refactor asset to be polymorphic

OpenSCAP / scaptimony

SCAPtimony is SCAP database and storage server

GNU General Public License v3.0

13 stars 13 forks source link

refactor asset to be polymorphic #11

Closed shlomizadok closed 9 years ago

shlomizadok commented 9 years ago

Changes asset to be polymorphic on assetable types (host, hostgroup, container) for instance + add policy to asset.

isimluk commented 9 years ago

This commits changes three things at once

makes asset polymorphic
denies policy creation over API
changes asset/policy mapping

I like the first two changes.

And I have slight difficulty with the second change. We may restring asset/policy mapping to be N/1 for this spring. However in the long term, there will be the need to have N/M cardinality. So in the long term we will revert this back.

Can't we just have keep the scaptimony_asset_policy table and ensure that there is only one row? What do you think?

shlomizadok commented 9 years ago

I don't think we need to keep this association as it has moved to Asset model (note there is now policy_id column there).

isimluk commented 9 years ago

Doesn't that restrict the cardinality?

ohadlevy commented 9 years ago

@isimluk I'm not sure I see an issue, each policy can belongs to multiple assets (and asset types), so a given asset can have multiple policies.

ohadlevy commented 9 years ago

granted, the name asset for the join table is confusing.

isimluk commented 9 years ago

On 01/13/2015 01:32 PM, Ohad Levy wrote:

granted, the name asset for the join table is confusing.

And then consider ArfReport linked to Asset.

This idea of policy mapping inside Asset goes against Boyce-Codd Normal Form. That usually backfires in the long run. Also it may make some of the queries more tricky.

I like the idea to have Asset polymorhic to Host, Host Group and Docker.

But the policy assignment is orthogonal to this. I.e. consider following example: The Asset(representing HostGroup) can be used to define relationships with policy. But the Asset (representing Host) will referred to from ArfReport. What would be the policy of this Asset?

Simon Lukasik Security Technologies, Red Hat, Inc.

shlomizadok commented 9 years ago

How does arf_report gets created? in foreman_scap we ensure it gets the policy_id from the policy. Maybe I'll add a validation to the policy_id on arf_report? something like:

Scaptimony::ArfReport.last.asset.policy == Scaptimony::ArfReport.last.policy

isimluk commented 9 years ago

That would make policy information duplicate for ArfReport (one per ArfReport table, one per Asset).

But what if someone changes this in Asset table later on?

ohadlevy commented 9 years ago

what do you mean by change? we can enforce that you cant delete an asset as long as it has reports...?

isimluk commented 9 years ago

Amended and merged as 112282e12c1a96f65ffd1e12c302663ecf454a72.

Thank You!