From 8c54ef5fb4c16465226edc1b34588689f12d29fc Mon Sep 17 00:00:00 2001 From: Parth Patel <88045217+pxp928@users.noreply.github.com> Date: Tue, 16 Jul 2024 14:42:46 -0400 Subject: [PATCH] Remove isDependency to pkgName (#2021) * remove un-needed fields from isDep in the graphql schema Signed-off-by: pxp928 * remove un-needed fields from isDep in the graphql schema Signed-off-by: pxp928 * update bulk assembler to only ingest pkgVersion Signed-off-by: pxp928 * update arango backend and remove version range from filter and input spec Signed-off-by: pxp928 * remove version range from deps.dev handler Signed-off-by: pxp928 * update keyvalue backend for isDep Signed-off-by: pxp928 * update ent backend isDep Signed-off-by: pxp928 * update cmd and other usecases of depPkgName Signed-off-by: pxp928 * fix patch planning unit tests and lint issues Signed-off-by: pxp928 * update e2e query output for isDep Signed-off-by: pxp928 * add check to bulk assembler for nil values Signed-off-by: pxp928 * update ent schema Signed-off-by: pxp928 --------- Signed-off-by: pxp928 --- cmd/guacone/cmd/vulnerability.go | 47 +-- demo/graphql/queries.gql | 1 - demo/workflow/queries.gql | 1 - internal/testing/backend/hasSBOM_test.go | 86 ++--- internal/testing/backend/helpers_test.go | 5 - internal/testing/backend/isDependency_test.go | 210 +++--------- internal/testing/backend/path_test.go | 34 +- .../testing/e2e/expectIsDependencyQ2.json | 1 - internal/testing/e2e/expectPathPy.json | 1 - internal/testing/graphqlClients/guacdata.go | 3 +- internal/testing/mocks/backend.go | 16 +- .../exampledata/ingest_predicates.json | 2 - internal/testing/testdata/testdata.go | 138 +++----- pkg/assembler/assembler.go | 7 +- pkg/assembler/assembler_test.go | 2 - pkg/assembler/backends/arangodb/backend.go | 2 +- .../backends/arangodb/edgeCollections.go | 4 +- .../backends/arangodb/isDependency.go | 322 ++++-------------- pkg/assembler/backends/arangodb/pkg.go | 14 - pkg/assembler/backends/backends.go | 4 +- .../backends/ent/backend/dependency.go | 149 ++------ pkg/assembler/backends/ent/backend/package.go | 9 - pkg/assembler/backends/ent/backend/sbom.go | 1 - .../backends/ent/backend/transforms.go | 46 +-- pkg/assembler/backends/ent/client.go | 32 -- pkg/assembler/backends/ent/dependency.go | 53 +-- .../backends/ent/dependency/dependency.go | 39 --- .../backends/ent/dependency/where.go | 128 ------- .../backends/ent/dependency_create.go | 150 -------- .../backends/ent/dependency_query.go | 77 +---- .../backends/ent/dependency_update.go | 155 --------- pkg/assembler/backends/ent/gql_collection.go | 38 --- pkg/assembler/backends/ent/gql_edge.go | 20 -- .../migrations/20240712131658_ent_diff.sql | 4 + .../backends/ent/migrate/migrations/atlas.sum | 5 +- pkg/assembler/backends/ent/migrate/schema.go | 32 +- pkg/assembler/backends/ent/mutation.go | 270 +-------------- pkg/assembler/backends/ent/packagename.go | 51 +-- .../backends/ent/packagename/packagename.go | 30 -- .../backends/ent/packagename/where.go | 23 -- .../backends/ent/packagename_create.go | 32 -- .../backends/ent/packagename_query.go | 98 +----- .../backends/ent/packagename_update.go | 163 --------- .../backends/ent/schema/dependency.go | 16 +- .../backends/ent/schema/packagename.go | 1 - .../backends/keyvalue/isDependency.go | 27 +- pkg/assembler/backends/keyvalue/pkg.go | 5 +- pkg/assembler/backends/neo4j/isDependency.go | 18 +- pkg/assembler/clients/generated/operations.go | 120 +------ pkg/assembler/clients/helpers/assembler.go | 2 +- pkg/assembler/clients/helpers/bulk.go | 55 +-- .../clients/operations/isDependency.graphql | 4 - .../clients/operations/trees.graphql | 1 - .../graphql/examples/is_dependency.gql | 1 - .../graphql/generated/artifact.generated.go | 40 +-- .../graphql/generated/hasSBOM.generated.go | 2 - .../generated/isDependency.generated.go | 66 +--- .../graphql/generated/root_.generated.go | 27 +- pkg/assembler/graphql/model/nodes.go | 9 +- .../resolvers/isDependency.resolvers.go | 8 +- .../resolvers/isDependency.resolvers_test.go | 17 +- .../graphql/schema/isDependency.graphql | 11 +- pkg/dependencies/dependents.go | 77 +---- pkg/dependencies/dependents_test.go | 5 +- pkg/guacanalytics/patchPlanning.go | 13 - pkg/guacanalytics/patchPlanning_test.go | 29 +- pkg/handler/collector/deps_dev/deps_dev.go | 1 - pkg/ingestor/parser/common/helpers.go | 24 +- pkg/ingestor/parser/deps_dev/deps_dev.go | 7 +- pkg/ingestor/parser/deps_dev/deps_dev_test.go | 10 - pkg/ingestor/parser/spdx/parse_spdx_test.go | 18 +- 71 files changed, 410 insertions(+), 2709 deletions(-) create mode 100644 pkg/assembler/backends/ent/migrate/migrations/20240712131658_ent_diff.sql diff --git a/cmd/guacone/cmd/vulnerability.go b/cmd/guacone/cmd/vulnerability.go index 9d1b5e15b0..00bc56529c 100644 --- a/cmd/guacone/cmd/vulnerability.go +++ b/cmd/guacone/cmd/vulnerability.go @@ -22,8 +22,6 @@ import ( "os" "strings" - "github.com/guacsec/guac/pkg/dependencies" - "github.com/Khan/genqlient/graphql" model "github.com/guacsec/guac/pkg/assembler/clients/generated" "github.com/guacsec/guac/pkg/assembler/helpers" @@ -518,37 +516,26 @@ func searchPkgViaHasSBOM(ctx context.Context, gqlclient graphql.Client, searchSt if isDep.DependencyPackage.Type == guacType { continue } - var matchingDepPkgVersionIDs []string - if len(isDep.DependencyPackage.Namespaces[0].Names[0].Versions) == 0 { - findMatchingDepPkgVersionIDs, err := dependencies.FindDepPkgVersionIDs(ctx, gqlclient, isDep.DependencyPackage.Type, isDep.DependencyPackage.Namespaces[0].Namespace, - isDep.DependencyPackage.Namespaces[0].Names[0].Name, isDep.VersionRange) - if err != nil { - return nil, nil, fmt.Errorf("error from FindMatchingDepPkgVersionIDs:%w", err) + depPkgID := isDep.DependencyPackage.Namespaces[0].Names[0].Versions[0].Id + dfsN, seen := nodeMap[depPkgID] + if !seen { + dfsN = dfsNode{ + parent: now, + pkgID: depPkgID, + depth: nowNode.depth + 1, } - matchingDepPkgVersionIDs = append(matchingDepPkgVersionIDs, findMatchingDepPkgVersionIDs...) - } else { - matchingDepPkgVersionIDs = append(matchingDepPkgVersionIDs, isDep.DependencyPackage.Namespaces[0].Names[0].Versions[0].Id) + nodeMap[depPkgID] = dfsN } - for _, pkgID := range matchingDepPkgVersionIDs { - dfsN, seen := nodeMap[pkgID] - if !seen { - dfsN = dfsNode{ - parent: now, - pkgID: pkgID, - depth: nowNode.depth + 1, - } - nodeMap[pkgID] = dfsN - } - if !dfsN.expanded { - queue = append(queue, pkgID) - } - pkgVersionNeighbors, err := getVulnAndVexNeighbors(ctx, gqlclient, pkgID, isDep) - if err != nil { - return nil, nil, fmt.Errorf("getVulnAndVexNeighbors failed with error: %w", err) - } - collectedPkgVersionResults = append(collectedPkgVersionResults, pkgVersionNeighbors) - checkedPkgIDs[pkgID] = true + if !dfsN.expanded { + queue = append(queue, depPkgID) } + pkgVersionNeighbors, err := getVulnAndVexNeighbors(ctx, gqlclient, depPkgID, isDep) + if err != nil { + return nil, nil, fmt.Errorf("getVulnAndVexNeighbors failed with error: %w", err) + } + collectedPkgVersionResults = append(collectedPkgVersionResults, pkgVersionNeighbors) + checkedPkgIDs[depPkgID] = true + } } nowNode.expanded = true diff --git a/demo/graphql/queries.gql b/demo/graphql/queries.gql index 84796c1596..11cf9a7424 100644 --- a/demo/graphql/queries.gql +++ b/demo/graphql/queries.gql @@ -51,7 +51,6 @@ query PkgQ4 { fragment allIsDependencyTree on IsDependency { id justification - versionRange package { ...allPkgTree } diff --git a/demo/workflow/queries.gql b/demo/workflow/queries.gql index a441141200..42ea3ea14a 100644 --- a/demo/workflow/queries.gql +++ b/demo/workflow/queries.gql @@ -46,7 +46,6 @@ query isDependency { } } } - versionRange origin collector } diff --git a/internal/testing/backend/hasSBOM_test.go b/internal/testing/backend/hasSBOM_test.go index 2aba519637..15f5a21526 100644 --- a/internal/testing/backend/hasSBOM_test.go +++ b/internal/testing/backend/hasSBOM_test.go @@ -29,10 +29,9 @@ import ( ) type testDependency struct { - pkg *model.PkgInputSpec - depPkg *model.PkgInputSpec - matchType model.MatchFlags - isDep *model.IsDependencyInputSpec + pkg *model.PkgInputSpec + depPkg *model.PkgInputSpec + isDep *model.IsDependencyInputSpec } type testOccurrence struct { @@ -106,7 +105,6 @@ var includedPackageArtifacts = &model.PackageOrArtifactInputs{ } var includedDependency1 = &model.IsDependencyInputSpec{ - VersionRange: "dep1_range", DependencyType: model.DependencyTypeDirect, Justification: "dep1_justification", Origin: "dep1_origin", @@ -114,7 +112,6 @@ var includedDependency1 = &model.IsDependencyInputSpec{ } var includedDependency2 = &model.IsDependencyInputSpec{ - VersionRange: "dep2_range", DependencyType: model.DependencyTypeIndirect, Justification: "dep2_justification", Origin: "dep2_origin", @@ -122,17 +119,15 @@ var includedDependency2 = &model.IsDependencyInputSpec{ } var includedTestDependency1 = &testDependency{ - pkg: includedPackage1, - depPkg: includedPackage2, - matchType: mSpecific, - isDep: includedDependency1, + pkg: includedPackage1, + depPkg: includedPackage2, + isDep: includedDependency1, } var includedTestDependency2 = &testDependency{ - pkg: includedPackage1, - depPkg: includedPackage3, - matchType: mSpecific, - isDep: includedDependency2, + pkg: includedPackage1, + depPkg: includedPackage3, + isDep: includedDependency2, } var includedTestDependencies = []testDependency{*includedTestDependency1, *includedTestDependency2} @@ -263,7 +258,6 @@ var includedTestExpectedSBOM = &model.HasSbom{ IncludedDependencies: []*model.IsDependency{{ Package: includedTestExpectedPackage1, DependencyPackage: includedTestExpectedPackage2, - VersionRange: "dep1_range", DependencyType: model.DependencyTypeDirect, Justification: "dep1_justification", Origin: "dep1_origin", @@ -271,7 +265,6 @@ var includedTestExpectedSBOM = &model.HasSbom{ }, { Package: includedTestExpectedPackage1, DependencyPackage: includedTestExpectedPackage3, - VersionRange: "dep2_range", DependencyType: model.DependencyTypeIndirect, Justification: "dep2_justification", Origin: "dep2_origin", @@ -486,9 +479,8 @@ func TestHasSBOM(t *testing.T) { Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}}, }, IsDeps: []testDependency{{ - pkg: testdata.P2, - depPkg: testdata.P4, - matchType: mSpecific, + pkg: testdata.P2, + depPkg: testdata.P4, isDep: &model.IsDependencyInputSpec{ Justification: "test justification", }, @@ -739,9 +731,8 @@ func TestHasSBOM(t *testing.T) { Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}}, }, IsDeps: []testDependency{{ - pkg: testdata.P2, - depPkg: testdata.P4, - matchType: mSpecific, + pkg: testdata.P2, + depPkg: testdata.P4, isDep: &model.IsDependencyInputSpec{ Justification: "test justification", }, @@ -1841,40 +1832,6 @@ func TestHasSBOM(t *testing.T) { Query: &model.HasSBOMSpec{IncludedDependencies: []*model.IsDependencySpec{{Package: &model.PkgSpec{Name: ptrfrom.String("invalid_name")}, DependencyPackage: &model.PkgSpec{Name: &includedPackage2.Name}}}}, ExpHS: nil, }, - { - Name: "IncludedDependencies - Valid Included VersionRange", - InPkg: includedPackages, - InArt: includedArtifacts, - InSrc: includedSources, - PkgArt: includedPackageArtifacts, - IsDeps: includedTestDependencies, - IsOccs: includedTestOccurrences, - Calls: []call{{ - Sub: model.PackageOrArtifactInput{ - Package: &model.IDorPkgInput{PackageInput: includedPackage1}, - }, - HS: includedHasSBOM, - }}, - Query: &model.HasSBOMSpec{IncludedDependencies: []*model.IsDependencySpec{{VersionRange: &includedDependency1.VersionRange}}}, - ExpHS: []*model.HasSbom{includedTestExpectedSBOM}, - }, - { - Name: "IncludedDependencies - Invalid Included VersionRange", - InPkg: includedPackages, - InArt: includedArtifacts, - InSrc: includedSources, - PkgArt: includedPackageArtifacts, - IsDeps: includedTestDependencies, - IsOccs: includedTestOccurrences, - Calls: []call{{ - Sub: model.PackageOrArtifactInput{ - Package: &model.IDorPkgInput{PackageInput: includedPackage1}, - }, - HS: includedHasSBOM, - }}, - Query: &model.HasSBOMSpec{IncludedDependencies: []*model.IsDependencySpec{{VersionRange: ptrfrom.String("invalid_range")}}}, - ExpHS: nil, - }, { Name: "IncludedDependencies - Valid Included DependencyType", InPkg: includedPackages, @@ -1913,7 +1870,6 @@ func TestHasSBOM(t *testing.T) { Query: &model.HasSBOMSpec{ IncludedDependencies: []*model.IsDependencySpec{{ DependencyType: &includedDependency2.DependencyType, - VersionRange: &includedDependency1.VersionRange, Justification: &includedDependency1.Justification, }}, }, @@ -2768,7 +2724,7 @@ func TestHasSBOM(t *testing.T) { } for _, dep := range test.IsDeps { - if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, dep.matchType, *dep.isDep); err != nil { + if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, *dep.isDep); err != nil { t.Fatalf("Could not ingest dependency: %v", err) } else { includes.Dependencies = append(includes.Dependencies, isDep) @@ -2946,9 +2902,8 @@ func TestIngestHasSBOMs(t *testing.T) { Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}}, }, IsDeps: []testDependency{{ - pkg: testdata.P2, - depPkg: testdata.P4, - matchType: mSpecific, + pkg: testdata.P2, + depPkg: testdata.P4, isDep: &model.IsDependencyInputSpec{ Justification: "test justification", }, @@ -3124,7 +3079,7 @@ func TestIngestHasSBOMs(t *testing.T) { } for _, dep := range test.IsDeps { - if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, dep.matchType, *dep.isDep); err != nil { + if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, *dep.isDep); err != nil { t.Fatalf("Could not ingest dependency: %v", err) } else { includes.Dependencies = append(includes.Dependencies, isDep) @@ -3201,9 +3156,8 @@ func TestDeleteHasSBOM(t *testing.T) { Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}}, }, IsDeps: []testDependency{{ - pkg: testdata.P2, - depPkg: testdata.P4, - matchType: mSpecific, + pkg: testdata.P2, + depPkg: testdata.P4, isDep: &model.IsDependencyInputSpec{ Justification: "test justification", }, @@ -3351,7 +3305,7 @@ func TestDeleteHasSBOM(t *testing.T) { } for _, dep := range test.IsDeps { - if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, dep.matchType, *dep.isDep); err != nil { + if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, *dep.isDep); err != nil { t.Fatalf("Could not ingest dependency: %v", err) } else { includes.Dependencies = append(includes.Dependencies, isDep) diff --git a/internal/testing/backend/helpers_test.go b/internal/testing/backend/helpers_test.go index 89a13b0303..e0c8785f2d 100644 --- a/internal/testing/backend/helpers_test.go +++ b/internal/testing/backend/helpers_test.go @@ -34,8 +34,6 @@ var ( testTime2 = time.Unix(1e9, 0) startTime = time.Now() finishTime = time.Now().Add(10 * time.Second) - mAll = model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions} - mSpecific = model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion} ) var ignoreID = cmp.FilterPath(func(p cmp.Path) bool { @@ -440,9 +438,6 @@ func lessIsDep(a, b *model.IsDependency) bool { if d := cmpPkg(a.DependencyPackage, b.DependencyPackage); d != 0 { return d < 0 } - if d := strings.Compare(a.VersionRange, b.VersionRange); d != 0 { - return d < 0 - } if d := strings.Compare(a.Justification, b.Justification); d != 0 { return d < 0 } diff --git a/internal/testing/backend/isDependency_test.go b/internal/testing/backend/isDependency_test.go index c2985dfbab..21b702dda8 100644 --- a/internal/testing/backend/isDependency_test.go +++ b/internal/testing/backend/isDependency_test.go @@ -33,7 +33,6 @@ func TestIsDependency(t *testing.T) { type call struct { P1 *model.PkgInputSpec P2 *model.PkgInputSpec - MF model.MatchFlags ID *model.IsDependencyInputSpec } tests := []struct { @@ -55,7 +54,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{ Justification: "test justification", }, @@ -67,7 +65,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P1out, - DependencyPackage: testdata.P2outName, + DependencyPackage: testdata.P2out, Justification: "test justification", }, }, @@ -79,7 +77,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{ Justification: "test justification", }, @@ -87,7 +84,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{ Justification: "test justification", }, @@ -99,39 +95,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P1out, - DependencyPackage: testdata.P2outName, - Justification: "test justification", - }, - }, - }, - { - Name: "Ingest same, different version", - InPkg: []*model.PkgInputSpec{testdata.P1, testdata.P2, testdata.P3}, - Calls: []call{ - { - P1: testdata.P1, - P2: testdata.P2, - MF: mAll, - ID: &model.IsDependencyInputSpec{ - Justification: "test justification", - }, - }, - { - P1: testdata.P1, - P2: testdata.P3, - MF: mAll, - ID: &model.IsDependencyInputSpec{ - Justification: "test justification", - }, - }, - }, - Query: &model.IsDependencySpec{ - Justification: ptrfrom.String("test justification"), - }, - ExpID: []*model.IsDependency{ - { - Package: testdata.P1out, - DependencyPackage: testdata.P2outName, + DependencyPackage: testdata.P2out, Justification: "test justification", }, }, @@ -143,7 +107,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{ Justification: "test justification one", }, @@ -151,7 +114,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{ Justification: "test justification two", }, @@ -163,7 +125,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P1out, - DependencyPackage: testdata.P2outName, + DependencyPackage: testdata.P2out, Justification: "test justification one", }, }, @@ -175,13 +137,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P3, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -194,7 +154,30 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P2out, - DependencyPackage: testdata.P2outName, + DependencyPackage: testdata.P3out, + }, + }, + }, + { + Name: "Query on dep pkg ID", + InPkg: []*model.PkgInputSpec{testdata.P1, testdata.P2, testdata.P4}, + Calls: []call{ + { + P1: testdata.P2, + P2: testdata.P1, + ID: &model.IsDependencyInputSpec{}, + }, + { + P1: testdata.P2, + P2: testdata.P4, + ID: &model.IsDependencyInputSpec{}, + }, + }, + QueryDepPkgID: true, + ExpID: []*model.IsDependency{ + { + Package: testdata.P2out, + DependencyPackage: testdata.P4out, }, }, }, @@ -205,13 +188,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P2, P2: testdata.P4, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -223,7 +204,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P2out, - DependencyPackage: testdata.P4outName, + DependencyPackage: testdata.P4out, }, }, }, @@ -234,13 +215,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P2, P2: testdata.P4, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -252,7 +231,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P2out, - DependencyPackage: testdata.P4outName, + DependencyPackage: testdata.P4out, }, }, }, @@ -263,13 +242,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P2, P2: testdata.P4, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -281,7 +258,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P2out, - DependencyPackage: testdata.P4outName, + DependencyPackage: testdata.P4out, }, }, }, @@ -292,13 +269,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P2, P2: testdata.P4, - MF: mSpecific, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -320,14 +295,12 @@ func TestIsDependency(t *testing.T) { Calls: []call{ { P1: testdata.P2, - P2: testdata.P3, - MF: mSpecific, + P2: testdata.P4, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -350,18 +323,17 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P2, P2: testdata.P4, - MF: mSpecific, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, Query: &model.IsDependencySpec{ DependencyPackage: &model.PkgSpec{ + Name: ptrfrom.String("openssl"), MatchOnlyEmptyQualifiers: ptrfrom.Bool(true), }, }, @@ -370,10 +342,6 @@ func TestIsDependency(t *testing.T) { Package: testdata.P2out, DependencyPackage: testdata.P4out, }, - { - Package: testdata.P2out, - DependencyPackage: testdata.P3out, - }, }, }, { @@ -383,13 +351,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P2, P2: testdata.P5, - MF: mSpecific, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -418,13 +384,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P2, P2: testdata.P5, - MF: mSpecific, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -452,13 +416,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P5, P2: testdata.P2, - MF: mSpecific, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -487,13 +449,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P3, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -506,7 +466,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P3out, - DependencyPackage: testdata.P1outName, + DependencyPackage: testdata.P2out, }, }, }, @@ -517,13 +477,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P3, P2: testdata.P4, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -538,7 +496,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P3out, - DependencyPackage: testdata.P4outName, + DependencyPackage: testdata.P4out, }, }, }, @@ -549,19 +507,16 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P3, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P1, P2: testdata.P3, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -579,19 +534,16 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P2, P2: testdata.P3, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P1, P2: testdata.P3, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, }, @@ -599,39 +551,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P1out, - DependencyPackage: testdata.P2outName, - }, - }, - }, - { - Name: "Query on Range", - InPkg: []*model.PkgInputSpec{testdata.P1, testdata.P2}, - Calls: []call{ - { - P1: testdata.P1, - P2: testdata.P1, - MF: mAll, - ID: &model.IsDependencyInputSpec{ - VersionRange: "1-3", - }, - }, - { - P1: testdata.P2, - P2: testdata.P1, - MF: mAll, - ID: &model.IsDependencyInputSpec{ - VersionRange: "4-5", - }, - }, - }, - Query: &model.IsDependencySpec{ - VersionRange: ptrfrom.String("1-3"), - }, - ExpID: []*model.IsDependency{ - { - Package: testdata.P1out, - DependencyPackage: testdata.P1outName, - VersionRange: "1-3", + DependencyPackage: testdata.P3out, }, }, }, @@ -642,7 +562,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeDirect, }, @@ -650,7 +569,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P2, P2: testdata.P1, - MF: mAll, ID: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeIndirect, }, @@ -662,7 +580,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P2out, - DependencyPackage: testdata.P1outName, + DependencyPackage: testdata.P1out, DependencyType: model.DependencyTypeIndirect, }, }, @@ -674,7 +592,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P3, P2: testdata.P2, - MF: mSpecific, ID: &model.IsDependencyInputSpec{ Justification: "test justification", }, @@ -694,11 +611,11 @@ func TestIsDependency(t *testing.T) { }, { Package: testdata.P3out, - DependencyPackage: testdata.P4outName, + DependencyPackage: testdata.P4out, }, { Package: testdata.P3out, - DependencyPackage: testdata.P1outName, + DependencyPackage: testdata.P2out, }, }, }, @@ -709,7 +626,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P3, P2: testdata.P4, - MF: mAll, ID: &model.IsDependencyInputSpec{ Justification: "test justification name only", }, @@ -724,7 +640,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P3out, - DependencyPackage: testdata.P4outName, + DependencyPackage: testdata.P4out, Justification: "test justification name only", }, }, @@ -736,7 +652,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P3, P2: testdata.P2, - MF: mSpecific, ID: &model.IsDependencyInputSpec{ Justification: "test justification return specific", }, @@ -744,7 +659,6 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P3, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{ Justification: "test justification return specific", }, @@ -759,11 +673,6 @@ func TestIsDependency(t *testing.T) { DependencyPackage: testdata.P2out, Justification: "test justification return specific", }, - { - Package: testdata.P3out, - DependencyPackage: testdata.P2outName, - Justification: "test justification return specific", - }, }, }, { @@ -773,13 +682,11 @@ func TestIsDependency(t *testing.T) { { P1: testdata.P1, P2: testdata.P2, - MF: mSpecific, ID: &model.IsDependencyInputSpec{}, }, { P1: testdata.P4, P2: testdata.P2, - MF: mSpecific, ID: &model.IsDependencyInputSpec{}, }, }, @@ -792,37 +699,12 @@ func TestIsDependency(t *testing.T) { }, }, { - Name: "Query on dep pkg ID", - InPkg: []*model.PkgInputSpec{testdata.P1, testdata.P2, testdata.P4}, - Calls: []call{ - { - P1: testdata.P2, - P2: testdata.P1, - MF: mSpecific, - ID: &model.IsDependencyInputSpec{}, - }, - { - P1: testdata.P2, - P2: testdata.P4, - MF: mSpecific, - ID: &model.IsDependencyInputSpec{}, - }, - }, - QueryDepPkgID: true, - ExpID: []*model.IsDependency{ - { - Package: testdata.P2out, - DependencyPackage: testdata.P4out, - }, - }, - }, { Name: "docref", InPkg: []*model.PkgInputSpec{testdata.P1, testdata.P2}, Calls: []call{ { P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{ DocumentRef: "test", }, @@ -834,7 +716,7 @@ func TestIsDependency(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P1out, - DependencyPackage: testdata.P2outName, + DependencyPackage: testdata.P2out, DocumentRef: "test", }, }, @@ -863,7 +745,7 @@ func TestIsDependency(t *testing.T) { } } for _, o := range test.Calls { - depID, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: o.P1}, model.IDorPkgInput{PackageInput: o.P2}, o.MF, *o.ID) + depID, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: o.P1}, model.IDorPkgInput{PackageInput: o.P2}, *o.ID) if (err != nil) != test.ExpIngestErr { t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err) } @@ -902,7 +784,6 @@ func TestIsDependencies(t *testing.T) { type call struct { P1s []*model.IDorPkgInput P2s []*model.IDorPkgInput - MF model.MatchFlags IDs []*model.IsDependencyInputSpec } tests := []struct { @@ -919,7 +800,6 @@ func TestIsDependencies(t *testing.T) { Calls: []call{{ P1s: []*model.IDorPkgInput{{PackageInput: testdata.P1}, {PackageInput: testdata.P2}}, P2s: []*model.IDorPkgInput{{PackageInput: testdata.P2}, {PackageInput: testdata.P4}}, - MF: mAll, IDs: []*model.IsDependencyInputSpec{ { Justification: "test justification", @@ -932,7 +812,7 @@ func TestIsDependencies(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P1out, - DependencyPackage: testdata.P2outName, + DependencyPackage: testdata.P2out, Justification: "test justification", }, }, @@ -943,7 +823,6 @@ func TestIsDependencies(t *testing.T) { Calls: []call{{ P1s: []*model.IDorPkgInput{{PackageInput: testdata.P1}, {PackageInput: testdata.P2}}, P2s: []*model.IDorPkgInput{{PackageInput: testdata.P2}, {PackageInput: testdata.P4}}, - MF: mSpecific, IDs: []*model.IsDependencyInputSpec{ { Justification: "test justification", @@ -966,7 +845,6 @@ func TestIsDependencies(t *testing.T) { Calls: []call{{ P1s: []*model.IDorPkgInput{{PackageInput: testdata.P1}, {PackageInput: testdata.P2}}, P2s: []*model.IDorPkgInput{{PackageInput: testdata.P2}, {PackageInput: testdata.P4}}, - MF: mAll, IDs: []*model.IsDependencyInputSpec{ { DocumentRef: "test", @@ -979,7 +857,7 @@ func TestIsDependencies(t *testing.T) { ExpID: []*model.IsDependency{ { Package: testdata.P1out, - DependencyPackage: testdata.P2outName, + DependencyPackage: testdata.P2out, DocumentRef: "test", }, }, @@ -993,7 +871,7 @@ func TestIsDependencies(t *testing.T) { } } for _, o := range test.Calls { - depID, err := b.IngestDependencies(ctx, o.P1s, o.P2s, o.MF, o.IDs) + depID, err := b.IngestDependencies(ctx, o.P1s, o.P2s, o.IDs) if (err != nil) != test.ExpIngestErr { t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err) } diff --git a/internal/testing/backend/path_test.go b/internal/testing/backend/path_test.go index 609e61267b..010bf8f9a4 100644 --- a/internal/testing/backend/path_test.go +++ b/internal/testing/backend/path_test.go @@ -38,7 +38,6 @@ func TestPath(t *testing.T) { type isDepCall struct { P1 *model.PkgInputSpec P2 *model.PkgInputSpec - MF model.MatchFlags ID *model.IsDependencyInputSpec } tests := []struct { @@ -149,16 +148,15 @@ func TestPath(t *testing.T) { isDepCall: &isDepCall{ P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, want: []model.Node{ testdata.P1out, &model.IsDependency{ Package: testdata.P1out, - DependencyPackage: testdata.P2outName, + DependencyPackage: testdata.P2out, }, - testdata.P2outName, + testdata.P2out, }, }, } @@ -214,7 +212,7 @@ func TestPath(t *testing.T) { t.Fatalf("Could not ingest package: %v", err) } } - dID, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: tt.isDepCall.P1}, model.IDorPkgInput{PackageInput: tt.isDepCall.P2}, tt.isDepCall.MF, *tt.isDepCall.ID) + dID, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: tt.isDepCall.P1}, model.IDorPkgInput{PackageInput: tt.isDepCall.P2}, *tt.isDepCall.ID) if err != nil { t.Fatalf("did not get expected ingest error, got: %v", err) } @@ -226,7 +224,7 @@ func TestPath(t *testing.T) { t.Fatal() } startID = found[0].Package.Namespaces[0].Names[0].Versions[0].ID - stopID = found[0].DependencyPackage.Namespaces[0].Names[0].ID + stopID = found[0].DependencyPackage.Namespaces[0].Names[0].Versions[0].ID } got, err := b.Path(ctx, startID, stopID, 5, tt.edges) if (err != nil) != tt.wantPathErr { @@ -302,7 +300,6 @@ func TestNodes(t *testing.T) { type isDepCall struct { P1 *model.PkgInputSpec P2 *model.PkgInputSpec - MF model.MatchFlags ID *model.IsDependencyInputSpec } type isOcurCall struct { @@ -665,12 +662,11 @@ func TestNodes(t *testing.T) { isDepCall: &isDepCall{ P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, want: []model.Node{&model.IsDependency{ Package: testdata.P1out, - DependencyPackage: testdata.P2outName, + DependencyPackage: testdata.P2out, }}, }, { name: "isOccurrence", @@ -1007,7 +1003,7 @@ func TestNodes(t *testing.T) { nodeID = hsID } if tt.isDepCall != nil { - dID, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: tt.isDepCall.P1}, model.IDorPkgInput{PackageInput: tt.isDepCall.P2}, tt.isDepCall.MF, *tt.isDepCall.ID) + dID, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: tt.isDepCall.P1}, model.IDorPkgInput{PackageInput: tt.isDepCall.P2}, *tt.isDepCall.ID) if (err != nil) != tt.wantErr { t.Fatalf("did not get expected ingest error, want: %v, got: %v", tt.wantErr, err) } @@ -1144,7 +1140,6 @@ func TestNeighbors(t *testing.T) { type isDepCall struct { P1 *model.PkgInputSpec P2 *model.PkgInputSpec - MF model.MatchFlags ID *model.IsDependencyInputSpec } type isOcurCall struct { @@ -2387,7 +2382,6 @@ func TestNeighbors(t *testing.T) { &model.IsDependency{ Package: includedTestExpectedPackage1, DependencyPackage: includedTestExpectedPackage2, - VersionRange: "dep1_range", DependencyType: model.DependencyTypeDirect, Justification: "dep1_justification", Origin: "dep1_origin", @@ -2396,7 +2390,6 @@ func TestNeighbors(t *testing.T) { &model.IsDependency{ Package: includedTestExpectedPackage1, DependencyPackage: includedTestExpectedPackage3, - VersionRange: "dep2_range", DependencyType: model.DependencyTypeIndirect, Justification: "dep2_justification", Origin: "dep2_origin", @@ -2652,7 +2645,6 @@ func TestNeighbors(t *testing.T) { isDepCall: &isDepCall{ P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, queryPkgNameID: true, @@ -2664,17 +2656,13 @@ func TestNeighbors(t *testing.T) { Namespaces: []*model.PackageNamespace{{ Names: []*model.PackageName{}, }}}, - &model.IsDependency{ - Package: testdata.P1out, - DependencyPackage: testdata.P2outName, - }}, + }, }, { name: "isDependency - pkgVersion", inPkg: []*model.PkgInputSpec{testdata.P1, testdata.P2}, isDepCall: &isDepCall{ P1: testdata.P1, P2: testdata.P2, - MF: mSpecific, ID: &model.IsDependencyInputSpec{}, }, queryPkgVersionID: true, @@ -2697,19 +2685,17 @@ func TestNeighbors(t *testing.T) { isDepCall: &isDepCall{ P1: testdata.P1, P2: testdata.P2, - MF: mAll, ID: &model.IsDependencyInputSpec{}, }, queryIsDependencyID: true, usingOnly: []model.Edge{model.EdgeIsDependencyPackage}, - want: []model.Node{testdata.P1out, testdata.P2outName}, + want: []model.Node{testdata.P1out, testdata.P2out}, }, { name: "isDependency - isDependencyID - pkgVersion", inPkg: []*model.PkgInputSpec{testdata.P1, testdata.P2}, isDepCall: &isDepCall{ P1: testdata.P1, P2: testdata.P2, - MF: mSpecific, ID: &model.IsDependencyInputSpec{}, }, queryIsDependencyID: true, @@ -3547,7 +3533,7 @@ func TestNeighbors(t *testing.T) { } for _, dep := range tt.hasSBOMCall.IsDeps { - if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, dep.matchType, *dep.isDep); err != nil { + if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, *dep.isDep); err != nil { t.Fatalf("Could not ingest dependency: %v", err) } else { includes.Dependencies = append(includes.Dependencies, isDep) @@ -3637,7 +3623,7 @@ func TestNeighbors(t *testing.T) { } } if tt.isDepCall != nil { - dID, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: tt.isDepCall.P1}, model.IDorPkgInput{PackageInput: tt.isDepCall.P2}, tt.isDepCall.MF, *tt.isDepCall.ID) + dID, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: tt.isDepCall.P1}, model.IDorPkgInput{PackageInput: tt.isDepCall.P2}, *tt.isDepCall.ID) if (err != nil) != tt.wantErr { t.Fatalf("did not get expected ingest error, want: %v, got: %v", tt.wantErr, err) } diff --git a/internal/testing/e2e/expectIsDependencyQ2.json b/internal/testing/e2e/expectIsDependencyQ2.json index a343c9c5de..5deadf3cae 100644 --- a/internal/testing/e2e/expectIsDependencyQ2.json +++ b/internal/testing/e2e/expectIsDependencyQ2.json @@ -2,7 +2,6 @@ "IsDependency": [ { "justification": "top-level package GUAC heuristic connecting to each file/package", - "versionRange": "v1.4.2", "package": { "type": "guac", "namespaces": [ diff --git a/internal/testing/e2e/expectPathPy.json b/internal/testing/e2e/expectPathPy.json index 6fdb7ff332..cd3e5170b4 100644 --- a/internal/testing/e2e/expectPathPy.json +++ b/internal/testing/e2e/expectPathPy.json @@ -38,7 +38,6 @@ { "__typename": "IsDependency", "justification": "top-level package GUAC heuristic connecting to each file/package", - "versionRange": "3.34.1-3", "package": { "type": "guac", "namespaces": [ diff --git a/internal/testing/graphqlClients/guacdata.go b/internal/testing/graphqlClients/guacdata.go index 88f9a990d3..9b5185154f 100644 --- a/internal/testing/graphqlClients/guacdata.go +++ b/internal/testing/graphqlClients/guacdata.go @@ -275,11 +275,10 @@ func (i nounIds) ingestIsDependency(ctx context.Context, t *testing.T, gqlClient } // The IsDependency is attached to the package version node - flags := gql.MatchFlags{Pkg: gql.PkgMatchTypeSpecificVersion} dependentSpec := gql.IDorPkgInput{PackageVersionID: &dependentId} dependencySpec := gql.IDorPkgInput{PackageVersionID: &dependencyId} - res, err := gql.IngestIsDependency(ctx, gqlClient, dependentSpec, dependencySpec, flags, *spec) + res, err := gql.IngestIsDependency(ctx, gqlClient, dependentSpec, dependencySpec, *spec) if err != nil { t.Fatalf("Error ingesting IsDependency when setting up test: %s", err) } diff --git a/internal/testing/mocks/backend.go b/internal/testing/mocks/backend.go index eeaee853f0..a92936efae 100644 --- a/internal/testing/mocks/backend.go +++ b/internal/testing/mocks/backend.go @@ -656,33 +656,33 @@ func (mr *MockBackendMockRecorder) IngestCertifyVulns(ctx, pkgs, vulnerabilities } // IngestDependencies mocks base method. -func (m *MockBackend) IngestDependencies(ctx context.Context, pkgs, depPkgs []*model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependencies []*model.IsDependencyInputSpec) ([]string, error) { +func (m *MockBackend) IngestDependencies(ctx context.Context, pkgs, depPkgs []*model.IDorPkgInput, dependencies []*model.IsDependencyInputSpec) ([]string, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "IngestDependencies", ctx, pkgs, depPkgs, depPkgMatchType, dependencies) + ret := m.ctrl.Call(m, "IngestDependencies", ctx, pkgs, depPkgs, dependencies) ret0, _ := ret[0].