manage backward compatibility in Gitregostore (#439)

Corrects the backward compatibility regarding security frameworks, and deprecates backward compatibility regarding controlIDs that were changed.
kubescape · Jun 22, 2023 · 281c02f · 281c02f
1 parent 251b8c1
commit 281c02f
Show file tree

Hide file tree

Showing 6 changed files with 168 additions and 515 deletions.
diff --git a/gitregostore/backwardCompatibility.go b/gitregostore/backwardCompatibility.go
diff --git a/gitregostore/backwardCompatibility_test.go b/gitregostore/backwardCompatibility_test.go
diff --git a/gitregostore/gitstoremethods.go b/gitregostore/gitstoremethods.go
@@ -13,9 +13,8 @@ import (
 )
 
 const (
-	supportBackwardCompatibility = true
-	TypeCompliance               = "compliance"
-	TypeSecurity                 = "security"
+	TypeCompliance = "compliance"
+	TypeSecurity   = "security"
 )
 
 // =============================================================
@@ -95,9 +94,7 @@ func (gs *GitRegoStore) GetOPAControlByName(controlName string) (*opapolicy.Cont
 	defer gs.controlsLock.RUnlock()
 
 	for _, controlToPin := range gs.Controls {
-		// If backward compatibility is supported, extract from patched control name the new name.
-		if !strings.EqualFold(controlToPin.Name, controlName) &&
-			(!supportBackwardCompatibility || !strings.EqualFold(controlToPin.Name, baseControlName(controlToPin.ControlID, controlName))) {
+		if !strings.EqualFold(controlToPin.Name, controlName) {
 			continue
 		}
 
@@ -125,9 +122,7 @@ func (gs *GitRegoStore) GetOPAControlByID(controlID string) (*opapolicy.Control,
 
 func (gs *GitRegoStore) getOPAControlByID(controlID string) (*opapolicy.Control, error) {
 	for _, controlToPin := range gs.Controls {
-		// If backward compatibility is supported, try to find if the controlID sent has a new controlID
-		if !strings.EqualFold(controlToPin.ControlID, controlID) &&
-			(!supportBackwardCompatibility || !strings.EqualFold(controlToPin.ControlID, newControlID(controlID))) {
+		if !strings.EqualFold(controlToPin.ControlID, controlID) {
 			continue
 		}
 
@@ -157,9 +152,7 @@ func (gs *GitRegoStore) GetOPAControlByFrameworkNameAndControlName(frameworkName
 	}
 
 	for _, controlToPin := range fw.Controls {
-		// If backward compatibility is supported, extract from patched control name the new name.
-		if !strings.EqualFold(controlToPin.Name, controlName) &&
-			(!supportBackwardCompatibility || !strings.EqualFold(controlToPin.Name, baseControlName(controlToPin.ControlID, controlName))) {
+		if !strings.EqualFold(controlToPin.Name, controlName) {
 			continue
 		}
 
@@ -379,11 +372,9 @@ func (gs *GitRegoStore) GetOPAFrameworkByName(frameworkName string) (*opapolicy.
 }
 
 func (gs *GitRegoStore) getOPAFrameworkByName(frameworkName string) (*opapolicy.Framework, error) {
-	const supportBackwardCompatibilityFramework = true
 
 	for _, frameworkToPin := range gs.Frameworks {
-		// If backward compatibility is supported,try to compare the new CIS name.
-		if !strings.EqualFold(frameworkToPin.Name, frameworkName) && (!supportBackwardCompatibilityFramework || !strings.EqualFold(frameworkToPin.Name, newFrameworkName(frameworkName))) {
+		if !strings.EqualFold(frameworkToPin.Name, frameworkName) {
 			continue
 		}
 
@@ -496,7 +487,6 @@ func (gs *GitRegoStore) fillControlsAndControlIDsInFramework(fw *opapolicy.Frame
 	// if there are controls, need to populate only the rules.
 	for i := range fw.Controls {
 		if len(fw.Controls[i].Rules) == 0 {
-			// getting the control object using GetOPAControlByID as it handles backward compatibility
 			tmpControl, err := gs.GetOPAControlByID(fw.Controls[i].ControlID)
 			if err != nil {
 				return err