m *ResourceScope_EntityScope) MarshalToSizedBufferVT(dAtA []byte) (int, error) { + i := len(dAtA) + if m.EntityScope != nil { + size, err := m.EntityScope.MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x12 + } else { + i = protohelpers.EncodeVarint(dAtA, i, 0) + i-- + dAtA[i] = 0x12 + } + return len(dAtA) - i, nil +} +func (m *EntityScope) MarshalVT() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVT(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *EntityScope) MarshalToVT(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVT(dAtA[:size]) +} + +func (m *EntityScope) MarshalToSizedBufferVT(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if len(m.Rules) > 0 { + for iNdEx := len(m.Rules) - 1; iNdEx >= 0; iNdEx-- { + size, err := m.Rules[iNdEx].MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *EntityScopeRule) MarshalVT() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVT(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *EntityScopeRule) MarshalToVT(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVT(dAtA[:size]) +} + +func (m *EntityScopeRule) MarshalToSizedBufferVT(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if len(m.Values) > 0 { + for iNdEx := len(m.Values) - 1; iNdEx >= 0; iNdEx-- { + size, err := m.Values[iNdEx].MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x1a + } + } + if m.Field != 0 { + i = protohelpers.EncodeVarint(dAtA, i, uint64(m.Field)) + i-- + dAtA[i] = 0x10 + } + if m.Entity != 0 { + i = protohelpers.EncodeVarint(dAtA, i, uint64(m.Entity)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + func (m *ViewBasedVulnerabilityReportFilters) MarshalVT() (dAtA []byte, err error) { if m == nil { return nil, nil @@ -1325,6 +1613,10 @@ func (m *VulnerabilityReportFilters) SizeVT() (n int) { if m.IncludeAdvisory { n += 2 } + l = len(m.Query) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } n += len(m.unknownFields) return n } @@ -1384,18 +1676,28 @@ func (m *ResourceScope_CollectionId) SizeVT() (n int) { n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) return n } -func (m *ViewBasedVulnerabilityReportFilters) SizeVT() (n int) { +func (m *ResourceScope_EntityScope) SizeVT() (n int) { if m == nil { return 0 } var l int _ = l - l = len(m.Query) - if l > 0 { + if m.EntityScope != nil { + l = m.EntityScope.SizeVT() n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } else { + n += 2 } - if len(m.AccessScopeRules) > 0 { - for _, e := range m.AccessScopeRules { + return n +} +func (m *EntityScope) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Rules) > 0 { + for _, e := range m.Rules { l = e.SizeVT() n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) } @@ -1404,22 +1706,64 @@ func (m *ViewBasedVulnerabilityReportFilters) SizeVT() (n int) { return n } -func (m *ReportConfiguration) UnmarshalVT(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return protohelpers.ErrIntOverflow - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift +func (m *EntityScopeRule) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Entity != 0 { + n += 1 + protohelpers.SizeOfVarint(uint64(m.Entity)) + } + if m.Field != 0 { + n += 1 + protohelpers.SizeOfVarint(uint64(m.Field)) + } + if len(m.Values) > 0 { + for _, e := range m.Values { + l = e.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + } + n += len(m.unknownFields) + return n +} + +func (m *ViewBasedVulnerabilityReportFilters) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Query) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if len(m.AccessScopeRules) > 0 { + for _, e := range m.AccessScopeRules { + l = e.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + } + n += len(m.unknownFields) + return n +} + +func (m *ReportConfiguration) UnmarshalVT(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift if b < 0x80 { break } @@ -2438,6 +2782,38 @@ func (m *VulnerabilityReportFilters) UnmarshalVT(dAtA []byte) error { } } m.IncludeAdvisory = bool(v != 0) + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Query", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Query = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := protohelpers.Skip(dAtA[iNdEx:]) @@ -2521,6 +2897,47 @@ func (m *ResourceScope) UnmarshalVT(dAtA []byte) error { } m.ScopeReference = &ResourceScope_CollectionId{CollectionId: string(dAtA[iNdEx:postIndex])} iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field EntityScope", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if oneof, ok := m.ScopeReference.(*ResourceScope_EntityScope); ok { + if err := oneof.EntityScope.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + return err + } + } else { + v := &EntityScope{} + if err := v.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.ScopeReference = &ResourceScope_EntityScope{EntityScope: v} + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := protohelpers.Skip(dAtA[iNdEx:]) @@ -2543,7 +2960,7 @@ func (m *ResourceScope) UnmarshalVT(dAtA []byte) error { } return nil } -func (m *ViewBasedVulnerabilityReportFilters) UnmarshalVT(dAtA []byte) error { +func (m *EntityScope) UnmarshalVT(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -2566,17 +2983,17 @@ func (m *ViewBasedVulnerabilityReportFilters) UnmarshalVT(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ViewBasedVulnerabilityReportFilters: wiretype end group for non-group") + return fmt.Errorf("proto: EntityScope: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ViewBasedVulnerabilityReportFilters: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: EntityScope: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Query", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return protohelpers.ErrIntOverflow @@ -2586,27 +3003,118 @@ func (m *ViewBasedVulnerabilityReportFilters) UnmarshalVT(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return protohelpers.ErrInvalidLength } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return protohelpers.ErrInvalidLength } if postIndex > l { return io.ErrUnexpectedEOF } - m.Query = string(dAtA[iNdEx:postIndex]) + m.Rules = append(m.Rules, &EntityScopeRule{}) + if err := m.Rules[len(m.Rules)-1].UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *EntityScopeRule) UnmarshalVT(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: EntityScopeRule: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: EntityScopeRule: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Entity", wireType) + } + m.Entity = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Entity |= EntityType(b&0x7F) << shift + if b < 0x80 { + break + } + } case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Field", wireType) + } + m.Field = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Field |= EntityField(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessScopeRules", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Values", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -2633,8 +3141,8 @@ func (m *ViewBasedVulnerabilityReportFilters) UnmarshalVT(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AccessScopeRules = append(m.AccessScopeRules, &SimpleAccessScope_Rules{}) - if err := m.AccessScopeRules[len(m.AccessScopeRules)-1].UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + m.Values = append(m.Values, &RuleValue{}) + if err := m.Values[len(m.Values)-1].UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -2660,7 +3168,7 @@ func (m *ViewBasedVulnerabilityReportFilters) UnmarshalVT(dAtA []byte) error { } return nil } -func (m *ReportConfiguration) UnmarshalVTUnsafe(dAtA []byte) error { +func (m *ViewBasedVulnerabilityReportFilters) UnmarshalVT(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -2683,15 +3191,15 @@ func (m *ReportConfiguration) UnmarshalVTUnsafe(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ReportConfiguration: wiretype end group for non-group") + return fmt.Errorf("proto: ViewBasedVulnerabilityReportFilters: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ReportConfiguration: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ViewBasedVulnerabilityReportFilters: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Id", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Query", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -2719,17 +3227,13 @@ func (m *ReportConfiguration) UnmarshalVTUnsafe(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - var stringValue string - if intStringLen > 0 { - stringValue = unsafe.String(&dAtA[iNdEx], intStringLen) - } - m.Id = stringValue + m.Query = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AccessScopeRules", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return protohelpers.ErrIntOverflow @@ -2739,34 +3243,155 @@ func (m *ReportConfiguration) UnmarshalVTUnsafe(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return protohelpers.ErrInvalidLength } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return protohelpers.ErrInvalidLength } if postIndex > l { return io.ErrUnexpectedEOF } - var stringValue string - if intStringLen > 0 { - stringValue = unsafe.String(&dAtA[iNdEx], intStringLen) + m.AccessScopeRules = append(m.AccessScopeRules, &SimpleAccessScope_Rules{}) + if err := m.AccessScopeRules[len(m.AccessScopeRules)-1].UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + return err } - m.Name = stringValue iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { + default: + iNdEx = preIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ReportConfiguration) UnmarshalVTUnsafe(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ReportConfiguration: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ReportConfiguration: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Id", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + var stringValue string + if intStringLen > 0 { + stringValue = unsafe.String(&dAtA[iNdEx], intStringLen) + } + m.Id = stringValue + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + var stringValue string + if intStringLen > 0 { + stringValue = unsafe.String(&dAtA[iNdEx], intStringLen) + } + m.Name = stringValue + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { if shift >= 64 { return protohelpers.ErrIntOverflow } @@ -3714,6 +4339,42 @@ func (m *VulnerabilityReportFilters) UnmarshalVTUnsafe(dAtA []byte) error { } } m.IncludeAdvisory = bool(v != 0) + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Query", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + var stringValue string + if intStringLen > 0 { + stringValue = unsafe.String(&dAtA[iNdEx], intStringLen) + } + m.Query = stringValue + iNdEx = postIndex default: iNdEx = preIndex skippy, err := protohelpers.Skip(dAtA[iNdEx:]) @@ -3801,6 +4462,255 @@ func (m *ResourceScope) UnmarshalVTUnsafe(dAtA []byte) error { } m.ScopeReference = &ResourceScope_CollectionId{CollectionId: stringValue} iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field EntityScope", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if oneof, ok := m.ScopeReference.(*ResourceScope_EntityScope); ok { + if err := oneof.EntityScope.UnmarshalVTUnsafe(dAtA[iNdEx:postIndex]); err != nil { + return err + } + } else { + v := &EntityScope{} + if err := v.UnmarshalVTUnsafe(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.ScopeReference = &ResourceScope_EntityScope{EntityScope: v} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *EntityScope) UnmarshalVTUnsafe(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: EntityScope: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: EntityScope: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Rules = append(m.Rules, &EntityScopeRule{}) + if err := m.Rules[len(m.Rules)-1].UnmarshalVTUnsafe(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *EntityScopeRule) UnmarshalVTUnsafe(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: EntityScopeRule: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: EntityScopeRule: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Entity", wireType) + } + m.Entity = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Entity |= EntityType(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Field", wireType) + } + m.Field = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Field |= EntityField(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Values", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Values = append(m.Values, &RuleValue{}) + if err := m.Values[len(m.Values)-1].UnmarshalVTUnsafe(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := protohelpers.Skip(dAtA[iNdEx:]) diff --git a/generated/storage/report_snapshot.pb.go b/generated/storage/report_snapshot.pb.go index 