([]string) ret1, _ := ret[1].(error) return ret0, ret1 } // IngestDependencies indicates an expected call of IngestDependencies. -func (mr *MockBackendMockRecorder) IngestDependencies(ctx, pkgs, depPkgs, depPkgMatchType, dependencies any) *gomock.Call { +func (mr *MockBackendMockRecorder) IngestDependencies(ctx, pkgs, depPkgs, dependencies any) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IngestDependencies", reflect.TypeOf((*MockBackend)(nil).IngestDependencies), ctx, pkgs, depPkgs, depPkgMatchType, dependencies) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IngestDependencies", reflect.TypeOf((*MockBackend)(nil).IngestDependencies), ctx, pkgs, depPkgs, dependencies) } // IngestDependency mocks base method. -func (m *MockBackend) IngestDependency(ctx context.Context, pkg, depPkg model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependency model.IsDependencyInputSpec) (string, error) { +func (m *MockBackend) IngestDependency(ctx context.Context, pkg, depPkg model.IDorPkgInput, dependency model.IsDependencyInputSpec) (string, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "IngestDependency", ctx, pkg, depPkg, depPkgMatchType, dependency) + ret := m.ctrl.Call(m, "IngestDependency", ctx, pkg, depPkg, dependency) ret0, _ := ret[0].(string) ret1, _ := ret[1].(error) return ret0, ret1 } // IngestDependency indicates an expected call of IngestDependency. -func (mr *MockBackendMockRecorder) IngestDependency(ctx, pkg, depPkg, depPkgMatchType, dependency any) *gomock.Call { +func (mr *MockBackendMockRecorder) IngestDependency(ctx, pkg, depPkg, dependency any) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IngestDependency", reflect.TypeOf((*MockBackend)(nil).IngestDependency), ctx, pkg, depPkg, depPkgMatchType, dependency) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IngestDependency", reflect.TypeOf((*MockBackend)(nil).IngestDependency), ctx, pkg, depPkg, dependency) } // IngestHasMetadata mocks base method. diff --git a/internal/testing/testdata/exampledata/ingest_predicates.json b/internal/testing/testdata/exampledata/ingest_predicates.json index b32f6925a5..26b0792393 100644 --- a/internal/testing/testdata/exampledata/ingest_predicates.json +++ b/internal/testing/testdata/exampledata/ingest_predicates.json @@ -91,7 +91,6 @@ "pkg": "SPECIFIC_VERSION" }, "isDependency": { - "versionRange": "3.2.0-r22", "dependencyType": "UNKNOWN", "justification": "top level package dependency", "origin": "", @@ -132,7 +131,6 @@ "pkg": "SPECIFIC_VERSION" }, "isDependency": { - "versionRange": "3.2.0-r22", "dependencyType": "UNKNOWN", "justification": "top level package dependency", "origin": "", diff --git a/internal/testing/testdata/testdata.go b/internal/testing/testdata/testdata.go index 69cd37b27a..4a3dabdd73 100644 --- a/internal/testing/testdata/testdata.go +++ b/internal/testing/testdata/testdata.go @@ -648,112 +648,90 @@ var ( SpdxDeps = []assembler.IsDependencyIngest{ { - Pkg: topLevelPack, - DepPkg: baselayoutPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevelPack, + DepPkg: baselayoutPack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "3.2.0-r22", Justification: isDepJustifyTopPkgJustification, }, }, { - Pkg: topLevelPack, - DepPkg: baselayoutdataPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevelPack, + DepPkg: baselayoutdataPack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "3.2.0-r22", Justification: isDepJustifyTopPkgJustification, }, }, { - Pkg: topLevelPack, - DepPkg: keysPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevelPack, + DepPkg: keysPack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "2.4-r1", Justification: isDepJustifyTopPkgJustification, }, }, { - Pkg: topLevelPack, - DepPkg: worldFilePack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevelPack, + DepPkg: worldFilePack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "", Justification: isDepJustifyTopPkgJustification, }, }, { - Pkg: topLevelPack, - DepPkg: rootFilePack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevelPack, + DepPkg: rootFilePack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "", Justification: isDepJustifyTopPkgJustification, }, }, { - Pkg: topLevelPack, - DepPkg: triggersFilePack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevelPack, + DepPkg: triggersFilePack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "", Justification: isDepJustifyTopPkgJustification, }, }, { - Pkg: topLevelPack, - DepPkg: rsaPubFilePack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevelPack, + DepPkg: rsaPubFilePack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "", Justification: isDepJustifyTopPkgJustification, }, }, { - Pkg: baselayoutPack, - DepPkg: keysPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: baselayoutPack, + DepPkg: keysPack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "2.4-r1", Justification: isDepJustifyDependencyOfJustification, }, }, { - Pkg: rootFilePack, - DepPkg: rsaPubFilePack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: rootFilePack, + DepPkg: rsaPubFilePack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "", Justification: isDepJustifyDependsOnJustification, }, }, { - Pkg: baselayoutPack, - DepPkg: rootFilePack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: baselayoutPack, + DepPkg: rootFilePack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "", Justification: isDepJustifyContainsJustification, }, }, { - Pkg: keysPack, - DepPkg: rsaPubFilePack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: keysPack, + DepPkg: rsaPubFilePack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "", Justification: isDepJustifyContainedByJustification, }, }, @@ -975,32 +953,26 @@ var ( CdxDeps = []assembler.IsDependencyIngest{ { - Pkg: cdxTopLevelPack, - DepPkg: cdxBasefilesPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: cdxTopLevelPack, + DepPkg: cdxBasefilesPack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "11.1+deb11u5", Justification: isDepJustifyTopPkgJustification, }, }, { - Pkg: cdxTopLevelPack, - DepPkg: cdxNetbasePack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: cdxTopLevelPack, + DepPkg: cdxNetbasePack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "6.3", Justification: isDepJustifyTopPkgJustification, }, }, { - Pkg: cdxTopLevelPack, - DepPkg: cdxTzdataPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: cdxTopLevelPack, + DepPkg: cdxTzdataPack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "2021a-1+deb11u6", Justification: isDepJustifyTopPkgJustification, }, }, @@ -1036,32 +1008,26 @@ var ( cdxQuarkusDeps = []assembler.IsDependencyIngest{ { - Pkg: cdxTopQuarkusPack, - DepPkg: cdxResteasyPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: cdxTopQuarkusPack, + DepPkg: cdxResteasyPack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeDirect, - VersionRange: "2.13.4.Final", Justification: isCDXDepJustifyDependsJustification, }, }, { - Pkg: cdxTopQuarkusPack, - DepPkg: cdxReactiveCommonPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: cdxTopQuarkusPack, + DepPkg: cdxReactiveCommonPack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeIndirect, - VersionRange: "2.13.4.Final", Justification: isCDXDepJustifyDependsJustification, }, }, { - Pkg: cdxResteasyPack, - DepPkg: cdxReactiveCommonPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: cdxResteasyPack, + DepPkg: cdxReactiveCommonPack, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeDirect, - VersionRange: "2.13.4.Final", Justification: isCDXDepJustifyDependsJustification, }, }, @@ -1416,12 +1382,10 @@ var ( CdxNpmDeps = []assembler.IsDependencyIngest{ { - Pkg: cdxWebAppPackage, - DepPkg: cdxBootstrapPackage, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: cdxWebAppPackage, + DepPkg: cdxBootstrapPackage, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, - VersionRange: "4.0.0-beta.2", Justification: isDepJustifyTopPkgJustification, }, }, @@ -1838,8 +1802,7 @@ var ( "collector":"", "dependencyType":"DIRECT", "justification":"dependency data collected via deps.dev", - "origin":"", - "versionRange":"" + "origin":"" } } ], @@ -2027,8 +1990,7 @@ var ( "collector":"", "dependencyType":"DIRECT", "justification":"dependency data collected via deps.dev", - "origin":"", - "versionRange":"^1.1.0" + "origin":"" } }, { @@ -2052,8 +2014,7 @@ var ( "collector":"", "dependencyType":"DIRECT", "justification":"dependency data collected via deps.dev", - "origin":"", - "versionRange":"^4.1.1" + "origin":"" } }, { @@ -2077,8 +2038,7 @@ var ( "collector":"", "dependencyType":"DIRECT", "justification":"dependency data collected via deps.dev", - "origin":"", - "versionRange":"^3.0.0 || ^4.0.0" + "origin":"" } } ], @@ -2371,8 +2331,7 @@ var ( "collector":"", "dependencyType":"DIRECT", "justification":"dependency data collected via deps.dev", - "origin":"", - "versionRange":"^0.1" + "origin":"" } } ], @@ -2501,8 +2460,7 @@ var ( "collector":"", "dependencyType":"DIRECT", "justification":"dependency data collected via deps.dev", - "origin":"", - "versionRange":"^3.0.0" + "origin":"" } } ], @@ -2748,22 +2706,18 @@ For the update to take effect, all services linked to the OpenSSL library must b }, IsDependency: []assembler.IsDependencyIngest{ { - Pkg: topLevelPack, - DepPkg: baselayoutPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevelPack, + DepPkg: baselayoutPack, IsDependency: &generated.IsDependencyInputSpec{ DependencyType: generated.DependencyTypeUnknown, - VersionRange: "3.2.0-r22", Justification: "top level package dependency", }, }, { - Pkg: topLevelPack, - DepPkg: baselayoutdataPack, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevelPack, + DepPkg: baselayoutdataPack, IsDependency: &generated.IsDependencyInputSpec{ DependencyType: generated.DependencyTypeUnknown, - VersionRange: "3.2.0-r22", Justification: "top level package dependency", }, }, diff --git a/pkg/assembler/assembler.go b/pkg/assembler/assembler.go index 096c7acc14..1692e67465 100644 --- a/pkg/assembler/assembler.go +++ b/pkg/assembler/assembler.go @@ -55,10 +55,9 @@ type CertifyScorecardIngest struct { } type IsDependencyIngest struct { - Pkg *generated.PkgInputSpec `json:"pkg,omitempty"` - DepPkg *generated.PkgInputSpec `json:"depPkg,omitempty"` - DepPkgMatchFlag generated.MatchFlags `json:"depPkgMatchFlag,omitempty"` - IsDependency *generated.IsDependencyInputSpec `json:"isDependency,omitempty"` + Pkg *generated.PkgInputSpec `json:"pkg,omitempty"` + DepPkg *generated.PkgInputSpec `json:"depPkg,omitempty"` + IsDependency *generated.IsDependencyInputSpec `json:"isDependency,omitempty"` } type IsOccurrenceIngest struct { diff --git a/pkg/assembler/assembler_test.go b/pkg/assembler/assembler_test.go index e3a5842678..10780d368f 100644 --- a/pkg/assembler/assembler_test.go +++ b/pkg/assembler/assembler_test.go @@ -119,7 +119,6 @@ func TestIngestPredicates(t *testing.T) { DepPkg: baselayoutPack, IsDependency: &generated.IsDependencyInputSpec{ DependencyType: generated.DependencyTypeUnknown, - VersionRange: "3.2.0-r22", Justification: "top level package dependency", }, }, @@ -128,7 +127,6 @@ func TestIngestPredicates(t *testing.T) { DepPkg: baselayoutdataPack, IsDependency: &generated.IsDependencyInputSpec{ DependencyType: generated.DependencyTypeUnknown, - VersionRange: "3.2.0-r22", Justification: "top level package dependency", }, }, diff --git a/pkg/assembler/backends/arangodb/backend.go b/pkg/assembler/backends/arangodb/backend.go index 7dbd9af83c..f81050942e 100644 --- a/pkg/assembler/backends/arangodb/backend.go +++ b/pkg/assembler/backends/arangodb/backend.go @@ -570,7 +570,7 @@ func getCollectionIndexMap() map[string][]index { } collectionIndexMap[isDependenciesStr] = []index{ - initIndex("byPkgIDDepPkgIDversionRangeOrigin", []string{"packageID", "depPackageID", "versionRange", "origin", docRef}, false), + initIndex("byPkgIDDepPkgIDOrigin", []string{"packageID", "depPackageID", "origin", docRef}, false), } collectionIndexMap[isOccurrencesStr] = []index{ diff --git a/pkg/assembler/backends/arangodb/edgeCollections.go b/pkg/assembler/backends/arangodb/edgeCollections.go index 604c4eeb32..f487436ffe 100644 --- a/pkg/assembler/backends/arangodb/edgeCollections.go +++ b/pkg/assembler/backends/arangodb/edgeCollections.go @@ -54,7 +54,6 @@ const ( // isDependency collections isDependencyDepPkgVersionEdgesStr string = "isDependencyDepPkgVersionEdges" - isDependencyDepPkgNameEdgesStr string = "isDependencyDepPkgNameEdges" isDependencySubjectPkgEdgesStr string = "isDependencySubjectPkgEdges" isDependenciesStr string = "isDependencies" @@ -229,7 +228,7 @@ var mapEdgeToArangoEdgeCollection = map[model.Edge][]string{ model.EdgeHasSlsaSubject: {hasSLSASubjectArtEdgesStr}, model.EdgeHasSourceAtPackage: {hasSourceAtPkgVersionEdgesStr, hasSourceAtPkgNameEdgesStr}, model.EdgeHasSourceAtSource: {hasSourceAtEdgesStr}, - model.EdgeIsDependencyPackage: {isDependencyDepPkgVersionEdgesStr, isDependencyDepPkgNameEdgesStr}, + model.EdgeIsDependencyPackage: {isDependencyDepPkgVersionEdgesStr}, model.EdgeIsOccurrenceArtifact: {isOccurrenceArtEdgesStr}, model.EdgeIsOccurrencePackage: {isOccurrenceSubjectPkgEdgesStr}, model.EdgeIsOccurrenceSource: {isOccurrenceSubjectSrcEdgesStr}, @@ -260,7 +259,6 @@ var edgeDefinitions = []driver.EdgeDefinition{ // setup isDependency collections {Collection: isDependencySubjectPkgEdgesStr, From: []string{pkgVersionsStr}, To: []string{isDependenciesStr}}, {Collection: isDependencyDepPkgVersionEdgesStr, From: []string{isDependenciesStr}, To: []string{pkgVersionsStr}}, - {Collection: isDependencyDepPkgNameEdgesStr, From: []string{isDependenciesStr}, To: []string{pkgNamesStr}}, // setup isOccurrence collections {Collection: isOccurrenceArtEdgesStr, From: []string{isOccurrencesStr}, To: []string{artifactsStr}}, diff --git a/pkg/assembler/backends/arangodb/isDependency.go b/pkg/assembler/backends/arangodb/isDependency.go index fa52794b44..e1f9a2652f 100644 --- a/pkg/assembler/backends/arangodb/isDependency.go +++ b/pkg/assembler/backends/arangodb/isDependency.go @@ -28,7 +28,6 @@ import ( ) const ( - versionRangeStr string = "versionRange" dependencyTypeStr string = "dependencyType" ) @@ -39,19 +38,6 @@ var dependencyTypeToEnum = map[string]model.DependencyType{ "": "", } -func checkPkgNameDependency(isDependencySpec *model.IsDependencySpec) bool { - if isDependencySpec.DependencyPackage != nil { - if isDependencySpec.DependencyPackage.ID != nil || - isDependencySpec.DependencyPackage.Version != nil || - isDependencySpec.DependencyPackage.Subpath != nil || - isDependencySpec.DependencyPackage.Qualifiers != nil || - isDependencySpec.DependencyPackage.MatchOnlyEmptyQualifiers != nil { - return false - } - } - return true -} - // Query IsDependency func (c *arangoClient) IsDependencyList(ctx context.Context, isDependencySpec model.IsDependencySpec, after *string, first *int) (*model.IsDependencyConnection, error) { @@ -78,30 +64,15 @@ func (c *arangoClient) IsDependency(ctx context.Context, isDependencySpec *model // dep pkgVersion isDependency arangoQueryBuilder = setPkgVersionMatchValues(isDependencySpec.Package, values) arangoQueryBuilder.forOutBound(isDependencySubjectPkgEdgesStr, "isDependency", "pVersion") - setIsDependencyMatchValues(arangoQueryBuilder, isDependencySpec, values, true) + setIsDependencyMatchValues(arangoQueryBuilder, isDependencySpec, values) - depPkgVersionIsDependency, err := getDependencyForQuery(ctx, c, arangoQueryBuilder, values, true) + depPkgVersionIsDependency, err := getDependencyForQuery(ctx, c, arangoQueryBuilder, values) if err != nil { return nil, fmt.Errorf("failed to retrieve dependent package version isDependency with error: %w", err) } combinedIsDependency = append(combinedIsDependency, depPkgVersionIsDependency...) - if checkPkgNameDependency(isDependencySpec) { - // dep pkgName isDependency - values = map[string]any{} - arangoQueryBuilder = setPkgVersionMatchValues(isDependencySpec.Package, values) - arangoQueryBuilder.forOutBound(isDependencySubjectPkgEdgesStr, "isDependency", "pVersion") - setIsDependencyMatchValues(arangoQueryBuilder, isDependencySpec, values, false) - - depPkgNameIsDependency, err := getDependencyForQuery(ctx, c, arangoQueryBuilder, values, false) - if err != nil { - return nil, fmt.Errorf("failed to retrieve dependent package name isDependency with error: %w", err) - } - - combinedIsDependency = append(combinedIsDependency, depPkgNameIsDependency...) - - } return combinedIsDependency, nil } else { var combinedIsDependency []*model.IsDependency @@ -112,40 +83,22 @@ func (c *arangoClient) IsDependency(ctx context.Context, isDependencySpec *model arangoQueryBuilder.forInBound(pkgHasVersionStr, "pName", "pVersion") arangoQueryBuilder.forInBound(pkgHasNameStr, "pNs", "pName") arangoQueryBuilder.forInBound(pkgHasNamespaceStr, "pType", "pNs") - setIsDependencyMatchValues(arangoQueryBuilder, isDependencySpec, values, true) + setIsDependencyMatchValues(arangoQueryBuilder, isDependencySpec, values) - depPkgVersionIsDependency, err := getDependencyForQuery(ctx, c, arangoQueryBuilder, values, true) + depPkgVersionIsDependency, err := getDependencyForQuery(ctx, c, arangoQueryBuilder, values) if err != nil { return nil, fmt.Errorf("failed to retrieve dependent package version isDependency with error: %w", err) } combinedIsDependency = append(combinedIsDependency, depPkgVersionIsDependency...) - if checkPkgNameDependency(isDependencySpec) { - // dep pkgName isDependency - values = map[string]any{} - arangoQueryBuilder = newForQuery(isDependenciesStr, "isDependency") - arangoQueryBuilder.forInBound(isDependencySubjectPkgEdgesStr, "pVersion", "isDependency") - arangoQueryBuilder.forInBound(pkgHasVersionStr, "pName", "pVersion") - arangoQueryBuilder.forInBound(pkgHasNameStr, "pNs", "pName") - arangoQueryBuilder.forInBound(pkgHasNamespaceStr, "pType", "pNs") - setIsDependencyMatchValues(arangoQueryBuilder, isDependencySpec, values, false) - - depPkgNameIsDependency, err := getDependencyForQuery(ctx, c, arangoQueryBuilder, values, false) - if err != nil { - return nil, fmt.Errorf("failed to retrieve dependent package name isDependency with error: %w", err) - } - - combinedIsDependency = append(combinedIsDependency, depPkgNameIsDependency...) - } return combinedIsDependency, nil } } -func getDependencyForQuery(ctx context.Context, c *arangoClient, arangoQueryBuilder *arangoQueryBuilder, values map[string]any, includeDepPkgVersion bool) ([]*model.IsDependency, error) { - if includeDepPkgVersion { - arangoQueryBuilder.query.WriteString("\n") - arangoQueryBuilder.query.WriteString(`RETURN { +func getDependencyForQuery(ctx context.Context, c *arangoClient, arangoQueryBuilder *arangoQueryBuilder, values map[string]any) ([]*model.IsDependency, error) { + arangoQueryBuilder.query.WriteString("\n") + arangoQueryBuilder.query.WriteString(`RETURN { 'pkgVersion': { 'type_id': pType._id, 'type': pType.type, @@ -171,45 +124,12 @@ func getDependencyForQuery(ctx context.Context, c *arangoClient, arangoQueryBuil 'qualifier_list': depVersion.qualifier_list }, 'isDependency_id': isDependency._id, - 'versionRange': isDependency.versionRange, - 'dependencyType': isDependency.dependencyType, - 'justification': isDependency.justification, - 'collector': isDependency.collector, - 'origin': isDependency.origin, - 'documentRef': isDependency.documentRef - }`) - } else { - arangoQueryBuilder.query.WriteString("\n") - arangoQueryBuilder.query.WriteString(`RETURN { - 'pkgVersion': { - 'type_id': pType._id, - 'type': pType.type, - 'namespace_id': pNs._id, - 'namespace': pNs.namespace, - 'name_id': pName._id, - 'name': pName.name, - 'version_id': pVersion._id, - 'version': pVersion.version, - 'subpath': pVersion.subpath, - 'qualifier_list': pVersion.qualifier_list - }, - 'depPkg': { - 'type_id': depType._id, - 'type': depType.type, - 'namespace_id': depNamespace._id, - 'namespace': depNamespace.namespace, - 'name_id': depName._id, - 'name': depName.name - }, - 'isDependency_id': isDependency._id, - 'versionRange': isDependency.versionRange, 'dependencyType': isDependency.dependencyType, 'justification': isDependency.justification, 'collector': isDependency.collector, 'origin': isDependency.origin, 'documentRef': isDependency.documentRef }`) - } cursor, err := executeQueryWithRetry(ctx, c.db, arangoQueryBuilder.string(), values, "IsDependency") if err != nil { @@ -225,10 +145,6 @@ func queryIsDependencyBasedOnFilter(arangoQueryBuilder *arangoQueryBuilder, isDe arangoQueryBuilder.filter("isDependency", "_id", "==", "@id") queryValues["id"] = *isDependencySpec.ID } - if isDependencySpec.VersionRange != nil { - arangoQueryBuilder.filter("isDependency", versionRangeStr, "==", "@"+versionRangeStr) - queryValues[versionRangeStr] = *isDependencySpec.VersionRange - } if isDependencySpec.DependencyType != nil { arangoQueryBuilder.filter("isDependency", dependencyTypeStr, "==", "@"+dependencyTypeStr) queryValues[dependencyTypeStr] = *isDependencySpec.DependencyType @@ -251,103 +167,73 @@ func queryIsDependencyBasedOnFilter(arangoQueryBuilder *arangoQueryBuilder, isDe } } -func setIsDependencyMatchValues(arangoQueryBuilder *arangoQueryBuilder, isDependencySpec *model.IsDependencySpec, queryValues map[string]any, queryDepPkgVersion bool) { +func setIsDependencyMatchValues(arangoQueryBuilder *arangoQueryBuilder, isDependencySpec *model.IsDependencySpec, queryValues map[string]any) { queryIsDependencyBasedOnFilter(arangoQueryBuilder, isDependencySpec, queryValues) if isDependencySpec.DependencyPackage != nil { - if !queryDepPkgVersion { - arangoQueryBuilder.forOutBound(isDependencyDepPkgNameEdgesStr, "depName", "isDependency") - if isDependencySpec.DependencyPackage.Name != nil { - arangoQueryBuilder.filter("depName", "name", "==", "@depName") - queryValues["depName"] = *isDependencySpec.DependencyPackage.Name - } - arangoQueryBuilder.forInBound(pkgHasNameStr, "depNamespace", "depName") - if isDependencySpec.DependencyPackage.Namespace != nil { - arangoQueryBuilder.filter("depNamespace", "namespace", "==", "@depNamespace") - queryValues["depNamespace"] = *isDependencySpec.DependencyPackage.Namespace - } - arangoQueryBuilder.forInBound(pkgHasNamespaceStr, "depType", "depNamespace") - if isDependencySpec.DependencyPackage.Type != nil { - arangoQueryBuilder.filter("depType", "type", "==", "@depType") - queryValues["depType"] = *isDependencySpec.DependencyPackage.Type - } - } else { - arangoQueryBuilder.forOutBound(isDependencyDepPkgVersionEdgesStr, "depVersion", "isDependency") - if isDependencySpec.DependencyPackage.ID != nil { - arangoQueryBuilder.filter("depVersion", "_id", "==", "@depVersionID") - queryValues["depVersionID"] = *isDependencySpec.DependencyPackage.ID - } - if isDependencySpec.DependencyPackage.Version != nil { - arangoQueryBuilder.filter("depVersion", "version", "==", "@depVersionValue") - queryValues["depVersionValue"] = *isDependencySpec.DependencyPackage.Version - } - if isDependencySpec.DependencyPackage.Subpath != nil { - arangoQueryBuilder.filter("depVersion", "subpath", "==", "@depSubpath") - queryValues["depSubpath"] = *isDependencySpec.DependencyPackage.Subpath - } - if isDependencySpec.DependencyPackage.MatchOnlyEmptyQualifiers != nil { - if !*isDependencySpec.DependencyPackage.MatchOnlyEmptyQualifiers { - if len(isDependencySpec.DependencyPackage.Qualifiers) > 0 { - arangoQueryBuilder.filter("depVersion", "qualifier_list", "==", "@depQualifier") - queryValues["depQualifier"] = getFilterQualifiers(isDependencySpec.DependencyPackage.Qualifiers) - } - } else { - arangoQueryBuilder.filterLength("depVersion", "qualifier_list", "==", 0) - } - } else { + arangoQueryBuilder.forOutBound(isDependencyDepPkgVersionEdgesStr, "depVersion", "isDependency") + if isDependencySpec.DependencyPackage.ID != nil { + arangoQueryBuilder.filter("depVersion", "_id", "==", "@depVersionID") + queryValues["depVersionID"] = *isDependencySpec.DependencyPackage.ID + } + if isDependencySpec.DependencyPackage.Version != nil { + arangoQueryBuilder.filter("depVersion", "version", "==", "@depVersionValue") + queryValues["depVersionValue"] = *isDependencySpec.DependencyPackage.Version + } + if isDependencySpec.DependencyPackage.Subpath != nil { + arangoQueryBuilder.filter("depVersion", "subpath", "==", "@depSubpath") + queryValues["depSubpath"] = *isDependencySpec.DependencyPackage.Subpath + } + if isDependencySpec.DependencyPackage.MatchOnlyEmptyQualifiers != nil { + if !*isDependencySpec.DependencyPackage.MatchOnlyEmptyQualifiers { if len(isDependencySpec.DependencyPackage.Qualifiers) > 0 { arangoQueryBuilder.filter("depVersion", "qualifier_list", "==", "@depQualifier") queryValues["depQualifier"] = getFilterQualifiers(isDependencySpec.DependencyPackage.Qualifiers) } + } else { + arangoQueryBuilder.filterLength("depVersion", "qualifier_list", "==", 0) } - arangoQueryBuilder.forInBound(pkgHasVersionStr, "depName", "depVersion") - if isDependencySpec.DependencyPackage.Name != nil { - arangoQueryBuilder.filter("depName", "name", "==", "@depName") - queryValues["depName"] = *isDependencySpec.DependencyPackage.Name - } - arangoQueryBuilder.forInBound(pkgHasNameStr, "depNamespace", "depName") - if isDependencySpec.DependencyPackage.Namespace != nil { - arangoQueryBuilder.filter("depNamespace", "namespace", "==", "@depNamespace") - queryValues["depNamespace"] = *isDependencySpec.DependencyPackage.Namespace - } - arangoQueryBuilder.forInBound(pkgHasNamespaceStr, "depType", "depNamespace") - if isDependencySpec.DependencyPackage.Type != nil { - arangoQueryBuilder.filter("depType", "type", "==", "@depType") - queryValues["depType"] = *isDependencySpec.DependencyPackage.Type + } else { + if len(isDependencySpec.DependencyPackage.Qualifiers) > 0 { + arangoQueryBuilder.filter("depVersion", "qualifier_list", "==", "@depQualifier") + queryValues["depQualifier"] = getFilterQualifiers(isDependencySpec.DependencyPackage.Qualifiers) } } - } else { - if !queryDepPkgVersion { - arangoQueryBuilder.forOutBound(isDependencyDepPkgNameEdgesStr, "depName", "isDependency") - arangoQueryBuilder.forInBound(pkgHasNameStr, "depNamespace", "depName") - arangoQueryBuilder.forInBound(pkgHasNamespaceStr, "depType", "depNamespace") - } else { - arangoQueryBuilder.forOutBound(isDependencyDepPkgVersionEdgesStr, "depVersion", "isDependency") - arangoQueryBuilder.forInBound(pkgHasVersionStr, "depName", "depVersion") - arangoQueryBuilder.forInBound(pkgHasNameStr, "depNamespace", "depName") - arangoQueryBuilder.forInBound(pkgHasNamespaceStr, "depType", "depNamespace") + arangoQueryBuilder.forInBound(pkgHasVersionStr, "depName", "depVersion") + if isDependencySpec.DependencyPackage.Name != nil { + arangoQueryBuilder.filter("depName", "name", "==", "@depName") + queryValues["depName"] = *isDependencySpec.DependencyPackage.Name } - + arangoQueryBuilder.forInBound(pkgHasNameStr, "depNamespace", "depName") + if isDependencySpec.DependencyPackage.Namespace != nil { + arangoQueryBuilder.filter("depNamespace", "namespace", "==", "@depNamespace") + queryValues["depNamespace"] = *isDependencySpec.DependencyPackage.Namespace + } + arangoQueryBuilder.forInBound(pkgHasNamespaceStr, "depType", "depNamespace") + if isDependencySpec.DependencyPackage.Type != nil { + arangoQueryBuilder.filter("depType", "type", "==", "@depType") + queryValues["depType"] = *isDependencySpec.DependencyPackage.Type + } + } else { + arangoQueryBuilder.forOutBound(isDependencyDepPkgVersionEdgesStr, "depVersion", "isDependency") + arangoQueryBuilder.forInBound(pkgHasVersionStr, "depName", "depVersion") + arangoQueryBuilder.forInBound(pkgHasNameStr, "depNamespace", "depName") + arangoQueryBuilder.forInBound(pkgHasNamespaceStr, "depType", "depNamespace") } } // Ingest IsDependency -func getDependencyQueryValues(pkg *model.PkgInputSpec, depPkg *model.PkgInputSpec, depPkgMatchType model.MatchFlags, dependency *model.IsDependencyInputSpec) map[string]any { +func getDependencyQueryValues(pkg *model.PkgInputSpec, depPkg *model.PkgInputSpec, dependency *model.IsDependencyInputSpec) map[string]any { values := map[string]any{} // add guac keys pkgId := helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](pkg, helpers.PkgServerKey) depPkgId := helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](depPkg, helpers.PkgServerKey) values["pkgVersionGuacKey"] = pkgId.VersionId - if depPkgMatchType.Pkg == model.PkgMatchTypeAllVersions { - values["secondPkgGuacKey"] = depPkgId.NameId - } else { - values["secondPkgGuacKey"] = depPkgId.VersionId - } + values["secondPkgGuacKey"] = depPkgId.VersionId // isDependency - values[versionRangeStr] = dependency.VersionRange values[dependencyTypeStr] = dependency.DependencyType.String() values[justification] = dependency.Justification values[origin] = dependency.Origin @@ -357,13 +243,13 @@ func getDependencyQueryValues(pkg *model.PkgInputSpec, depPkg *model.PkgInputSpe return values } -func (c *arangoClient) IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependencies []*model.IsDependencyInputSpec) ([]string, error) { +func (c *arangoClient) IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, dependencies []*model.IsDependencyInputSpec) ([]string, error) { // TODO(LUMJJB): handle pkgmatchtype var listOfValues []map[string]any for i := range pkgs { - listOfValues = append(listOfValues, getDependencyQueryValues(pkgs[i].PackageInput, depPkgs[i].PackageInput, depPkgMatchType, dependencies[i])) + listOfValues = append(listOfValues, getDependencyQueryValues(pkgs[i].PackageInput, depPkgs[i].PackageInput, dependencies[i])) } var documents []string @@ -388,45 +274,7 @@ func (c *arangoClient) IngestDependencies(ctx context.Context, pkgs []*model.IDo } sb.WriteString("]") - if depPkgMatchType.Pkg == model.PkgMatchTypeAllVersions { - - query := ` - LET firstPkg = FIRST( - FOR pVersion in pkgVersions - FILTER pVersion.guacKey == doc.pkgVersionGuacKey - RETURN { - 'version_id': pVersion._id, - 'version_key': pVersion._key - } - ) - - LET secondPkg = FIRST( - FOR pName in pkgNames - FILTER pName.guacKey == doc.secondPkgGuacKey - RETURN { - 'name_id': pName._id, - 'name_key': pName._key, - } - ) - - LET isDependency = FIRST( - UPSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.name_id, versionRange:doc.versionRange, dependencyType:doc.dependencyType, justification:doc.justification, collector:doc.collector, origin:doc.origin, documentRef:doc.documentRef } - INSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.name_id, versionRange:doc.versionRange, dependencyType:doc.dependencyType, justification:doc.justification, collector:doc.collector, origin:doc.origin, documentRef:doc.documentRef } - UPDATE {} IN isDependencies - RETURN { - '_id': NEW._id, - '_key': NEW._key - } - ) - - INSERT { _key: CONCAT("isDependencySubjectPkgEdges", firstPkg.version_key, isDependency._key), _from: firstPkg.version_id, _to: isDependency._id} INTO isDependencySubjectPkgEdges OPTIONS { overwriteMode: "ignore" } - INSERT { _key: CONCAT("isDependencyDepPkgNameEdges", isDependency._key, secondPkg.name_key), _from: isDependency._id, _to: secondPkg.name_id} INTO isDependencyDepPkgNameEdges OPTIONS { overwriteMode: "ignore" } - - RETURN { 'isDependency_id': isDependency._id }` - - sb.WriteString(query) - } else { - query := ` + query := ` LET firstPkg = FIRST( FOR pVersion in pkgVersions FILTER pVersion.guacKey == doc.pkgVersionGuacKey @@ -446,8 +294,8 @@ func (c *arangoClient) IngestDependencies(ctx context.Context, pkgs []*model.IDo ) LET isDependency = FIRST( - UPSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.version_id, versionRange:doc.versionRange, dependencyType:doc.dependencyType, justification:doc.justification, collector:doc.collector, origin:doc.origin, documentRef:doc.documentRef } - INSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.version_id, versionRange:doc.versionRange, dependencyType:doc.dependencyType, justification:doc.justification, collector:doc.collector, origin:doc.origin, documentRef:doc.documentRef } + UPSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.version_id, dependencyType:doc.dependencyType, justification:doc.justification, collector:doc.collector, origin:doc.origin, documentRef:doc.documentRef } + INSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.version_id, dependencyType:doc.dependencyType, justification:doc.justification, collector:doc.collector, origin:doc.origin, documentRef:doc.documentRef } UPDATE {} IN isDependencies RETURN { '_id': NEW._id, @@ -460,8 +308,7 @@ func (c *arangoClient) IngestDependencies(ctx context.Context, pkgs []*model.IDo RETURN { 'isDependency_id': isDependency._id }` - sb.WriteString(query) - } + sb.WriteString(query) cursor, err := executeQueryWithRetry(ctx, c.db, sb.String(), nil, "IngestDependencies") if err != nil { @@ -481,47 +328,9 @@ func (c *arangoClient) IngestDependencies(ctx context.Context, pkgs []*model.IDo return isDepIDList, nil } -func (c *arangoClient) IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependency model.IsDependencyInputSpec) (string, error) { - - var query string - if depPkgMatchType.Pkg == model.PkgMatchTypeAllVersions { - query = ` - LET firstPkg = FIRST( - FOR pVersion in pkgVersions - FILTER pVersion.guacKey == @pkgVersionGuacKey - RETURN { - 'version_id': pVersion._id, - 'version_key': pVersion._key - } - ) - - LET secondPkg = FIRST( - FOR pName in pkgNames - FILTER pName.guacKey == @secondPkgGuacKey - RETURN { - 'name_id': pName._id, - 'name_key': pName._key - } - ) - - LET isDependency = FIRST( - UPSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.name_id, versionRange:@versionRange, dependencyType:@dependencyType, justification:@justification, collector:@collector, origin:@origin, documentRef:@documentRef } - INSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.name_id, versionRange:@versionRange, dependencyType:@dependencyType, justification:@justification, collector:@collector, origin:@origin, documentRef:@documentRef } - UPDATE {} IN isDependencies - RETURN { - '_id': NEW._id, - '_key': NEW._key - } - ) - - INSERT { _key: CONCAT("isDependencySubjectPkgEdges", firstPkg.version_key, isDependency._key), _from: firstPkg.version_id, _to: isDependency._id} INTO isDependencySubjectPkgEdges OPTIONS { overwriteMode: "ignore" } - INSERT { _key: CONCAT("isDependencyDepPkgNameEdges", isDependency._key, secondPkg.name_key), _from: isDependency._id, _to: secondPkg.name_id} INTO isDependencyDepPkgNameEdges OPTIONS { overwriteMode: "ignore" } - - RETURN { 'isDependency_id': isDependency._id }` - } else { - - // Specific version - query = ` +func (c *arangoClient) IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, dependency model.IsDependencyInputSpec) (string, error) { + // Specific version + query := ` LET firstPkg = FIRST( FOR pVersion in pkgVersions FILTER pVersion.guacKey == @pkgVersionGuacKey @@ -542,8 +351,8 @@ func (c *arangoClient) IngestDependency(ctx context.Context, pkg model.IDorPkgIn LET isDependency = FIRST( - UPSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.version_id, versionRange:@versionRange, dependencyType:@dependencyType, justification:@justification, collector:@collector, origin:@origin, documentRef:@documentRef } - INSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.version_id, versionRange:@versionRange, dependencyType:@dependencyType, justification:@justification, collector:@collector, origin:@origin, documentRef:@documentRef } + UPSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.version_id, dependencyType:@dependencyType, justification:@justification, collector:@collector, origin:@origin, documentRef:@documentRef } + INSERT { packageID:firstPkg.version_id, depPackageID:secondPkg.version_id, dependencyType:@dependencyType, justification:@justification, collector:@collector, origin:@origin, documentRef:@documentRef } UPDATE {} IN isDependencies RETURN { '_id': NEW._id, @@ -555,8 +364,8 @@ func (c *arangoClient) IngestDependency(ctx context.Context, pkg model.IDorPkgIn INSERT { _key: CONCAT("isDependencyDepPkgVersionEdges", isDependency._key, secondPkg.version_key), _from: isDependency._id, _to: secondPkg.version_id} INTO isDependencyDepPkgVersionEdges OPTIONS { overwriteMode: "ignore" } RETURN { 'isDependency_id': isDependency._id }` - } - cursor, err := executeQueryWithRetry(ctx, c.db, query, getDependencyQueryValues(pkg.PackageInput, depPkg.PackageInput, depPkgMatchType, &dependency), "IngestDependency") + + cursor, err := executeQueryWithRetry(ctx, c.db, query, getDependencyQueryValues(pkg.PackageInput, depPkg.PackageInput, &dependency), "IngestDependency") if err != nil { return "", fmt.Errorf("failed to ingest isDependency: %w", err) } @@ -579,7 +388,6 @@ func getIsDependencyFromCursor(ctx context.Context, cursor driver.Cursor, ingest PkgVersion *dbPkgVersion `json:"pkgVersion"` DepPkg *dbPkgVersion `json:"depPkg"` IsDependencyID string `json:"isDependency_id"` - VersionRange string `json:"versionRange"` DependencyType string `json:"dependencyType"` Justification string `json:"justification"` Collector string `json:"collector"` @@ -616,7 +424,6 @@ func getIsDependencyFromCursor(ctx context.Context, cursor driver.Cursor, ingest ID: createdValue.IsDependencyID, Package: pkg, DependencyPackage: depPkg, - VersionRange: createdValue.VersionRange, Justification: createdValue.Justification, Origin: createdValue.Origin, Collector: createdValue.Collector, @@ -680,7 +487,6 @@ func (c *arangoClient) queryIsDependencyNodeByID(ctx context.Context, filter *mo IsDependencyID string `json:"_id"` PackageID string `json:"packageID"` DepPackageID string `json:"depPackageID"` - VersionRange string `json:"versionRange"` DependencyType string `json:"dependencyType"` Justification string `json:"justification"` Collector string `json:"collector"` @@ -728,7 +534,6 @@ func (c *arangoClient) queryIsDependencyNodeByID(ctx context.Context, filter *mo ID: collectedValues[0].IsDependencyID, Package: builtPackage, DependencyPackage: builtDepPackage, - VersionRange: collectedValues[0].VersionRange, DependencyType: depType, Justification: collectedValues[0].Justification, Origin: collectedValues[0].Origin, @@ -787,7 +592,6 @@ func noMatchIsDep(filter *model.IsDependencySpec, link *model.IsDependency) bool return noMatch(filter.Justification, link.Justification) || noMatch(filter.Origin, link.Origin) || noMatch(filter.Collector, link.Collector) || - noMatch(filter.VersionRange, link.VersionRange) || (filter.DependencyType != nil && *filter.DependencyType != link.DependencyType) } else { return false diff --git a/pkg/assembler/backends/arangodb/pkg.go b/pkg/assembler/backends/arangodb/pkg.go index 38cf6c443c..0e81a06e9e 100644 --- a/pkg/assembler/backends/arangodb/pkg.go +++ b/pkg/assembler/backends/arangodb/pkg.go @@ -1201,20 +1201,6 @@ func (c *arangoClient) packageNameNeighbors(ctx context.Context, nodeID string, } out = append(out, foundIDs...) } - if allowedEdges[model.EdgePackageIsDependency] { - values := map[string]any{} - arangoQueryBuilder := newForQuery(pkgNamesStr, "pName") - arangoQueryBuilder.filter("pName", "_id", "==", "@id") - values["id"] = nodeID - arangoQueryBuilder.forInBound(isDependencyDepPkgNameEdgesStr, "isDependency", "pName") - arangoQueryBuilder.query.WriteString("\nRETURN { neighbor: isDependency._id }") - - foundIDs, err := c.getNeighborIDFromCursor(ctx, arangoQueryBuilder, values, "packageNameNeighbors") - if err != nil { - return out, fmt.Errorf("failed to get neighbors for node ID: %s from arango cursor with error: %w", nodeID, err) - } - out = append(out, foundIDs...) - } if allowedEdges[model.EdgePackageCertifyBad] { values := map[string]any{} arangoQueryBuilder := newForQuery(pkgNamesStr, "pName") diff --git a/pkg/assembler/backends/backends.go b/pkg/assembler/backends/backends.go index ad280ee977..3052b9f41a 100644 --- a/pkg/assembler/backends/backends.go +++ b/pkg/assembler/backends/backends.go @@ -101,8 +101,8 @@ type Backend interface { IngestCertifyVulns(ctx context.Context, pkgs []*model.IDorPkgInput, vulnerabilities []*model.IDorVulnerabilityInput, certifyVulns []*model.ScanMetadataInput) ([]string, error) IngestCertifyLegal(ctx context.Context, subject model.PackageOrSourceInput, declaredLicenses []*model.IDorLicenseInput, discoveredLicenses []*model.IDorLicenseInput, certifyLegal *model.CertifyLegalInputSpec) (string, error) IngestCertifyLegals(ctx context.Context, subjects model.PackageOrSourceInputs, declaredLicensesList [][]*model.IDorLicenseInput, discoveredLicensesList [][]*model.IDorLicenseInput, certifyLegals []*model.CertifyLegalInputSpec) ([]string, error) - IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependency model.IsDependencyInputSpec) (string, error) - IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependencies []*model.IsDependencyInputSpec) ([]string, error) + IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, dependency model.IsDependencyInputSpec) (string, error) + IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, dependencies []*model.IsDependencyInputSpec) ([]string, error) IngestHasSbom(ctx context.Context, subject model.PackageOrArtifactInput, hasSbom model.HasSBOMInputSpec, includes model.HasSBOMIncludesInputSpec) (string, error) IngestHasSBOMs(ctx context.Context, subjects model.PackageOrArtifactInputs, hasSBOMs []*model.HasSBOMInputSpec, includes []*model.HasSBOMIncludesInputSpec) ([]string, error) IngestHasSourceAt(ctx context.Context, pkg model.IDorPkgInput, pkgMatchType model.MatchFlags, source model.IDorSourceInput, hasSourceAt model.HasSourceAtInputSpec) (string, error) diff --git a/pkg/assembler/backends/ent/backend/dependency.go b/pkg/assembler/backends/ent/backend/dependency.go index 336f269796..60ec53748c 100644 --- a/pkg/assembler/backends/ent/backend/dependency.go +++ b/pkg/assembler/backends/ent/backend/dependency.go @@ -115,7 +115,6 @@ func (b *EntBackend) IsDependency(ctx context.Context, spec *model.IsDependencyS func getIsDepObject(q *ent.DependencyQuery) *ent.DependencyQuery { return q. WithPackage(withPackageVersionTree()). - WithDependentPackageName(withPackageNameTree()). WithDependentPackageVersion(withPackageVersionTree()). Order(ent.Asc(dependency.FieldID)) } @@ -137,11 +136,11 @@ func (b *EntBackend) deleteIsDependency(ctx context.Context, hasSBOMID string) e return nil } -func (b *EntBackend) IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependencies []*model.IsDependencyInputSpec) ([]string, error) { +func (b *EntBackend) IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, dependencies []*model.IsDependencyInputSpec) ([]string, error) { funcName := "IngestDependencies" ids, txErr := WithinTX(ctx, b.client, func(ctx context.Context) (*[]string, error) { client := ent.TxFromContext(ctx) - slc, err := upsertBulkDependencies(ctx, client, pkgs, depPkgs, depPkgMatchType, dependencies) + slc, err := upsertBulkDependencies(ctx, client, pkgs, depPkgs, dependencies) if err != nil { return nil, err } @@ -157,7 +156,7 @@ func (b *EntBackend) IngestDependencies(ctx context.Context, pkgs []*model.IDorP func dependencyConflictColumns() []string { return []string{ dependency.FieldPackageID, - dependency.FieldVersionRange, + dependency.FieldDependentPackageVersionID, dependency.FieldDependencyType, dependency.FieldJustification, dependency.FieldOrigin, @@ -166,27 +165,11 @@ func dependencyConflictColumns() []string { } } -func upsertBulkDependencies(ctx context.Context, tx *ent.Tx, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependencies []*model.IsDependencyInputSpec) (*[]string, error) { +func upsertBulkDependencies(ctx context.Context, tx *ent.Tx, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, dependencies []*model.IsDependencyInputSpec) (*[]string, error) { ids := make([]string, 0) conflictColumns := dependencyConflictColumns() - var conflictWhere *sql.Predicate - - if depPkgMatchType.Pkg == model.PkgMatchTypeAllVersions { - conflictColumns = append(conflictColumns, dependency.FieldDependentPackageNameID) - conflictWhere = sql.And( - sql.NotNull(dependency.FieldDependentPackageNameID), - sql.IsNull(dependency.FieldDependentPackageVersionID), - ) - } else { - conflictColumns = append(conflictColumns, dependency.FieldDependentPackageVersionID) - conflictWhere = sql.And( - sql.IsNull(dependency.FieldDependentPackageNameID), - sql.NotNull(dependency.FieldDependentPackageVersionID), - ) - } - batches := chunk(dependencies, MaxBatchSize) index := 0 @@ -196,7 +179,7 @@ func upsertBulkDependencies(ctx context.Context, tx *ent.Tx, pkgs []*model.IDorP dep := dep var err error var isDependencyID *uuid.UUID - creates[i], isDependencyID, err = generateDependencyCreate(ctx, tx, pkgs[index], depPkgs[index], depPkgMatchType, dep) + creates[i], isDependencyID, err = generateDependencyCreate(ctx, tx, pkgs[index], depPkgs[index], dep) if err != nil { return nil, gqlerror.Errorf("generateDependencyCreate :: %s", err) } @@ -208,7 +191,6 @@ func upsertBulkDependencies(ctx context.Context, tx *ent.Tx, pkgs []*model.IDorP err := tx.Dependency.CreateBulk(creates...). OnConflict( sql.ConflictColumns(conflictColumns...), - sql.ConflictWhere(conflictWhere), ). DoNothing(). Exec(ctx) @@ -220,7 +202,7 @@ func upsertBulkDependencies(ctx context.Context, tx *ent.Tx, pkgs []*model.IDorP return &ids, nil } -func generateDependencyCreate(ctx context.Context, tx *ent.Tx, pkg *model.IDorPkgInput, depPkg *model.IDorPkgInput, depPkgMatchType model.MatchFlags, dep *model.IsDependencyInputSpec) (*ent.DependencyCreate, *uuid.UUID, error) { +func generateDependencyCreate(ctx context.Context, tx *ent.Tx, pkg *model.IDorPkgInput, depPkg *model.IDorPkgInput, dep *model.IsDependencyInputSpec) (*ent.DependencyCreate, *uuid.UUID, error) { dependencyCreate := tx.Dependency.Create() @@ -249,68 +231,39 @@ func generateDependencyCreate(ctx context.Context, tx *ent.Tx, pkg *model.IDorPk dependencyCreate. SetPackageID(pkgVersionID). - SetVersionRange(dep.VersionRange). SetDependencyType(dependencyTypeToEnum(dep.DependencyType)). SetJustification(dep.Justification). SetOrigin(dep.Origin). SetCollector(dep.Collector). SetDocumentRef(dep.DocumentRef) - var isDependencyID *uuid.UUID - if depPkgMatchType.Pkg == model.PkgMatchTypeAllVersions { - var depPkgNameID uuid.UUID - if depPkg.PackageNameID != nil { - var err error - pkgNameGlobalID := fromGlobalID(*depPkg.PackageNameID) - depPkgNameID, err = uuid.Parse(pkgNameGlobalID.id) - if err != nil { - return nil, nil, fmt.Errorf("uuid conversion from PackageNameID failed with error: %w", err) - } - } else { - pn, err := getPkgName(ctx, tx.Client(), *depPkg.PackageInput) - if err != nil { - return nil, nil, fmt.Errorf("failed to query for pkgName") - } - depPkgNameID = pn.ID - } - dependencyCreate.SetDependentPackageNameID(depPkgNameID) - + var depPkgVersionID uuid.UUID + if depPkg.PackageVersionID != nil { var err error - isDependencyID, err = guacDependencyKey(ptrfrom.String(pkgVersionID.String()), ptrfrom.String(depPkgNameID.String()), nil, depPkgMatchType, *dep) + pkgVersionGlobalID := fromGlobalID(*depPkg.PackageVersionID) + depPkgVersionID, err = uuid.Parse(pkgVersionGlobalID.id) if err != nil { - return nil, nil, fmt.Errorf("failed to create isDependency uuid with error: %w", err) + return nil, nil, fmt.Errorf("uuid conversion from packageVersionID failed with error: %w", err) } - dependencyCreate.SetID(*isDependencyID) } else { - var depPkgVersionID uuid.UUID - if depPkg.PackageVersionID != nil { - var err error - pkgVersionGlobalID := fromGlobalID(*depPkg.PackageVersionID) - depPkgVersionID, err = uuid.Parse(pkgVersionGlobalID.id) - if err != nil { - return nil, nil, fmt.Errorf("uuid conversion from packageVersionID failed with error: %w", err) - } - } else { - pv, err := getPkgVersion(ctx, tx.Client(), *depPkg.PackageInput) - if err != nil { - return nil, nil, fmt.Errorf("getPkgVersion :: %w", err) - } - depPkgVersionID = pv.ID - } - dependencyCreate.SetDependentPackageVersionID(depPkgVersionID) - - var err error - isDependencyID, err = guacDependencyKey(ptrfrom.String(pkgVersionID.String()), nil, ptrfrom.String(depPkgVersionID.String()), depPkgMatchType, *dep) + pv, err := getPkgVersion(ctx, tx.Client(), *depPkg.PackageInput) if err != nil { - return nil, nil, fmt.Errorf("failed to create isDependency uuid with error: %w", err) + return nil, nil, fmt.Errorf("getPkgVersion :: %w", err) } - dependencyCreate.SetID(*isDependencyID) + depPkgVersionID = pv.ID } + dependencyCreate.SetDependentPackageVersionID(depPkgVersionID) + + isDependencyID, err := guacDependencyKey(ptrfrom.String(pkgVersionID.String()), nil, ptrfrom.String(depPkgVersionID.String()), *dep) + if err != nil { + return nil, nil, fmt.Errorf("failed to create isDependency uuid with error: %w", err) + } + dependencyCreate.SetID(*isDependencyID) return dependencyCreate, isDependencyID, nil } -func (b *EntBackend) IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, depPkgMatchType model.MatchFlags, dep model.IsDependencyInputSpec) (string, error) { +func (b *EntBackend) IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, dep model.IsDependencyInputSpec) (string, error) { funcName := "IngestDependency" recordID, txErr := WithinTX(ctx, b.client, func(ctx context.Context) (*string, error) { @@ -318,23 +271,7 @@ func (b *EntBackend) IngestDependency(ctx context.Context, pkg model.IDorPkgInpu conflictColumns := dependencyConflictColumns() - var conflictWhere *sql.Predicate - - if depPkgMatchType.Pkg == model.PkgMatchTypeAllVersions { - conflictColumns = append(conflictColumns, dependency.FieldDependentPackageNameID) - conflictWhere = sql.And( - sql.NotNull(dependency.FieldDependentPackageNameID), - sql.IsNull(dependency.FieldDependentPackageVersionID), - ) - } else { - conflictColumns = append(conflictColumns, dependency.FieldDependentPackageVersionID) - conflictWhere = sql.And( - sql.IsNull(dependency.FieldDependentPackageNameID), - sql.NotNull(dependency.FieldDependentPackageVersionID), - ) - } - - insert, _, err := generateDependencyCreate(ctx, tx, &pkg, &depPkg, depPkgMatchType, &dep) + insert, _, err := generateDependencyCreate(ctx, tx, &pkg, &depPkg, &dep) if err != nil { return nil, gqlerror.Errorf("generateDependencyCreate :: %s", err) } @@ -342,7 +279,6 @@ func (b *EntBackend) IngestDependency(ctx context.Context, pkg model.IDorPkgInpu if id, err := insert. OnConflict( sql.ConflictColumns(conflictColumns...), - sql.ConflictWhere(conflictWhere), ). Ignore(). ID(ctx); err != nil { @@ -376,24 +312,13 @@ func isDependencyQuery(filter *model.IsDependencySpec) predicate.Dependency { predicates := []predicate.Dependency{ optionalPredicate(filter.ID, IDEQ), - optionalPredicate(filter.VersionRange, dependency.VersionRange), optionalPredicate(filter.Justification, dependency.Justification), optionalPredicate(filter.Origin, dependency.Origin), optionalPredicate(filter.Collector, dependency.Collector), optionalPredicate(filter.DocumentRef, dependency.DocumentRef), } if filter.DependencyPackage != nil { - if filter.DependencyPackage.Version == nil && filter.DependencyPackage.Subpath == nil && - filter.DependencyPackage.Qualifiers == nil && filter.DependencyPackage.MatchOnlyEmptyQualifiers == nil { - predicates = append(predicates, - dependency.Or( - dependency.HasDependentPackageNameWith(packageNameQuery(filter.DependencyPackage)), - dependency.HasDependentPackageVersionWith(packageVersionQuery(filter.DependencyPackage)), - ), - ) - } else { - predicates = append(predicates, dependency.HasDependentPackageVersionWith(packageVersionQuery(filter.DependencyPackage))) - } + predicates = append(predicates, dependency.HasDependentPackageVersionWith(packageVersionQuery(filter.DependencyPackage))) } if filter.Package != nil { predicates = append(predicates, dependency.HasPackageWith(packageVersionQuery(filter.Package))) @@ -407,29 +332,19 @@ func isDependencyQuery(filter *model.IsDependencySpec) predicate.Dependency { } func canonicalDependencyString(dep model.IsDependencyInputSpec) string { - return fmt.Sprintf("%s::%s::%s::%s::%s:%s", dep.VersionRange, dep.DependencyType.String(), dep.Justification, dep.Origin, dep.Collector, dep.DocumentRef) + return fmt.Sprintf("%s::%s::%s::%s:%s", dep.DependencyType.String(), dep.Justification, dep.Origin, dep.Collector, dep.DocumentRef) } -func guacDependencyKey(pkgVersionID *string, depPkgNameID *string, depPkgVersionID *string, depPkgMatchType model.MatchFlags, dep model.IsDependencyInputSpec) (*uuid.UUID, error) { - var depPkgID string - - if depPkgMatchType.Pkg == model.PkgMatchTypeAllVersions { - if depPkgNameID == nil { - return nil, fmt.Errorf("packageName ID not specified in IDorPkgInput") - } - depPkgID = *depPkgNameID - } else { - if depPkgVersionID == nil { - return nil, fmt.Errorf("packageVersion ID not specified in IDorPkgInput") - } - depPkgID = *depPkgVersionID +func guacDependencyKey(pkgVersionID *string, depPkgNameID *string, depPkgVersionID *string, dep model.IsDependencyInputSpec) (*uuid.UUID, error) { + if depPkgVersionID == nil { + return nil, fmt.Errorf("packageVersion ID not specified in IDorPkgInput") } if pkgVersionID == nil { return nil, fmt.Errorf("need to specify package ID for isDependency") } - depIDString := fmt.Sprintf("%s::%s::%s?", *pkgVersionID, depPkgID, canonicalDependencyString(dep)) + depIDString := fmt.Sprintf("%s::%s::%s?", *pkgVersionID, *depPkgVersionID, canonicalDependencyString(dep)) depID := generateUUIDKey([]byte(depIDString)) return &depID, nil @@ -444,8 +359,7 @@ func (b *EntBackend) isDependencyNeighbors(ctx context.Context, nodeID string, a if allowedEdges[model.EdgeIsDependencyPackage] { query. WithPackage(withPackageVersionTree()). - WithDependentPackageVersion(withPackageVersionTree()). - WithDependentPackageName() + WithDependentPackageVersion(withPackageVersionTree()) } deps, err := query.All(ctx) @@ -459,9 +373,6 @@ func (b *EntBackend) isDependencyNeighbors(ctx context.Context, nodeID string, a if foundDep.Edges.DependentPackageVersion != nil { out = append(out, toModelPackage(backReferencePackageVersion(foundDep.Edges.DependentPackageVersion))) } - if foundDep.Edges.DependentPackageName != nil { - out = append(out, toModelPackage(foundDep.Edges.DependentPackageName)) - } } return out, nil diff --git a/pkg/assembler/backends/ent/backend/package.go b/pkg/assembler/backends/ent/backend/package.go index 354823d568..5689b2931f 100644 --- a/pkg/assembler/backends/ent/backend/package.go +++ b/pkg/assembler/backends/ent/backend/package.go @@ -628,12 +628,6 @@ func (b *EntBackend) packageNameNeighbors(ctx context.Context, nodeID string, al getHasSourceAtObject(q) }) } - if allowedEdges[model.EdgePackageIsDependency] { - query. - WithDependency(func(q *ent.DependencyQuery) { - getIsDepObject(q) - }) - } if allowedEdges[model.EdgePackageCertifyBad] { query. WithCertification(func(q *ent.CertificationQuery) { @@ -696,9 +690,6 @@ func (b *EntBackend) packageNameNeighbors(ctx context.Context, nodeID string, al for _, hasAt := range foundPkgName.Edges.HasSourceAt { out = append(out, toModelHasSourceAt(hasAt)) } - for _, dep := range foundPkgName.Edges.Dependency { - out = append(out, toModelIsDependencyWithBackrefs(dep)) - } for _, cert := range foundPkgName.Edges.Certification { if cert.Type == certification.TypeBAD { out = append(out, toModelCertifyBad(cert)) diff --git a/pkg/assembler/backends/ent/backend/sbom.go b/pkg/assembler/backends/ent/backend/sbom.go index e63ffbff4d..9ed777558a 100644 --- a/pkg/assembler/backends/ent/backend/sbom.go +++ b/pkg/assembler/backends/ent/backend/sbom.go @@ -384,7 +384,6 @@ func getSBOMObjectWithIncludes(q *ent.BillOfMaterialsQuery) *ent.BillOfMaterials WithIncludedSoftwarePackages(withPackageVersionTree()). WithIncludedDependencies(func(q *ent.DependencyQuery) { q.WithPackage(withPackageVersionTree()). - WithDependentPackageName(withPackageNameTree()). WithDependentPackageVersion(withPackageVersionTree()) }). WithIncludedOccurrences(func(q *ent.OccurrenceQuery) { diff --git a/pkg/assembler/backends/ent/backend/transforms.go b/pkg/assembler/backends/ent/backend/transforms.go index a55d6ef826..3fddc101b2 100644 --- a/pkg/assembler/backends/ent/backend/transforms.go +++ b/pkg/assembler/backends/ent/backend/transforms.go @@ -200,43 +200,15 @@ func toModelIsOccurrence(o *ent.Occurrence, backrefs bool) *model.IsOccurrence { } func toModelIsDependencyWithBackrefs(id *ent.Dependency) *model.IsDependency { - return toModelIsDependency(id, true) -} - -func toModelIsDependency(id *ent.Dependency, backrefs bool) *model.IsDependency { - - if backrefs { - var pkg *model.Package - var depPkg *model.Package - pkg = toModelPackage(backReferencePackageVersion(id.Edges.Package)) - if id.Edges.DependentPackageName != nil { - depPkg = toModelPackage(backReferencePackageName(id.Edges.DependentPackageName)) - // in this case, the expected response is package name with an empty package version array - depPkg.Namespaces[0].Names[0].Versions = []*model.PackageVersion{} - } else { - depPkg = toModelPackage(backReferencePackageVersion(id.Edges.DependentPackageVersion)) - } - return &model.IsDependency{ - ID: dependencyGlobalID(id.ID.String()), - Package: pkg, - DependencyPackage: depPkg, - VersionRange: id.VersionRange, - DependencyType: dependencyTypeFromEnum(id.DependencyType), - Justification: id.Justification, - Origin: id.Origin, - Collector: id.Collector, - DocumentRef: id.DocumentRef, - } - } else { - return &model.IsDependency{ - ID: dependencyGlobalID(id.ID.String()), - VersionRange: id.VersionRange, - DependencyType: dependencyTypeFromEnum(id.DependencyType), - Justification: id.Justification, - Origin: id.Origin, - Collector: id.Collector, - DocumentRef: id.DocumentRef, - } + return &model.IsDependency{ + ID: dependencyGlobalID(id.ID.String()), + Package: toModelPackage(backReferencePackageVersion(id.Edges.Package)), + DependencyPackage: toModelPackage(backReferencePackageVersion(id.Edges.DependentPackageVersion)), + DependencyType: dependencyTypeFromEnum(id.DependencyType), + Justification: id.Justification, + Origin: id.Origin, + Collector: id.Collector, + DocumentRef: id.DocumentRef, } } diff --git a/pkg/assembler/backends/ent/client.go b/pkg/assembler/backends/ent/client.go index 2fe129bf24..35da33030f 100644 --- a/pkg/assembler/backends/ent/client.go +++ b/pkg/assembler/backends/ent/client.go @@ -2090,22 +2090,6 @@ func (c *DependencyClient) QueryPackage(d *Dependency) *PackageVersionQuery { return query } -// QueryDependentPackageName queries the dependent_package_name edge of a Dependency. -func (c *DependencyClient) QueryDependentPackageName(d *Dependency) *PackageNameQuery { - query := (&PackageNameClient{config: c.config}).Query() - query.path = func(context.Context) (fromV *sql.Selector, _ error) { - id := d.ID - step := sqlgraph.NewStep( - sqlgraph.From(dependency.Table, dependency.FieldID, id), - sqlgraph.To(packagename.Table, packagename.FieldID), - sqlgraph.Edge(sqlgraph.M2O, false, dependency.DependentPackageNameTable, dependency.DependentPackageNameColumn), - ) - fromV = sqlgraph.Neighbors(d.driver.Dialect(), step) - return fromV, nil - } - return query -} - // QueryDependentPackageVersion queries the dependent_package_version edge of a Dependency. func (c *DependencyClient) QueryDependentPackageVersion(d *Dependency) *PackageVersionQuery { query := (&PackageVersionClient{config: c.config}).Query() @@ -3208,22 +3192,6 @@ func (c *PackageNameClient) QueryHasSourceAt(pn *PackageName) *HasSourceAtQuery return query } -// QueryDependency queries the dependency edge of a PackageName. -func (c *PackageNameClient) QueryDependency(pn *PackageName) *DependencyQuery { - query := (&DependencyClient{config: c.config}).Query() - query.path = func(context.Context) (fromV *sql.Selector, _ error) { - id := pn.ID - step := sqlgraph.NewStep( - sqlgraph.From(packagename.Table, packagename.FieldID, id), - sqlgraph.To(dependency.Table, dependency.FieldID), - sqlgraph.Edge(sqlgraph.O2M, true, packagename.DependencyTable, packagename.DependencyColumn), - ) - fromV = sqlgraph.Neighbors(pn.driver.Dialect(), step) - return fromV, nil - } - return query -} - // QueryCertification queries the certification edge of a PackageName. func (c *PackageNameClient) QueryCertification(pn *PackageName) *CertificationQuery { query := (&CertificationClient{config: c.config}).Query() diff --git a/pkg/assembler/backends/ent/dependency.go b/pkg/assembler/backends/ent/dependency.go index 4de27f3756..3d6ae4ce09 100644 --- a/pkg/assembler/backends/ent/dependency.go +++ b/pkg/assembler/backends/ent/dependency.go @@ -10,7 +10,6 @@ import ( "entgo.io/ent/dialect/sql" "github.com/google/uuid" "github.com/guacsec/guac/pkg/assembler/backends/ent/dependency" - "github.com/guacsec/guac/pkg/assembler/backends/ent/packagename" "github.com/guacsec/guac/pkg/assembler/backends/ent/packageversion" ) @@ -21,12 +20,8 @@ type Dependency struct { ID uuid.UUID `json:"id,omitempty"` // PackageID holds the value of the "package_id" field. PackageID uuid.UUID `json:"package_id,omitempty"` - // DependentPackageNameID holds the value of the "dependent_package_name_id" field. - DependentPackageNameID uuid.UUID `json:"dependent_package_name_id,omitempty"` // DependentPackageVersionID holds the value of the "dependent_package_version_id" field. DependentPackageVersionID uuid.UUID `json:"dependent_package_version_id,omitempty"` - // VersionRange holds the value of the "version_range" field. - VersionRange string `json:"version_range,omitempty"` // DependencyType holds the value of the "dependency_type" field. DependencyType dependency.DependencyType `json:"dependency_type,omitempty"` // Justification holds the value of the "justification" field. @@ -47,17 +42,15 @@ type Dependency struct { type DependencyEdges struct { // Package holds the value of the package edge. Package *PackageVersion `json:"package,omitempty"` - // DependentPackageName holds the value of the dependent_package_name edge. - DependentPackageName *PackageName `json:"dependent_package_name,omitempty"` // DependentPackageVersion holds the value of the dependent_package_version edge. DependentPackageVersion *PackageVersion `json:"dependent_package_version,omitempty"` // IncludedInSboms holds the value of the included_in_sboms edge. IncludedInSboms []*BillOfMaterials `json:"included_in_sboms,omitempty"` // loadedTypes holds the information for reporting if a // type was loaded (or requested) in eager-loading or not. - loadedTypes [4]bool + loadedTypes [3]bool // totalCount holds the count of the edges above. - totalCount [4]map[string]int + totalCount [3]map[string]int namedIncludedInSboms map[string][]*BillOfMaterials } @@ -73,23 +66,12 @@ func (e DependencyEdges) PackageOrErr() (*PackageVersion, error) { return nil, &NotLoadedError{edge: "package"} } -// DependentPackageNameOrErr returns the DependentPackageName value or an error if the edge -// was not loaded in eager-loading, or loaded but was not found. -func (e DependencyEdges) DependentPackageNameOrErr() (*PackageName, error) { - if e.DependentPackageName != nil { - return e.DependentPackageName, nil - } else if e.loadedTypes[1] { - return nil, &NotFoundError{label: packagename.Label} - } - return nil, &NotLoadedError{edge: "dependent_package_name"} -} - // DependentPackageVersionOrErr returns the DependentPackageVersion value or an error if the edge // was not loaded in eager-loading, or loaded but was not found. func (e DependencyEdges) DependentPackageVersionOrErr() (*PackageVersion, error) { if e.DependentPackageVersion != nil { return e.DependentPackageVersion, nil - } else if e.loadedTypes[2] { + } else if e.loadedTypes[1] { return nil, &NotFoundError{label: packageversion.Label} } return nil, &NotLoadedError{edge: "dependent_package_version"} @@ -98,7 +80,7 @@ func (e DependencyEdges) DependentPackageVersionOrErr() (*PackageVersion, error) // IncludedInSbomsOrErr returns the IncludedInSboms value or an error if the edge // was not loaded in eager-loading. func (e DependencyEdges) IncludedInSbomsOrErr() ([]*BillOfMaterials, error) { - if e.loadedTypes[3] { + if e.loadedTypes[2] { return e.IncludedInSboms, nil } return nil, &NotLoadedError{edge: "included_in_sboms"} @@ -109,9 +91,9 @@ func (*Dependency) scanValues(columns []string) ([]any, error) { values := make([]any, len(columns)) for i := range columns { switch columns[i] { - case dependency.FieldVersionRange, dependency.FieldDependencyType, dependency.FieldJustification, dependency.FieldOrigin, dependency.FieldCollector, dependency.FieldDocumentRef: + case dependency.FieldDependencyType, dependency.FieldJustification, dependency.FieldOrigin, dependency.FieldCollector, dependency.FieldDocumentRef: values[i] = new(sql.NullString) - case dependency.FieldID, dependency.FieldPackageID, dependency.FieldDependentPackageNameID, dependency.FieldDependentPackageVersionID: + case dependency.FieldID, dependency.FieldPackageID, dependency.FieldDependentPackageVersionID: values[i] = new(uuid.UUID) default: values[i] = new(sql.UnknownType) @@ -140,24 +122,12 @@ func (d *Dependency) assignValues(columns []string, values []any) error { } else if value != nil { d.PackageID = *value } - case dependency.FieldDependentPackageNameID: - if value, ok := values[i].(*uuid.UUID); !ok { - return fmt.Errorf("unexpected type %T for field dependent_package_name_id", values[i]) - } else if value != nil { - d.DependentPackageNameID = *value - } case dependency.FieldDependentPackageVersionID: if value, ok := values[i].(*uuid.UUID); !ok { return fmt.Errorf("unexpected type %T for field dependent_package_version_id", values[i]) } else if value != nil { d.DependentPackageVersionID = *value } - case dependency.FieldVersionRange: - if value, ok := values[i].(*sql.NullString); !ok { - return fmt.Errorf("unexpected type %T for field version_range", values[i]) - } else if value.Valid { - d.VersionRange = value.String - } case dependency.FieldDependencyType: if value, ok := values[i].(*sql.NullString); !ok { return fmt.Errorf("unexpected type %T for field dependency_type", values[i]) @@ -206,11 +176,6 @@ func (d *Dependency) QueryPackage() *PackageVersionQuery { return NewDependencyClient(d.config).QueryPackage(d) } -// QueryDependentPackageName queries the "dependent_package_name" edge of the Dependency entity. -func (d *Dependency) QueryDependentPackageName() *PackageNameQuery { - return NewDependencyClient(d.config).QueryDependentPackageName(d) -} - // QueryDependentPackageVersion queries the "dependent_package_version" edge of the Dependency entity. func (d *Dependency) QueryDependentPackageVersion() *PackageVersionQuery { return NewDependencyClient(d.config).QueryDependentPackageVersion(d) @@ -247,15 +212,9 @@ func (d *Dependency) String() string { builder.WriteString("package_id=") builder.WriteString(fmt.Sprintf("%v", d.PackageID)) builder.WriteString(", ") - builder.WriteString("dependent_package_name_id=") - builder.WriteString(fmt.Sprintf("%v", d.DependentPackageNameID)) - builder.WriteString(", ") builder.WriteString("dependent_package_version_id=") builder.WriteString(fmt.Sprintf("%v", d.DependentPackageVersionID)) builder.WriteString(", ") - builder.WriteString("version_range=") - builder.WriteString(d.VersionRange) - builder.WriteString(", ") builder.WriteString("dependency_type=") builder.WriteString(fmt.Sprintf("%v", d.DependencyType)) builder.WriteString(", ") diff --git a/pkg/assembler/backends/ent/dependency/dependency.go b/pkg/assembler/backends/ent/dependency/dependency.go index 6476feb7f3..a73f0bd310 100644 --- a/pkg/assembler/backends/ent/dependency/dependency.go +++ b/pkg/assembler/backends/ent/dependency/dependency.go @@ -19,12 +19,8 @@ const ( FieldID = "id" // FieldPackageID holds the string denoting the package_id field in the database. FieldPackageID = "package_id" - // FieldDependentPackageNameID holds the string denoting the dependent_package_name_id field in the database. - FieldDependentPackageNameID = "dependent_package_name_id" // FieldDependentPackageVersionID holds the string denoting the dependent_package_version_id field in the database. FieldDependentPackageVersionID = "dependent_package_version_id" - // FieldVersionRange holds the string denoting the version_range field in the database. - FieldVersionRange = "version_range" // FieldDependencyType holds the string denoting the dependency_type field in the database. FieldDependencyType = "dependency_type" // FieldJustification holds the string denoting the justification field in the database. @@ -37,8 +33,6 @@ const ( FieldDocumentRef = "document_ref" // EdgePackage holds the string denoting the package edge name in mutations. EdgePackage = "package" - // EdgeDependentPackageName holds the string denoting the dependent_package_name edge name in mutations. - EdgeDependentPackageName = "dependent_package_name" // EdgeDependentPackageVersion holds the string denoting the dependent_package_version edge name in mutations. EdgeDependentPackageVersion = "dependent_package_version" // EdgeIncludedInSboms holds the string denoting the included_in_sboms edge name in mutations. @@ -52,13 +46,6 @@ const ( PackageInverseTable = "package_versions" // PackageColumn is the table column denoting the package relation/edge. PackageColumn = "package_id" - // DependentPackageNameTable is the table that holds the dependent_package_name relation/edge. - DependentPackageNameTable = "dependencies" - // DependentPackageNameInverseTable is the table name for the PackageName entity. - // It exists in this package in order to avoid circular dependency with the "packagename" package. - DependentPackageNameInverseTable = "package_names" - // DependentPackageNameColumn is the table column denoting the dependent_package_name relation/edge. - DependentPackageNameColumn = "dependent_package_name_id" // DependentPackageVersionTable is the table that holds the dependent_package_version relation/edge. DependentPackageVersionTable = "dependencies" // DependentPackageVersionInverseTable is the table name for the PackageVersion entity. @@ -77,9 +64,7 @@ const ( var Columns = []string{ FieldID, FieldPackageID, - FieldDependentPackageNameID, FieldDependentPackageVersionID, - FieldVersionRange, FieldDependencyType, FieldJustification, FieldOrigin, @@ -145,21 +130,11 @@ func ByPackageID(opts ...sql.OrderTermOption) OrderOption { return sql.OrderByField(FieldPackageID, opts...).ToFunc() } -// ByDependentPackageNameID orders the results by the dependent_package_name_id field. -func ByDependentPackageNameID(opts ...sql.OrderTermOption) OrderOption { - return sql.OrderByField(FieldDependentPackageNameID, opts...).ToFunc() -} - // ByDependentPackageVersionID orders the results by the dependent_package_version_id field. func ByDependentPackageVersionID(opts ...sql.OrderTermOption) OrderOption { return sql.OrderByField(FieldDependentPackageVersionID, opts...).ToFunc() } -// ByVersionRange orders the results by the version_range field. -func ByVersionRange(opts ...sql.OrderTermOption) OrderOption { - return sql.OrderByField(FieldVersionRange, opts...).ToFunc() -} - // ByDependencyType orders the results by the dependency_type field. func ByDependencyType(opts ...sql.OrderTermOption) OrderOption { return sql.OrderByField(FieldDependencyType, opts...).ToFunc() @@ -192,13 +167,6 @@ func ByPackageField(field string, opts ...sql.OrderTermOption) OrderOption { } } -// ByDependentPackageNameField orders the results by dependent_package_name field. -func ByDependentPackageNameField(field string, opts ...sql.OrderTermOption) OrderOption { - return func(s *sql.Selector) { - sqlgraph.OrderByNeighborTerms(s, newDependentPackageNameStep(), sql.OrderByField(field, opts...)) - } -} - // ByDependentPackageVersionField orders the results by dependent_package_version field. func ByDependentPackageVersionField(field string, opts ...sql.OrderTermOption) OrderOption { return func(s *sql.Selector) { @@ -226,13 +194,6 @@ func newPackageStep() *sqlgraph.Step { sqlgraph.Edge(sqlgraph.M2O, false, PackageTable, PackageColumn), ) } -func newDependentPackageNameStep() *sqlgraph.Step { - return sqlgraph.NewStep( - sqlgraph.From(Table, FieldID), - sqlgraph.To(DependentPackageNameInverseTable, FieldID), - sqlgraph.Edge(sqlgraph.M2O, false, DependentPackageNameTable, DependentPackageNameColumn), - ) -} func newDependentPackageVersionStep() *sqlgraph.Step { return sqlgraph.NewStep( sqlgraph.From(Table, FieldID), diff --git a/pkg/assembler/backends/ent/dependency/where.go b/pkg/assembler/backends/ent/dependency/where.go index 42cbc8826e..2e61699902 100644 --- a/pkg/assembler/backends/ent/dependency/where.go +++ b/pkg/assembler/backends/ent/dependency/where.go @@ -59,21 +59,11 @@ func PackageID(v uuid.UUID) predicate.Dependency { return predicate.Dependency(sql.FieldEQ(FieldPackageID, v)) } -// DependentPackageNameID applies equality check predicate on the "dependent_package_name_id" field. It's identical to DependentPackageNameIDEQ. -func DependentPackageNameID(v uuid.UUID) predicate.Dependency { - return predicate.Dependency(sql.FieldEQ(FieldDependentPackageNameID, v)) -} - // DependentPackageVersionID applies equality check predicate on the "dependent_package_version_id" field. It's identical to DependentPackageVersionIDEQ. func DependentPackageVersionID(v uuid.UUID) predicate.Dependency { return predicate.Dependency(sql.FieldEQ(FieldDependentPackageVersionID, v)) } -// VersionRange applies equality check predicate on the "version_range" field. It's identical to VersionRangeEQ. -func VersionRange(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldEQ(FieldVersionRange, v)) -} - // Justification applies equality check predicate on the "justification" field. It's identical to JustificationEQ. func Justification(v string) predicate.Dependency { return predicate.Dependency(sql.FieldEQ(FieldJustification, v)) @@ -114,36 +104,6 @@ func PackageIDNotIn(vs ...uuid.UUID) predicate.Dependency { return predicate.Dependency(sql.FieldNotIn(FieldPackageID, vs...)) } -// DependentPackageNameIDEQ applies the EQ predicate on the "dependent_package_name_id" field. -func DependentPackageNameIDEQ(v uuid.UUID) predicate.Dependency { - return predicate.Dependency(sql.FieldEQ(FieldDependentPackageNameID, v)) -} - -// DependentPackageNameIDNEQ applies the NEQ predicate on the "dependent_package_name_id" field. -func DependentPackageNameIDNEQ(v uuid.UUID) predicate.Dependency { - return predicate.Dependency(sql.FieldNEQ(FieldDependentPackageNameID, v)) -} - -// DependentPackageNameIDIn applies the In predicate on the "dependent_package_name_id" field. -func DependentPackageNameIDIn(vs ...uuid.UUID) predicate.Dependency { - return predicate.Dependency(sql.FieldIn(FieldDependentPackageNameID, vs...)) -} - -// DependentPackageNameIDNotIn applies the NotIn predicate on the "dependent_package_name_id" field. -func DependentPackageNameIDNotIn(vs ...uuid.UUID) predicate.Dependency { - return predicate.Dependency(sql.FieldNotIn(FieldDependentPackageNameID, vs...)) -} - -// DependentPackageNameIDIsNil applies the IsNil predicate on the "dependent_package_name_id" field. -func DependentPackageNameIDIsNil() predicate.Dependency { - return predicate.Dependency(sql.FieldIsNull(FieldDependentPackageNameID)) -} - -// DependentPackageNameIDNotNil applies the NotNil predicate on the "dependent_package_name_id" field. -func DependentPackageNameIDNotNil() predicate.Dependency { - return predicate.Dependency(sql.FieldNotNull(FieldDependentPackageNameID)) -} - // DependentPackageVersionIDEQ applies the EQ predicate on the "dependent_package_version_id" field. func DependentPackageVersionIDEQ(v uuid.UUID) predicate.Dependency { return predicate.Dependency(sql.FieldEQ(FieldDependentPackageVersionID, v)) @@ -174,71 +134,6 @@ func DependentPackageVersionIDNotNil() predicate.Dependency { return predicate.Dependency(sql.FieldNotNull(FieldDependentPackageVersionID)) } -// VersionRangeEQ applies the EQ predicate on the "version_range" field. -func VersionRangeEQ(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldEQ(FieldVersionRange, v)) -} - -// VersionRangeNEQ applies the NEQ predicate on the "version_range" field. -func VersionRangeNEQ(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldNEQ(FieldVersionRange, v)) -} - -// VersionRangeIn applies the In predicate on the "version_range" field. -func VersionRangeIn(vs ...string) predicate.Dependency { - return predicate.Dependency(sql.FieldIn(FieldVersionRange, vs...)) -} - -// VersionRangeNotIn applies the NotIn predicate on the "version_range" field. -func VersionRangeNotIn(vs ...string) predicate.Dependency { - return predicate.Dependency(sql.FieldNotIn(FieldVersionRange, vs...)) -} - -// VersionRangeGT applies the GT predicate on the "version_range" field. -func VersionRangeGT(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldGT(FieldVersionRange, v)) -} - -// VersionRangeGTE applies the GTE predicate on the "version_range" field. -func VersionRangeGTE(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldGTE(FieldVersionRange, v)) -} - -// VersionRangeLT applies the LT predicate on the "version_range" field. -func VersionRangeLT(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldLT(FieldVersionRange, v)) -} - -// VersionRangeLTE applies the LTE predicate on the "version_range" field. -func VersionRangeLTE(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldLTE(FieldVersionRange, v)) -} - -// VersionRangeContains applies the Contains predicate on the "version_range" field. -func VersionRangeContains(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldContains(FieldVersionRange, v)) -} - -// VersionRangeHasPrefix applies the HasPrefix predicate on the "version_range" field. -func VersionRangeHasPrefix(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldHasPrefix(FieldVersionRange, v)) -} - -// VersionRangeHasSuffix applies the HasSuffix predicate on the "version_range" field. -func VersionRangeHasSuffix(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldHasSuffix(FieldVersionRange, v)) -} - -// VersionRangeEqualFold applies the EqualFold predicate on the "version_range" field. -func VersionRangeEqualFold(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldEqualFold(FieldVersionRange, v)) -} - -// VersionRangeContainsFold applies the ContainsFold predicate on the "version_range" field. -func VersionRangeContainsFold(v string) predicate.Dependency { - return predicate.Dependency(sql.FieldContainsFold(FieldVersionRange, v)) -} - // DependencyTypeEQ applies the EQ predicate on the "dependency_type" field. func DependencyTypeEQ(v DependencyType) predicate.Dependency { return predicate.Dependency(sql.FieldEQ(FieldDependencyType, v)) @@ -542,29 +437,6 @@ func HasPackageWith(preds ...predicate.PackageVersion) predicate.Dependency { }) } -// HasDependentPackageName applies the HasEdge predicate on the "dependent_package_name" edge. -func HasDependentPackageName() predicate.Dependency { - return predicate.Dependency(func(s *sql.Selector) { - step := sqlgraph.NewStep( - sqlgraph.From(Table, FieldID), - sqlgraph.Edge(sqlgraph.M2O, false, DependentPackageNameTable, DependentPackageNameColumn), - ) - sqlgraph.HasNeighbors(s, step) - }) -} - -// HasDependentPackageNameWith applies the HasEdge predicate on the "dependent_package_name" edge with a given conditions (other predicates). -func HasDependentPackageNameWith(preds ...predicate.PackageName) predicate.Dependency { - return predicate.Dependency(func(s *sql.Selector) { - step := newDependentPackageNameStep() - sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) { - for _, p := range preds { - p(s) - } - }) - }) -} - // HasDependentPackageVersion applies the HasEdge predicate on the "dependent_package_version" edge. func HasDependentPackageVersion() predicate.Dependency { return predicate.Dependency(func(s *sql.Selector) { diff --git a/pkg/assembler/backends/ent/dependency_create.go b/pkg/assembler/backends/ent/dependency_create.go index 3e96510bfe..83914963f1 100644 --- a/pkg/assembler/backends/ent/dependency_create.go +++ b/pkg/assembler/backends/ent/dependency_create.go @@ -14,7 +14,6 @@ import ( "github.com/google/uuid" "github.com/guacsec/guac/pkg/assembler/backends/ent/billofmaterials" "github.com/guacsec/guac/pkg/assembler/backends/ent/dependency" - "github.com/guacsec/guac/pkg/assembler/backends/ent/packagename" "github.com/guacsec/guac/pkg/assembler/backends/ent/packageversion" ) @@ -32,20 +31,6 @@ func (dc *DependencyCreate) SetPackageID(u uuid.UUID) *DependencyCreate { return dc } -// SetDependentPackageNameID sets the "dependent_package_name_id" field. -func (dc *DependencyCreate) SetDependentPackageNameID(u uuid.UUID) *DependencyCreate { - dc.mutation.SetDependentPackageNameID(u) - return dc -} - -// SetNillableDependentPackageNameID sets the "dependent_package_name_id" field if the given value is not nil. -func (dc *DependencyCreate) SetNillableDependentPackageNameID(u *uuid.UUID) *DependencyCreate { - if u != nil { - dc.SetDependentPackageNameID(*u) - } - return dc -} - // SetDependentPackageVersionID sets the "dependent_package_version_id" field. func (dc *DependencyCreate) SetDependentPackageVersionID(u uuid.UUID) *DependencyCreate { dc.mutation.SetDependentPackageVersionID(u) @@ -60,12 +45,6 @@ func (dc *DependencyCreate) SetNillableDependentPackageVersionID(u *uuid.UUID) * return dc } -// SetVersionRange sets the "version_range" field. -func (dc *DependencyCreate) SetVersionRange(s string) *DependencyCreate { - dc.mutation.SetVersionRange(s) - return dc -} - // SetDependencyType sets the "dependency_type" field. func (dc *DependencyCreate) SetDependencyType(dt dependency.DependencyType) *DependencyCreate { dc.mutation.SetDependencyType(dt) @@ -115,11 +94,6 @@ func (dc *DependencyCreate) SetPackage(p *PackageVersion) *DependencyCreate { return dc.SetPackageID(p.ID) } -// SetDependentPackageName sets the "dependent_package_name" edge to the PackageName entity. -func (dc *DependencyCreate) SetDependentPackageName(p *PackageName) *DependencyCreate { - return dc.SetDependentPackageNameID(p.ID) -} - // SetDependentPackageVersion sets the "dependent_package_version" edge to the PackageVersion entity. func (dc *DependencyCreate) SetDependentPackageVersion(p *PackageVersion) *DependencyCreate { return dc.SetDependentPackageVersionID(p.ID) @@ -186,9 +160,6 @@ func (dc *DependencyCreate) check() error { if _, ok := dc.mutation.PackageID(); !ok { return &ValidationError{Name: "package_id", err: errors.New(`ent: missing required field "Dependency.package_id"`)} } - if _, ok := dc.mutation.VersionRange(); !ok { - return &ValidationError{Name: "version_range", err: errors.New(`ent: missing required field "Dependency.version_range"`)} - } if _, ok := dc.mutation.DependencyType(); !ok { return &ValidationError{Name: "dependency_type", err: errors.New(`ent: missing required field "Dependency.dependency_type"`)} } @@ -248,10 +219,6 @@ func (dc *DependencyCreate) createSpec() (*Dependency, *sqlgraph.CreateSpec) { _node.ID = id _spec.ID.Value = &id } - if value, ok := dc.mutation.VersionRange(); ok { - _spec.SetField(dependency.FieldVersionRange, field.TypeString, value) - _node.VersionRange = value - } if value, ok := dc.mutation.DependencyType(); ok { _spec.SetField(dependency.FieldDependencyType, field.TypeEnum, value) _node.DependencyType = value @@ -289,23 +256,6 @@ func (dc *DependencyCreate) createSpec() (*Dependency, *sqlgraph.CreateSpec) { _node.PackageID = nodes[0] _spec.Edges = append(_spec.Edges, edge) } - if nodes := dc.mutation.DependentPackageNameIDs(); len(nodes) > 0 { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.M2O, - Inverse: false, - Table: dependency.DependentPackageNameTable, - Columns: []string{dependency.DependentPackageNameColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(packagename.FieldID, field.TypeUUID), - }, - } - for _, k := range nodes { - edge.Target.Nodes = append(edge.Target.Nodes, k) - } - _node.DependentPackageNameID = nodes[0] - _spec.Edges = append(_spec.Edges, edge) - } if nodes := dc.mutation.DependentPackageVersionIDs(); len(nodes) > 0 { edge := &sqlgraph.EdgeSpec{ Rel: sqlgraph.M2O, @@ -403,24 +353,6 @@ func (u *DependencyUpsert) UpdatePackageID() *DependencyUpsert { return u } -// SetDependentPackageNameID sets the "dependent_package_name_id" field. -func (u *DependencyUpsert) SetDependentPackageNameID(v uuid.UUID) *DependencyUpsert { - u.Set(dependency.FieldDependentPackageNameID, v) - return u -} - -// UpdateDependentPackageNameID sets the "dependent_package_name_id" field to the value that was provided on create. -func (u *DependencyUpsert) UpdateDependentPackageNameID() *DependencyUpsert { - u.SetExcluded(dependency.FieldDependentPackageNameID) - return u -} - -// ClearDependentPackageNameID clears the value of the "dependent_package_name_id" field. -func (u *DependencyUpsert) ClearDependentPackageNameID() *DependencyUpsert { - u.SetNull(dependency.FieldDependentPackageNameID) - return u -} - // SetDependentPackageVersionID sets the "dependent_package_version_id" field. func (u *DependencyUpsert) SetDependentPackageVersionID(v uuid.UUID) *DependencyUpsert { u.Set(dependency.FieldDependentPackageVersionID, v) @@ -439,18 +371,6 @@ func (u *DependencyUpsert) ClearDependentPackageVersionID() *DependencyUpsert { return u } -// SetVersionRange sets the "version_range" field. -func (u *DependencyUpsert) SetVersionRange(v string) *DependencyUpsert { - u.Set(dependency.FieldVersionRange, v) - return u -} - -// UpdateVersionRange sets the "version_range" field to the value that was provided on create. -func (u *DependencyUpsert) UpdateVersionRange() *DependencyUpsert { - u.SetExcluded(dependency.FieldVersionRange) - return u -} - // SetDependencyType sets the "dependency_type" field. func (u *DependencyUpsert) SetDependencyType(v dependency.DependencyType) *DependencyUpsert { u.Set(dependency.FieldDependencyType, v) @@ -573,27 +493,6 @@ func (u *DependencyUpsertOne) UpdatePackageID() *DependencyUpsertOne { }) } -// SetDependentPackageNameID sets the "dependent_package_name_id" field. -func (u *DependencyUpsertOne) SetDependentPackageNameID(v uuid.UUID) *DependencyUpsertOne { - return u.Update(func(s *DependencyUpsert) { - s.SetDependentPackageNameID(v) - }) -} - -// UpdateDependentPackageNameID sets the "dependent_package_name_id" field to the value that was provided on create. -func (u *DependencyUpsertOne) UpdateDependentPackageNameID() *DependencyUpsertOne { - return u.Update(func(s *DependencyUpsert) { - s.UpdateDependentPackageNameID() - }) -} - -// ClearDependentPackageNameID clears the value of the "dependent_package_name_id" field. -func (u *DependencyUpsertOne) ClearDependentPackageNameID() *DependencyUpsertOne { - return u.Update(func(s *DependencyUpsert) { - s.ClearDependentPackageNameID() - }) -} - // SetDependentPackageVersionID sets the "dependent_package_version_id" field. func (u *DependencyUpsertOne) SetDependentPackageVersionID(v uuid.UUID) *DependencyUpsertOne { return u.Update(func(s *DependencyUpsert) { @@ -615,20 +514,6 @@ func (u *DependencyUpsertOne) ClearDependentPackageVersionID() *DependencyUpsert }) } -// SetVersionRange sets the "version_range" field. -func (u *DependencyUpsertOne) SetVersionRange(v string) *DependencyUpsertOne { - return u.Update(func(s *DependencyUpsert) { - s.SetVersionRange(v) - }) -} - -// UpdateVersionRange sets the "version_range" field to the value that was provided on create. -func (u *DependencyUpsertOne) UpdateVersionRange() *DependencyUpsertOne { - return u.Update(func(s *DependencyUpsert) { - s.UpdateVersionRange() - }) -} - // SetDependencyType sets the "dependency_type" field. func (u *DependencyUpsertOne) SetDependencyType(v dependency.DependencyType) *DependencyUpsertOne { return u.Update(func(s *DependencyUpsert) { @@ -928,27 +813,6 @@ func (u *DependencyUpsertBulk) UpdatePackageID() *DependencyUpsertBulk { }) } -// SetDependentPackageNameID sets the "dependent_package_name_id" field. -func (u *DependencyUpsertBulk) SetDependentPackageNameID(v uuid.UUID) *DependencyUpsertBulk { - return u.Update(func(s *DependencyUpsert) { - s.SetDependentPackageNameID(v) - }) -} - -// UpdateDependentPackageNameID sets the "dependent_package_name_id" field to the value that was provided on create. -func (u *DependencyUpsertBulk) UpdateDependentPackageNameID() *DependencyUpsertBulk { - return u.Update(func(s *DependencyUpsert) { - s.UpdateDependentPackageNameID() - }) -} - -// ClearDependentPackageNameID clears the value of the "dependent_package_name_id" field. -func (u *DependencyUpsertBulk) ClearDependentPackageNameID() *DependencyUpsertBulk { - return u.Update(func(s *DependencyUpsert) { - s.ClearDependentPackageNameID() - }) -} - // SetDependentPackageVersionID sets the "dependent_package_version_id" field. func (u *DependencyUpsertBulk) SetDependentPackageVersionID(v uuid.UUID) *DependencyUpsertBulk { return u.Update(func(s *DependencyUpsert) { @@ -970,20 +834,6 @@ func (u *DependencyUpsertBulk) ClearDependentPackageVersionID() *DependencyUpser }) } -// SetVersionRange sets the "version_range" field. -func (u *DependencyUpsertBulk) SetVersionRange(v string) *DependencyUpsertBulk { - return u.Update(func(s *DependencyUpsert) { - s.SetVersionRange(v) - }) -} - -// UpdateVersionRange sets the "version_range" field to the value that was provided on create. -func (u *DependencyUpsertBulk) UpdateVersionRange() *DependencyUpsertBulk { - return u.Update(func(s *DependencyUpsert) { - s.UpdateVersionRange() - }) -} - // SetDependencyType sets the "dependency_type" field. func (u *DependencyUpsertBulk) SetDependencyType(v dependency.DependencyType) *DependencyUpsertBulk { return u.Update(func(s *DependencyUpsert) { diff --git a/pkg/assembler/backends/ent/dependency_query.go b/pkg/assembler/backends/ent/dependency_query.go index a8a7a944db..fb00b42b6b 100644 --- a/pkg/assembler/backends/ent/dependency_query.go +++ b/pkg/assembler/backends/ent/dependency_query.go @@ -14,7 +14,6 @@ import ( "github.com/google/uuid" "github.com/guacsec/guac/pkg/assembler/backends/ent/billofmaterials" "github.com/guacsec/guac/pkg/assembler/backends/ent/dependency" - "github.com/guacsec/guac/pkg/assembler/backends/ent/packagename" "github.com/guacsec/guac/pkg/assembler/backends/ent/packageversion" "github.com/guacsec/guac/pkg/assembler/backends/ent/predicate" ) @@ -27,7 +26,6 @@ type DependencyQuery struct { inters []Interceptor predicates []predicate.Dependency withPackage *PackageVersionQuery - withDependentPackageName *PackageNameQuery withDependentPackageVersion *PackageVersionQuery withIncludedInSboms *BillOfMaterialsQuery modifiers []func(*sql.Selector) @@ -91,28 +89,6 @@ func (dq *DependencyQuery) QueryPackage() *PackageVersionQuery { return query } -// QueryDependentPackageName chains the current query on the "dependent_package_name" edge. -func (dq *DependencyQuery) QueryDependentPackageName() *PackageNameQuery { - query := (&PackageNameClient{config: dq.config}).Query() - query.path = func(ctx context.Context) (fromU *sql.Selector, err error) { - if err := dq.prepareQuery(ctx); err != nil { - return nil, err - } - selector := dq.sqlQuery(ctx) - if err := selector.Err(); err != nil { - return nil, err - } - step := sqlgraph.NewStep( - sqlgraph.From(dependency.Table, dependency.FieldID, selector), - sqlgraph.To(packagename.Table, packagename.FieldID), - sqlgraph.Edge(sqlgraph.M2O, false, dependency.DependentPackageNameTable, dependency.DependentPackageNameColumn), - ) - fromU = sqlgraph.SetNeighbors(dq.driver.Dialect(), step) - return fromU, nil - } - return query -} - // QueryDependentPackageVersion chains the current query on the "dependent_package_version" edge. func (dq *DependencyQuery) QueryDependentPackageVersion() *PackageVersionQuery { query := (&PackageVersionClient{config: dq.config}).Query() @@ -350,7 +326,6 @@ func (dq *DependencyQuery) Clone() *DependencyQuery { inters: append([]Interceptor{}, dq.inters...), predicates: append([]predicate.Dependency{}, dq.predicates...), withPackage: dq.withPackage.Clone(), - withDependentPackageName: dq.withDependentPackageName.Clone(), withDependentPackageVersion: dq.withDependentPackageVersion.Clone(), withIncludedInSboms: dq.withIncludedInSboms.Clone(), // clone intermediate query. @@ -370,17 +345,6 @@ func (dq *DependencyQuery) WithPackage(opts ...func(*PackageVersionQuery)) *Depe return dq } -// WithDependentPackageName tells the query-builder to eager-load the nodes that are connected to -// the "dependent_package_name" edge. The optional arguments are used to configure the query builder of the edge. -func (dq *DependencyQuery) WithDependentPackageName(opts ...func(*PackageNameQuery)) *DependencyQuery { - query := (&PackageNameClient{config: dq.config}).Query() - for _, opt := range opts { - opt(query) - } - dq.withDependentPackageName = query - return dq -} - // WithDependentPackageVersion tells the query-builder to eager-load the nodes that are connected to // the "dependent_package_version" edge. The optional arguments are used to configure the query builder of the edge. func (dq *DependencyQuery) WithDependentPackageVersion(opts ...func(*PackageVersionQuery)) *DependencyQuery { @@ -481,9 +445,8 @@ func (dq *DependencyQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*D var ( nodes = []*Dependency{} _spec = dq.querySpec() - loadedTypes = [4]bool{ + loadedTypes = [3]bool{ dq.withPackage != nil, - dq.withDependentPackageName != nil, dq.withDependentPackageVersion != nil, dq.withIncludedInSboms != nil, } @@ -515,12 +478,6 @@ func (dq *DependencyQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*D return nil, err } } - if query := dq.withDependentPackageName; query != nil { - if err := dq.loadDependentPackageName(ctx, query, nodes, nil, - func(n *Dependency, e *PackageName) { n.Edges.DependentPackageName = e }); err != nil { - return nil, err - } - } if query := dq.withDependentPackageVersion; query != nil { if err := dq.loadDependentPackageVersion(ctx, query, nodes, nil, func(n *Dependency, e *PackageVersion) { n.Edges.DependentPackageVersion = e }); err != nil { @@ -578,35 +535,6 @@ func (dq *DependencyQuery) loadPackage(ctx context.Context, query *PackageVersio } return nil } -func (dq *DependencyQuery) loadDependentPackageName(ctx context.Context, query *PackageNameQuery, nodes []*Dependency, init func(*Dependency), assign func(*Dependency, *PackageName)) error { - ids := make([]uuid.UUID, 0, len(nodes)) - nodeids := make(map[uuid.UUID][]*Dependency) - for i := range nodes { - fk := nodes[i].DependentPackageNameID - if _, ok := nodeids[fk]; !ok { - ids = append(ids, fk) - } - nodeids[fk] = append(nodeids[fk], nodes[i]) - } - if len(ids) == 0 { - return nil - } - query.Where(packagename.IDIn(ids...)) - neighbors, err := query.All(ctx) - if err != nil { - return err - } - for _, n := range neighbors { - nodes, ok := nodeids[n.ID] - if !ok { - return fmt.Errorf(`unexpected foreign-key "dependent_package_name_id" returned %v`, n.ID) - } - for i := range nodes { - assign(nodes[i], n) - } - } - return nil -} func (dq *DependencyQuery) loadDependentPackageVersion(ctx context.Context, query *PackageVersionQuery, nodes []*Dependency, init func(*Dependency), assign func(*Dependency, *PackageVersion)) error { ids := make([]uuid.UUID, 0, len(nodes)) nodeids := make(map[uuid.UUID][]*Dependency) @@ -729,9 +657,6 @@ func (dq *DependencyQuery) querySpec() *sqlgraph.QuerySpec { if dq.withPackage != nil { _spec.Node.AddColumnOnce(dependency.FieldPackageID) } - if dq.withDependentPackageName != nil { - _spec.Node.AddColumnOnce(dependency.FieldDependentPackageNameID) - } if dq.withDependentPackageVersion != nil { _spec.Node.AddColumnOnce(dependency.FieldDependentPackageVersionID) } diff --git a/pkg/assembler/backends/ent/dependency_update.go b/pkg/assembler/backends/ent/dependency_update.go index 6471827d3d..7bf716d0f7 100644 --- a/pkg/assembler/backends/ent/dependency_update.go +++ b/pkg/assembler/backends/ent/dependency_update.go @@ -13,7 +13,6 @@ import ( "github.com/google/uuid" "github.com/guacsec/guac/pkg/assembler/backends/ent/billofmaterials" "github.com/guacsec/guac/pkg/assembler/backends/ent/dependency" - "github.com/guacsec/guac/pkg/assembler/backends/ent/packagename" "github.com/guacsec/guac/pkg/assembler/backends/ent/packageversion" "github.com/guacsec/guac/pkg/assembler/backends/ent/predicate" ) @@ -45,26 +44,6 @@ func (du *DependencyUpdate) SetNillablePackageID(u *uuid.UUID) *DependencyUpdate return du } -// SetDependentPackageNameID sets the "dependent_package_name_id" field. -func (du *DependencyUpdate) SetDependentPackageNameID(u uuid.UUID) *DependencyUpdate { - du.mutation.SetDependentPackageNameID(u) - return du -} - -// SetNillableDependentPackageNameID sets the "dependent_package_name_id" field if the given value is not nil. -func (du *DependencyUpdate) SetNillableDependentPackageNameID(u *uuid.UUID) *DependencyUpdate { - if u != nil { - du.SetDependentPackageNameID(*u) - } - return du -} - -// ClearDependentPackageNameID clears the value of the "dependent_package_name_id" field. -func (du *DependencyUpdate) ClearDependentPackageNameID() *DependencyUpdate { - du.mutation.ClearDependentPackageNameID() - return du -} - // SetDependentPackageVersionID sets the "dependent_package_version_id" field. func (du *DependencyUpdate) SetDependentPackageVersionID(u uuid.UUID) *DependencyUpdate { du.mutation.SetDependentPackageVersionID(u) @@ -85,20 +64,6 @@ func (du *DependencyUpdate) ClearDependentPackageVersionID() *DependencyUpdate { return du } -// SetVersionRange sets the "version_range" field. -func (du *DependencyUpdate) SetVersionRange(s string) *DependencyUpdate { - du.mutation.SetVersionRange(s) - return du -} - -// SetNillableVersionRange sets the "version_range" field if the given value is not nil. -func (du *DependencyUpdate) SetNillableVersionRange(s *string) *DependencyUpdate { - if s != nil { - du.SetVersionRange(*s) - } - return du -} - // SetDependencyType sets the "dependency_type" field. func (du *DependencyUpdate) SetDependencyType(dt dependency.DependencyType) *DependencyUpdate { du.mutation.SetDependencyType(dt) @@ -174,11 +139,6 @@ func (du *DependencyUpdate) SetPackage(p *PackageVersion) *DependencyUpdate { return du.SetPackageID(p.ID) } -// SetDependentPackageName sets the "dependent_package_name" edge to the PackageName entity. -func (du *DependencyUpdate) SetDependentPackageName(p *PackageName) *DependencyUpdate { - return du.SetDependentPackageNameID(p.ID) -} - // SetDependentPackageVersion sets the "dependent_package_version" edge to the PackageVersion entity. func (du *DependencyUpdate) SetDependentPackageVersion(p *PackageVersion) *DependencyUpdate { return du.SetDependentPackageVersionID(p.ID) @@ -210,12 +170,6 @@ func (du *DependencyUpdate) ClearPackage() *DependencyUpdate { return du } -// ClearDependentPackageName clears the "dependent_package_name" edge to the PackageName entity. -func (du *DependencyUpdate) ClearDependentPackageName() *DependencyUpdate { - du.mutation.ClearDependentPackageName() - return du -} - // ClearDependentPackageVersion clears the "dependent_package_version" edge to the PackageVersion entity. func (du *DependencyUpdate) ClearDependentPackageVersion() *DependencyUpdate { du.mutation.ClearDependentPackageVersion() @@ -295,9 +249,6 @@ func (du *DependencyUpdate) sqlSave(ctx context.Context) (n int, err error) { } } } - if value, ok := du.mutation.VersionRange(); ok { - _spec.SetField(dependency.FieldVersionRange, field.TypeString, value) - } if value, ok := du.mutation.DependencyType(); ok { _spec.SetField(dependency.FieldDependencyType, field.TypeEnum, value) } @@ -342,35 +293,6 @@ func (du *DependencyUpdate) sqlSave(ctx context.Context) (n int, err error) { } _spec.Edges.Add = append(_spec.Edges.Add, edge) } - if du.mutation.DependentPackageNameCleared() { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.M2O, - Inverse: false, - Table: dependency.DependentPackageNameTable, - Columns: []string{dependency.DependentPackageNameColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(packagename.FieldID, field.TypeUUID), - }, - } - _spec.Edges.Clear = append(_spec.Edges.Clear, edge) - } - if nodes := du.mutation.DependentPackageNameIDs(); len(nodes) > 0 { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.M2O, - Inverse: false, - Table: dependency.DependentPackageNameTable, - Columns: []string{dependency.DependentPackageNameColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(packagename.FieldID, field.TypeUUID), - }, - } - for _, k := range nodes { - edge.Target.Nodes = append(edge.Target.Nodes, k) - } - _spec.Edges.Add = append(_spec.Edges.Add, edge) - } if du.mutation.DependentPackageVersionCleared() { edge := &sqlgraph.EdgeSpec{ Rel: sqlgraph.M2O, @@ -479,26 +401,6 @@ func (duo *DependencyUpdateOne) SetNillablePackageID(u *uuid.UUID) *DependencyUp return duo } -// SetDependentPackageNameID sets the "dependent_package_name_id" field. -func (duo *DependencyUpdateOne) SetDependentPackageNameID(u uuid.UUID) *DependencyUpdateOne { - duo.mutation.SetDependentPackageNameID(u) - return duo -} - -// SetNillableDependentPackageNameID sets the "dependent_package_name_id" field if the given value is not nil. -func (duo *DependencyUpdateOne) SetNillableDependentPackageNameID(u *uuid.UUID) *DependencyUpdateOne { - if u != nil { - duo.SetDependentPackageNameID(*u) - } - return duo -} - -// ClearDependentPackageNameID clears the value of the "dependent_package_name_id" field. -func (duo *DependencyUpdateOne) ClearDependentPackageNameID() *DependencyUpdateOne { - duo.mutation.ClearDependentPackageNameID() - return duo -} - // SetDependentPackageVersionID sets the "dependent_package_version_id" field. func (duo *DependencyUpdateOne) SetDependentPackageVersionID(u uuid.UUID) *DependencyUpdateOne { duo.mutation.SetDependentPackageVersionID(u) @@ -519,20 +421,6 @@ func (duo *DependencyUpdateOne) ClearDependentPackageVersionID() *DependencyUpda return duo } -// SetVersionRange sets the "version_range" field. -func (duo *DependencyUpdateOne) SetVersionRange(s string) *DependencyUpdateOne { - duo.mutation.SetVersionRange(s) - return duo -} - -// SetNillableVersionRange sets the "version_range" field if the given value is not nil. -func (duo *DependencyUpdateOne) SetNillableVersionRange(s *string) *DependencyUpdateOne { - if s != nil { - duo.SetVersionRange(*s) - } - return duo -} - // SetDependencyType sets the "dependency_type" field. func (duo *DependencyUpdateOne) SetDependencyType(dt dependency.DependencyType) *DependencyUpdateOne { duo.mutation.SetDependencyType(dt) @@ -608,11 +496,6 @@ func (duo *DependencyUpdateOne) SetPackage(p *PackageVersion) *DependencyUpdateO return duo.SetPackageID(p.ID) } -// SetDependentPackageName sets the "dependent_package_name" edge to the PackageName entity. -func (duo *DependencyUpdateOne) SetDependentPackageName(p *PackageName) *DependencyUpdateOne { - return duo.SetDependentPackageNameID(p.ID) -} - // SetDependentPackageVersion sets the "dependent_package_version" edge to the PackageVersion entity. func (duo *DependencyUpdateOne) SetDependentPackageVersion(p *PackageVersion) *DependencyUpdateOne { return duo.SetDependentPackageVersionID(p.ID) @@ -644,12 +527,6 @@ func (duo *DependencyUpdateOne) ClearPackage() *DependencyUpdateOne { return duo } -// ClearDependentPackageName clears the "dependent_package_name" edge to the PackageName entity. -func (duo *DependencyUpdateOne) ClearDependentPackageName() *DependencyUpdateOne { - duo.mutation.ClearDependentPackageName() - return duo -} - // ClearDependentPackageVersion clears the "dependent_package_version" edge to the PackageVersion entity. func (duo *DependencyUpdateOne) ClearDependentPackageVersion() *DependencyUpdateOne { duo.mutation.ClearDependentPackageVersion() @@ -759,9 +636,6 @@ func (duo *DependencyUpdateOne) sqlSave(ctx context.Context) (_node *Dependency, } } } - if value, ok := duo.mutation.VersionRange(); ok { - _spec.SetField(dependency.FieldVersionRange, field.TypeString, value) - } if value, ok := duo.mutation.DependencyType(); ok { _spec.SetField(dependency.FieldDependencyType, field.TypeEnum, value) } @@ -806,35 +680,6 @@ func (duo *DependencyUpdateOne) sqlSave(ctx context.Context) (_node *Dependency, } _spec.Edges.Add = append(_spec.Edges.Add, edge) } - if duo.mutation.DependentPackageNameCleared() { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.M2O, - Inverse: false, - Table: dependency.DependentPackageNameTable, - Columns: []string{dependency.DependentPackageNameColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(packagename.FieldID, field.TypeUUID), - }, - } - _spec.Edges.Clear = append(_spec.Edges.Clear, edge) - } - if nodes := duo.mutation.DependentPackageNameIDs(); len(nodes) > 0 { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.M2O, - Inverse: false, - Table: dependency.DependentPackageNameTable, - Columns: []string{dependency.DependentPackageNameColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(packagename.FieldID, field.TypeUUID), - }, - } - for _, k := range nodes { - edge.Target.Nodes = append(edge.Target.Nodes, k) - } - _spec.Edges.Add = append(_spec.Edges.Add, edge) - } if duo.mutation.DependentPackageVersionCleared() { edge := &sqlgraph.EdgeSpec{ Rel: sqlgraph.M2O, diff --git a/pkg/assembler/backends/ent/gql_collection.go b/pkg/assembler/backends/ent/gql_collection.go index 219eb8e622..d6085b88fd 100644 --- a/pkg/assembler/backends/ent/gql_collection.go +++ b/pkg/assembler/backends/ent/gql_collection.go @@ -1334,21 +1334,6 @@ func (d *DependencyQuery) collectField(ctx context.Context, oneNode bool, opCtx fieldSeen[dependency.FieldPackageID] = struct{}{} } - case "dependentPackageName": - var ( - alias = field.Alias - path = append(path, alias) - query = (&PackageNameClient{config: d.config}).Query() - ) - if err := query.collectField(ctx, oneNode, opCtx, field, path, mayAddCondition(satisfies, packagenameImplementors)...); err != nil { - return err - } - d.withDependentPackageName = query - if _, ok := fieldSeen[dependency.FieldDependentPackageNameID]; !ok { - selectedFields = append(selectedFields, dependency.FieldDependentPackageNameID) - fieldSeen[dependency.FieldDependentPackageNameID] = struct{}{} - } - case "dependentPackageVersion": var ( alias = field.Alias @@ -1381,21 +1366,11 @@ func (d *DependencyQuery) collectField(ctx context.Context, oneNode bool, opCtx selectedFields = append(selectedFields, dependency.FieldPackageID) fieldSeen[dependency.FieldPackageID] = struct{}{} } - case "dependentPackageNameID": - if _, ok := fieldSeen[dependency.FieldDependentPackageNameID]; !ok { - selectedFields = append(selectedFields, dependency.FieldDependentPackageNameID) - fieldSeen[dependency.FieldDependentPackageNameID] = struct{}{} - } case "dependentPackageVersionID": if _, ok := fieldSeen[dependency.FieldDependentPackageVersionID]; !ok { selectedFields = append(selectedFields, dependency.FieldDependentPackageVersionID) fieldSeen[dependency.FieldDependentPackageVersionID] = struct{}{} } - case "versionRange": - if _, ok := fieldSeen[dependency.FieldVersionRange]; !ok { - selectedFields = append(selectedFields, dependency.FieldVersionRange) - fieldSeen[dependency.FieldVersionRange] = struct{}{} - } case "dependencyType": if _, ok := fieldSeen[dependency.FieldDependencyType]; !ok { selectedFields = append(selectedFields, dependency.FieldDependencyType) @@ -2201,19 +2176,6 @@ func (pn *PackageNameQuery) collectField(ctx context.Context, oneNode bool, opCt *wq = *query }) - case "dependency": - var ( - alias = field.Alias - path = append(path, alias) - query = (&DependencyClient{config: pn.config}).Query() - ) - if err := query.collectField(ctx, false, opCtx, field, path, mayAddCondition(satisfies, dependencyImplementors)...); err != nil { - return err - } - pn.WithNamedDependency(alias, func(wq *DependencyQuery) { - *wq = *query - }) - case "certification": var ( alias = field.Alias diff --git a/pkg/assembler/backends/ent/gql_edge.go b/pkg/assembler/backends/ent/gql_edge.go index 578eb95a88..7456073a4d 100644 --- a/pkg/assembler/backends/ent/gql_edge.go +++ b/pkg/assembler/backends/ent/gql_edge.go @@ -344,14 +344,6 @@ func (d *Dependency) Package(ctx context.Context) (*PackageVersion, error) { return result, err } -func (d *Dependency) DependentPackageName(ctx context.Context) (*PackageName, error) { - result, err := d.Edges.DependentPackageNameOrErr() - if IsNotLoaded(err) { - result, err = d.QueryDependentPackageName().Only(ctx) - } - return result, MaskNotFound(err) -} - func (d *Dependency) DependentPackageVersion(ctx context.Context) (*PackageVersion, error) { result, err := d.Edges.DependentPackageVersionOrErr() if IsNotLoaded(err) { @@ -528,18 +520,6 @@ func (pn *PackageName) HasSourceAt(ctx context.Context) (result []*HasSourceAt, return result, err } -func (pn *PackageName) Dependency(ctx context.Context) (result []*Dependency, err error) { - if fc := graphql.GetFieldContext(ctx); fc != nil && fc.Field.Alias != "" { - result, err = pn.NamedDependency(graphql.GetFieldContext(ctx).Field.Alias) - } else { - result, err = pn.Edges.DependencyOrErr() - } - if IsNotLoaded(err) { - result, err = pn.QueryDependency().All(ctx) - } - return result, err -} - func (pn *PackageName) Certification(ctx context.Context) (result []*Certification, err error) { if fc := graphql.GetFieldContext(ctx); fc != nil && fc.Field.Alias != "" { result, err = pn.NamedCertification(graphql.GetFieldContext(ctx).Field.Alias) diff --git a/pkg/assembler/backends/ent/migrate/migrations/20240712131658_ent_diff.sql b/pkg/assembler/backends/ent/migrate/migrations/20240712131658_ent_diff.sql new file mode 100644 index 0000000000..2dfd43e9b4 --- /dev/null +++ b/pkg/assembler/backends/ent/migrate/migrations/20240712131658_ent_diff.sql @@ -0,0 +1,4 @@ +-- Modify "dependencies" table +ALTER TABLE "dependencies" DROP COLUMN "version_range", DROP COLUMN "dependent_package_name_id"; +-- Create index "dependency_dependency_type_justification_origin_collector_docum" to table: "dependencies" +CREATE UNIQUE INDEX "dependency_dependency_type_justification_origin_collector_docum" ON "dependencies" ("dependency_type", "justification", "origin", "collector", "document_ref", "package_id", "dependent_package_version_id"); diff --git a/pkg/assembler/backends/ent/migrate/migrations/atlas.sum b/pkg/assembler/backends/ent/migrate/migrations/atlas.sum index d14875cae1..ffc532557b 100644 --- a/pkg/assembler/backends/ent/migrate/migrations/atlas.sum +++ b/pkg/assembler/backends/ent/migrate/migrations/atlas.sum @@ -1,5 +1,6 @@ -h1:LXg/nYCsid8/s+ZoQXWKCibm+F9bkUi1BIhyu2GEPb8= +h1:tylM27WD3aiFco8Hl4NNfSVCY9g42uwOh5O1GMmkWP8= 20240503123155_baseline.sql h1:oZtbKI8sJj3xQq7ibfvfhFoVl+Oa67CWP7DFrsVLVds= 20240626153721_ent_diff.sql h1:FvV1xELikdPbtJk7kxIZn9MhvVVoFLF/2/iT/wM5RkA= 20240702195630_ent_diff.sql h1:y8TgeUg35krYVORmC7cN4O96HqOc3mVO9IQ2lYzIzwg= -20240712193834_ent_diff.sql h1:gBSeZwJhD3fL9E97DJIGevIwsbe64Lc0YQtxvwpd/Ss= +20240712131658_ent_diff.sql h1:N54EB3Wh2NC2v9RToXo/BfpezLnSeHJBP1ha6VXfxD8= +20240712193834_ent_diff.sql h1:gHTfEzlqvgYi6NKwT/Mb+wooWsVjAkp98zfg1OvdoZw= diff --git a/pkg/assembler/backends/ent/migrate/schema.go b/pkg/assembler/backends/ent/migrate/schema.go index 4b5a54eb92..06e56c643d 100644 --- a/pkg/assembler/backends/ent/migrate/schema.go +++ b/pkg/assembler/backends/ent/migrate/schema.go @@ -379,14 +379,12 @@ var ( // DependenciesColumns holds the columns for the "dependencies" table. DependenciesColumns = []*schema.Column{ {Name: "id", Type: field.TypeUUID, Unique: true}, - {Name: "version_range", Type: field.TypeString}, {Name: "dependency_type", Type: field.TypeEnum, Enums: []string{"DIRECT", "INDIRECT", "UNKNOWN"}}, {Name: "justification", Type: field.TypeString}, {Name: "origin", Type: field.TypeString}, {Name: "collector", Type: field.TypeString}, {Name: "document_ref", Type: field.TypeString}, {Name: "package_id", Type: field.TypeUUID}, - {Name: "dependent_package_name_id", Type: field.TypeUUID, Nullable: true}, {Name: "dependent_package_version_id", Type: field.TypeUUID, Nullable: true}, } // DependenciesTable holds the schema information for the "dependencies" table. @@ -397,44 +395,27 @@ var ( ForeignKeys: []*schema.ForeignKey{ { Symbol: "dependencies_package_versions_package", - Columns: []*schema.Column{DependenciesColumns[7]}, + Columns: []*schema.Column{DependenciesColumns[6]}, RefColumns: []*schema.Column{PackageVersionsColumns[0]}, OnDelete: schema.Cascade, }, - { - Symbol: "dependencies_package_names_dependent_package_name", - Columns: []*schema.Column{DependenciesColumns[8]}, - RefColumns: []*schema.Column{PackageNamesColumns[0]}, - OnDelete: schema.Cascade, - }, { Symbol: "dependencies_package_versions_dependent_package_version", - Columns: []*schema.Column{DependenciesColumns[9]}, + Columns: []*schema.Column{DependenciesColumns[7]}, RefColumns: []*schema.Column{PackageVersionsColumns[0]}, OnDelete: schema.Cascade, }, }, Indexes: []*schema.Index{ { - Name: "dep_package_name_id", + Name: "dependency_dependency_type_justification_origin_collector_document_ref_package_id_dependent_package_version_id", Unique: true, - Columns: []*schema.Column{DependenciesColumns[1], DependenciesColumns[2], DependenciesColumns[3], DependenciesColumns[4], DependenciesColumns[5], DependenciesColumns[6], DependenciesColumns[7], DependenciesColumns[8]}, - Annotation: &entsql.IndexAnnotation{ - Where: "dependent_package_name_id IS NOT NULL AND dependent_package_version_id IS NULL", - }, - }, - { - Name: "dep_package_version_id", - Unique: true, - Columns: []*schema.Column{DependenciesColumns[1], DependenciesColumns[2], DependenciesColumns[3], DependenciesColumns[4], DependenciesColumns[5], DependenciesColumns[6], DependenciesColumns[7], DependenciesColumns[9]}, - Annotation: &entsql.IndexAnnotation{ - Where: "dependent_package_name_id IS NULL AND dependent_package_version_id IS NOT NULL", - }, + Columns: []*schema.Column{DependenciesColumns[1], DependenciesColumns[2], DependenciesColumns[3], DependenciesColumns[4], DependenciesColumns[5], DependenciesColumns[6], DependenciesColumns[7]}, }, { Name: "dependency_package_id", Unique: false, - Columns: []*schema.Column{DependenciesColumns[7]}, + Columns: []*schema.Column{DependenciesColumns[6]}, }, }, } @@ -1256,8 +1237,7 @@ func init() { CertifyVulnsTable.ForeignKeys[0].RefTable = VulnerabilityIdsTable CertifyVulnsTable.ForeignKeys[1].RefTable = PackageVersionsTable DependenciesTable.ForeignKeys[0].RefTable = PackageVersionsTable - DependenciesTable.ForeignKeys[1].RefTable = PackageNamesTable - DependenciesTable.ForeignKeys[2].RefTable = PackageVersionsTable + DependenciesTable.ForeignKeys[1].RefTable = PackageVersionsTable HasMetadataTable.ForeignKeys[0].RefTable = SourceNamesTable HasMetadataTable.ForeignKeys[1].RefTable = PackageVersionsTable HasMetadataTable.ForeignKeys[2].RefTable = PackageNamesTable diff --git a/pkg/assembler/backends/ent/mutation.go b/pkg/assembler/backends/ent/mutation.go index 49c4f38e5d..4ebf5e58a6 100644 --- a/pkg/assembler/backends/ent/mutation.go +++ b/pkg/assembler/backends/ent/mutation.go @@ -8560,7 +8560,6 @@ type DependencyMutation struct { op Op typ string id *uuid.UUID - version_range *string dependency_type *dependency.DependencyType justification *string origin *string @@ -8569,8 +8568,6 @@ type DependencyMutation struct { clearedFields map[string]struct{} _package *uuid.UUID cleared_package bool - dependent_package_name *uuid.UUID - cleareddependent_package_name bool dependent_package_version *uuid.UUID cleareddependent_package_version bool included_in_sboms map[uuid.UUID]struct{} @@ -8721,55 +8718,6 @@ func (m *DependencyMutation) ResetPackageID() { m._package = nil } -// SetDependentPackageNameID sets the "dependent_package_name_id" field. -func (m *DependencyMutation) SetDependentPackageNameID(u uuid.UUID) { - m.dependent_package_name = &u -} - -// DependentPackageNameID returns the value of the "dependent_package_name_id" field in the mutation. -func (m *DependencyMutation) DependentPackageNameID() (r uuid.UUID, exists bool) { - v := m.dependent_package_name - if v == nil { - return - } - return *v, true -} - -// OldDependentPackageNameID returns the old "dependent_package_name_id" field's value of the Dependency entity. -// If the Dependency object wasn't provided to the builder, the object is fetched from the database. -// An error is returned if the mutation operation is not UpdateOne, or the database query fails. -func (m *DependencyMutation) OldDependentPackageNameID(ctx context.Context) (v uuid.UUID, err error) { - if !m.op.Is(OpUpdateOne) { - return v, errors.New("OldDependentPackageNameID is only allowed on UpdateOne operations") - } - if m.id == nil || m.oldValue == nil { - return v, errors.New("OldDependentPackageNameID requires an ID field in the mutation") - } - oldValue, err := m.oldValue(ctx) - if err != nil { - return v, fmt.Errorf("querying old value for OldDependentPackageNameID: %w", err) - } - return oldValue.DependentPackageNameID, nil -} - -// ClearDependentPackageNameID clears the value of the "dependent_package_name_id" field. -func (m *DependencyMutation) ClearDependentPackageNameID() { - m.dependent_package_name = nil - m.clearedFields[dependency.FieldDependentPackageNameID] = struct{}{} -} - -// DependentPackageNameIDCleared returns if the "dependent_package_name_id" field was cleared in this mutation. -func (m *DependencyMutation) DependentPackageNameIDCleared() bool { - _, ok := m.clearedFields[dependency.FieldDependentPackageNameID] - return ok -} - -// ResetDependentPackageNameID resets all changes to the "dependent_package_name_id" field. -func (m *DependencyMutation) ResetDependentPackageNameID() { - m.dependent_package_name = nil - delete(m.clearedFields, dependency.FieldDependentPackageNameID) -} - // SetDependentPackageVersionID sets the "dependent_package_version_id" field. func (m *DependencyMutation) SetDependentPackageVersionID(u uuid.UUID) { m.dependent_package_version = &u @@ -8819,42 +8767,6 @@ func (m *DependencyMutation) ResetDependentPackageVersionID() { delete(m.clearedFields, dependency.FieldDependentPackageVersionID) } -// SetVersionRange sets the "version_range" field. -func (m *DependencyMutation) SetVersionRange(s string) { - m.version_range = &s -} - -// VersionRange returns the value of the "version_range" field in the mutation. -func (m *DependencyMutation) VersionRange() (r string, exists bool) { - v := m.version_range - if v == nil { - return - } - return *v, true -} - -// OldVersionRange returns the old "version_range" field's value of the Dependency entity. -// If the Dependency object wasn't provided to the builder, the object is fetched from the database. -// An error is returned if the mutation operation is not UpdateOne, or the database query fails. -func (m *DependencyMutation) OldVersionRange(ctx context.Context) (v string, err error) { - if !m.op.Is(OpUpdateOne) { - return v, errors.New("OldVersionRange is only allowed on UpdateOne operations") - } - if m.id == nil || m.oldValue == nil { - return v, errors.New("OldVersionRange requires an ID field in the mutation") - } - oldValue, err := m.oldValue(ctx) - if err != nil { - return v, fmt.Errorf("querying old value for OldVersionRange: %w", err) - } - return oldValue.VersionRange, nil -} - -// ResetVersionRange resets all changes to the "version_range" field. -func (m *DependencyMutation) ResetVersionRange() { - m.version_range = nil -} - // SetDependencyType sets the "dependency_type" field. func (m *DependencyMutation) SetDependencyType(dt dependency.DependencyType) { m.dependency_type = &dt @@ -9062,33 +8974,6 @@ func (m *DependencyMutation) ResetPackage() { m.cleared_package = false } -// ClearDependentPackageName clears the "dependent_package_name" edge to the PackageName entity. -func (m *DependencyMutation) ClearDependentPackageName() { - m.cleareddependent_package_name = true - m.clearedFields[dependency.FieldDependentPackageNameID] = struct{}{} -} - -// DependentPackageNameCleared reports if the "dependent_package_name" edge to the PackageName entity was cleared. -func (m *DependencyMutation) DependentPackageNameCleared() bool { - return m.DependentPackageNameIDCleared() || m.cleareddependent_package_name -} - -// DependentPackageNameIDs returns the "dependent_package_name" edge IDs in the mutation. -// Note that IDs always returns len(IDs) <= 1 for unique edges, and you should use -// DependentPackageNameID instead. It exists only for internal usage by the builders. -func (m *DependencyMutation) DependentPackageNameIDs() (ids []uuid.UUID) { - if id := m.dependent_package_name; id != nil { - ids = append(ids, *id) - } - return -} - -// ResetDependentPackageName resets all changes to the "dependent_package_name" edge. -func (m *DependencyMutation) ResetDependentPackageName() { - m.dependent_package_name = nil - m.cleareddependent_package_name = false -} - // ClearDependentPackageVersion clears the "dependent_package_version" edge to the PackageVersion entity. func (m *DependencyMutation) ClearDependentPackageVersion() { m.cleareddependent_package_version = true @@ -9204,19 +9089,13 @@ func (m *DependencyMutation) Type() string { // order to get all numeric fields that were incremented/decremented, call // AddedFields(). func (m *DependencyMutation) Fields() []string { - fields := make([]string, 0, 9) + fields := make([]string, 0, 7) if m._package != nil { fields = append(fields, dependency.FieldPackageID) } - if m.dependent_package_name != nil { - fields = append(fields, dependency.FieldDependentPackageNameID) - } if m.dependent_package_version != nil { fields = append(fields, dependency.FieldDependentPackageVersionID) } - if m.version_range != nil { - fields = append(fields, dependency.FieldVersionRange) - } if m.dependency_type != nil { fields = append(fields, dependency.FieldDependencyType) } @@ -9242,12 +9121,8 @@ func (m *DependencyMutation) Field(name string) (ent.Value, bool) { switch name { case dependency.FieldPackageID: return m.PackageID() - case dependency.FieldDependentPackageNameID: - return m.DependentPackageNameID() case dependency.FieldDependentPackageVersionID: return m.DependentPackageVersionID() - case dependency.FieldVersionRange: - return m.VersionRange() case dependency.FieldDependencyType: return m.DependencyType() case dependency.FieldJustification: @@ -9269,12 +9144,8 @@ func (m *DependencyMutation) OldField(ctx context.Context, name string) (ent.Val switch name { case dependency.FieldPackageID: return m.OldPackageID(ctx) - case dependency.FieldDependentPackageNameID: - return m.OldDependentPackageNameID(ctx) case dependency.FieldDependentPackageVersionID: return m.OldDependentPackageVersionID(ctx) - case dependency.FieldVersionRange: - return m.OldVersionRange(ctx) case dependency.FieldDependencyType: return m.OldDependencyType(ctx) case dependency.FieldJustification: @@ -9301,13 +9172,6 @@ func (m *DependencyMutation) SetField(name string, value ent.Value) error { } m.SetPackageID(v) return nil - case dependency.FieldDependentPackageNameID: - v, ok := value.(uuid.UUID) - if !ok { - return fmt.Errorf("unexpected type %T for field %s", value, name) - } - m.SetDependentPackageNameID(v) - return nil case dependency.FieldDependentPackageVersionID: v, ok := value.(uuid.UUID) if !ok { @@ -9315,13 +9179,6 @@ func (m *DependencyMutation) SetField(name string, value ent.Value) error { } m.SetDependentPackageVersionID(v) return nil - case dependency.FieldVersionRange: - v, ok := value.(string) - if !ok { - return fmt.Errorf("unexpected type %T for field %s", value, name) - } - m.SetVersionRange(v) - return nil case dependency.FieldDependencyType: v, ok := value.(dependency.DependencyType) if !ok { @@ -9387,9 +9244,6 @@ func (m *DependencyMutation) AddField(name string, value ent.Value) error { // mutation. func (m *DependencyMutation) ClearedFields() []string { var fields []string - if m.FieldCleared(dependency.FieldDependentPackageNameID) { - fields = append(fields, dependency.FieldDependentPackageNameID) - } if m.FieldCleared(dependency.FieldDependentPackageVersionID) { fields = append(fields, dependency.FieldDependentPackageVersionID) } @@ -9407,9 +9261,6 @@ func (m *DependencyMutation) FieldCleared(name string) bool { // error if the field is not defined in the schema. func (m *DependencyMutation) ClearField(name string) error { switch name { - case dependency.FieldDependentPackageNameID: - m.ClearDependentPackageNameID() - return nil case dependency.FieldDependentPackageVersionID: m.ClearDependentPackageVersionID() return nil @@ -9424,15 +9275,9 @@ func (m *DependencyMutation) ResetField(name string) error { case dependency.FieldPackageID: m.ResetPackageID() return nil - case dependency.FieldDependentPackageNameID: - m.ResetDependentPackageNameID() - return nil case dependency.FieldDependentPackageVersionID: m.ResetDependentPackageVersionID() return nil - case dependency.FieldVersionRange: - m.ResetVersionRange() - return nil case dependency.FieldDependencyType: m.ResetDependencyType() return nil @@ -9454,13 +9299,10 @@ func (m *DependencyMutation) ResetField(name string) error { // AddedEdges returns all edge names that were set/added in this mutation. func (m *DependencyMutation) AddedEdges() []string { - edges := make([]string, 0, 4) + edges := make([]string, 0, 3) if m._package != nil { edges = append(edges, dependency.EdgePackage) } - if m.dependent_package_name != nil { - edges = append(edges, dependency.EdgeDependentPackageName) - } if m.dependent_package_version != nil { edges = append(edges, dependency.EdgeDependentPackageVersion) } @@ -9478,10 +9320,6 @@ func (m *DependencyMutation) AddedIDs(name string) []ent.Value { if id := m._package; id != nil { return []ent.Value{*id} } - case dependency.EdgeDependentPackageName: - if id := m.dependent_package_name; id != nil { - return []ent.Value{*id} - } case dependency.EdgeDependentPackageVersion: if id := m.dependent_package_version; id != nil { return []ent.Value{*id} @@ -9498,7 +9336,7 @@ func (m *DependencyMutation) AddedIDs(name string) []ent.Value { // RemovedEdges returns all edge names that were removed in this mutation. func (m *DependencyMutation) RemovedEdges() []string { - edges := make([]string, 0, 4) + edges := make([]string, 0, 3) if m.removedincluded_in_sboms != nil { edges = append(edges, dependency.EdgeIncludedInSboms) } @@ -9521,13 +9359,10 @@ func (m *DependencyMutation) RemovedIDs(name string) []ent.Value { // ClearedEdges returns all edge names that were cleared in this mutation. func (m *DependencyMutation) ClearedEdges() []string { - edges := make([]string, 0, 4) + edges := make([]string, 0, 3) if m.cleared_package { edges = append(edges, dependency.EdgePackage) } - if m.cleareddependent_package_name { - edges = append(edges, dependency.EdgeDependentPackageName) - } if m.cleareddependent_package_version { edges = append(edges, dependency.EdgeDependentPackageVersion) } @@ -9543,8 +9378,6 @@ func (m *DependencyMutation) EdgeCleared(name string) bool { switch name { case dependency.EdgePackage: return m.cleared_package - case dependency.EdgeDependentPackageName: - return m.cleareddependent_package_name case dependency.EdgeDependentPackageVersion: return m.cleareddependent_package_version case dependency.EdgeIncludedInSboms: @@ -9560,9 +9393,6 @@ func (m *DependencyMutation) ClearEdge(name string) error { case dependency.EdgePackage: m.ClearPackage() return nil - case dependency.EdgeDependentPackageName: - m.ClearDependentPackageName() - return nil case dependency.EdgeDependentPackageVersion: m.ClearDependentPackageVersion() return nil @@ -9577,9 +9407,6 @@ func (m *DependencyMutation) ResetEdge(name string) error { case dependency.EdgePackage: m.ResetPackage() return nil - case dependency.EdgeDependentPackageName: - m.ResetDependentPackageName() - return nil case dependency.EdgeDependentPackageVersion: m.ResetDependentPackageVersion() return nil @@ -14039,9 +13866,6 @@ type PackageNameMutation struct { has_source_at map[uuid.UUID]struct{} removedhas_source_at map[uuid.UUID]struct{} clearedhas_source_at bool - dependency map[uuid.UUID]struct{} - removeddependency map[uuid.UUID]struct{} - cleareddependency bool certification map[uuid.UUID]struct{} removedcertification map[uuid.UUID]struct{} clearedcertification bool @@ -14376,60 +14200,6 @@ func (m *PackageNameMutation) ResetHasSourceAt() { m.removedhas_source_at = nil } -// AddDependencyIDs adds the "dependency" edge to the Dependency entity by ids. -func (m *PackageNameMutation) AddDependencyIDs(ids ...uuid.UUID) { - if m.dependency == nil { - m.dependency = make(map[uuid.UUID]struct{}) - } - for i := range ids { - m.dependency[ids[i]] = struct{}{} - } -} - -// ClearDependency clears the "dependency" edge to the Dependency entity. -func (m *PackageNameMutation) ClearDependency() { - m.cleareddependency = true -} - -// DependencyCleared reports if the "dependency" edge to the Dependency entity was cleared. -func (m *PackageNameMutation) DependencyCleared() bool { - return m.cleareddependency -} - -// RemoveDependencyIDs removes the "dependency" edge to the Dependency entity by IDs. -func (m *PackageNameMutation) RemoveDependencyIDs(ids ...uuid.UUID) { - if m.removeddependency == nil { - m.removeddependency = make(map[uuid.UUID]struct{}) - } - for i := range ids { - delete(m.dependency, ids[i]) - m.removeddependency[ids[i]] = struct{}{} - } -} - -// RemovedDependency returns the removed IDs of the "dependency" edge to the Dependency entity. -func (m *PackageNameMutation) RemovedDependencyIDs() (ids []uuid.UUID) { - for id := range m.removeddependency { - ids = append(ids, id) - } - return -} - -// DependencyIDs returns the "dependency" edge IDs in the mutation. -func (m *PackageNameMutation) DependencyIDs() (ids []uuid.UUID) { - for id := range m.dependency { - ids = append(ids, id) - } - return -} - -// ResetDependency resets all changes to the "dependency" edge. -func (m *PackageNameMutation) ResetDependency() { - m.dependency = nil - m.cleareddependency = false - m.removeddependency = nil -} - // AddCertificationIDs adds the "certification" edge to the Certification entity by ids. func (m *PackageNameMutation) AddCertificationIDs(ids ...uuid.UUID) { if m.certification == nil { @@ -14759,16 +14529,13 @@ func (m *PackageNameMutation) ResetField(name string) error { // AddedEdges returns all edge names that were set/added in this mutation. func (m *PackageNameMutation) AddedEdges() []string { - edges := make([]string, 0, 6) + edges := make([]string, 0, 5) if m.versions != nil { edges = append(edges, packagename.EdgeVersions) } if m.has_source_at != nil { edges = append(edges, packagename.EdgeHasSourceAt) } - if m.dependency != nil { - edges = append(edges, packagename.EdgeDependency) - } if m.certification != nil { edges = append(edges, packagename.EdgeCertification) } @@ -14797,12 +14564,6 @@ func (m *PackageNameMutation) AddedIDs(name string) []ent.Value { ids = append(ids, id) } return ids - case packagename.EdgeDependency: - ids := make([]ent.Value, 0, len(m.dependency)) - for id := range m.dependency { - ids = append(ids, id) - } - return ids case packagename.EdgeCertification: ids := make([]ent.Value, 0, len(m.certification)) for id := range m.certification { @@ -14827,16 +14588,13 @@ func (m *PackageNameMutation) AddedIDs(name string) []ent.Value { // RemovedEdges returns all edge names that were removed in this mutation. func (m *PackageNameMutation) RemovedEdges() []string { - edges := make([]string, 0, 6) + edges := make([]string, 0, 5) if m.removedversions != nil { edges = append(edges, packagename.EdgeVersions) } if m.removedhas_source_at != nil { edges = append(edges, packagename.EdgeHasSourceAt) } - if m.removeddependency != nil { - edges = append(edges, packagename.EdgeDependency) - } if m.removedcertification != nil { edges = append(edges, packagename.EdgeCertification) } @@ -14865,12 +14623,6 @@ func (m *PackageNameMutation) RemovedIDs(name string) []ent.Value { ids = append(ids, id) } return ids - case packagename.EdgeDependency: - ids := make([]ent.Value, 0, len(m.removeddependency)) - for id := range m.removeddependency { - ids = append(ids, id) - } - return ids case packagename.EdgeCertification: ids := make([]ent.Value, 0, len(m.removedcertification)) for id := range m.removedcertification { @@ -14895,16 +14647,13 @@ func (m *PackageNameMutation) RemovedIDs(name string) []ent.Value { // ClearedEdges returns all edge names that were cleared in this mutation. func (m *PackageNameMutation) ClearedEdges() []string { - edges := make([]string, 0, 6) + edges := make([]string, 0, 5) if m.clearedversions { edges = append(edges, packagename.EdgeVersions) } if m.clearedhas_source_at { edges = append(edges, packagename.EdgeHasSourceAt) } - if m.cleareddependency { - edges = append(edges, packagename.EdgeDependency) - } if m.clearedcertification { edges = append(edges, packagename.EdgeCertification) } @@ -14925,8 +14674,6 @@ func (m *PackageNameMutation) EdgeCleared(name string) bool { return m.clearedversions case packagename.EdgeHasSourceAt: return m.clearedhas_source_at - case packagename.EdgeDependency: - return m.cleareddependency case packagename.EdgeCertification: return m.clearedcertification case packagename.EdgeMetadata: @@ -14955,9 +14702,6 @@ func (m *PackageNameMutation) ResetEdge(name string) error { case packagename.EdgeHasSourceAt: m.ResetHasSourceAt() return nil - case packagename.EdgeDependency: - m.ResetDependency() - return nil case packagename.EdgeCertification: m.ResetCertification() return nil diff --git a/pkg/assembler/backends/ent/packagename.go b/pkg/assembler/backends/ent/packagename.go index 78cf1168ad..58b7b6f5ea 100644 --- a/pkg/assembler/backends/ent/packagename.go +++ b/pkg/assembler/backends/ent/packagename.go @@ -35,8 +35,6 @@ type PackageNameEdges struct { Versions []*PackageVersion `json:"versions,omitempty"` // HasSourceAt holds the value of the has_source_at edge. HasSourceAt []*HasSourceAt `json:"has_source_at,omitempty"` - // Dependency holds the value of the dependency edge. - Dependency []*Dependency `json:"dependency,omitempty"` // Certification holds the value of the certification edge. Certification []*Certification `json:"certification,omitempty"` // Metadata holds the value of the metadata edge. @@ -45,13 +43,12 @@ type PackageNameEdges struct { Poc []*PointOfContact `json:"poc,omitempty"` // loadedTypes holds the information for reporting if a // type was loaded (or requested) in eager-loading or not. - loadedTypes [6]bool + loadedTypes [5]bool // totalCount holds the count of the edges above. - totalCount [6]map[string]int + totalCount [5]map[string]int namedVersions map[string][]*PackageVersion namedHasSourceAt map[string][]*HasSourceAt - namedDependency map[string][]*Dependency namedCertification map[string][]*Certification namedMetadata map[string][]*HasMetadata namedPoc map[string][]*PointOfContact @@ -75,19 +72,10 @@ func (e PackageNameEdges) HasSourceAtOrErr() ([]*HasSourceAt, error) { return nil, &NotLoadedError{edge: "has_source_at"} } -// DependencyOrErr returns the Dependency value or an error if the edge -// was not loaded in eager-loading. -func (e PackageNameEdges) DependencyOrErr() ([]*Dependency, error) { - if e.loadedTypes[2] { - return e.Dependency, nil - } - return nil, &NotLoadedError{edge: "dependency"} -} - // CertificationOrErr returns the Certification value or an error if the edge // was not loaded in eager-loading. func (e PackageNameEdges) CertificationOrErr() ([]*Certification, error) { - if e.loadedTypes[3] { + if e.loadedTypes[2] { return e.Certification, nil } return nil, &NotLoadedError{edge: "certification"} @@ -96,7 +84,7 @@ func (e PackageNameEdges) CertificationOrErr() ([]*Certification, error) { // MetadataOrErr returns the Metadata value or an error if the edge // was not loaded in eager-loading. func (e PackageNameEdges) MetadataOrErr() ([]*HasMetadata, error) { - if e.loadedTypes[4] { + if e.loadedTypes[3] { return e.Metadata, nil } return nil, &NotLoadedError{edge: "metadata"} @@ -105,7 +93,7 @@ func (e PackageNameEdges) MetadataOrErr() ([]*HasMetadata, error) { // PocOrErr returns the Poc value or an error if the edge // was not loaded in eager-loading. func (e PackageNameEdges) PocOrErr() ([]*PointOfContact, error) { - if e.loadedTypes[5] { + if e.loadedTypes[4] { return e.Poc, nil } return nil, &NotLoadedError{edge: "poc"} @@ -182,11 +170,6 @@ func (pn *PackageName) QueryHasSourceAt() *HasSourceAtQuery { return NewPackageNameClient(pn.config).QueryHasSourceAt(pn) } -// QueryDependency queries the "dependency" edge of the PackageName entity. -func (pn *PackageName) QueryDependency() *DependencyQuery { - return NewPackageNameClient(pn.config).QueryDependency(pn) -} - // QueryCertification queries the "certification" edge of the PackageName entity. func (pn *PackageName) QueryCertification() *CertificationQuery { return NewPackageNameClient(pn.config).QueryCertification(pn) @@ -285,30 +268,6 @@ func (pn *PackageName) appendNamedHasSourceAt(name string, edges ...*HasSourceAt } } -// NamedDependency returns the Dependency named value or an error if the edge was not -// loaded in eager-loading with this name. -func (pn *PackageName) NamedDependency(name string) ([]*Dependency, error) { - if pn.Edges.namedDependency == nil { - return nil, &NotLoadedError{edge: name} - } - nodes, ok := pn.Edges.namedDependency[name] - if !ok { - return nil, &NotLoadedError{edge: name} - } - return nodes, nil -} - -func (pn *PackageName) appendNamedDependency(name string, edges ...*Dependency) { - if pn.Edges.namedDependency == nil { - pn.Edges.namedDependency = make(map[string][]*Dependency) - } - if len(edges) == 0 { - pn.Edges.namedDependency[name] = []*Dependency{} - } else { - pn.Edges.namedDependency[name] = append(pn.Edges.namedDependency[name], edges...) - } -} - // NamedCertification returns the Certification named value or an error if the edge was not // loaded in eager-loading with this name. func (pn *PackageName) NamedCertification(name string) ([]*Certification, error) { diff --git a/pkg/assembler/backends/ent/packagename/packagename.go b/pkg/assembler/backends/ent/packagename/packagename.go index 03be9a93c2..77dbfa8548 100644 --- a/pkg/assembler/backends/ent/packagename/packagename.go +++ b/pkg/assembler/backends/ent/packagename/packagename.go @@ -23,8 +23,6 @@ const ( EdgeVersions = "versions" // EdgeHasSourceAt holds the string denoting the has_source_at edge name in mutations. EdgeHasSourceAt = "has_source_at" - // EdgeDependency holds the string denoting the dependency edge name in mutations. - EdgeDependency = "dependency" // EdgeCertification holds the string denoting the certification edge name in mutations. EdgeCertification = "certification" // EdgeMetadata holds the string denoting the metadata edge name in mutations. @@ -47,13 +45,6 @@ const ( HasSourceAtInverseTable = "has_source_ats" // HasSourceAtColumn is the table column denoting the has_source_at relation/edge. HasSourceAtColumn = "package_name_id" - // DependencyTable is the table that holds the dependency relation/edge. - DependencyTable = "dependencies" - // DependencyInverseTable is the table name for the Dependency entity. - // It exists in this package in order to avoid circular dependency with the "dependency" package. - DependencyInverseTable = "dependencies" - // DependencyColumn is the table column denoting the dependency relation/edge. - DependencyColumn = "dependent_package_name_id" // CertificationTable is the table that holds the certification relation/edge. CertificationTable = "certifications" // CertificationInverseTable is the table name for the Certification entity. @@ -155,20 +146,6 @@ func ByHasSourceAt(term sql.OrderTerm, terms ...sql.OrderTerm) OrderOption { } } -// ByDependencyCount orders the results by dependency count. -func ByDependencyCount(opts ...sql.OrderTermOption) OrderOption { - return func(s *sql.Selector) { - sqlgraph.OrderByNeighborsCount(s, newDependencyStep(), opts...) - } -} - -// ByDependency orders the results by dependency terms. -func ByDependency(term sql.OrderTerm, terms ...sql.OrderTerm) OrderOption { - return func(s *sql.Selector) { - sqlgraph.OrderByNeighborTerms(s, newDependencyStep(), append([]sql.OrderTerm{term}, terms...)...) - } -} - // ByCertificationCount orders the results by certification count. func ByCertificationCount(opts ...sql.OrderTermOption) OrderOption { return func(s *sql.Selector) { @@ -224,13 +201,6 @@ func newHasSourceAtStep() *sqlgraph.Step { sqlgraph.Edge(sqlgraph.O2M, true, HasSourceAtTable, HasSourceAtColumn), ) } -func newDependencyStep() *sqlgraph.Step { - return sqlgraph.NewStep( - sqlgraph.From(Table, FieldID), - sqlgraph.To(DependencyInverseTable, FieldID), - sqlgraph.Edge(sqlgraph.O2M, true, DependencyTable, DependencyColumn), - ) -} func newCertificationStep() *sqlgraph.Step { return sqlgraph.NewStep( sqlgraph.From(Table, FieldID), diff --git a/pkg/assembler/backends/ent/packagename/where.go b/pkg/assembler/backends/ent/packagename/where.go index ac68bc156b..e19deee235 100644 --- a/pkg/assembler/backends/ent/packagename/where.go +++ b/pkg/assembler/backends/ent/packagename/where.go @@ -310,29 +310,6 @@ func HasHasSourceAtWith(preds ...predicate.HasSourceAt) predicate.PackageName { }) } -// HasDependency applies the HasEdge predicate on the "dependency" edge. -func HasDependency() predicate.PackageName { - return predicate.PackageName(func(s *sql.Selector) { - step := sqlgraph.NewStep( - sqlgraph.From(Table, FieldID), - sqlgraph.Edge(sqlgraph.O2M, true, DependencyTable, DependencyColumn), - ) - sqlgraph.HasNeighbors(s, step) - }) -} - -// HasDependencyWith applies the HasEdge predicate on the "dependency" edge with a given conditions (other predicates). -func HasDependencyWith(preds ...predicate.Dependency) predicate.PackageName { - return predicate.PackageName(func(s *sql.Selector) { - step := newDependencyStep() - sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) { - for _, p := range preds { - p(s) - } - }) - }) -} - // HasCertification applies the HasEdge predicate on the "certification" edge. func HasCertification() predicate.PackageName { return predicate.PackageName(func(s *sql.Selector) { diff --git a/pkg/assembler/backends/ent/packagename_create.go b/pkg/assembler/backends/ent/packagename_create.go index 6bc647ff27..23873435ee 100644 --- a/pkg/assembler/backends/ent/packagename_create.go +++ b/pkg/assembler/backends/ent/packagename_create.go @@ -13,7 +13,6 @@ import ( "entgo.io/ent/schema/field" "github.com/google/uuid" "github.com/guacsec/guac/pkg/assembler/backends/ent/certification" - "github.com/guacsec/guac/pkg/assembler/backends/ent/dependency" "github.com/guacsec/guac/pkg/assembler/backends/ent/hasmetadata" "github.com/guacsec/guac/pkg/assembler/backends/ent/hassourceat" "github.com/guacsec/guac/pkg/assembler/backends/ent/packagename" @@ -91,21 +90,6 @@ func (pnc *PackageNameCreate) AddHasSourceAt(h ...*HasSourceAt) *PackageNameCrea return pnc.AddHasSourceAtIDs(ids...) } -// AddDependencyIDs adds the "dependency" edge to the Dependency entity by IDs. -func (pnc *PackageNameCreate) AddDependencyIDs(ids ...uuid.UUID) *PackageNameCreate { - pnc.mutation.AddDependencyIDs(ids...) - return pnc -} - -// AddDependency adds the "dependency" edges to the Dependency entity. -func (pnc *PackageNameCreate) AddDependency(d ...*Dependency) *PackageNameCreate { - ids := make([]uuid.UUID, len(d)) - for i := range d { - ids[i] = d[i].ID - } - return pnc.AddDependencyIDs(ids...) -} - // AddCertificationIDs adds the "certification" edge to the Certification entity by IDs. func (pnc *PackageNameCreate) AddCertificationIDs(ids ...uuid.UUID) *PackageNameCreate { pnc.mutation.AddCertificationIDs(ids...) @@ -293,22 +277,6 @@ func (pnc *PackageNameCreate) createSpec() (*PackageName, *sqlgraph.CreateSpec) } _spec.Edges = append(_spec.Edges, edge) } - if nodes := pnc.mutation.DependencyIDs(); len(nodes) > 0 { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.O2M, - Inverse: true, - Table: packagename.DependencyTable, - Columns: []string{packagename.DependencyColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(dependency.FieldID, field.TypeUUID), - }, - } - for _, k := range nodes { - edge.Target.Nodes = append(edge.Target.Nodes, k) - } - _spec.Edges = append(_spec.Edges, edge) - } if nodes := pnc.mutation.CertificationIDs(); len(nodes) > 0 { edge := &sqlgraph.EdgeSpec{ Rel: sqlgraph.O2M, diff --git a/pkg/assembler/backends/ent/packagename_query.go b/pkg/assembler/backends/ent/packagename_query.go index 05c0c528a5..c1f769ab0e 100644 --- a/pkg/assembler/backends/ent/packagename_query.go +++ b/pkg/assembler/backends/ent/packagename_query.go @@ -13,7 +13,6 @@ import ( "entgo.io/ent/schema/field" "github.com/google/uuid" "github.com/guacsec/guac/pkg/assembler/backends/ent/certification" - "github.com/guacsec/guac/pkg/assembler/backends/ent/dependency" "github.com/guacsec/guac/pkg/assembler/backends/ent/hasmetadata" "github.com/guacsec/guac/pkg/assembler/backends/ent/hassourceat" "github.com/guacsec/guac/pkg/assembler/backends/ent/packagename" @@ -31,7 +30,6 @@ type PackageNameQuery struct { predicates []predicate.PackageName withVersions *PackageVersionQuery withHasSourceAt *HasSourceAtQuery - withDependency *DependencyQuery withCertification *CertificationQuery withMetadata *HasMetadataQuery withPoc *PointOfContactQuery @@ -39,7 +37,6 @@ type PackageNameQuery struct { loadTotal []func(context.Context, []*PackageName) error withNamedVersions map[string]*PackageVersionQuery withNamedHasSourceAt map[string]*HasSourceAtQuery - withNamedDependency map[string]*DependencyQuery withNamedCertification map[string]*CertificationQuery withNamedMetadata map[string]*HasMetadataQuery withNamedPoc map[string]*PointOfContactQuery @@ -123,28 +120,6 @@ func (pnq *PackageNameQuery) QueryHasSourceAt() *HasSourceAtQuery { return query } -// QueryDependency chains the current query on the "dependency" edge. -func (pnq *PackageNameQuery) QueryDependency() *DependencyQuery { - query := (&DependencyClient{config: pnq.config}).Query() - query.path = func(ctx context.Context) (fromU *sql.Selector, err error) { - if err := pnq.prepareQuery(ctx); err != nil { - return nil, err - } - selector := pnq.sqlQuery(ctx) - if err := selector.Err(); err != nil { - return nil, err - } - step := sqlgraph.NewStep( - sqlgraph.From(packagename.Table, packagename.FieldID, selector), - sqlgraph.To(dependency.Table, dependency.FieldID), - sqlgraph.Edge(sqlgraph.O2M, true, packagename.DependencyTable, packagename.DependencyColumn), - ) - fromU = sqlgraph.SetNeighbors(pnq.driver.Dialect(), step) - return fromU, nil - } - return query -} - // QueryCertification chains the current query on the "certification" edge. func (pnq *PackageNameQuery) QueryCertification() *CertificationQuery { query := (&CertificationClient{config: pnq.config}).Query() @@ -405,7 +380,6 @@ func (pnq *PackageNameQuery) Clone() *PackageNameQuery { predicates: append([]predicate.PackageName{}, pnq.predicates...), withVersions: pnq.withVersions.Clone(), withHasSourceAt: pnq.withHasSourceAt.Clone(), - withDependency: pnq.withDependency.Clone(), withCertification: pnq.withCertification.Clone(), withMetadata: pnq.withMetadata.Clone(), withPoc: pnq.withPoc.Clone(), @@ -437,17 +411,6 @@ func (pnq *PackageNameQuery) WithHasSourceAt(opts ...func(*HasSourceAtQuery)) *P return pnq } -// WithDependency tells the query-builder to eager-load the nodes that are connected to -// the "dependency" edge. The optional arguments are used to configure the query builder of the edge. -func (pnq *PackageNameQuery) WithDependency(opts ...func(*DependencyQuery)) *PackageNameQuery { - query := (&DependencyClient{config: pnq.config}).Query() - for _, opt := range opts { - opt(query) - } - pnq.withDependency = query - return pnq -} - // WithCertification tells the query-builder to eager-load the nodes that are connected to // the "certification" edge. The optional arguments are used to configure the query builder of the edge. func (pnq *PackageNameQuery) WithCertification(opts ...func(*CertificationQuery)) *PackageNameQuery { @@ -559,10 +522,9 @@ func (pnq *PackageNameQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([] var ( nodes = []*PackageName{} _spec = pnq.querySpec() - loadedTypes = [6]bool{ + loadedTypes = [5]bool{ pnq.withVersions != nil, pnq.withHasSourceAt != nil, - pnq.withDependency != nil, pnq.withCertification != nil, pnq.withMetadata != nil, pnq.withPoc != nil, @@ -603,13 +565,6 @@ func (pnq *PackageNameQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([] return nil, err } } - if query := pnq.withDependency; query != nil { - if err := pnq.loadDependency(ctx, query, nodes, - func(n *PackageName) { n.Edges.Dependency = []*Dependency{} }, - func(n *PackageName, e *Dependency) { n.Edges.Dependency = append(n.Edges.Dependency, e) }); err != nil { - return nil, err - } - } if query := pnq.withCertification; query != nil { if err := pnq.loadCertification(ctx, query, nodes, func(n *PackageName) { n.Edges.Certification = []*Certification{} }, @@ -645,13 +600,6 @@ func (pnq *PackageNameQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([] return nil, err } } - for name, query := range pnq.withNamedDependency { - if err := pnq.loadDependency(ctx, query, nodes, - func(n *PackageName) { n.appendNamedDependency(name) }, - func(n *PackageName, e *Dependency) { n.appendNamedDependency(name, e) }); err != nil { - return nil, err - } - } for name, query := range pnq.withNamedCertification { if err := pnq.loadCertification(ctx, query, nodes, func(n *PackageName) { n.appendNamedCertification(name) }, @@ -744,36 +692,6 @@ func (pnq *PackageNameQuery) loadHasSourceAt(ctx context.Context, query *HasSour } return nil } -func (pnq *PackageNameQuery) loadDependency(ctx context.Context, query *DependencyQuery, nodes []*PackageName, init func(*PackageName), assign func(*PackageName, *Dependency)) error { - fks := make([]driver.Value, 0, len(nodes)) - nodeids := make(map[uuid.UUID]*PackageName) - for i := range nodes { - fks = append(fks, nodes[i].ID) - nodeids[nodes[i].ID] = nodes[i] - if init != nil { - init(nodes[i]) - } - } - if len(query.ctx.Fields) > 0 { - query.ctx.AppendFieldOnce(dependency.FieldDependentPackageNameID) - } - query.Where(predicate.Dependency(func(s *sql.Selector) { - s.Where(sql.InValues(s.C(packagename.DependencyColumn), fks...)) - })) - neighbors, err := query.All(ctx) - if err != nil { - return err - } - for _, n := range neighbors { - fk := n.DependentPackageNameID - node, ok := nodeids[fk] - if !ok { - return fmt.Errorf(`unexpected referenced foreign-key "dependent_package_name_id" returned %v for node %v`, fk, n.ID) - } - assign(node, n) - } - return nil -} func (pnq *PackageNameQuery) loadCertification(ctx context.Context, query *CertificationQuery, nodes []*PackageName, init func(*PackageName), assign func(*PackageName, *Certification)) error { fks := make([]driver.Value, 0, len(nodes)) nodeids := make(map[uuid.UUID]*PackageName) @@ -986,20 +904,6 @@ func (pnq *PackageNameQuery) WithNamedHasSourceAt(name string, opts ...func(*Has return pnq } -// WithNamedDependency tells the query-builder to eager-load the nodes that are connected to the "dependency" -// edge with the given name. The optional arguments are used to configure the query builder of the edge. -func (pnq *PackageNameQuery) WithNamedDependency(name string, opts ...func(*DependencyQuery)) *PackageNameQuery { - query := (&DependencyClient{config: pnq.config}).Query() - for _, opt := range opts { - opt(query) - } - if pnq.withNamedDependency == nil { - pnq.withNamedDependency = make(map[string]*DependencyQuery) - } - pnq.withNamedDependency[name] = query - return pnq -} - // WithNamedCertification tells the query-builder to eager-load the nodes that are connected to the "certification" // edge with the given name. The optional arguments are used to configure the query builder of the edge. func (pnq *PackageNameQuery) WithNamedCertification(name string, opts ...func(*CertificationQuery)) *PackageNameQuery { diff --git a/pkg/assembler/backends/ent/packagename_update.go b/pkg/assembler/backends/ent/packagename_update.go index 07443c3df0..4a657ae43d 100644 --- a/pkg/assembler/backends/ent/packagename_update.go +++ b/pkg/assembler/backends/ent/packagename_update.go @@ -12,7 +12,6 @@ import ( "entgo.io/ent/schema/field" "github.com/google/uuid" "github.com/guacsec/guac/pkg/assembler/backends/ent/certification" - "github.com/guacsec/guac/pkg/assembler/backends/ent/dependency" "github.com/guacsec/guac/pkg/assembler/backends/ent/hasmetadata" "github.com/guacsec/guac/pkg/assembler/backends/ent/hassourceat" "github.com/guacsec/guac/pkg/assembler/backends/ent/packagename" @@ -106,21 +105,6 @@ func (pnu *PackageNameUpdate) AddHasSourceAt(h ...*HasSourceAt) *PackageNameUpda return pnu.AddHasSourceAtIDs(ids...) } -// AddDependencyIDs adds the "dependency" edge to the Dependency entity by IDs. -func (pnu *PackageNameUpdate) AddDependencyIDs(ids ...uuid.UUID) *PackageNameUpdate { - pnu.mutation.AddDependencyIDs(ids...) - return pnu -} - -// AddDependency adds the "dependency" edges to the Dependency entity. -func (pnu *PackageNameUpdate) AddDependency(d ...*Dependency) *PackageNameUpdate { - ids := make([]uuid.UUID, len(d)) - for i := range d { - ids[i] = d[i].ID - } - return pnu.AddDependencyIDs(ids...) -} - // AddCertificationIDs adds the "certification" edge to the Certification entity by IDs. func (pnu *PackageNameUpdate) AddCertificationIDs(ids ...uuid.UUID) *PackageNameUpdate { pnu.mutation.AddCertificationIDs(ids...) @@ -213,27 +197,6 @@ func (pnu *PackageNameUpdate) RemoveHasSourceAt(h ...*HasSourceAt) *PackageNameU return pnu.RemoveHasSourceAtIDs(ids...) } -// ClearDependency clears all "dependency" edges to the Dependency entity. -func (pnu *PackageNameUpdate) ClearDependency() *PackageNameUpdate { - pnu.mutation.ClearDependency() - return pnu -} - -// RemoveDependencyIDs removes the "dependency" edge to Dependency entities by IDs. -func (pnu *PackageNameUpdate) RemoveDependencyIDs(ids ...uuid.UUID) *PackageNameUpdate { - pnu.mutation.RemoveDependencyIDs(ids...) - return pnu -} - -// RemoveDependency removes "dependency" edges to Dependency entities. -func (pnu *PackageNameUpdate) RemoveDependency(d ...*Dependency) *PackageNameUpdate { - ids := make([]uuid.UUID, len(d)) - for i := range d { - ids[i] = d[i].ID - } - return pnu.RemoveDependencyIDs(ids...) -} - // ClearCertification clears all "certification" edges to the Certification entity. func (pnu *PackageNameUpdate) ClearCertification() *PackageNameUpdate { pnu.mutation.ClearCertification() @@ -450,51 +413,6 @@ func (pnu *PackageNameUpdate) sqlSave(ctx context.Context) (n int, err error) { } _spec.Edges.Add = append(_spec.Edges.Add, edge) } - if pnu.mutation.DependencyCleared() { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.O2M, - Inverse: true, - Table: packagename.DependencyTable, - Columns: []string{packagename.DependencyColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(dependency.FieldID, field.TypeUUID), - }, - } - _spec.Edges.Clear = append(_spec.Edges.Clear, edge) - } - if nodes := pnu.mutation.RemovedDependencyIDs(); len(nodes) > 0 && !pnu.mutation.DependencyCleared() { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.O2M, - Inverse: true, - Table: packagename.DependencyTable, - Columns: []string{packagename.DependencyColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(dependency.FieldID, field.TypeUUID), - }, - } - for _, k := range nodes { - edge.Target.Nodes = append(edge.Target.Nodes, k) - } - _spec.Edges.Clear = append(_spec.Edges.Clear, edge) - } - if nodes := pnu.mutation.DependencyIDs(); len(nodes) > 0 { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.O2M, - Inverse: true, - Table: packagename.DependencyTable, - Columns: []string{packagename.DependencyColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(dependency.FieldID, field.TypeUUID), - }, - } - for _, k := range nodes { - edge.Target.Nodes = append(edge.Target.Nodes, k) - } - _spec.Edges.Add = append(_spec.Edges.Add, edge) - } if pnu.mutation.CertificationCleared() { edge := &sqlgraph.EdgeSpec{ Rel: sqlgraph.O2M, @@ -722,21 +640,6 @@ func (pnuo *PackageNameUpdateOne) AddHasSourceAt(h ...*HasSourceAt) *PackageName return pnuo.AddHasSourceAtIDs(ids...) } -// AddDependencyIDs adds the "dependency" edge to the Dependency entity by IDs. -func (pnuo *PackageNameUpdateOne) AddDependencyIDs(ids ...uuid.UUID) *PackageNameUpdateOne { - pnuo.mutation.AddDependencyIDs(ids...) - return pnuo -} - -// AddDependency adds the "dependency" edges to the Dependency entity. -func (pnuo *PackageNameUpdateOne) AddDependency(d ...*Dependency) *PackageNameUpdateOne { - ids := make([]uuid.UUID, len(d)) - for i := range d { - ids[i] = d[i].ID - } - return pnuo.AddDependencyIDs(ids...) -} - // AddCertificationIDs adds the "certification" edge to the Certification entity by IDs. func (pnuo *PackageNameUpdateOne) AddCertificationIDs(ids ...uuid.UUID) *PackageNameUpdateOne { pnuo.mutation.AddCertificationIDs(ids...) @@ -829,27 +732,6 @@ func (pnuo *PackageNameUpdateOne) RemoveHasSourceAt(h ...*HasSourceAt) *PackageN return pnuo.RemoveHasSourceAtIDs(ids...) } -// ClearDependency clears all "dependency" edges to the Dependency entity. -func (pnuo *PackageNameUpdateOne) ClearDependency() *PackageNameUpdateOne { - pnuo.mutation.ClearDependency() - return pnuo -} - -// RemoveDependencyIDs removes the "dependency" edge to Dependency entities by IDs. -func (pnuo *PackageNameUpdateOne) RemoveDependencyIDs(ids ...uuid.UUID) *PackageNameUpdateOne { - pnuo.mutation.RemoveDependencyIDs(ids...) - return pnuo -} - -// RemoveDependency removes "dependency" edges to Dependency entities. -func (pnuo *PackageNameUpdateOne) RemoveDependency(d ...*Dependency) *PackageNameUpdateOne { - ids := make([]uuid.UUID, len(d)) - for i := range d { - ids[i] = d[i].ID - } - return pnuo.RemoveDependencyIDs(ids...) -} - // ClearCertification clears all "certification" edges to the Certification entity. func (pnuo *PackageNameUpdateOne) ClearCertification() *PackageNameUpdateOne { pnuo.mutation.ClearCertification() @@ -1096,51 +978,6 @@ func (pnuo *PackageNameUpdateOne) sqlSave(ctx context.Context) (_node *PackageNa } _spec.Edges.Add = append(_spec.Edges.Add, edge) } - if pnuo.mutation.DependencyCleared() { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.O2M, - Inverse: true, - Table: packagename.DependencyTable, - Columns: []string{packagename.DependencyColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(dependency.FieldID, field.TypeUUID), - }, - } - _spec.Edges.Clear = append(_spec.Edges.Clear, edge) - } - if nodes := pnuo.mutation.RemovedDependencyIDs(); len(nodes) > 0 && !pnuo.mutation.DependencyCleared() { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.O2M, - Inverse: true, - Table: packagename.DependencyTable, - Columns: []string{packagename.DependencyColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(dependency.FieldID, field.TypeUUID), - }, - } - for _, k := range nodes { - edge.Target.Nodes = append(edge.Target.Nodes, k) - } - _spec.Edges.Clear = append(_spec.Edges.Clear, edge) - } - if nodes := pnuo.mutation.DependencyIDs(); len(nodes) > 0 { - edge := &sqlgraph.EdgeSpec{ - Rel: sqlgraph.O2M, - Inverse: true, - Table: packagename.DependencyTable, - Columns: []string{packagename.DependencyColumn}, - Bidi: false, - Target: &sqlgraph.EdgeTarget{ - IDSpec: sqlgraph.NewFieldSpec(dependency.FieldID, field.TypeUUID), - }, - } - for _, k := range nodes { - edge.Target.Nodes = append(edge.Target.Nodes, k) - } - _spec.Edges.Add = append(_spec.Edges.Add, edge) - } if pnuo.mutation.CertificationCleared() { edge := &sqlgraph.EdgeSpec{ Rel: sqlgraph.O2M, diff --git a/pkg/assembler/backends/ent/schema/dependency.go b/pkg/assembler/backends/ent/schema/dependency.go index db0931527f..95b968a913 100644 --- a/pkg/assembler/backends/ent/schema/dependency.go +++ b/pkg/assembler/backends/ent/schema/dependency.go @@ -46,9 +46,7 @@ func (Dependency) Fields() []ent.Field { Unique(). Immutable(), field.UUID("package_id", getUUIDv7()), - field.UUID("dependent_package_name_id", getUUIDv7()).Optional(), field.UUID("dependent_package_version_id", getUUIDv7()).Optional(), - field.String("version_range"), field.Enum("dependency_type").Values(model.DependencyTypeDirect.String(), model.DependencyTypeIndirect.String(), model.DependencyTypeUnknown.String()), field.String("justification"), field.String("origin"), @@ -64,9 +62,6 @@ func (Dependency) Edges() []ent.Edge { Required(). Field("package_id"). Unique().Annotations(entsql.OnDelete(entsql.Cascade)), - edge.To("dependent_package_name", PackageName.Type). - Field("dependent_package_name_id"). - Unique().Annotations(entsql.OnDelete(entsql.Cascade)), edge.To("dependent_package_version", PackageVersion.Type). Field("dependent_package_version_id"). Unique().Annotations(entsql.OnDelete(entsql.Cascade)), @@ -77,16 +72,7 @@ func (Dependency) Edges() []ent.Edge { // Indexes of the Dependency. func (Dependency) Indexes() []ent.Index { return []ent.Index{ - index.Fields("version_range", "dependency_type", "justification", "origin", "collector", "document_ref"). - Edges("package", "dependent_package_name"). - Unique(). - Annotations(entsql.IndexWhere("dependent_package_name_id IS NOT NULL AND dependent_package_version_id IS NULL")). - StorageKey("dep_package_name_id"), - index.Fields("version_range", "dependency_type", "justification", "origin", "collector", "document_ref"). - Edges("package", "dependent_package_version"). - Unique(). - Annotations(entsql.IndexWhere("dependent_package_name_id IS NULL AND dependent_package_version_id IS NOT NULL")). - StorageKey("dep_package_version_id"), + index.Fields("dependency_type", "justification", "origin", "collector", "document_ref", "package_id", "dependent_package_version_id").Unique(), index.Fields("package_id"), // speed up frequently run queries to check for deps with a certain package ID } } diff --git a/pkg/assembler/backends/ent/schema/packagename.go b/pkg/assembler/backends/ent/schema/packagename.go index 58bcd1ef79..fbb32d6ec1 100644 --- a/pkg/assembler/backends/ent/schema/packagename.go +++ b/pkg/assembler/backends/ent/schema/packagename.go @@ -47,7 +47,6 @@ func (PackageName) Edges() []ent.Edge { return []ent.Edge{ edge.To("versions", PackageVersion.Type).Annotations(entsql.OnDelete(entsql.Cascade)), edge.From("has_source_at", HasSourceAt.Type).Ref("all_versions"), - edge.From("dependency", Dependency.Type).Ref("dependent_package_name"), edge.From("certification", Certification.Type).Ref("all_versions"), edge.From("metadata", HasMetadata.Type).Ref("all_versions"), edge.From("poc", PointOfContact.Type).Ref("all_versions"), diff --git a/pkg/assembler/backends/keyvalue/isDependency.go b/pkg/assembler/backends/keyvalue/isDependency.go index 68a9862d26..fb73d755f4 100644 --- a/pkg/assembler/backends/keyvalue/isDependency.go +++ b/pkg/assembler/backends/keyvalue/isDependency.go @@ -18,10 +18,11 @@ package keyvalue import ( "context" "errors" - "github.com/guacsec/guac/internal/testing/ptrfrom" "sort" "strings" + "github.com/guacsec/guac/internal/testing/ptrfrom" + "github.com/vektah/gqlparser/v2/gqlerror" "github.com/guacsec/guac/pkg/assembler/backends/helper" @@ -34,7 +35,6 @@ type isDependencyLink struct { ThisID string PackageID string DepPackageID string - VersionRange string DependencyType model.DependencyType Justification string Origin string @@ -47,7 +47,6 @@ func (n *isDependencyLink) Key() string { return hashKey(strings.Join([]string{ n.PackageID, n.DepPackageID, - n.VersionRange, string(n.DependencyType), n.Justification, n.Origin, @@ -69,12 +68,12 @@ func (n *isDependencyLink) BuildModelNode(ctx context.Context, c *demoClient) (m // Ingest IngestDependencies -func (c *demoClient) IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependencies []*model.IsDependencyInputSpec) ([]string, error) { +func (c *demoClient) IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, dependencies []*model.IsDependencyInputSpec) ([]string, error) { // TODO(LUMJJB): match flags var modelIsDependencies []string for i := range dependencies { - isDependency, err := c.IngestDependency(ctx, *pkgs[i], *depPkgs[i], depPkgMatchType, *dependencies[i]) + isDependency, err := c.IngestDependency(ctx, *pkgs[i], *depPkgs[i], *dependencies[i]) if err != nil { return nil, gqlerror.Errorf("IngestDependency failed with err: %v", err) } @@ -84,15 +83,14 @@ func (c *demoClient) IngestDependencies(ctx context.Context, pkgs []*model.IDorP } // Ingest IsDependency -func (c *demoClient) IngestDependency(ctx context.Context, packageArg model.IDorPkgInput, dependentPackageArg model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependency model.IsDependencyInputSpec) (string, error) { - return c.ingestDependency(ctx, packageArg, dependentPackageArg, depPkgMatchType, dependency, true) +func (c *demoClient) IngestDependency(ctx context.Context, packageArg model.IDorPkgInput, dependentPackageArg model.IDorPkgInput, dependency model.IsDependencyInputSpec) (string, error) { + return c.ingestDependency(ctx, packageArg, dependentPackageArg, dependency, true) } -func (c *demoClient) ingestDependency(ctx context.Context, packageArg model.IDorPkgInput, dependentPackageArg model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependency model.IsDependencyInputSpec, readOnly bool) (string, error) { +func (c *demoClient) ingestDependency(ctx context.Context, packageArg model.IDorPkgInput, dependentPackageArg model.IDorPkgInput, dependency model.IsDependencyInputSpec, readOnly bool) (string, error) { funcName := "IngestDependency" inLink := &isDependencyLink{ - VersionRange: dependency.VersionRange, DependencyType: dependency.DependencyType, Justification: dependency.Justification, Origin: dependency.Origin, @@ -104,12 +102,13 @@ func (c *demoClient) ingestDependency(ctx context.Context, packageArg model.IDor lock(&c.m, readOnly) defer unlock(&c.m, readOnly) - var depPkg pkgNameOrVersion + var depPkg *pkgVersion var err error - inLink.DepPackageID, depPkg, err = c.returnFoundPkgBasedOnMatchType(ctx, &dependentPackageArg, &depPkgMatchType) + depPkg, err = c.returnFoundPkgVersion(ctx, &dependentPackageArg) if err != nil { return "", gqlerror.Errorf("%v :: %s", funcName, err) } + inLink.DepPackageID = depPkg.ID() foundPkgVersion, err := c.returnFoundPkgVersion(ctx, &packageArg) if err != nil { @@ -127,7 +126,7 @@ func (c *demoClient) ingestDependency(ctx context.Context, packageArg model.IDor if readOnly { c.m.RUnlock() - d, err := c.ingestDependency(ctx, packageArg, dependentPackageArg, depPkgMatchType, dependency, false) + d, err := c.ingestDependency(ctx, packageArg, dependentPackageArg, dependency, false) c.m.RLock() // relock so that defer unlock does not panic return d, err } @@ -346,7 +345,7 @@ func (c *demoClient) IsDependency(ctx context.Context, filter *model.IsDependenc search = append(search, pkg.IsDependencyLinks...) } } - // Dont search on DependencyPackage as it can be either package-name or package-version + // todo: can add search on DependencyPackage as will be package-version var out []*model.IsDependency if foundOne { @@ -434,7 +433,6 @@ func (c *demoClient) buildIsDependency(ctx context.Context, link *isDependencyLi ID: link.ThisID, Package: p, DependencyPackage: dep, - VersionRange: link.VersionRange, DependencyType: link.DependencyType, Justification: link.Justification, Origin: link.Origin, @@ -466,7 +464,6 @@ func noMatchIsDep(filter *model.IsDependencySpec, link *isDependencyLink) bool { noMatch(filter.Origin, link.Origin) || noMatch(filter.Collector, link.Collector) || noMatch(filter.DocumentRef, link.DocumentRef) || - noMatch(filter.VersionRange, link.VersionRange) || (filter.DependencyType != nil && *filter.DependencyType != link.DependencyType) } else { return false diff --git a/pkg/assembler/backends/keyvalue/pkg.go b/pkg/assembler/backends/keyvalue/pkg.go index b80b261fce..b02cde4f3b 100644 --- a/pkg/assembler/backends/keyvalue/pkg.go +++ b/pkg/assembler/backends/keyvalue/pkg.go @@ -19,17 +19,16 @@ import ( "context" "errors" "fmt" - "github.com/guacsec/guac/internal/testing/ptrfrom" "reflect" "slices" "sort" "strings" - "github.com/vektah/gqlparser/v2/gqlerror" - + "github.com/guacsec/guac/internal/testing/ptrfrom" "github.com/guacsec/guac/pkg/assembler/backends/helper" "github.com/guacsec/guac/pkg/assembler/graphql/model" "github.com/guacsec/guac/pkg/assembler/kv" + "github.com/vektah/gqlparser/v2/gqlerror" ) // Internal data: Packages diff --git a/pkg/assembler/backends/neo4j/isDependency.go b/pkg/assembler/backends/neo4j/isDependency.go index 395a84fca1..129f4f498d 100644 --- a/pkg/assembler/backends/neo4j/isDependency.go +++ b/pkg/assembler/backends/neo4j/isDependency.go @@ -28,7 +28,6 @@ import ( ) const ( - versionRange string = "versionRange" dependencyType string = "dependencyType" ) @@ -38,6 +37,7 @@ func (c *neo4jClient) IsDependencyList(ctx context.Context, isDependencySpec mod return nil, fmt.Errorf("not implemented: IsDependencyList") } +// note this has not been optimized to remove pkgVersion -> pkgName func (c *neo4jClient) IsDependency(ctx context.Context, isDependencySpec *model.IsDependencySpec) ([]*model.IsDependency, error) { session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) defer session.Close() @@ -118,7 +118,6 @@ func (c *neo4jClient) IsDependency(ctx context.Context, isDependencySpec *model. isDependency := &model.IsDependency{ Package: pkg, DependencyPackage: depPkg, - VersionRange: isDependencyNode.Props[versionRange].(string), DependencyType: dependencyTypeEnum, Origin: isDependencyNode.Props[origin].(string), Collector: isDependencyNode.Props[collector].(string), @@ -139,11 +138,6 @@ func (c *neo4jClient) IsDependency(ctx context.Context, isDependencySpec *model. } func setIsDependencyValues(sb *strings.Builder, isDependencySpec *model.IsDependencySpec, firstMatch *bool, queryValues map[string]any) { - if isDependencySpec.VersionRange != nil { - matchProperties(sb, *firstMatch, "isDependency", versionRange, "$"+versionRange) - *firstMatch = false - queryValues[versionRange] = isDependencySpec.VersionRange - } if isDependencySpec.DependencyType != nil { matchProperties(sb, *firstMatch, "isDependency", dependencyType, "$"+dependencyType) *firstMatch = false @@ -163,13 +157,13 @@ func setIsDependencyValues(sb *strings.Builder, isDependencySpec *model.IsDepend // Ingest IngestDependencies -func (c *neo4jClient) IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependencies []*model.IsDependencyInputSpec) ([]string, error) { +func (c *neo4jClient) IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, dependencies []*model.IsDependencyInputSpec) ([]string, error) { return []string{}, fmt.Errorf("not implemented: IngestDependencies") } // Ingest IsDependency - -func (c *neo4jClient) IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependency model.IsDependencyInputSpec) (string, error) { +// note this has not been optimized to remove pkgVersion -> pkgName +func (c *neo4jClient) IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, dependency model.IsDependencyInputSpec) (string, error) { session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeWrite}) defer session.Close() // TODO: handle depPkgMatchType @@ -194,7 +188,6 @@ func (c *neo4jClient) IngestDependency(ctx context.Context, pkg model.IDorPkgInp MatchOnlyEmptyQualifiers: &matchEmpty, } - queryValues[versionRange] = dependency.VersionRange queryValues[dependencyType] = dependency.DependencyType.String() queryValues[justification] = dependency.Justification queryValues[origin] = dependency.Origin @@ -211,7 +204,7 @@ func (c *neo4jClient) IngestDependency(ctx context.Context, pkg model.IDorPkgInp setPkgMatchValues(&sb, selectedPkgSpec, false, &firstMatch, queryValues) setPkgMatchValues(&sb, &depPkgSpec, true, &firstMatch, queryValues) - merge := "\nMERGE (version)<-[:subject]-(isDependency:IsDependency{versionRange:$versionRange,dependencyType:$dependencyType,justification:$justification,origin:$origin,collector:$collector})" + + merge := "\nMERGE (version)<-[:subject]-(isDependency:IsDependency{dependencyType:$dependencyType,justification:$justification,origin:$origin,collector:$collector})" + "-[:dependency]->(objPkgName)" sb.WriteString(merge) sb.WriteString(returnValue) @@ -259,7 +252,6 @@ func (c *neo4jClient) IngestDependency(ctx context.Context, pkg model.IDorPkgInp isDependency := &model.IsDependency{ Package: pkg, DependencyPackage: depPkg, - VersionRange: isDependencyNode.Props[versionRange].(string), DependencyType: dependencyTypeEnum, Origin: isDependencyNode.Props[origin].(string), Collector: isDependencyNode.Props[collector].