feat: Extend rule engine to include missing checks when the resource does not exist

m-pizarro · m-pizarro · commit 79f8dd3c9ffa · 2022-06-09T15:21:56.000-03:00
diff --git a/src/rules-engine/data-processors/dgraph-data-processor.ts b/src/rules-engine/data-processors/dgraph-data-processor.ts
@@ -145,12 +145,12 @@ export default class DgraphDataProcessor implements DataProcessor {
 
   private prepareEntitiesMutations(findings: RuleFinding[]): RuleFinding[] {
     // Group Findings by schema type
-    const { manual: manualData = [], ...processedRules } = groupBy(
+    const { manual: manualData = [], missing: missingData = [], ...processedRules } = groupBy(
       findings,
       'typename'
     )
 
-    const mutations = [...manualData]
+    const mutations = [...manualData, ...missingData]
     for (const findingType in processedRules) {
       if (!isEmpty(findingType)) {
         // Group Findings by resource
diff --git a/src/rules-engine/evaluators/base-evaluator.ts b/src/rules-engine/evaluators/base-evaluator.ts
@@ -0,0 +1,23 @@
+import cuid from 'cuid'
+import { ResourceData, Result, Rule, RuleFinding } from '../types'
+import { RuleEvaluator } from './rule-evaluator'
+
+export default abstract class BaseEvaluator<K extends Rule> implements RuleEvaluator<K>
+{
+  abstract canEvaluate(rule: K): boolean
+
+  abstract evaluateSingleResource(rule: K, data?: ResourceData): Promise<RuleFinding>
+
+  async evaluateMissingResource({ id, severity, resource }: K): Promise<RuleFinding> {
+    return {
+      id: `${id}/missing/${cuid()}`,
+      resourceId: resource?.replace('[*]', ''),
+      result: Result.MISSING,
+      typename: 'missing',
+      rule: {
+        id,
+        severity,
+      },
+    } as RuleFinding
+  }
+}
diff --git a/src/rules-engine/evaluators/js-evaluator.ts b/src/rules-engine/evaluators/js-evaluator.ts
@@ -6,9 +6,9 @@ import {
   RuleFinding,
   Result,
 } from '../types'
-import { RuleEvaluator } from './rule-evaluator'
+import BaseEvaluator from './base-evaluator'
 
-export default class JsEvaluator implements RuleEvaluator<JsRule> {
+export default class JsEvaluator extends BaseEvaluator<JsRule> {
   canEvaluate(rule: Rule | JsRule): boolean {
     return 'check' in rule
   }
diff --git a/src/rules-engine/evaluators/json-evaluator.ts b/src/rules-engine/evaluators/json-evaluator.ts
@@ -12,9 +12,9 @@ import {
 } from '../types'
 import AdditionalOperators from '../operators'
 import ComparisonOperators from '../operators/comparison'
-import { RuleEvaluator } from './rule-evaluator'
+import BaseEvaluator from './base-evaluator'
 
-export default class JsonEvaluator implements RuleEvaluator<JsonRule> {
+export default class JsonEvaluator extends BaseEvaluator<JsonRule> {
   canEvaluate(rule: JsonRule): boolean {
     return 'conditions' in rule
   }
diff --git a/src/rules-engine/evaluators/manual-evaluator.ts b/src/rules-engine/evaluators/manual-evaluator.ts
@@ -1,7 +1,7 @@
 import { JsonRule, Result, Rule, RuleFinding } from '../types'
-import { RuleEvaluator } from './rule-evaluator'
+import BaseEvaluator from './base-evaluator'
 
-export default class ManualEvaluator implements RuleEvaluator<JsonRule> {
+export default class ManualEvaluator extends BaseEvaluator<JsonRule> {
   canEvaluate(rule: Rule): boolean {
     return !('gql' in rule) && !('conditions' in rule) && !('resource' in rule)
   }
diff --git a/src/rules-engine/evaluators/rule-evaluator.ts b/src/rules-engine/evaluators/rule-evaluator.ts
@@ -3,4 +3,5 @@ import { ResourceData, Rule, RuleFinding } from '../types'
 export interface RuleEvaluator<K extends Rule> {
   canEvaluate: (rule: K) => boolean
   evaluateSingleResource: (rule: K, data?: ResourceData) => Promise<RuleFinding>
+  evaluateMissingResource: (rule: K) => Promise<RuleFinding>
 }
diff --git a/src/rules-engine/index.ts b/src/rules-engine/index.ts
@@ -91,14 +91,20 @@ export default class RulesProvider implements Engine {
     const resourcePaths = data ? jsonpath.nodes(data, rule.resource) : []
     const evaluator = this.getRuleEvaluator(rule)
 
+    if (!evaluator) {
+      return []
+    }
+
     if (isEmpty(data) && evaluator instanceof ManualEvaluator) {
       // Returned Manual Rule Response
       res.push(await evaluator.evaluateSingleResource(rule))
       return res
     }
 
-    if (!evaluator) {
-      return []
+    if (isEmpty(resourcePaths)) {
+      // Returned Missing Resource Rule Response   
+      res.push(await evaluator.evaluateMissingResource(rule))
+      return res
     }
 
     // @NOTE: here we can evaluate things such as Data being empty (may imply rule to pass)

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`import { JsonRule, Result, Rule, RuleFinding } from '../types'`
`2`		`-import { RuleEvaluator } from './rule-evaluator'`
	`2`	`+import BaseEvaluator from './base-evaluator'`
`3`	`3`
`4`		`-export default class ManualEvaluator implements RuleEvaluator<JsonRule> {`
	`4`	`+export default class ManualEvaluator extends BaseEvaluator<JsonRule> {`
`5`	`5`	`canEvaluate(rule: Rule): boolean {`
`6`	`6`	`return !('gql' in rule) && !('conditions' in rule) && !('resource' in rule)`
`7`	`7`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,4 +3,5 @@ import { ResourceData, Rule, RuleFinding } from '../types'`
`3`	`3`	`export interface RuleEvaluator<K extends Rule> {`
`4`	`4`	`canEvaluate: (rule: K) => boolean`
`5`	`5`	`evaluateSingleResource: (rule: K, data?: ResourceData) => Promise<RuleFinding>`
	`6`	`+ evaluateMissingResource: (rule: K) => Promise<RuleFinding>`
`6`	`7`	`}`