2eefd845f7449..2063635ca7eb0 100644 --- a/generated/storage/report_snapshot.pb.go +++ b/generated/storage/report_snapshot.pb.go @@ -236,7 +236,8 @@ type ReportSnapshot struct { Requester *SlimUser `protobuf:"bytes,11,opt,name=requester,proto3" json:"requester,omitempty"` // fields related to view based reports // area_of_concern refers to view from which report is generated - user workload, platform component etc - AreaOfConcern string `protobuf:"bytes,13,opt,name=area_of_concern,json=areaOfConcern,proto3" json:"area_of_concern,omitempty" search:"Area Of Concern"` // @gotags: search:"Area Of Concern" + AreaOfConcern string `protobuf:"bytes,13,opt,name=area_of_concern,json=areaOfConcern,proto3" json:"area_of_concern,omitempty" search:"Area Of Concern"` // @gotags: search:"Area Of Concern" + ResourceScope *ResourceScope `protobuf:"bytes,14,opt,name=resource_scope,json=resourceScope,proto3" json:"resource_scope,omitempty"` // ResourceScope stores the scoping method unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -373,6 +374,13 @@ func (x *ReportSnapshot) GetAreaOfConcern() string { return "" } +func (x *ReportSnapshot) GetResourceScope() *ResourceScope { + if x != nil { + return x.ResourceScope + } + return nil +} + type isReportSnapshot_Filter interface { isReportSnapshot_Filter() } @@ -603,7 +611,7 @@ var File_storage_report_snapshot_proto protoreflect.FileDescriptor const file_storage_report_snapshot_proto_rawDesc = "" + "\n" + - "\x1dstorage/report_snapshot.proto\x12\astorage\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\"storage/report_configuration.proto\x1a+storage/report_notifier_configuration.proto\x1a\x16storage/schedule.proto\x1a\x12storage/user.proto\"\x83\x06\n" + + "\x1dstorage/report_snapshot.proto\x12\astorage\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\"storage/report_configuration.proto\x1a+storage/report_notifier_configuration.proto\x1a\x16storage/schedule.proto\x1a\x12storage/user.proto\"\xc2\x06\n" + "\x0eReportSnapshot\x12\x1b\n" + "\treport_id\x18\x01 \x01(\tR\breportId\x126\n" + "\x17report_configuration_id\x18\x02 \x01(\tR\x15reportConfigurationId\x12\x12\n" + @@ -620,7 +628,8 @@ const file_storage_report_snapshot_proto_rawDesc = "" + "\tnotifiers\x18\n" + " \x03(\v2\x19.storage.NotifierSnapshotR\tnotifiers\x12/\n" + "\trequester\x18\v \x01(\v2\x11.storage.SlimUserR\trequester\x12&\n" + - "\x0farea_of_concern\x18\r \x01(\tR\rareaOfConcern\"\x1f\n" + + "\x0farea_of_concern\x18\r \x01(\tR\rareaOfConcern\x12=\n" + + "\x0eresource_scope\x18\x0e \x01(\v2\x16.storage.ResourceScopeR\rresourceScope\"\x1f\n" + "\n" + "ReportType\x12\x11\n" + "\rVULNERABILITY\x10\x00B\b\n" + @@ -682,8 +691,9 @@ var file_storage_report_snapshot_proto_goTypes = []any{ (*ViewBasedVulnerabilityReportFilters)(nil), // 9: storage.ViewBasedVulnerabilityReportFilters (*Schedule)(nil), // 10: storage.Schedule (*SlimUser)(nil), // 11: storage.SlimUser - (*EmailNotifierConfiguration)(nil), // 12: storage.EmailNotifierConfiguration - (*timestamppb.Timestamp)(nil), // 13: google.protobuf.Timestamp + (*ResourceScope)(nil), // 12: storage.ResourceScope + (*EmailNotifierConfiguration)(nil), // 13: storage.EmailNotifierConfiguration + (*timestamppb.Timestamp)(nil), // 14: google.protobuf.Timestamp } var file_storage_report_snapshot_proto_depIdxs = []int32{ 0, // 0: storage.ReportSnapshot.type:type_name -> storage.ReportSnapshot.ReportType @@ -694,17 +704,18 @@ var file_storage_report_snapshot_proto_depIdxs = []int32{ 7, // 5: storage.ReportSnapshot.report_status:type_name -> storage.ReportStatus 6, // 6: storage.ReportSnapshot.notifiers:type_name -> storage.NotifierSnapshot 11, // 7: storage.ReportSnapshot.requester:type_name -> storage.SlimUser - 12, // 8: storage.NotifierSnapshot.email_config:type_name -> storage.EmailNotifierConfiguration - 1, // 9: storage.ReportStatus.run_state:type_name -> storage.ReportStatus.RunState - 13, // 10: storage.ReportStatus.queued_at:type_name -> google.protobuf.Timestamp - 13, // 11: storage.ReportStatus.completed_at:type_name -> google.protobuf.Timestamp - 3, // 12: storage.ReportStatus.report_request_type:type_name -> storage.ReportStatus.RunMethod - 2, // 13: storage.ReportStatus.report_notification_method:type_name -> storage.ReportStatus.NotificationMethod - 14, // [14:14] is the sub-list for method output_type - 14, // [14:14] is the sub-list for method input_type - 14, // [14:14] is the sub-list for extension type_name - 14, // [14:14] is the sub-list for extension extendee - 0, // [0:14] is the sub-list for field type_name + 12, // 8: storage.ReportSnapshot.resource_scope:type_name -> storage.ResourceScope + 13, // 9: storage.NotifierSnapshot.email_config:type_name -> storage.EmailNotifierConfiguration + 1, // 10: storage.ReportStatus.run_state:type_name -> storage.ReportStatus.RunState + 14, // 11: storage.ReportStatus.queued_at:type_name -> google.protobuf.Timestamp + 14, // 12: storage.ReportStatus.completed_at:type_name -> google.protobuf.Timestamp + 3, // 13: storage.ReportStatus.report_request_type:type_name -> storage.ReportStatus.RunMethod + 2, // 14: storage.ReportStatus.report_notification_method:type_name -> storage.ReportStatus.NotificationMethod + 15, // [15:15] is the sub-list for method output_type + 15, // [15:15] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_storage_report_snapshot_proto_init() } diff --git a/generated/storage/report_snapshot_vtproto.pb.go b/generated/storage/report_snapshot_vtproto.pb.go index 82f0e818cb6c3..decb6e35adc97 100644 --- a/generated/storage/report_snapshot_vtproto.pb.go +++ b/generated/storage/report_snapshot_vtproto.pb.go @@ -37,6 +37,7 @@ func (m *ReportSnapshot) CloneVT() *ReportSnapshot { r.ReportStatus = m.ReportStatus.CloneVT() r.Requester = m.Requester.CloneVT() r.AreaOfConcern = m.AreaOfConcern + r.ResourceScope = m.ResourceScope.CloneVT() if m.Filter != nil { r.Filter = m.Filter.(interface { CloneVT() isReportSnapshot_Filter @@ -214,6 +215,9 @@ func (this *ReportSnapshot) EqualVT(that *ReportSnapshot) bool { if this.AreaOfConcern != that.AreaOfConcern { return false } + if !this.ResourceScope.EqualVT(that.ResourceScope) { + return false + } return string(this.unknownFields) == string(that.unknownFields) } @@ -425,6 +429,16 @@ func (m *ReportSnapshot) MarshalToSizedBufferVT(dAtA []byte) (int, error) { } i -= size } + if m.ResourceScope != nil { + size, err := m.ResourceScope.MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x72 + } if len(m.AreaOfConcern) > 0 { i -= len(m.AreaOfConcern) copy(dAtA[i:], m.AreaOfConcern) @@ -814,6 +828,10 @@ func (m *ReportSnapshot) SizeVT() (n int) { if l > 0 { n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) } + if m.ResourceScope != nil { + l = m.ResourceScope.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } n += len(m.unknownFields) return n } @@ -1394,6 +1412,42 @@ func (m *ReportSnapshot) UnmarshalVT(dAtA []byte) error { } m.AreaOfConcern = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 14: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceScope", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ResourceScope == nil { + m.ResourceScope = &ResourceScope{} + } + if err := m.ResourceScope.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := protohelpers.Skip(dAtA[iNdEx:]) @@ -2355,6 +2409,42 @@ func (m *ReportSnapshot) UnmarshalVTUnsafe(dAtA []byte) error { } m.AreaOfConcern = stringValue iNdEx = postIndex + case 14: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceScope", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ResourceScope == nil { + m.ResourceScope = &ResourceScope{} + } + if err := m.ResourceScope.UnmarshalVTUnsafe(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := protohelpers.Skip(dAtA[iNdEx:]) diff --git a/pkg/postgres/schema/report_snapshots.go b/pkg/postgres/schema/report_snapshots.go index dd5f4894b17a8..4b642fd6e6037 100644 --- a/pkg/postgres/schema/report_snapshots.go +++ b/pkg/postgres/schema/report_snapshots.go @@ -63,6 +63,7 @@ type ReportSnapshots struct { RequesterID string `gorm:"column:requester_id;type:varchar"` RequesterName string `gorm:"column:requester_name;type:varchar"` AreaOfConcern string `gorm:"column:areaofconcern;type:varchar"` + ResourceScopeCollectionID string `gorm:"column:resourcescope_collectionid;type:varchar"` Serialized []byte `gorm:"column:serialized;type:bytea"` ReportConfigurationsRef ReportConfigurations `gorm:"foreignKey:reportconfigurationid;references:id;belongsTo;constraint:OnDelete:CASCADE"` } diff --git a/proto/storage/proto.lock b/proto/storage/proto.lock index 12c326fa7bead..f65d5093c0be2 100644 --- a/proto/storage/proto.lock +++ b/proto/storage/proto.lock @@ -15326,6 +15326,50 @@ "integer": 1 } ] + }, + { + "name": "EntityType", + "enum_fields": [ + { + "name": "ENTITY_TYPE_UNSET" + }, + { + "name": "ENTITY_TYPE_DEPLOYMENT", + "integer": 1 + }, + { + "name": "ENTITY_TYPE_NAMESPACE", + "integer": 2 + }, + { + "name": "ENTITY_TYPE_CLUSTER", + "integer": 3 + } + ] + }, + { + "name": "EntityField", + "enum_fields": [ + { + "name": "FIELD_UNSET" + }, + { + "name": "FIELD_ID", + "integer": 1 + }, + { + "name": "FIELD_NAME", + "integer": 2 + }, + { + "name": "FIELD_LABEL", + "integer": 3 + }, + { + "name": "FIELD_ANNOTATION", + "integer": 4 + } + ] } ], "messages": [ @@ -15490,6 +15534,11 @@ "id": 11, "name": "include_advisory", "type": "bool" + }, + { + "id": 12, + "name": "query", + "type": "string" } ] }, @@ -15501,6 +15550,44 @@ "name": "collection_id", "type": "string", "oneof_parent": "scope_reference" + }, + { + "id": 2, + "name": "entity_scope", + "type": "EntityScope", + "oneof_parent": "scope_reference" + } + ] + }, + { + "name": "EntityScope", + "fields": [ + { + "id": 1, + "name": "rules", + "type": "EntityScopeRule", + "is_repeated": true + } + ] + }, + { + "name": "EntityScopeRule", + "fields": [ + { + "id": 1, + "name": "entity", + "type": "EntityType" + }, + { + "id": 2, + "name": "field", + "type": "EntityField" + }, + { + "id": 3, + "name": "values", + "type": "RuleValue", + "is_repeated": true } ] }, @@ -15531,6 +15618,9 @@ { "path": "storage/report_notifier_configuration.proto" }, + { + "path": "storage/resource_collection.proto" + }, { "path": "storage/role.proto" }, @@ -15755,6 +15845,11 @@ "id": 13, "name": "area_of_concern", "type": "string" + }, + { + "id": 14, + "name": "resource_scope", + "type": "ResourceScope" } ] }, diff --git a/proto/storage/report_configuration.proto b/proto/storage/report_configuration.proto index 4ac1489dc5fe4..03c842b09f893 100644 --- a/proto/storage/report_configuration.proto +++ b/proto/storage/report_configuration.proto @@ -5,6 +5,7 @@ package storage; import "google/protobuf/timestamp.proto"; import "storage/cve.proto"; import "storage/report_notifier_configuration.proto"; +import "storage/resource_collection.proto"; import "storage/role.proto"; import "storage/schedule.proto"; import "storage/user.proto"; @@ -72,14 +73,44 @@ message VulnerabilityReportFilters { bool include_nvd_cvss = 9; bool include_epss_probability = 10; bool include_advisory = 11; + //this field stores enhanced filters related to image, cve etc for non collection based scopes + string query = 12; } message ResourceScope { oneof scope_reference { string collection_id = 1; // @gotags: search:"Collection ID" + EntityScope entity_scope = 2; } } +// EntityScope is a new scoping method using ns,deployments,clusters filters introduced in 4.11 +message EntityScope { + repeated EntityScopeRule rules = 1; +} + +// EntityScopeRule stores the filter as an entity field pair along with a list of values +message EntityScopeRule { + EntityType entity = 1; + EntityField field = 2; + repeated RuleValue values = 3; +} + +enum EntityType { + ENTITY_TYPE_UNSET = 0; + ENTITY_TYPE_DEPLOYMENT = 1; + ENTITY_TYPE_NAMESPACE = 2; + ENTITY_TYPE_CLUSTER = 3; +} + +enum EntityField { + FIELD_UNSET = 0; + FIELD_ID = 1; + FIELD_NAME = 2; + FIELD_LABEL = 3; + FIELD_ANNOTATION = 4; +} + // filter for view based reports message ViewBasedVulnerabilityReportFilters { string query = 1; diff --git a/proto/storage/report_snapshot.proto b/proto/storage/report_snapshot.proto index 5c1c6740e95a6..c807b63aa5e9d 100644 --- a/proto/storage/report_snapshot.proto +++ b/proto/storage/report_snapshot.proto @@ -35,6 +35,7 @@ message ReportSnapshot { // fields related to view based reports // area_of_concern refers to view from which report is generated - user workload, platform component etc string area_of_concern = 13; // @gotags: search:"Area Of Concern" + ResourceScope resource_scope = 14; // ResourceScope stores the scoping method } message CollectionSnapshot {