Derive conflict resolution #561
Conversation
|
This pull request introduces 2 alerts and fixes 2 when merging b2f85ab into a045aff - view on LGTM.com new alerts:
fixed alerts:
|
src/rust/generators/osquery-subgraph-generator/src/tests/process.rs
Outdated
Show resolved
Hide resolved
| @@ -82,7 +77,6 @@ pub fn generate_process_create_subgraph( | |||
| ); | |||
|
|
|||
| graph.add_edge("children", parent.clone_node_key(), child.clone_node_key()); | |||
| graph.add_edge("parent", child.clone_node_key(), parent.clone_node_key()); | |||
There was a problem hiding this comment.
@colin-grapl is there a reason this was deleted?
There was a problem hiding this comment.
It's redundant - there's no need to specify an edge and a reverse edge, one implies the other, and that's handled downstream.
|
This pull request introduces 2 alerts and fixes 2 when merging c65a449 into ce9016f - view on LGTM.com new alerts:
fixed alerts:
|
| match attr { | ||
| IMMUTABLE => resolution = Some(attr.to_string()), | ||
| INCREMENT => resolution = Some(attr.to_string()), | ||
| DECREMENT => resolution = Some(attr.to_string()), |
There was a problem hiding this comment.
You could probably just use one match arm on IMMUTABLE | INCREMENT | DECREMENT.
src/rust/generators/sysmon-subgraph-generator/src/models/process/create.rs
Show resolved
Hide resolved
|
This pull request introduces 2 alerts and fixes 2 when merging 830b556 into eb80c50 - view on LGTM.com new alerts:
fixed alerts:
|
|
This pull request introduces 1 alert and fixes 2 when merging 07501c4 into a47b9e9 - view on LGTM.com new alerts:
fixed alerts:
|
|
This pull request introduces 1 alert and fixes 2 when merging 85439f0 into a47b9e9 - view on LGTM.com new alerts:
fixed alerts:
|
|
This pull request introduces 1 alert and fixes 2 when merging 7e9891f into a47b9e9 - view on LGTM.com new alerts:
fixed alerts:
|
The `Edge#edgeName` field was renamed in #561 so we no longer need to ignore any lints. See grapl-security/issue-tracker#237 Signed-off-by: Christopher Maier <chris@graplsecurity.com>
Which issue does this PR correspond to?
#147
#148
What changes does this PR make to Grapl? Why?
Removes the underlying protobuf schemas for node types such as 'Process' and 'File', and instead leverages three distinct schemas - NodeDescription, IdentifiedNode, MergedNode.
Replaces 'string', 'int', and 'uint' with conflict resolvable types. The logic to enforce that resolution does not exist and will be implemented in a separate (and much smaller!) PR.
Specifically, while this diff appears very large, there are really just three places you need to worry about:
src/rust/derive-dynamic-node/src/lib.rsThis is where the conflict resolution macro changes occur, allowing us to specify the resolution mechanism for a property.
src/proto/graplinc/grapl/api/graph/v1beta1/types.protoThis is where the new proto structures are defined. The major changes are that we now have distinct node/graph types based on the state of the processed data (described, identified, merged) and, on top of that, the protobuf types to express the conflict resolution.
I've also documented most of the protobuf.
src/rust/graph-descriptions/src/lib.rsThis is where the
implof these new protobuf types exist. The previously defined File, Process, etc are now in theendpoint-plugin.All other changes are just to support this - there's a lot of diff noise involved, such as deleting tons of files that are no longer necessary, because the logic for nodes is now condensed.
The other churn is in the graph-merger, where I've spent some time refactoring the upsert logic, separating structures out into their own files. I've also added integration tests - 414 lines of additional integration tests are now in the graph-merger, as well as code to support those tests.
If you look at the git stats you'll find that while 104 files have been touched, the vast majority of those are just changing things like
Graph::new(0)toGraphDescription;:new(), or that sort of thing. Also, apparently there have been some formatting changes, so that caused churn as well :(How were these changes tested?
I've tested locally and I've added lots of integration tests.