Modular sdk 7

CHANGELOG.md

@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.7.0] - 2025-01-06
+- moved to modular-sdk 7.0.0
+- fixed a bug when ruleset name containing a number was considered to be rulesset version
+
 ## [5.6.0] - 2024-11-05
 - refactor metrics collector
 - refactor such inner reports

cli/srecli/group/ruleset.py

@@ -65,7 +65,7 @@ def describe(ctx: ContextObj, name, version, cloud, get_rules,
               help='Project id of git repo to build a ruleset')
 @click.option('--git_ref', '-gr', required=False, type=str,
               help='Branch of git repo to build a ruleset')
-@click.option('--platform', required=False, type=click.Choice(('kubernetes', 'openshift')),
+@click.option('--platform', required=False, type=click.Choice(('kubernetes', 'openshift', 'kubernetes and openshift')),
               multiple=True, help='Platform for k8s')
 @click.option('--category', required=False, type=str, multiple=True,
               help='Rules category to use')

deployment/helm/rule-engine/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "5.6.0"
+appVersion: "5.7.0"
 description: A Helm chart for the rule-engine
 name: rule-engine
 type: application
-version: "5.6.0"
+version: "5.7.0"
 dependencies:
   - name: vault
     repository: "s3://charts-repository/syndicate/"

deployment/helm/rule-engine/templates/deployment.yaml

@@ -49,6 +49,8 @@ spec:
               name: http
               protocol: TCP
           env:
+            - name: application_name
+              value: 'syndicate-rule-engine'
             - name: modular_mongo_user
               valueFrom:
                 secretKeyRef:
@@ -137,4 +139,8 @@ spec:
             - name: CAAS_ALLOW_SIMULTANEOUS_JOBS_FOR_ONE_TENANT
               value: 'true'
             {{- end  }}
+            {{- if .Values.recommendationsBucket }}
+            - name: CAAS_RECOMMENDATIONS_BUCKET_NAME
+              value: {{ .Values.recommendationsBucket }}
+            {{- end}}
       restartPolicy: Always

deployment/helm/rule-engine/values.yaml

@@ -9,7 +9,7 @@ service:
 
 image:
   repository: public.ecr.aws/x4s4z8e1/syndicate/rule-engine
-  tag: 5.6.0
+  tag: 5.7.0
   pullPolicy: Always
 
 replicas: 1
@@ -65,4 +65,5 @@ noProxy: 'localhost,127.0.0.1,169.254.169.254,mongo,vault,minio,defectdojo'
 
 logLevel: INFO
 executorLogLevel: INFO
-allowSimultaneousJobsForOneTenant: false
+allowSimultaneousJobsForOneTenant: false
+recommendationsBucket:

pyproject.toml

@@ -5,7 +5,7 @@ readme = "README.md"
 requires-python = ">=3.10"
 license = {file = "LICENSE"}
 dependencies = []
-version = "5.6.0"
+version = "5.7.0"
 
 [dependency-groups]
 test = [

src/.env.example

@@ -35,5 +35,4 @@ VAULT_TOKEN=token
 VAULT_URL=127.0.0.1
 VAULT_SERVICE_SERVICE_PORT=8200
 
-component_name=custodian_service
-application_name=caas
+application_name=syndicate-rule-engine

src/executor/requirements.txt

@@ -1,12 +1,12 @@
 boto3~=1.34.144
 botocore~=1.34.144
 pynamodb>=5.5.1,<6
-pymongo~=4.5.0
+pymongo~=4.10.1
 hvac~=1.2.1
 requests~=2.32.3
 python-dateutil>=2.8.2,<3.0
 # jinja2~=3.1.2  # currently not used
-modular-sdk>=6.3.0,<7.0
+modular-sdk~=7.0.0
 aws-xray-sdk~=2.14.0
 msgspec~=0.18.6
 cryptography~=42.0.8

src/executor/services/report_service.py

@@ -42,10 +42,10 @@ class ReportFieldsLoader:
     json representation of its instances. We cannot know what field inside
     that json is considered to be a logical ID, name (or arn in case AWS) of
     that resource. Fortunately, this information is present inside Cloud
-    Custodian and we get get it.
-    For k8s name is always inside "metadata.name", id - "metadata.uid",
+    Custodian, and we can get it.
+    For K8S name is always inside "metadata.name", id - "metadata.uid",
     namespace - "metadata.namespace".
-    For azure they are also always the same due to consistent api.
+    For AZURE they are also always the same due to consistent api.
     For AWS, GOOGLE we must retrieve these values for each resource type
     """
     class Fields(TypedDict, total=False):
@@ -225,7 +225,7 @@ def _extend_resources(self, resources: list[dict], rt: str):
                 val = json_path_get(res, path)
                 if not val:
                     continue
-                res[field] = val
+                res.setdefault(field, val)
 
     def iter_raw(self, with_resources: bool = False
                  ) -> Generator[RegionRuleOutput, None, None]:
@@ -244,21 +244,11 @@ def resolve_azure_locations(it: Iterable[RegionRuleOutput]
                                 ) -> Generator[RegionRuleOutput, None, None]:
         """
         The thing is: Custodian Custom Core cannot scan Azure
-        region-dependently. A rule covers the whole subscription
-        (or whatever, I don't know) and then each found resource has
-        'location' field with its real location.
+        region-dependently. A rule covers the whole subscription and then
+        each found resource has 'location' field with its real location.
         In order to adhere to AWS logic, when a user wants to receive
         reports only for regions he activated, we need to filter out only
         appropriate resources.
-        Also note that Custom Core has such a thing as `AzureCloud`. From
-        my point of view it's like a mock for every region (because,
-        I believe, in the beginning Core was designed for AWS and therefore
-        there are regions). With the current scanner implementation
-        (3.3.1) incoming `detailed_report` will always have one key:
-        `AzureCloud` with a list of all the scanned rules. We must remap it.
-        All the resources that does not contain
-        'location' will be congested to 'multiregion' region.
-        :return:
         """
         for _, rule, metadata, resources in it:
             if resources is None or not resources: