Exclude profiles with labels from history. (#4910)

Filter by labels when listing history.

History list showed evaluation results even for profiles having
labels. This is different from the behaviour of Profile list and
status, which by default only showed results for profiles without
labels.

This change makes the behaviour of History list closer to the one
Profile list and status by adding a new filter to the
`ListEvaluationHistory` endpoint. Both inclusion and exclusion are
supported, and the additional `*` flag is allowed specifically for
inclusion.

Fixes stacklok/minder-stories#102

Author: blkt

database/query/eval_history.sql

@@ -119,6 +119,7 @@ SELECT s.id::uuid AS evaluation_id,
        ri.name AS rule_name,
        rt.severity_value as rule_severity,
        p.name AS profile_name,
+       p.labels as profile_labels,
        -- evaluation status and details
        s.status AS evaluation_status,
        s.details AS evaluation_details,
@@ -158,6 +159,13 @@ SELECT s.id::uuid AS evaluation_id,
    AND (sqlc.narg(tots)::timestamp without time zone IS NULL OR  s.evaluation_time < sqlc.narg(tots))
    -- implicit filter by project id
    AND j.id = sqlc.arg(projectId)
+   -- implicit filter by profile labels
+   AND ((sqlc.slice(labels)::text[] IS NULL AND p.labels = array[]::text[]) -- include only unlabelled records
+	OR ((sqlc.slice(labels)::text[] IS NOT NULL AND sqlc.slice(labels)::text[] = array['*']::text[]) -- include all labels
+	    OR (sqlc.slice(labels)::text[] IS NOT NULL AND p.labels && sqlc.slice(labels)::text[]) -- include only specified labels
+	)
+   )
+   AND (sqlc.slice(notLabels)::text[] IS NULL OR NOT p.labels && sqlc.slice(notLabels)::text[]) -- exclude only specified labels
  ORDER BY
  CASE WHEN sqlc.narg(next)::timestamp without time zone IS NULL THEN s.evaluation_time END ASC,
  CASE WHEN sqlc.narg(prev)::timestamp without time zone IS NULL THEN s.evaluation_time END DESC

docs/docs/ref/proto.md

@@ -131,6 +131,7 @@ func (s *Server) ListEvaluationHistory(
 	opts = append(opts, FilterOptsFromStrings(in.GetEntityType(), history.WithEntityType)...)
 	opts = append(opts, FilterOptsFromStrings(in.GetEntityName(), history.WithEntityName)...)
 	opts = append(opts, FilterOptsFromStrings(in.GetProfileName(), history.WithProfileName)...)
+	opts = append(opts, FilterOptsFromStrings(in.GetLabelFilter(), history.WithLabel)...)
 	opts = append(opts, FilterOptsFromStrings(in.GetStatus(), history.WithStatus)...)
 	opts = append(opts, FilterOptsFromStrings(in.GetRemediation(), history.WithRemediation)...)
 	opts = append(opts, FilterOptsFromStrings(in.GetAlert(), history.WithAlert)...)

internal/controlplane/handlers_evalstatus.go

@@ -36,6 +36,34 @@ func TestListEvaluationHistoryFilters(t *testing.T) {
 	ere1 := createRandomEvaluationRuleEntity(t, riID1, repo1.ID)
 	es1 := createRandomEvaluationStatus(t, ere1)
 
+	// Evaluations for this profile should not show up in the
+	// results.
+	ruleType2 := createRandomRuleType(t, proj.ID)
+	profile2 := createRandomProfile(t, proj.ID, []string{"label2"})
+	fmt.Println(profile2)
+	riID2 := createRandomRuleInstance(
+		t,
+		proj.ID,
+		profile2.ID,
+		ruleType2.ID,
+	)
+	ere2 := createRandomEvaluationRuleEntity(t, riID2, repo1.ID)
+	es2 := createRandomEvaluationStatus(t, ere2)
+
+	// Evaluations for this profile should not show up in the
+	// results.
+	ruleType3 := createRandomRuleType(t, proj.ID)
+	profile3 := createRandomProfile(t, proj.ID, []string{"label3"})
+	fmt.Println(profile3)
+	riID3 := createRandomRuleInstance(
+		t,
+		proj.ID,
+		profile3.ID,
+		ruleType3.ID,
+	)
+	ere3 := createRandomEvaluationRuleEntity(t, riID3, repo1.ID)
+	es3 := createRandomEvaluationStatus(t, ere3)
+
 	tests := []struct {
 		name   string
 		params ListEvaluationHistoryParams
@@ -392,6 +420,193 @@ func TestListEvaluationHistoryFilters(t *testing.T) {
 			},
 		},
 
+		// profile labels filter
+		{
+			name: "profile labels filter missing",
+			params: ListEvaluationHistoryParams{
+				Next: sql.NullTime{
+					Time:  time.UnixMicro(999999999999999999).UTC(),
+					Valid: true,
+				},
+				Projectid: proj.ID,
+				Size:      5,
+			},
+			checkf: func(t *testing.T, rows []ListEvaluationHistoryRow) {
+				t.Helper()
+				require.Len(t, rows, 1)
+				row := rows[0]
+				require.Equal(t, es1, row.EvaluationID)
+				require.Equal(t, EntitiesRepository, row.EntityType)
+				require.Equal(t, repo1.ID, row.EntityID)
+				require.Empty(t, row.ProfileLabels)
+			},
+		},
+		{
+			name: "profile labels filter include",
+			params: ListEvaluationHistoryParams{
+				Next: sql.NullTime{
+					Time:  time.UnixMicro(999999999999999999).UTC(),
+					Valid: true,
+				},
+				Labels:    []string{"nonexisting"},
+				Projectid: proj.ID,
+				Size:      5,
+			},
+			checkf: func(t *testing.T, rows []ListEvaluationHistoryRow) {
+				t.Helper()
+				require.Len(t, rows, 0)
+			},
+		},
+		{
+			name: "profile labels filter include match label2",
+			params: ListEvaluationHistoryParams{
+				Next: sql.NullTime{
+					Time:  time.UnixMicro(999999999999999999).UTC(),
+					Valid: true,
+				},
+				Labels:    []string{"label2"},
+				Projectid: proj.ID,
+				Size:      5,
+			},
+			checkf: func(t *testing.T, rows []ListEvaluationHistoryRow) {
+				t.Helper()
+				require.Len(t, rows, 1)
+				row := rows[0]
+				require.Equal(t, es2, row.EvaluationID)
+				require.Equal(t, EntitiesRepository, row.EntityType)
+				require.Equal(t, repo1.ID, row.EntityID)
+				require.Equal(t, profile2.Labels, row.ProfileLabels)
+			},
+		},
+		{
+			name: "profile labels filter include match label3",
+			params: ListEvaluationHistoryParams{
+				Next: sql.NullTime{
+					Time:  time.UnixMicro(999999999999999999).UTC(),
+					Valid: true,
+				},
+				Labels:    []string{"label3"},
+				Projectid: proj.ID,
+				Size:      5,
+			},
+			checkf: func(t *testing.T, rows []ListEvaluationHistoryRow) {
+				t.Helper()
+				require.Len(t, rows, 1)
+				row := rows[0]
+				require.Equal(t, es3, row.EvaluationID)
+				require.Equal(t, EntitiesRepository, row.EntityType)
+				require.Equal(t, repo1.ID, row.EntityID)
+				require.Equal(t, profile3.Labels, row.ProfileLabels)
+			},
+		},
+		{
+			name: "profile labels filter match *",
+			params: ListEvaluationHistoryParams{
+				Next: sql.NullTime{
+					Time:  time.UnixMicro(999999999999999999).UTC(),
+					Valid: true,
+				},
+				Labels:    []string{"*"},
+				Projectid: proj.ID,
+				Size:      5,
+			},
+			checkf: func(t *testing.T, rows []ListEvaluationHistoryRow) {
+				t.Helper()
+				require.Len(t, rows, 3)
+
+				row := rows[0]
+				require.Equal(t, es3, row.EvaluationID)
+				require.Equal(t, EntitiesRepository, row.EntityType)
+				require.Equal(t, repo1.ID, row.EntityID)
+				require.Equal(t, profile3.Labels, row.ProfileLabels)
+
+				row = rows[1]
+				require.Equal(t, es2, row.EvaluationID)
+				require.Equal(t, EntitiesRepository, row.EntityType)
+				require.Equal(t, repo1.ID, row.EntityID)
+				require.Equal(t, profile2.Labels, row.ProfileLabels)
+
+				row = rows[2]
+				require.Equal(t, es1, row.EvaluationID)
+				require.Equal(t, EntitiesRepository, row.EntityType)
+				require.Equal(t, repo1.ID, row.EntityID)
+				require.Equal(t, profile1.Labels, row.ProfileLabels)
+			},
+		},
+		{
+			name: "profile labels filter exclude label2",
+			params: ListEvaluationHistoryParams{
+				Next: sql.NullTime{
+					Time:  time.UnixMicro(999999999999999999).UTC(),
+					Valid: true,
+				},
+				Notlabels: []string{"label2"},
+				Projectid: proj.ID,
+				Size:      5,
+			},
+			checkf: func(t *testing.T, rows []ListEvaluationHistoryRow) {
+				t.Helper()
+				require.Len(t, rows, 1)
+
+				row := rows[0]
+				require.Equal(t, es1, row.EvaluationID)
+				require.Equal(t, EntitiesRepository, row.EntityType)
+				require.Equal(t, repo1.ID, row.EntityID)
+				require.Equal(t, profile1.Labels, row.ProfileLabels)
+			},
+		},
+		{
+			name: "profile labels filter exclude label3",
+			params: ListEvaluationHistoryParams{
+				Next: sql.NullTime{
+					Time:  time.UnixMicro(999999999999999999).UTC(),
+					Valid: true,
+				},
+				Notlabels: []string{"label3"},
+				Projectid: proj.ID,
+				Size:      5,
+			},
+			checkf: func(t *testing.T, rows []ListEvaluationHistoryRow) {
+				t.Helper()
+				require.Len(t, rows, 1)
+
+				row := rows[0]
+				require.Equal(t, es1, row.EvaluationID)
+				require.Equal(t, EntitiesRepository, row.EntityType)
+				require.Equal(t, repo1.ID, row.EntityID)
+				require.Equal(t, profile1.Labels, row.ProfileLabels)
+			},
+		},
+		{
+			name: "profile labels filter include * exclude label2",
+			params: ListEvaluationHistoryParams{
+				Next: sql.NullTime{
+					Time:  time.UnixMicro(999999999999999999).UTC(),
+					Valid: true,
+				},
+				Labels:    []string{"*"},
+				Notlabels: []string{"label3"},
+				Projectid: proj.ID,
+				Size:      5,
+			},
+			checkf: func(t *testing.T, rows []ListEvaluationHistoryRow) {
+				t.Helper()
+				require.Len(t, rows, 2)
+
+				row := rows[0]
+				require.Equal(t, es2, row.EvaluationID)
+				require.Equal(t, EntitiesRepository, row.EntityType)
+				require.Equal(t, repo1.ID, row.EntityID)
+				require.Equal(t, profile2.Labels, row.ProfileLabels)
+
+				row = rows[1]
+				require.Equal(t, es1, row.EvaluationID)
+				require.Equal(t, EntitiesRepository, row.EntityType)
+				require.Equal(t, repo1.ID, row.EntityID)
+				require.Equal(t, profile1.Labels, row.ProfileLabels)
+			},
+		},
+
 		// time range filter
 		{
 			name: "time range filter from +1h",
@@ -671,6 +886,7 @@ func TestGetEvaluationHistory(t *testing.T) {
 	for i := 0; i < 10; i++ {
 		repos = append(repos, createRandomRepository(t, proj.ID, prov))
 	}
+
 	ruleType1 := createRandomRuleType(t, proj.ID)
 	profile1 := createRandomProfile(t, proj.ID, []string{})
 	riID1 := createRandomRuleInstance(