(string), diff --git a/pkg/assembler/clients/generated/operations.go b/pkg/assembler/clients/generated/operations.go index 54b25f718d..1a26e0768d 100644 --- a/pkg/assembler/clients/generated/operations.go +++ b/pkg/assembler/clients/generated/operations.go @@ -3309,11 +3309,6 @@ func (v *AllHasSBOMTreeIncludedDependenciesIsDependency) GetDependencyType() Dep return v.AllIsDependencyTree.DependencyType } -// GetVersionRange returns AllHasSBOMTreeIncludedDependenciesIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTreeIncludedDependenciesIsDependency) GetVersionRange() string { - return v.AllIsDependencyTree.VersionRange -} - // GetOrigin returns AllHasSBOMTreeIncludedDependenciesIsDependency.Origin, and is useful for accessing the field via an interface. func (v *AllHasSBOMTreeIncludedDependenciesIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin @@ -3360,8 +3355,6 @@ type __premarshalAllHasSBOMTreeIncludedDependenciesIsDependency struct { DependencyType DependencyType `json:"dependencyType"` - VersionRange string `json:"versionRange"` - Origin string `json:"origin"` Collector string `json:"collector"` @@ -3383,7 +3376,6 @@ func (v *AllHasSBOMTreeIncludedDependenciesIsDependency) __premarshalJSON() (*__ retval.Package = v.AllIsDependencyTree.Package retval.DependencyPackage = v.AllIsDependencyTree.DependencyPackage retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange retval.Origin = v.AllIsDependencyTree.Origin retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil @@ -4662,12 +4654,10 @@ type AllIsDependencyTree struct { Justification string `json:"justification"` // Package that has the dependency Package AllIsDependencyTreePackage `json:"package"` - // Package for the dependency; MUST be PackageName or PackageVersion + // Package for the dependency; MUST be PackageVersion DependencyPackage AllIsDependencyTreeDependencyPackage `json:"dependencyPackage"` // Type of dependency DependencyType DependencyType `json:"dependencyType"` - // Version range for the dependency link, required if depedentPackage points to PackageName - VersionRange string `json:"versionRange"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document @@ -4691,9 +4681,6 @@ func (v *AllIsDependencyTree) GetDependencyPackage() AllIsDependencyTreeDependen // GetDependencyType returns AllIsDependencyTree.DependencyType, and is useful for accessing the field via an interface. func (v *AllIsDependencyTree) GetDependencyType() DependencyType { return v.DependencyType } -// GetVersionRange returns AllIsDependencyTree.VersionRange, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTree) GetVersionRange() string { return v.VersionRange } - // GetOrigin returns AllIsDependencyTree.Origin, and is useful for accessing the field via an interface. func (v *AllIsDependencyTree) GetOrigin() string { return v.Origin } @@ -9185,11 +9172,6 @@ func (v *DependenciesIsDependency) GetDependencyType() DependencyType { return v.AllIsDependencyTree.DependencyType } -// GetVersionRange returns DependenciesIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *DependenciesIsDependency) GetVersionRange() string { - return v.AllIsDependencyTree.VersionRange -} - // GetOrigin returns DependenciesIsDependency.Origin, and is useful for accessing the field via an interface. func (v *DependenciesIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } @@ -9232,8 +9214,6 @@ type __premarshalDependenciesIsDependency struct { DependencyType DependencyType `json:"dependencyType"` - VersionRange string `json:"versionRange"` - Origin string `json:"origin"` Collector string `json:"collector"` @@ -9255,7 +9235,6 @@ func (v *DependenciesIsDependency) __premarshalJSON() (*__premarshalDependencies retval.Package = v.AllIsDependencyTree.Package retval.DependencyPackage = v.AllIsDependencyTree.DependencyPackage retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange retval.Origin = v.AllIsDependencyTree.Origin retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil @@ -9357,11 +9336,6 @@ func (v *DependencyListIsDependencyListIsDependencyConnectionEdgesIsDependencyEd return v.AllIsDependencyTree.DependencyType } -// GetVersionRange returns DependencyListIsDependencyListIsDependencyConnectionEdgesIsDependencyEdgeNodeIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *DependencyListIsDependencyListIsDependencyConnectionEdgesIsDependencyEdgeNodeIsDependency) GetVersionRange() string { - return v.AllIsDependencyTree.VersionRange -} - // GetOrigin returns DependencyListIsDependencyListIsDependencyConnectionEdgesIsDependencyEdgeNodeIsDependency.Origin, and is useful for accessing the field via an interface. func (v *DependencyListIsDependencyListIsDependencyConnectionEdgesIsDependencyEdgeNodeIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin @@ -9408,8 +9382,6 @@ type __premarshalDependencyListIsDependencyListIsDependencyConnectionEdgesIsDepe DependencyType DependencyType `json:"dependencyType"` - VersionRange string `json:"versionRange"` - Origin string `json:"origin"` Collector string `json:"collector"` @@ -9431,7 +9403,6 @@ func (v *DependencyListIsDependencyListIsDependencyConnectionEdgesIsDependencyEd retval.Package = v.AllIsDependencyTree.Package retval.DependencyPackage = v.AllIsDependencyTree.DependencyPackage retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange retval.Origin = v.AllIsDependencyTree.Origin retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil @@ -12957,8 +12928,6 @@ func (v *IngestVulnerabilityResponse) GetIngestVulnerability() IngestVulnerabili // IsDependencyInputSpec is the input to record a new dependency. type IsDependencyInputSpec struct { - // versionRange should be specified for depedentPackages that point to PackageName - VersionRange string `json:"versionRange"` DependencyType DependencyType `json:"dependencyType"` Justification string `json:"justification"` Origin string `json:"origin"` @@ -12966,9 +12935,6 @@ type IsDependencyInputSpec struct { DocumentRef string `json:"documentRef"` } -// GetVersionRange returns IsDependencyInputSpec.VersionRange, and is useful for accessing the field via an interface. -func (v *IsDependencyInputSpec) GetVersionRange() string { return v.VersionRange } - // GetDependencyType returns IsDependencyInputSpec.DependencyType, and is useful for accessing the field via an interface. func (v *IsDependencyInputSpec) GetDependencyType() DependencyType { return v.DependencyType } @@ -12989,12 +12955,11 @@ func (v *IsDependencyInputSpec) GetDocumentRef() string { return v.DocumentRef } // To obtain the list of dependency packages, caller must fill in the package // field. // -// Dependency packages must be defined at PackageName, not PackageVersion. +// Dependency packages must be defined at PackageVersion. type IsDependencySpec struct { Id *string `json:"id"` Package *PkgSpec `json:"package"` DependencyPackage *PkgSpec `json:"dependencyPackage"` - VersionRange *string `json:"versionRange"` DependencyType *DependencyType `json:"dependencyType"` Justification *string `json:"justification"` Origin *string `json:"origin"` @@ -13011,9 +12976,6 @@ func (v *IsDependencySpec) GetPackage() *PkgSpec { return v.Package } // GetDependencyPackage returns IsDependencySpec.DependencyPackage, and is useful for accessing the field via an interface. func (v *IsDependencySpec) GetDependencyPackage() *PkgSpec { return v.DependencyPackage } -// GetVersionRange returns IsDependencySpec.VersionRange, and is useful for accessing the field via an interface. -func (v *IsDependencySpec) GetVersionRange() *string { return v.VersionRange } - // GetDependencyType returns IsDependencySpec.DependencyType, and is useful for accessing the field via an interface. func (v *IsDependencySpec) GetDependencyType() *DependencyType { return v.DependencyType } @@ -14891,11 +14853,6 @@ func (v *NeighborsNeighborsIsDependency) GetDependencyType() DependencyType { return v.AllIsDependencyTree.DependencyType } -// GetVersionRange returns NeighborsNeighborsIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsDependency) GetVersionRange() string { - return v.AllIsDependencyTree.VersionRange -} - // GetOrigin returns NeighborsNeighborsIsDependency.Origin, and is useful for accessing the field via an interface. func (v *NeighborsNeighborsIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } @@ -14942,8 +14899,6 @@ type __premarshalNeighborsNeighborsIsDependency struct { DependencyType DependencyType `json:"dependencyType"` - VersionRange string `json:"versionRange"` - Origin string `json:"origin"` Collector string `json:"collector"` @@ -14966,7 +14921,6 @@ func (v *NeighborsNeighborsIsDependency) __premarshalJSON() (*__premarshalNeighb retval.Package = v.AllIsDependencyTree.Package retval.DependencyPackage = v.AllIsDependencyTree.DependencyPackage retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange retval.Origin = v.AllIsDependencyTree.Origin retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil @@ -18318,9 +18272,6 @@ func (v *NodeNodeIsDependency) GetDependencyType() DependencyType { return v.AllIsDependencyTree.DependencyType } -// GetVersionRange returns NodeNodeIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *NodeNodeIsDependency) GetVersionRange() string { return v.AllIsDependencyTree.VersionRange } - // GetOrigin returns NodeNodeIsDependency.Origin, and is useful for accessing the field via an interface. func (v *NodeNodeIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } @@ -18365,8 +18316,6 @@ type __premarshalNodeNodeIsDependency struct { DependencyType DependencyType `json:"dependencyType"` - VersionRange string `json:"versionRange"` - Origin string `json:"origin"` Collector string `json:"collector"` @@ -18389,7 +18338,6 @@ func (v *NodeNodeIsDependency) __premarshalJSON() (*__premarshalNodeNodeIsDepend retval.Package = v.AllIsDependencyTree.Package retval.DependencyPackage = v.AllIsDependencyTree.DependencyPackage retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange retval.Origin = v.AllIsDependencyTree.Origin retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil @@ -20829,9 +20777,6 @@ func (v *NodesNodesIsDependency) GetDependencyType() DependencyType { return v.AllIsDependencyTree.DependencyType } -// GetVersionRange returns NodesNodesIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *NodesNodesIsDependency) GetVersionRange() string { return v.AllIsDependencyTree.VersionRange } - // GetOrigin returns NodesNodesIsDependency.Origin, and is useful for accessing the field via an interface. func (v *NodesNodesIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } @@ -20876,8 +20821,6 @@ type __premarshalNodesNodesIsDependency struct { DependencyType DependencyType `json:"dependencyType"` - VersionRange string `json:"versionRange"` - Origin string `json:"origin"` Collector string `json:"collector"` @@ -20900,7 +20843,6 @@ func (v *NodesNodesIsDependency) __premarshalJSON() (*__premarshalNodesNodesIsDe retval.Package = v.AllIsDependencyTree.Package retval.DependencyPackage = v.AllIsDependencyTree.DependencyPackage retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange retval.Origin = v.AllIsDependencyTree.Origin retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil @@ -24856,9 +24798,6 @@ func (v *PathPathIsDependency) GetDependencyType() DependencyType { return v.AllIsDependencyTree.DependencyType } -// GetVersionRange returns PathPathIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *PathPathIsDependency) GetVersionRange() string { return v.AllIsDependencyTree.VersionRange } - // GetOrigin returns PathPathIsDependency.Origin, and is useful for accessing the field via an interface. func (v *PathPathIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } @@ -24903,8 +24842,6 @@ type __premarshalPathPathIsDependency struct { DependencyType DependencyType `json:"dependencyType"` - VersionRange string `json:"versionRange"` - Origin string `json:"origin"` Collector string `json:"collector"` @@ -24927,7 +24864,6 @@ func (v *PathPathIsDependency) __premarshalJSON() (*__premarshalPathPathIsDepend retval.Package = v.AllIsDependencyTree.Package retval.DependencyPackage = v.AllIsDependencyTree.DependencyPackage retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange retval.Origin = v.AllIsDependencyTree.Origin retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil @@ -30562,10 +30498,9 @@ func (v *__IngestHashEqualsInput) GetHashEquals() []HashEqualInputSpec { return // __IngestIsDependenciesInput is used internally by genqlient type __IngestIsDependenciesInput struct { - Pkgs []IDorPkgInput `json:"pkgs"` - DepPkgs []IDorPkgInput `json:"depPkgs"` - DepPkgMatchType MatchFlags `json:"depPkgMatchType"` - Dependencies []IsDependencyInputSpec `json:"dependencies"` + Pkgs []IDorPkgInput `json:"pkgs"` + DepPkgs []IDorPkgInput `json:"depPkgs"` + Dependencies []IsDependencyInputSpec `json:"dependencies"` } // GetPkgs returns __IngestIsDependenciesInput.Pkgs, and is useful for accessing the field via an interface. @@ -30574,9 +30509,6 @@ func (v *__IngestIsDependenciesInput) GetPkgs() []IDorPkgInput { return v.Pkgs } // GetDepPkgs returns __IngestIsDependenciesInput.DepPkgs, and is useful for accessing the field via an interface. func (v *__IngestIsDependenciesInput) GetDepPkgs() []IDorPkgInput { return v.DepPkgs } -// GetDepPkgMatchType returns __IngestIsDependenciesInput.DepPkgMatchType, and is useful for accessing the field via an interface. -func (v *__IngestIsDependenciesInput) GetDepPkgMatchType() MatchFlags { return v.DepPkgMatchType } - // GetDependencies returns __IngestIsDependenciesInput.Dependencies, and is useful for accessing the field via an interface. func (v *__IngestIsDependenciesInput) GetDependencies() []IsDependencyInputSpec { return v.Dependencies @@ -30584,10 +30516,9 @@ func (v *__IngestIsDependenciesInput) GetDependencies() []IsDependencyInputSpec // __IngestIsDependencyInput is used internally by genqlient type __IngestIsDependencyInput struct { - Pkg IDorPkgInput `json:"pkg"` - DepPkg IDorPkgInput `json:"depPkg"` - DepPkgMatchType MatchFlags `json:"depPkgMatchType"` - Dependency IsDependencyInputSpec `json:"dependency"` + Pkg IDorPkgInput `json:"pkg"` + DepPkg IDorPkgInput `json:"depPkg"` + Dependency IsDependencyInputSpec `json:"dependency"` } // GetPkg returns __IngestIsDependencyInput.Pkg, and is useful for accessing the field via an interface. @@ -30596,9 +30527,6 @@ func (v *__IngestIsDependencyInput) GetPkg() IDorPkgInput { return v.Pkg } // GetDepPkg returns __IngestIsDependencyInput.DepPkg, and is useful for accessing the field via an interface. func (v *__IngestIsDependencyInput) GetDepPkg() IDorPkgInput { return v.DepPkg } -// GetDepPkgMatchType returns __IngestIsDependencyInput.DepPkgMatchType, and is useful for accessing the field via an interface. -func (v *__IngestIsDependencyInput) GetDepPkgMatchType() MatchFlags { return v.DepPkgMatchType } - // GetDependency returns __IngestIsDependencyInput.Dependency, and is useful for accessing the field via an interface. func (v *__IngestIsDependencyInput) GetDependency() IsDependencyInputSpec { return v.Dependency } @@ -32346,7 +32274,6 @@ fragment AllIsDependencyTree on IsDependency { ... AllPkgTree } dependencyType - versionRange origin collector } @@ -32428,7 +32355,6 @@ fragment AllIsDependencyTree on IsDependency { ... AllPkgTree } dependencyType - versionRange origin collector } @@ -32869,7 +32795,6 @@ fragment AllIsDependencyTree on IsDependency { ... AllPkgTree } dependencyType - versionRange origin collector } @@ -33015,7 +32940,6 @@ fragment AllIsDependencyTree on IsDependency { ... AllPkgTree } dependencyType - versionRange origin collector } @@ -35087,8 +35011,8 @@ func IngestHashEquals( // The query or mutation executed by IngestIsDependencies. const IngestIsDependencies_Operation = ` -mutation IngestIsDependencies ($pkgs: [IDorPkgInput!]!, $depPkgs: [IDorPkgInput!]!, $depPkgMatchType: MatchFlags!, $dependencies: [IsDependencyInputSpec!]!) { - ingestDependencies(pkgs: $pkgs, depPkgs: $depPkgs, depPkgMatchType: $depPkgMatchType, dependencies: $dependencies) +mutation IngestIsDependencies ($pkgs: [IDorPkgInput!]!, $depPkgs: [IDorPkgInput!]!, $dependencies: [IsDependencyInputSpec!]!) { + ingestDependencies(pkgs: $pkgs, depPkgs: $depPkgs, dependencies: $dependencies) } ` @@ -35097,17 +35021,15 @@ func IngestIsDependencies( client_ graphql.Client, pkgs []IDorPkgInput, depPkgs []IDorPkgInput, - depPkgMatchType MatchFlags, dependencies []IsDependencyInputSpec, ) (*IngestIsDependenciesResponse, error) { req_ := &graphql.Request{ OpName: "IngestIsDependencies", Query: IngestIsDependencies_Operation, Variables: &__IngestIsDependenciesInput{ - Pkgs: pkgs, - DepPkgs: depPkgs, - DepPkgMatchType: depPkgMatchType, - Dependencies: dependencies, + Pkgs: pkgs, + DepPkgs: depPkgs, + Dependencies: dependencies, }, } var err_ error @@ -35126,8 +35048,8 @@ func IngestIsDependencies( // The query or mutation executed by IngestIsDependency. const IngestIsDependency_Operation = ` -mutation IngestIsDependency ($pkg: IDorPkgInput!, $depPkg: IDorPkgInput!, $depPkgMatchType: MatchFlags!, $dependency: IsDependencyInputSpec!) { - ingestDependency(pkg: $pkg, depPkg: $depPkg, depPkgMatchType: $depPkgMatchType, dependency: $dependency) +mutation IngestIsDependency ($pkg: IDorPkgInput!, $depPkg: IDorPkgInput!, $dependency: IsDependencyInputSpec!) { + ingestDependency(pkg: $pkg, depPkg: $depPkg, dependency: $dependency) } ` @@ -35136,17 +35058,15 @@ func IngestIsDependency( client_ graphql.Client, pkg IDorPkgInput, depPkg IDorPkgInput, - depPkgMatchType MatchFlags, dependency IsDependencyInputSpec, ) (*IngestIsDependencyResponse, error) { req_ := &graphql.Request{ OpName: "IngestIsDependency", Query: IngestIsDependency_Operation, Variables: &__IngestIsDependencyInput{ - Pkg: pkg, - DepPkg: depPkg, - DepPkgMatchType: depPkgMatchType, - Dependency: dependency, + Pkg: pkg, + DepPkg: depPkg, + Dependency: dependency, }, } var err_ error @@ -36364,7 +36284,6 @@ fragment AllIsDependencyTree on IsDependency { ... AllPkgTree } dependencyType - versionRange origin collector } @@ -36842,7 +36761,6 @@ fragment AllIsDependencyTree on IsDependency { ... AllPkgTree } dependencyType - versionRange origin collector } @@ -37318,7 +37236,6 @@ fragment AllIsDependencyTree on IsDependency { ... AllPkgTree } dependencyType - versionRange origin collector } @@ -38299,7 +38216,6 @@ fragment AllIsDependencyTree on IsDependency { ... AllPkgTree } dependencyType - versionRange origin collector } diff --git a/pkg/assembler/clients/helpers/assembler.go b/pkg/assembler/clients/helpers/assembler.go index ba8b76c3df..5424077473 100644 --- a/pkg/assembler/clients/helpers/assembler.go +++ b/pkg/assembler/clients/helpers/assembler.go @@ -333,7 +333,7 @@ func ingestIsDependency(ctx context.Context, client graphql.Client, d assembler. return nil, fmt.Errorf("failed to find ingested Source ID for isDependency: %s", helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](d.DepPkg, helpers.PkgClientKey).VersionId) } - if response, err := model.IngestIsDependency(ctx, client, *pkgID, *depPkgID, d.DepPkgMatchFlag, *d.IsDependency); err != nil { + if response, err := model.IngestIsDependency(ctx, client, *pkgID, *depPkgID, *d.IsDependency); err != nil { return nil, err } else { return &response.IngestDependency, nil diff --git a/pkg/assembler/clients/helpers/bulk.go b/pkg/assembler/clients/helpers/bulk.go index 60289c2bc5..518cdf2506 100644 --- a/pkg/assembler/clients/helpers/bulk.go +++ b/pkg/assembler/clients/helpers/bulk.go @@ -625,54 +625,29 @@ func ingestCertifyScorecards(ctx context.Context, client graphql.Client, cs []as func ingestIsDependencies(ctx context.Context, client graphql.Client, deps []assembler.IsDependencyIngest, packageInputMap map[string]*model.IDorPkgInput) ([]string, error) { - var depToSpecificVersion, depToAllVersions struct { - pkgs []model.IDorPkgInput - depPkgs []model.IDorPkgInput - depPkgMatchFlag model.MatchFlags - dependencies []model.IsDependencyInputSpec + var depToSpecificVersion struct { + pkgs []model.IDorPkgInput + depPkgs []model.IDorPkgInput + dependencies []model.IsDependencyInputSpec } - depToSpecificVersion.depPkgMatchFlag = model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion} - depToAllVersions.depPkgMatchFlag = model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions} - for _, ingest := range deps { - if ingest.DepPkgMatchFlag.Pkg == model.PkgMatchTypeSpecificVersion { - if pkgID, found := packageInputMap[helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.Pkg, helpers.PkgClientKey).VersionId]; found { - depToSpecificVersion.pkgs = append(depToSpecificVersion.pkgs, *pkgID) - } else { - return nil, fmt.Errorf("failed to find ingested Package ID for isDependency: %s", helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.Pkg, helpers.PkgClientKey).VersionId) - } - if depPkgID, found := packageInputMap[helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.DepPkg, helpers.PkgClientKey).VersionId]; found { - depToSpecificVersion.depPkgs = append(depToSpecificVersion.depPkgs, *depPkgID) - } else { - return nil, fmt.Errorf("failed to find ingested dependency Package ID for isDependency: %s", helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.DepPkg, helpers.PkgClientKey).VersionId) - } - depToSpecificVersion.dependencies = append(depToSpecificVersion.dependencies, *ingest.IsDependency) - } else if ingest.DepPkgMatchFlag.Pkg == model.PkgMatchTypeAllVersions { - if pkgID, found := packageInputMap[helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.Pkg, helpers.PkgClientKey).VersionId]; found { - depToAllVersions.pkgs = append(depToAllVersions.pkgs, *pkgID) - } else { - return nil, fmt.Errorf("failed to find ingested Package ID for isDependency: %s", helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.Pkg, helpers.PkgClientKey).VersionId) - } - if depPkgID, found := packageInputMap[helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.DepPkg, helpers.PkgClientKey).VersionId]; found { - depToAllVersions.depPkgs = append(depToAllVersions.depPkgs, *depPkgID) - } else { - return nil, fmt.Errorf("failed to find ingested dependency Package ID for isDependency: %s", helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.DepPkg, helpers.PkgClientKey).VersionId) - } - depToAllVersions.dependencies = append(depToAllVersions.dependencies, *ingest.IsDependency) + if pkgID, found := packageInputMap[helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.Pkg, helpers.PkgClientKey).VersionId]; found { + depToSpecificVersion.pkgs = append(depToSpecificVersion.pkgs, *pkgID) + } else { + return nil, fmt.Errorf("failed to find ingested Package ID for isDependency: %s", helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.Pkg, helpers.PkgClientKey).VersionId) + } + if depPkgID, found := packageInputMap[helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.DepPkg, helpers.PkgClientKey).VersionId]; found { + depToSpecificVersion.depPkgs = append(depToSpecificVersion.depPkgs, *depPkgID) + } else { + return nil, fmt.Errorf("failed to find ingested dependency Package ID for isDependency: %s", helpers.GetKey[*model.PkgInputSpec, helpers.PkgIds](ingest.DepPkg, helpers.PkgClientKey).VersionId) } + depToSpecificVersion.dependencies = append(depToSpecificVersion.dependencies, *ingest.IsDependency) } var isDependenciesIDs []string if len(depToSpecificVersion.pkgs) > 0 { - isDependencies, err := model.IngestIsDependencies(ctx, client, depToSpecificVersion.pkgs, depToSpecificVersion.depPkgs, depToSpecificVersion.depPkgMatchFlag, depToSpecificVersion.dependencies) - if err != nil { - return nil, fmt.Errorf("isDependencies failed with error: %w", err) - } - isDependenciesIDs = append(isDependenciesIDs, isDependencies.IngestDependencies...) - } - if len(depToAllVersions.pkgs) > 0 { - isDependencies, err := model.IngestIsDependencies(ctx, client, depToAllVersions.pkgs, depToAllVersions.depPkgs, depToAllVersions.depPkgMatchFlag, depToAllVersions.dependencies) + isDependencies, err := model.IngestIsDependencies(ctx, client, depToSpecificVersion.pkgs, depToSpecificVersion.depPkgs, depToSpecificVersion.dependencies) if err != nil { return nil, fmt.Errorf("isDependencies failed with error: %w", err) } diff --git a/pkg/assembler/clients/operations/isDependency.graphql b/pkg/assembler/clients/operations/isDependency.graphql index 4dd44b9ff8..a83fa434e3 100644 --- a/pkg/assembler/clients/operations/isDependency.graphql +++ b/pkg/assembler/clients/operations/isDependency.graphql @@ -20,13 +20,11 @@ mutation IngestIsDependency( $pkg: IDorPkgInput! $depPkg: IDorPkgInput! - $depPkgMatchType: MatchFlags! $dependency: IsDependencyInputSpec! ) { ingestDependency( pkg: $pkg depPkg: $depPkg - depPkgMatchType: $depPkgMatchType dependency: $dependency ) } @@ -36,13 +34,11 @@ mutation IngestIsDependency( mutation IngestIsDependencies( $pkgs: [IDorPkgInput!]! $depPkgs: [IDorPkgInput!]! - $depPkgMatchType: MatchFlags! $dependencies: [IsDependencyInputSpec!]! ) { ingestDependencies( pkgs: $pkgs depPkgs: $depPkgs - depPkgMatchType: $depPkgMatchType dependencies: $dependencies ) } diff --git a/pkg/assembler/clients/operations/trees.graphql b/pkg/assembler/clients/operations/trees.graphql index c2edfc1484..13f8b796ea 100644 --- a/pkg/assembler/clients/operations/trees.graphql +++ b/pkg/assembler/clients/operations/trees.graphql @@ -149,7 +149,6 @@ fragment AllIsDependencyTree on IsDependency { ...AllPkgTree } dependencyType - versionRange origin collector } diff --git a/pkg/assembler/graphql/examples/is_dependency.gql b/pkg/assembler/graphql/examples/is_dependency.gql index b91199bb5d..a191cd7e64 100644 --- a/pkg/assembler/graphql/examples/is_dependency.gql +++ b/pkg/assembler/graphql/examples/is_dependency.gql @@ -44,7 +44,6 @@ fragment allIsDependencyTree on IsDependency { } } dependencyType - versionRange origin collector documentRef diff --git a/pkg/assembler/graphql/generated/artifact.generated.go b/pkg/assembler/graphql/generated/artifact.generated.go index 5c2d045902..475f74cf27 100644 --- a/pkg/assembler/graphql/generated/artifact.generated.go +++ b/pkg/assembler/graphql/generated/artifact.generated.go @@ -46,8 +46,8 @@ type MutationResolver interface { IngestHasSourceAts(ctx context.Context, pkgs []*model.IDorPkgInput, pkgMatchType model.MatchFlags, sources []*model.IDorSourceInput, hasSourceAts []*model.HasSourceAtInputSpec) ([]string, error) IngestHashEqual(ctx context.Context, artifact model.IDorArtifactInput, otherArtifact model.IDorArtifactInput, hashEqual model.HashEqualInputSpec) (string, error) IngestHashEquals(ctx context.Context, artifacts []*model.IDorArtifactInput, otherArtifacts []*model.IDorArtifactInput, hashEquals []*model.HashEqualInputSpec) ([]string, error) - IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependency model.IsDependencyInputSpec) (string, error) - IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependencies []*model.IsDependencyInputSpec) ([]string, error) + IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, dependency model.IsDependencyInputSpec) (string, error) + IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, dependencies []*model.IsDependencyInputSpec) ([]string, error) IngestOccurrence(ctx context.Context, subject model.PackageOrSourceInput, artifact model.IDorArtifactInput, occurrence model.IsOccurrenceInputSpec) (string, error) IngestOccurrences(ctx context.Context, subjects model.PackageOrSourceInputs, artifacts []*model.IDorArtifactInput, occurrences []*model.IsOccurrenceInputSpec) ([]string, error) IngestLicense(ctx context.Context, license *model.IDorLicenseInput) (string, error) @@ -562,24 +562,15 @@ func (ec *executionContext) field_Mutation_ingestDependencies_args(ctx context.C } } args["depPkgs"] = arg1 - var arg2 model.MatchFlags - if tmp, ok := rawArgs["depPkgMatchType"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("depPkgMatchType")) - arg2, err = ec.unmarshalNMatchFlags2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐMatchFlags(ctx, tmp) - if err != nil { - return nil, err - } - } - args["depPkgMatchType"] = arg2 - var arg3 []*model.IsDependencyInputSpec + var arg2 []*model.IsDependencyInputSpec if tmp, ok := rawArgs["dependencies"]; ok { ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("dependencies")) - arg3, err = ec.unmarshalNIsDependencyInputSpec2ᚕᚖgithubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsDependencyInputSpecᚄ(ctx, tmp) + arg2, err = ec.unmarshalNIsDependencyInputSpec2ᚕᚖgithubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsDependencyInputSpecᚄ(ctx, tmp) if err != nil { return nil, err } } - args["dependencies"] = arg3 + args["dependencies"] = arg2 return args, nil } @@ -604,24 +595,15 @@ func (ec *executionContext) field_Mutation_ingestDependency_args(ctx context.Con } } args["depPkg"] = arg1 - var arg2 model.MatchFlags - if tmp, ok := rawArgs["depPkgMatchType"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("depPkgMatchType")) - arg2, err = ec.unmarshalNMatchFlags2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐMatchFlags(ctx, tmp) - if err != nil { - return nil, err - } - } - args["depPkgMatchType"] = arg2 - var arg3 model.IsDependencyInputSpec + var arg2 model.IsDependencyInputSpec if tmp, ok := rawArgs["dependency"]; ok { ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("dependency")) - arg3, err = ec.unmarshalNIsDependencyInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsDependencyInputSpec(ctx, tmp) + arg2, err = ec.unmarshalNIsDependencyInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsDependencyInputSpec(ctx, tmp) if err != nil { return nil, err } } - args["dependency"] = arg3 + args["dependency"] = arg2 return args, nil } @@ -4561,7 +4543,7 @@ func (ec *executionContext) _Mutation_ingestDependency(ctx context.Context, fiel }() resTmp := ec._fieldMiddleware(ctx, nil, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestDependency(rctx, fc.Args["pkg"].(model.IDorPkgInput), fc.Args["depPkg"].(model.IDorPkgInput), fc.Args["depPkgMatchType"].(model.MatchFlags), fc.Args["dependency"].(model.IsDependencyInputSpec)) + return ec.resolvers.Mutation().IngestDependency(rctx, fc.Args["pkg"].(model.IDorPkgInput), fc.Args["depPkg"].(model.IDorPkgInput), fc.Args["dependency"].(model.IsDependencyInputSpec)) }) if resTmp == nil { @@ -4613,7 +4595,7 @@ func (ec *executionContext) _Mutation_ingestDependencies(ctx context.Context, fi }() resTmp := ec._fieldMiddleware(ctx, nil, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestDependencies(rctx, fc.Args["pkgs"].([]*model.IDorPkgInput), fc.Args["depPkgs"].([]*model.IDorPkgInput), fc.Args["depPkgMatchType"].(model.MatchFlags), fc.Args["dependencies"].([]*model.IsDependencyInputSpec)) + return ec.resolvers.Mutation().IngestDependencies(rctx, fc.Args["pkgs"].([]*model.IDorPkgInput), fc.Args["depPkgs"].([]*model.IDorPkgInput), fc.Args["dependencies"].([]*model.IsDependencyInputSpec)) }) if resTmp == nil { @@ -7296,8 +7278,6 @@ func (ec *executionContext) fieldContext_Query_IsDependency(ctx context.Context, return ec.fieldContext_IsDependency_package(ctx, field) case "dependencyPackage": return ec.fieldContext_IsDependency_dependencyPackage(ctx, field) - case "versionRange": - return ec.fieldContext_IsDependency_versionRange(ctx, field) case "dependencyType": return ec.fieldContext_IsDependency_dependencyType(ctx, field) case "justification": diff --git a/pkg/assembler/graphql/generated/hasSBOM.generated.go b/pkg/assembler/graphql/generated/hasSBOM.generated.go index 32ccaf0410..a2293ea614 100644 --- a/pkg/assembler/graphql/generated/hasSBOM.generated.go +++ b/pkg/assembler/graphql/generated/hasSBOM.generated.go @@ -523,8 +523,6 @@ func (ec *executionContext) fieldContext_HasSBOM_includedDependencies(_ context. return ec.fieldContext_IsDependency_package(ctx, field) case "dependencyPackage": return ec.fieldContext_IsDependency_dependencyPackage(ctx, field) - case "versionRange": - return ec.fieldContext_IsDependency_versionRange(ctx, field) case "dependencyType": return ec.fieldContext_IsDependency_dependencyType(ctx, field) case "justification": diff --git a/pkg/assembler/graphql/generated/isDependency.generated.go b/pkg/assembler/graphql/generated/isDependency.generated.go index ed65f12c07..b9ca0d83cc 100644 --- a/pkg/assembler/graphql/generated/isDependency.generated.go +++ b/pkg/assembler/graphql/generated/isDependency.generated.go @@ -168,47 +168,6 @@ func (ec *executionContext) fieldContext_IsDependency_dependencyPackage(_ contex return fc, nil } -func (ec *executionContext) _IsDependency_versionRange(ctx context.Context, field graphql.CollectedField, obj *model.IsDependency) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_IsDependency_versionRange(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp := ec._fieldMiddleware(ctx, obj, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return obj.VersionRange, nil - }) - - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(string) - fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_IsDependency_versionRange(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "IsDependency", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, - } - return fc, nil -} - func (ec *executionContext) _IsDependency_dependencyType(ctx context.Context, field graphql.CollectedField, obj *model.IsDependency) (ret graphql.Marshaler) { fc, err := ec.fieldContext_IsDependency_dependencyType(ctx, field) if err != nil { @@ -634,8 +593,6 @@ func (ec *executionContext) fieldContext_IsDependencyEdge_node(_ context.Context return ec.fieldContext_IsDependency_package(ctx, field) case "dependencyPackage": return ec.fieldContext_IsDependency_dependencyPackage(ctx, field) - case "versionRange": - return ec.fieldContext_IsDependency_versionRange(ctx, field) case "dependencyType": return ec.fieldContext_IsDependency_dependencyType(ctx, field) case "justification": @@ -664,20 +621,13 @@ func (ec *executionContext) unmarshalInputIsDependencyInputSpec(ctx context.Cont asMap[k] = v } - fieldsInOrder := [...]string{"versionRange", "dependencyType", "justification", "origin", "collector", "documentRef"} + fieldsInOrder := [...]string{"dependencyType", "justification", "origin", "collector", "documentRef"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "versionRange": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("versionRange")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err - } - it.VersionRange = data case "dependencyType": ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("dependencyType")) data, err := ec.unmarshalNDependencyType2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐDependencyType(ctx, v) @@ -726,7 +676,7 @@ func (ec *executionContext) unmarshalInputIsDependencySpec(ctx context.Context, asMap[k] = v } - fieldsInOrder := [...]string{"id", "package", "dependencyPackage", "versionRange", "dependencyType", "justification", "origin", "collector", "documentRef"} + fieldsInOrder := [...]string{"id", "package", "dependencyPackage", "dependencyType", "justification", "origin", "collector", "documentRef"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { @@ -754,13 +704,6 @@ func (ec *executionContext) unmarshalInputIsDependencySpec(ctx context.Context, return it, err } it.DependencyPackage = data - case "versionRange": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("versionRange")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.VersionRange = data case "dependencyType": ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("dependencyType")) data, err := ec.unmarshalODependencyType2ᚖgithubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐDependencyType(ctx, v) @@ -836,11 +779,6 @@ func (ec *executionContext) _IsDependency(ctx context.Context, sel ast.Selection if out.Values[i] == graphql.Null { out.Invalids++ } - case "versionRange": - out.Values[i] = ec._IsDependency_versionRange(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } case "dependencyType": out.Values[i] = ec._IsDependency_dependencyType(ctx, field, obj) if out.Values[i] == graphql.Null { diff --git a/pkg/assembler/graphql/generated/root_.generated.go b/pkg/assembler/graphql/generated/root_.generated.go index 9fcd20f16b..5879fc8baf 100644 --- a/pkg/assembler/graphql/generated/root_.generated.go +++ b/pkg/assembler/graphql/generated/root_.generated.go @@ -317,7 +317,6 @@ type ComplexityRoot struct { Justification func(childComplexity int) int Origin func(childComplexity int) int Package func(childComplexity int) int - VersionRange func(childComplexity int) int } IsDependencyConnection struct { @@ -386,8 +385,8 @@ type ComplexityRoot struct { IngestCertifyLegals func(childComplexity int, subjects model.PackageOrSourceInputs, declaredLicensesList [][]*model.IDorLicenseInput, discoveredLicensesList [][]*model.IDorLicenseInput, certifyLegals []*model.CertifyLegalInputSpec) int IngestCertifyVuln func(childComplexity int, pkg model.IDorPkgInput, vulnerability model.IDorVulnerabilityInput, certifyVuln model.ScanMetadataInput) int IngestCertifyVulns func(childComplexity int, pkgs []*model.IDorPkgInput, vulnerabilities []*model.IDorVulnerabilityInput, certifyVulns []*model.ScanMetadataInput) int - IngestDependencies func(childComplexity int, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependencies []*model.IsDependencyInputSpec) int - IngestDependency func(childComplexity int, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependency model.IsDependencyInputSpec) int + IngestDependencies func(childComplexity int, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, dependencies []*model.IsDependencyInputSpec) int + IngestDependency func(childComplexity int, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, dependency model.IsDependencyInputSpec) int IngestHasMetadata func(childComplexity int, subject model.PackageSourceOrArtifactInput, pkgMatchType model.MatchFlags, hasMetadata model.HasMetadataInputSpec) int IngestHasSBOMs func(childComplexity int, subjects model.PackageOrArtifactInputs, hasSBOMs []*model.HasSBOMInputSpec, includes []*model.HasSBOMIncludesInputSpec) int IngestHasSbom func(childComplexity int, subject model.PackageOrArtifactInput, hasSbom model.HasSBOMInputSpec, includes model.HasSBOMIncludesInputSpec) int @@ -1884,13 +1883,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.IsDependency.Package(childComplexity), true - case "IsDependency.versionRange": - if e.complexity.IsDependency.VersionRange == nil { - break - } - - return e.complexity.IsDependency.VersionRange(childComplexity), true - case "IsDependencyConnection.edges": if e.complexity.IsDependencyConnection.Edges == nil { break @@ -2263,7 +2255,7 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return 0, false } - return e.complexity.Mutation.IngestDependencies(childComplexity, args["pkgs"].([]*model.IDorPkgInput), args["depPkgs"].([]*model.IDorPkgInput), args["depPkgMatchType"].(model.MatchFlags), args["dependencies"].([]*model.IsDependencyInputSpec)), true + return e.complexity.Mutation.IngestDependencies(childComplexity, args["pkgs"].([]*model.IDorPkgInput), args["depPkgs"].([]*model.IDorPkgInput), args["dependencies"].([]*model.IsDependencyInputSpec)), true case "Mutation.ingestDependency": if e.complexity.Mutation.IngestDependency == nil { @@ -2275,7 +2267,7 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return 0, false } - return e.complexity.Mutation.IngestDependency(childComplexity, args["pkg"].(model.IDorPkgInput), args["depPkg"].(model.IDorPkgInput), args["depPkgMatchType"].(model.MatchFlags), args["dependency"].(model.IsDependencyInputSpec)), true + return e.complexity.Mutation.IngestDependency(childComplexity, args["pkg"].(model.IDorPkgInput), args["depPkg"].(model.IDorPkgInput), args["dependency"].(model.IsDependencyInputSpec)), true case "Mutation.ingestHasMetadata": if e.complexity.Mutation.IngestHasMetadata == nil { @@ -6420,10 +6412,8 @@ type IsDependency { id: ID! "Package that has the dependency" package: Package! - "Package for the dependency; MUST be PackageName or PackageVersion " + "Package for the dependency; MUST be PackageVersion " dependencyPackage: Package! - "Version range for the dependency link, required if depedentPackage points to PackageName" - versionRange: String! "Type of dependency" dependencyType: DependencyType! "Justification for the attested relationship" @@ -6442,13 +6432,12 @@ IsDependencySpec allows filtering the list of dependencies to return. To obtain the list of dependency packages, caller must fill in the package field. -Dependency packages must be defined at PackageName, not PackageVersion. +Dependency packages must be defined at PackageVersion. """ input IsDependencySpec { id: ID package: PkgSpec dependencyPackage: PkgSpec - versionRange: String dependencyType: DependencyType justification: String origin: String @@ -6458,8 +6447,6 @@ input IsDependencySpec { "IsDependencyInputSpec is the input to record a new dependency." input IsDependencyInputSpec { - "versionRange should be specified for depedentPackages that point to PackageName" - versionRange: String! dependencyType: DependencyType! justification: String! origin: String! @@ -6506,14 +6493,12 @@ extend type Mutation { ingestDependency( pkg: IDorPkgInput! depPkg: IDorPkgInput! - depPkgMatchType: MatchFlags! dependency: IsDependencyInputSpec! ): ID! "Bulk adds a dependency between two packages. The returned array of IDs cannot be an empty string as its used by hasSBOM." ingestDependencies( pkgs: [IDorPkgInput!]! depPkgs: [IDorPkgInput!]! - depPkgMatchType: MatchFlags! dependencies: [IsDependencyInputSpec!]! ): [ID!]! } diff --git a/pkg/assembler/graphql/model/nodes.go b/pkg/assembler/graphql/model/nodes.go index 0de7743756..78e6b737a1 100644 --- a/pkg/assembler/graphql/model/nodes.go +++ b/pkg/assembler/graphql/model/nodes.go @@ -1011,10 +1011,8 @@ type IsDependency struct { ID string `json:"id"` // Package that has the dependency Package *Package `json:"package"` - // Package for the dependency; MUST be PackageName or PackageVersion + // Package for the dependency; MUST be PackageVersion DependencyPackage *Package `json:"dependencyPackage"` - // Version range for the dependency link, required if depedentPackage points to PackageName - VersionRange string `json:"versionRange"` // Type of dependency DependencyType DependencyType `json:"dependencyType"` // Justification for the attested relationship @@ -1054,8 +1052,6 @@ type IsDependencyEdge struct { // IsDependencyInputSpec is the input to record a new dependency. type IsDependencyInputSpec struct { - // versionRange should be specified for depedentPackages that point to PackageName - VersionRange string `json:"versionRange"` DependencyType DependencyType `json:"dependencyType"` Justification string `json:"justification"` Origin string `json:"origin"` @@ -1068,12 +1064,11 @@ type IsDependencyInputSpec struct { // To obtain the list of dependency packages, caller must fill in the package // field. // -// Dependency packages must be defined at PackageName, not PackageVersion. +// Dependency packages must be defined at PackageVersion. type IsDependencySpec struct { ID *string `json:"id,omitempty"` Package *PkgSpec `json:"package,omitempty"` DependencyPackage *PkgSpec `json:"dependencyPackage,omitempty"` - VersionRange *string `json:"versionRange,omitempty"` DependencyType *DependencyType `json:"dependencyType,omitempty"` Justification *string `json:"justification,omitempty"` Origin *string `json:"origin,omitempty"` diff --git a/pkg/assembler/graphql/resolvers/isDependency.resolvers.go b/pkg/assembler/graphql/resolvers/isDependency.resolvers.go index e13e94c0ac..c8f8663678 100644 --- a/pkg/assembler/graphql/resolvers/isDependency.resolvers.go +++ b/pkg/assembler/graphql/resolvers/isDependency.resolvers.go @@ -12,17 +12,17 @@ import ( ) // IngestDependency is the resolver for the ingestDependency field. -func (r *mutationResolver) IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependency model.IsDependencyInputSpec) (string, error) { +func (r *mutationResolver) IngestDependency(ctx context.Context, pkg model.IDorPkgInput, depPkg model.IDorPkgInput, dependency model.IsDependencyInputSpec) (string, error) { funcName := "IngestDependency" if !dependency.DependencyType.IsValid() { return "", gqlerror.Errorf("%v :: dependency type was not valid", funcName) } - return r.Backend.IngestDependency(ctx, pkg, depPkg, depPkgMatchType, dependency) + return r.Backend.IngestDependency(ctx, pkg, depPkg, dependency) } // IngestDependencies is the resolver for the ingestDependencies field. -func (r *mutationResolver) IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, depPkgMatchType model.MatchFlags, dependencies []*model.IsDependencyInputSpec) ([]string, error) { +func (r *mutationResolver) IngestDependencies(ctx context.Context, pkgs []*model.IDorPkgInput, depPkgs []*model.IDorPkgInput, dependencies []*model.IsDependencyInputSpec) ([]string, error) { funcName := "IngestDependencies" ingestedDependenciesIDS := []string{} if len(pkgs) != len(depPkgs) { @@ -37,7 +37,7 @@ func (r *mutationResolver) IngestDependencies(ctx context.Context, pkgs []*model } } - return r.Backend.IngestDependencies(ctx, pkgs, depPkgs, depPkgMatchType, dependencies) + return r.Backend.IngestDependencies(ctx, pkgs, depPkgs, dependencies) } // IsDependency is the resolver for the IsDependency field. diff --git a/pkg/assembler/graphql/resolvers/isDependency.resolvers_test.go b/pkg/assembler/graphql/resolvers/isDependency.resolvers_test.go index 551c3fb3df..5234772eeb 100644 --- a/pkg/assembler/graphql/resolvers/isDependency.resolvers_test.go +++ b/pkg/assembler/graphql/resolvers/isDependency.resolvers_test.go @@ -67,11 +67,11 @@ func TestIngestDependency(t *testing.T) { depPkg := model.IDorPkgInput{PackageInput: testdata.P4} b.EXPECT(). - IngestDependency(ctx, pkg, depPkg, testdata.MAll, dep). + IngestDependency(ctx, pkg, depPkg, dep). Return("", nil). Times(times) - _, err := r.Mutation().IngestDependency(ctx, pkg, depPkg, testdata.MAll, dep) + _, err := r.Mutation().IngestDependency(ctx, pkg, depPkg, dep) checkErr(t, err, test.ExpErr != "", "IngestDependency", test.ExpErr) }) @@ -82,7 +82,6 @@ func TestIngestDependencies(t *testing.T) { type call struct { P1s []*model.IDorPkgInput P2s []*model.IDorPkgInput - MF model.MatchFlags IDs []*model.IsDependencyInputSpec } tests := []struct { @@ -96,7 +95,6 @@ func TestIngestDependencies(t *testing.T) { { P1s: []*model.IDorPkgInput{{PackageInput: testdata.P1}, {PackageInput: testdata.P2}}, P2s: []*model.IDorPkgInput{{PackageInput: testdata.P4}}, - MF: testdata.MAll, IDs: []*model.IsDependencyInputSpec{ { Justification: "test justification", @@ -115,7 +113,6 @@ func TestIngestDependencies(t *testing.T) { { P1s: []*model.IDorPkgInput{{PackageInput: testdata.P1}}, P2s: []*model.IDorPkgInput{{PackageInput: testdata.P4}}, - MF: testdata.MAll, IDs: []*model.IsDependencyInputSpec{ { Justification: "test justification", @@ -136,7 +133,6 @@ func TestIngestDependencies(t *testing.T) { { P1s: []*model.IDorPkgInput{{PackageInput: testdata.P1}, {PackageInput: testdata.P2}}, P2s: []*model.IDorPkgInput{{PackageInput: testdata.P4}, {PackageInput: testdata.P5}}, - MF: testdata.MAll, IDs: []*model.IsDependencyInputSpec{{DependencyType: "DIRECT"}, {DependencyType: "bad value"}}, }, }, @@ -147,7 +143,6 @@ func TestIngestDependencies(t *testing.T) { Calls: []call{{ P1s: []*model.IDorPkgInput{{PackageInput: testdata.P1}, {PackageInput: testdata.P2}}, P2s: []*model.IDorPkgInput{{PackageInput: testdata.P2}, {PackageInput: testdata.P4}}, - MF: testdata.MAll, IDs: []*model.IsDependencyInputSpec{ { Justification: "test justification", @@ -175,10 +170,10 @@ func TestIngestDependencies(t *testing.T) { } b. EXPECT(). - IngestDependencies(ctx, o.P1s, o.P2s, o.MF, o.IDs). + IngestDependencies(ctx, o.P1s, o.P2s, o.IDs). Return(nil, nil). Times(times) - _, err := r.Mutation().IngestDependencies(ctx, o.P1s, o.P2s, o.MF, o.IDs) + _, err := r.Mutation().IngestDependencies(ctx, o.P1s, o.P2s, o.IDs) checkErr(t, err, test.ExpErr != "", "IngestDependencies", test.ExpErr) } @@ -323,11 +318,11 @@ func TestIngestDependenciesDependencyTypeValidity(t *testing.T) { b. EXPECT(). - IngestDependencies(ctx, pkgs, depPkgs, testdata.MAll, dependencies). + IngestDependencies(ctx, pkgs, depPkgs, dependencies). Return(nil, nil). Times(times) - _, err := r.Mutation().IngestDependencies(ctx, pkgs, depPkgs, testdata.MAll, dependencies) + _, err := r.Mutation().IngestDependencies(ctx, pkgs, depPkgs, dependencies) checkErr(t, err, !test.ExpAllValid, "IngestDependencies", "not all dependencies had valid types") }) diff --git a/pkg/assembler/graphql/schema/isDependency.graphql b/pkg/assembler/graphql/schema/isDependency.graphql index a8cc2ad118..244c40bd9f 100644 --- a/pkg/assembler/graphql/schema/isDependency.graphql +++ b/pkg/assembler/graphql/schema/isDependency.graphql @@ -32,10 +32,8 @@ type IsDependency { id: ID! "Package that has the dependency" package: Package! - "Package for the dependency; MUST be PackageName or PackageVersion " + "Package for the dependency; MUST be PackageVersion " dependencyPackage: Package! - "Version range for the dependency link, required if depedentPackage points to PackageName" - versionRange: String! "Type of dependency" dependencyType: DependencyType! "Justification for the attested relationship" @@ -54,13 +52,12 @@ IsDependencySpec allows filtering the list of dependencies to return. To obtain the list of dependency packages, caller must fill in the package field. -Dependency packages must be defined at PackageName, not PackageVersion. +Dependency packages must be defined at PackageVersion. """ input IsDependencySpec { id: ID package: PkgSpec dependencyPackage: PkgSpec - versionRange: String dependencyType: DependencyType justification: String origin: String @@ -70,8 +67,6 @@ input IsDependencySpec { "IsDependencyInputSpec is the input to record a new dependency." input IsDependencyInputSpec { - "versionRange should be specified for depedentPackages that point to PackageName" - versionRange: String! dependencyType: DependencyType! justification: String! origin: String! @@ -118,14 +113,12 @@ extend type Mutation { ingestDependency( pkg: IDorPkgInput! depPkg: IDorPkgInput! - depPkgMatchType: MatchFlags! dependency: IsDependencyInputSpec! ): ID! "Bulk adds a dependency between two packages. The returned array of IDs cannot be an empty string as its used by hasSBOM." ingestDependencies( pkgs: [IDorPkgInput!]! depPkgs: [IDorPkgInput!]! - depPkgMatchType: MatchFlags! dependencies: [IsDependencyInputSpec!]! ): [ID!]! } diff --git a/pkg/dependencies/dependents.go b/pkg/dependencies/dependents.go index 4e22238873..1ff9f8ea71 100644 --- a/pkg/dependencies/dependents.go +++ b/pkg/dependencies/dependents.go @@ -18,12 +18,12 @@ package dependencies import ( "context" "fmt" - "github.com/guacsec/guac/pkg/assembler/helpers" "sort" + "github.com/guacsec/guac/pkg/assembler/helpers" + model "github.com/guacsec/guac/pkg/assembler/clients/generated" "github.com/guacsec/guac/pkg/handler/collector/deps_dev" - "github.com/guacsec/guac/pkg/misc/depversion" "github.com/Khan/genqlient/graphql" ) @@ -104,34 +104,20 @@ func findDependentsOfDependencies(ctx context.Context, gqlClient graphql.Client) depPkgName := helpers.PkgToPurl(isDependency.DependencyPackage.Type, isDependency.DependencyPackage.Namespaces[0].Namespace, isDependency.DependencyPackage.Namespaces[0].Names[0].Name, "", "", []string{}) pkgName := helpers.PkgToPurl(isDependency.Package.Type, isDependency.Package.Namespaces[0].Namespace, isDependency.Package.Namespaces[0].Names[0].Name, "", "", []string{}) - var depPkgIds []string pkgId := isDependency.Package.Namespaces[0].Names[0].Versions[0].Id + depPkgId := isDependency.DependencyPackage.Namespaces[0].Names[0].Versions[0].Id - if len(isDependency.DependencyPackage.Namespaces[0].Names[0].Versions) == 0 { - findMatchingDepPkgVersionIDs, err := FindDepPkgVersionIDs(ctx, gqlClient, isDependency.DependencyPackage.Type, - isDependency.DependencyPackage.Namespaces[0].Namespace, - isDependency.DependencyPackage.Namespaces[0].Names[0].Name, isDependency.VersionRange) - if err != nil { - return nil, fmt.Errorf("error from FindMatchingDepPkgVersionIDs:%w", err) - } - depPkgIds = append(depPkgIds, findMatchingDepPkgVersionIDs...) - } else { - depPkgIds = append(depPkgIds, isDependency.DependencyPackage.Namespaces[0].Names[0].Versions[0].Id) + // Skip "guac" files. + if isDependency.DependencyPackage.Type == "guac" && isDependency.DependencyPackage.Namespaces[0].Namespace == "files" { + continue } - for _, depPkgId := range depPkgIds { - // Skip "guac" files. - if isDependency.DependencyPackage.Type == "guac" && isDependency.DependencyPackage.Namespaces[0].Namespace == "files" { - continue - } + // Inside the loop where you iterate through dependencies + updatePackagesAndNames(idToName, packages, depPkgId, pkgId, depPkgName, pkgName, dependencyEdges, dependentEdges) - // Inside the loop where you iterate through dependencies - updatePackagesAndNames(idToName, packages, depPkgId, pkgId, depPkgName, pkgName, dependencyEdges, dependentEdges) - - // Update the edges with pkgId and depPkgId. - dependentEdges[depPkgId] = append(dependentEdges[depPkgId], pkgId) // pkgId is dependent on depPkgId - dependencyEdges[pkgId] = append(dependencyEdges[pkgId], depPkgId) // depPkgId is a dependency of pkgId - } + // Update the edges with pkgId and depPkgId. + dependentEdges[depPkgId] = append(dependentEdges[depPkgId], pkgId) // pkgId is dependent on depPkgId + dependencyEdges[pkgId] = append(dependencyEdges[pkgId], depPkgId) // depPkgId is a dependency of pkgId } } @@ -199,44 +185,3 @@ func traverseGraph(startNode string, edges map[string][]string) map[string]bool return visited } - -// FindDepPkgVersionIDs queries for packages matching the specified filters (type, namespace, name) and version range. -// It returns a slice of version IDs that match the given version range criteria. -// This function returns: -// - A slice of matching dependent package version IDs. -// - An error -func FindDepPkgVersionIDs(ctx context.Context, gqlclient graphql.Client, depPkgType string, depPkgNameSpace string, depPkgName string, versionRange string) ([]string, error) { - var matchingDepPkgVersionIDs []string - - depPkgFilter := &model.PkgSpec{ - Type: &depPkgType, - Namespace: &depPkgNameSpace, - Name: &depPkgName, - } - - depPkgResponse, err := model.Packages(ctx, gqlclient, *depPkgFilter) - if err != nil { - return nil, fmt.Errorf("error querying for dependent package: %w", err) - } - - depPkgVersionsMap := make(map[string]string) - var depPkgVersions []string - for _, depPkgVersion := range depPkgResponse.Packages[0].Namespaces[0].Names[0].Versions { - depPkgVersions = append(depPkgVersions, depPkgVersion.Version) - depPkgVersionsMap[depPkgVersion.Version] = depPkgVersion.Id - } - - matchingDepPkgVersions, err := depversion.WhichVersionMatches(depPkgVersions, versionRange) - if err != nil { - // TODO(jeffmendoza): depversion is not handling all/new possible - // version ranges from deps.dev. Continue here to report possible - // vulns even if some paths cannot be followed. - matchingDepPkgVersions = nil - //return nil, nil, fmt.Errorf("error determining dependent version matches: %w", err) - } - - for matchingDepPkgVersion := range matchingDepPkgVersions { - matchingDepPkgVersionIDs = append(matchingDepPkgVersionIDs, depPkgVersionsMap[matchingDepPkgVersion]) - } - return matchingDepPkgVersionIDs, nil -} diff --git a/pkg/dependencies/dependents_test.go b/pkg/dependencies/dependents_test.go index 918644c65f..9b277bb01f 100644 --- a/pkg/dependencies/dependents_test.go +++ b/pkg/dependencies/dependents_test.go @@ -20,10 +20,11 @@ package dependencies import ( "context" "fmt" - clients "github.com/guacsec/guac/internal/testing/graphqlClients" "testing" "time" + clients "github.com/guacsec/guac/internal/testing/graphqlClients" + model "github.com/guacsec/guac/pkg/assembler/clients/generated" "github.com/Khan/genqlient/graphql" @@ -403,13 +404,11 @@ func createDependencyNodes(ctx context.Context, gqlClient graphql.Client, packag gqlClient, pkSpec, depPkgSpec, - model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, model.IsDependencyInputSpec{ Justification: "test", Origin: "test", Collector: "test", DependencyType: model.DependencyTypeUnknown, - VersionRange: "test", }) if err != nil { diff --git a/pkg/guacanalytics/patchPlanning.go b/pkg/guacanalytics/patchPlanning.go index 855b6a11dc..49a2eca0b0 100644 --- a/pkg/guacanalytics/patchPlanning.go +++ b/pkg/guacanalytics/patchPlanning.go @@ -21,7 +21,6 @@ import ( "github.com/Khan/genqlient/graphql" model "github.com/guacsec/guac/pkg/assembler/clients/generated" - "github.com/guacsec/guac/pkg/misc/depversion" ) type NodeType int @@ -241,18 +240,6 @@ func exploreIsDependencyFromDepPkg(ctx context.Context, gqlClient graphql.Client } path = append(path, isDependency.Id) - targetDepPkgVersion := len(isDependency.DependencyPackage.Namespaces[0].Names[0].Versions) > 0 - - if !targetDepPkgVersion { - doesRangeInclude, err := depversion.DoesRangeInclude(q.nowNode.nodeVersions, isDependency.VersionRange) - if err != nil { - return err - } - - if !doesRangeInclude { - return nil - } - } q.addNodeToQueue(PackageVersion, nil, isDependency.Package.Namespaces[0].Names[0].Versions[0].Id) q.addNodeToQueue(PackageName, []string{isDependency.Package.Namespaces[0].Names[0].Versions[0].Version}, isDependency.Package.Namespaces[0].Names[0].Id) diff --git a/pkg/guacanalytics/patchPlanning_test.go b/pkg/guacanalytics/patchPlanning_test.go index 190bc0fcc5..2cfbbdc13e 100644 --- a/pkg/guacanalytics/patchPlanning_test.go +++ b/pkg/guacanalytics/patchPlanning_test.go @@ -54,9 +54,7 @@ var ( Name: "openssl", Version: ptrfrom.String("3.0.3"), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}, IsDependency: &model.IsDependencyInputSpec{ - VersionRange: ">=1.19.0", DependencyType: model.DependencyTypeDirect, Justification: "test justification one", Origin: "Demo ingestion", @@ -76,9 +74,7 @@ var ( Name: "dpkg", Version: ptrfrom.String("1.19.0"), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}, IsDependency: &model.IsDependencyInputSpec{ - VersionRange: ">=1.19.0", DependencyType: model.DependencyTypeDirect, Justification: "test justification one", Origin: "Demo ingestion", @@ -98,9 +94,7 @@ var ( Name: "bottompkg", Version: ptrfrom.String("1.19.0"), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}, IsDependency: &model.IsDependencyInputSpec{ - VersionRange: ">=1.19.0", DependencyType: model.DependencyTypeIndirect, Justification: "test justification one", Origin: "Demo ingestion", @@ -248,9 +242,7 @@ var ( Name: "pkgName3", Version: ptrfrom.String("1.19.0"), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}, IsDependency: &model.IsDependencyInputSpec{ - VersionRange: ">=1.19.0", DependencyType: model.DependencyTypeDirect, Justification: "test justification one", Origin: "Demo ingestion", @@ -332,9 +324,7 @@ var ( Name: "extraName", Version: ptrfrom.String("1.19.0"), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}, IsDependency: &model.IsDependencyInputSpec{ - VersionRange: "=3.0.3", DependencyType: model.DependencyTypeDirect, Justification: "test justification one", Origin: "Demo ingestion", @@ -429,9 +419,7 @@ var ( Name: "pkgNameB", Version: ptrfrom.String("1.19.0"), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}, IsDependency: &model.IsDependencyInputSpec{ - VersionRange: ">=1.19.0", DependencyType: model.DependencyTypeDirect, Justification: "test justification one", Origin: "Demo ingestion", @@ -563,9 +551,7 @@ var ( Name: "pkgNameE", Version: ptrfrom.String("3.0.3"), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}, IsDependency: &model.IsDependencyInputSpec{ - VersionRange: "=>2.0.0", DependencyType: model.DependencyTypeDirect, Justification: "test justification one", Origin: "Demo ingestion", @@ -664,9 +650,7 @@ var ( Name: "pkgNameI", Version: ptrfrom.String("3.0.3"), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}, IsDependency: &model.IsDependencyInputSpec{ - VersionRange: ">=2.0.0", DependencyType: model.DependencyTypeDirect, Justification: "test justification one", Origin: "Demo ingestion", @@ -725,7 +709,6 @@ var ( Name: "bName", Version: ptrfrom.String("1.19.1"), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}, Pkg: &model.PkgInputSpec{ Type: "dType", Namespace: ptrfrom.String("dNamespace"), @@ -733,7 +716,6 @@ var ( Version: ptrfrom.String("1.19.1"), }, IsDependency: &model.IsDependencyInputSpec{ - VersionRange: ">=1.0.0", DependencyType: model.DependencyTypeDirect, Justification: "test justification one", Origin: "Demo ingestion", @@ -863,9 +845,7 @@ var ( Name: "pkgNameM", Version: ptrfrom.String("3.0.3"), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}, IsDependency: &model.IsDependencyInputSpec{ - VersionRange: "=>1.0.0", DependencyType: model.DependencyTypeDirect, Justification: "test justification one", Origin: "Demo ingestion", @@ -955,7 +935,7 @@ func ingestIsDependency(ctx context.Context, client graphql.Client, graph assemb if err != nil { return fmt.Errorf("error in ingesting dependent package: %s\n", err) } - _, err = model.IngestIsDependency(ctx, client, model.IDorPkgInput{PackageInput: ingest.Pkg}, model.IDorPkgInput{PackageInput: ingest.DepPkg}, ingest.DepPkgMatchFlag, *ingest.IsDependency) + _, err = model.IngestIsDependency(ctx, client, model.IDorPkgInput{PackageInput: ingest.Pkg}, model.IDorPkgInput{PackageInput: ingest.DepPkg}, *ingest.IsDependency) if err != nil { return fmt.Errorf("error in ingesting isDependency: %s\n", err) } @@ -1348,8 +1328,8 @@ func Test_SearchSubgraphFromVuln(t *testing.T) { startName: "extraName", startVersion: ptrfrom.String("1.19.0"), maxDepth: 10, - expectedLen: 2, - expectedPkgs: []string{"extraType"}, + expectedLen: 4, + expectedPkgs: []string{"extraType", "conan3"}, graphInputs: []assembler.IngestPredicates{isDependencyNotInRangeGraph}, }, { @@ -1514,6 +1494,9 @@ func Test_SearchSubgraphFromVuln(t *testing.T) { } for _, tt := range testCases { + if tt.name == "7: direct isDependency not included in range" { + fmt.Print("here") + } t.Run(fmt.Sprintf("Test case %s\n", tt.name), func(t *testing.T) { for _, graphInput := range tt.graphInputs { err = ingestTestData(ctx, gqlClient, graphInput) diff --git a/pkg/handler/collector/deps_dev/deps_dev.go b/pkg/handler/collector/deps_dev/deps_dev.go index baa4003df6..105c7ca0e6 100644 --- a/pkg/handler/collector/deps_dev/deps_dev.go +++ b/pkg/handler/collector/deps_dev/deps_dev.go @@ -500,7 +500,6 @@ func (d *depsCollector) fetchDependencies(ctx context.Context, purl string, docC for _, edge := range deps.Edges { isDep := &model.IsDependencyInputSpec{ - VersionRange: edge.Requirement, DependencyType: model.DependencyTypeDirect, Justification: "dependency data collected via deps.dev", } diff --git a/pkg/ingestor/parser/common/helpers.go b/pkg/ingestor/parser/common/helpers.go index ed1688dbf4..15f8ac5581 100644 --- a/pkg/ingestor/parser/common/helpers.go +++ b/pkg/ingestor/parser/common/helpers.go @@ -33,26 +33,22 @@ func GetIsDep(foundNode *model.PkgInputSpec, relatedPackNodes []*model.PkgInputS // TODO: Check is this always just expected to be one? return &assembler.IsDependencyIngest{ - Pkg: foundNode, - DepPkg: rfileNode, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: foundNode, + DepPkg: rfileNode, IsDependency: &model.IsDependencyInputSpec{ DependencyType: dependency, Justification: justification, - VersionRange: *rfileNode.Version, }, }, nil } } else if len(relatedPackNodes) > 0 { for _, rpackNode := range relatedPackNodes { return &assembler.IsDependencyIngest{ - Pkg: foundNode, - DepPkg: rpackNode, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: foundNode, + DepPkg: rpackNode, IsDependency: &model.IsDependencyInputSpec{ DependencyType: dependency, Justification: justification, - VersionRange: *rpackNode.Version, }, }, nil @@ -68,13 +64,11 @@ func CreateTopLevelIsDeps(topLevel *model.PkgInputSpec, packages map[string][]*m for _, packNode := range packNodes { if !reflect.DeepEqual(packNode, topLevel) { p := assembler.IsDependencyIngest{ - Pkg: topLevel, - DepPkg: packNode, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevel, + DepPkg: packNode, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, Justification: justification, - VersionRange: *packNode.Version, }, } isDeps = append(isDeps, p) @@ -85,13 +79,11 @@ func CreateTopLevelIsDeps(topLevel *model.PkgInputSpec, packages map[string][]*m for _, fileNodes := range files { for _, fileNode := range fileNodes { p := assembler.IsDependencyIngest{ - Pkg: topLevel, - DepPkg: fileNode, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, + Pkg: topLevel, + DepPkg: fileNode, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeUnknown, Justification: justification, - VersionRange: *fileNode.Version, }, } isDeps = append(isDeps, p) diff --git a/pkg/ingestor/parser/deps_dev/deps_dev.go b/pkg/ingestor/parser/deps_dev/deps_dev.go index 279f4d912b..d0cdc9b6c7 100644 --- a/pkg/ingestor/parser/deps_dev/deps_dev.go +++ b/pkg/ingestor/parser/deps_dev/deps_dev.go @@ -70,10 +70,9 @@ func (d *depsDevParser) GetPredicates(ctx context.Context) *assembler.IngestPred for _, isDepComp := range d.packComponent.IsDepPackages { preds.IsDependency = append(preds.IsDependency, assembler.IsDependencyIngest{ - Pkg: isDepComp.CurrentPackageInput, - DepPkg: isDepComp.DepPackageInput, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, - IsDependency: isDepComp.IsDependency, + Pkg: isDepComp.CurrentPackageInput, + DepPkg: isDepComp.DepPackageInput, + IsDependency: isDepComp.IsDependency, }) } preds.HasSBOM = append(preds.HasSBOM, common.CreateTopLevelHasSBOMFromPkg(d.packComponent.CurrentPackage, d.doc, helpers.PkgInputSpecToPurl(d.packComponent.CurrentPackage), d.packComponent.UpdateTime)) diff --git a/pkg/ingestor/parser/deps_dev/deps_dev_test.go b/pkg/ingestor/parser/deps_dev/deps_dev_test.go index 23b334c0fd..0c2df51840 100644 --- a/pkg/ingestor/parser/deps_dev/deps_dev_test.go +++ b/pkg/ingestor/parser/deps_dev/deps_dev_test.go @@ -80,7 +80,6 @@ func Test_depsDevParser_Parse(t *testing.T) { Version: ptrfrom.String("1.4.0"), Subpath: ptrfrom.String(""), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, DepPkg: &model.PkgInputSpec{ Type: "npm", Namespace: ptrfrom.String(""), @@ -90,7 +89,6 @@ func Test_depsDevParser_Parse(t *testing.T) { }, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeDirect, - VersionRange: "^3.0.0 || ^4.0.0", Justification: "dependency data collected via deps.dev", Origin: "", Collector: "", @@ -103,7 +101,6 @@ func Test_depsDevParser_Parse(t *testing.T) { Version: ptrfrom.String("17.0.0"), Subpath: ptrfrom.String(""), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, DepPkg: &model.PkgInputSpec{ Type: "npm", Namespace: ptrfrom.String(""), @@ -113,7 +110,6 @@ func Test_depsDevParser_Parse(t *testing.T) { }, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeDirect, - VersionRange: "^1.1.0", Justification: "dependency data collected via deps.dev", Origin: "", Collector: "", @@ -133,10 +129,8 @@ func Test_depsDevParser_Parse(t *testing.T) { Version: ptrfrom.String("4.1.1"), Subpath: ptrfrom.String(""), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeDirect, - VersionRange: "^4.1.1", Justification: "dependency data collected via deps.dev", Origin: "", Collector: "", @@ -325,10 +319,8 @@ func Test_depsDevParser_Parse(t *testing.T) { Version: ptrfrom.String("0.1.1"), Subpath: ptrfrom.String(""), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeDirect, - VersionRange: "^0.1", Justification: "dependency data collected via deps.dev", Origin: "", Collector: "", @@ -427,7 +419,6 @@ func Test_depsDevParser_Parse(t *testing.T) { Version: ptrfrom.String("4.2.1"), Subpath: ptrfrom.String(""), }, - DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}, DepPkg: &model.PkgInputSpec{ Type: "npm", Namespace: ptrfrom.String(""), @@ -437,7 +428,6 @@ func Test_depsDevParser_Parse(t *testing.T) { }, IsDependency: &model.IsDependencyInputSpec{ DependencyType: model.DependencyTypeDirect, - VersionRange: "^3.0.0", Justification: "dependency data collected via deps.dev", Origin: "", Collector: "", diff --git a/pkg/ingestor/parser/spdx/parse_spdx_test.go b/pkg/ingestor/parser/spdx/parse_spdx_test.go index 589d7c5852..709676cf7c 100644 --- a/pkg/ingestor/parser/spdx/parse_spdx_test.go +++ b/pkg/ingestor/parser/spdx/parse_spdx_test.go @@ -131,9 +131,7 @@ func Test_spdxParser(t *testing.T) { Qualifiers: []generated.PackageQualifierInputSpec{{Key: "mediatype", Value: "application/vnd.oci.image.manifest.v1+json"}}, Subpath: &packageOfEmptyString, }, - DepPkgMatchFlag: generated.MatchFlags{Pkg: "SPECIFIC_VERSION"}, IsDependency: &generated.IsDependencyInputSpec{ - VersionRange: "sha256:a743268cd3c56f921f3fb706cc0425c8ab78119fd433e38bb7c5dcd5635b0d10", DependencyType: "UNKNOWN", Justification: "top-level package GUAC heuristic connecting to each file/package", }, @@ -426,12 +424,10 @@ func Test_spdxParser(t *testing.T) { wantPredicates: &assembler.IngestPredicates{ IsDependency: []assembler.IsDependencyIngest{ { - Pkg: pUrlToPkgDiscardError("pkg:oci/redhat/ubi9-container@sha256:4227a4b5013999a412196237c62e40d778d09cdc751720a66ff3701fbe5a4a9d?repository_url=registry.redhat.io/ubi9&tag=9.1.0-1750"), - DepPkg: pUrlToPkgDiscardError("pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64"), - DepPkgMatchFlag: generated.MatchFlags{Pkg: generated.PkgMatchTypeSpecificVersion}, + Pkg: pUrlToPkgDiscardError("pkg:oci/redhat/ubi9-container@sha256:4227a4b5013999a412196237c62e40d778d09cdc751720a66ff3701fbe5a4a9d?repository_url=registry.redhat.io/ubi9&tag=9.1.0-1750"), + DepPkg: pUrlToPkgDiscardError("pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64"), IsDependency: &generated.IsDependencyInputSpec{ DependencyType: generated.DependencyTypeUnknown, - VersionRange: "0.1.18-1.el9", Justification: "Derived from SPDX CONTAINED_BY relationship", }, }, @@ -515,9 +511,8 @@ func Test_spdxParser(t *testing.T) { wantPredicates: &assembler.IngestPredicates{ IsDependency: []assembler.IsDependencyIngest{ { - Pkg: pUrlToPkgDiscardError("pkg:guac/spdx/testsbom"), - DepPkg: pUrlToPkgDiscardError("pkg:guac/files/sha1:ba1c68d88439599dcca7594d610030a19eda4f63?filename=./include-file"), - DepPkgMatchFlag: generated.MatchFlags{Pkg: generated.PkgMatchTypeSpecificVersion}, + Pkg: pUrlToPkgDiscardError("pkg:guac/spdx/testsbom"), + DepPkg: pUrlToPkgDiscardError("pkg:guac/files/sha1:ba1c68d88439599dcca7594d610030a19eda4f63?filename=./include-file"), IsDependency: &generated.IsDependencyInputSpec{ DependencyType: generated.DependencyTypeUnknown, Justification: "top-level package GUAC heuristic connecting to each file/package", @@ -778,9 +773,8 @@ func Test_spdxParser(t *testing.T) { wantPredicates: &assembler.IngestPredicates{ IsDependency: []assembler.IsDependencyIngest{ { - Pkg: pUrlToPkgDiscardError("pkg:guac/spdx/testsbom"), - DepPkg: pUrlToPkgDiscardError("pkg:guac/files/sha1:ba1c68d88439599dcca7594d610030a19eda4f63?filename=./include-file"), - DepPkgMatchFlag: generated.MatchFlags{Pkg: generated.PkgMatchTypeSpecificVersion}, + Pkg: pUrlToPkgDiscardError("pkg:guac/spdx/testsbom"), + DepPkg: pUrlToPkgDiscardError("pkg:guac/files/sha1:ba1c68d88439599dcca7594d610030a19eda4f63?filename=./include-file"), IsDependency: &generated.IsDependencyInputSpec{ DependencyType: generated.DependencyTypeUnknown, Justification: "top-level package GUAC heuristic connecting to each file/package",