[feat] Resource detail: add the failing checks as part of the resource (

#186)

fixbackend/inventory/inventory_client.py

@@ -148,7 +148,7 @@ async def benchmarks(
         raise_on_error(response, ("application/json",))
         return cast(List[Json], response.json())
 
-    async def issues(
+    async def checks(
         self,
         access: GraphDatabaseAccess,
         *,

fixbackend/inventory/inventory_service.py

@@ -180,7 +180,9 @@ async def neighborhood(cmd: str) -> List[JsonElement]:
         )
         cmd = f"search --with-edges id({resource_id}) <-[0:2]-> | jq --no-rewrite '{jq_arg}'"
         resource, nb = await asyncio.gather(self.client.resource(db, id=resource_id), neighborhood(cmd))
-        return dict(resource=resource, neighborhood=nb)
+        check_ids = [sc["check"] for sc in (value_in_path(resource, ["security", "issues"]) or [])]
+        checks = await self.client.checks(db, check_ids=check_ids) if check_ids else []
+        return dict(resource=resource, failing_checks=checks, neighborhood=nb)
 
     async def summary(self, db: GraphDatabaseAccess) -> ReportSummary:
         async def issues_since(
@@ -269,10 +271,10 @@ async def benchmark_summary() -> Tuple[BenchmarkById, ChecksByBenchmarkId]:
             return summaries, benchmark_checks
 
         async def top_issues(checks_by_severity: Dict[str, Set[str]], num: int) -> List[Json]:
-            checks = dict_values_by(checks_by_severity, lambda x: ReportSeverityPriority[x])
-            top = list(islice(checks, num))
-            issues = await self.client.issues(db, check_ids=top)
-            return sorted(issues, key=lambda x: ReportSeverityPriority[x.get("severity", "info")], reverse=True)
+            check_ids = dict_values_by(checks_by_severity, lambda x: ReportSeverityPriority[x])
+            top = list(islice(check_ids, num))
+            checks = await self.client.checks(db, check_ids=top)
+            return sorted(checks, key=lambda x: ReportSeverityPriority[x.get("severity", "info")], reverse=True)
 
         def bench_account_score(failing_checks: Dict[str, int], benchmark_checks: Dict[str, int]) -> int:
             # Compute the score of an account with respect to a benchmark

tests/fixbackend/conftest.py

@@ -323,6 +323,22 @@ def azure_virtual_machine_resource_json() -> Json:
             "account": {"reported": {"name": "/subscriptions/test", "id": "/subscriptions/test"}},
             "region": {"reported": {"name": "westeurope", "id": "/subscriptions/test/locations/westeurope"}},
         },
+        "security": {
+            "issues": [
+                {
+                    "benchmark": "azure_cis_1_1_1",
+                    "check": "aws_c1",
+                    "severity": "medium",
+                    "opened_at": "2023-11-15T15:44:41Z",
+                    "run_id": "foo",
+                }
+            ],
+            "opened_at": "2023-11-15T15:44:41Z",
+            "reopen_counter": 1,
+            "run_id": "foo",
+            "has_issues": True,
+            "severity": "medium",
+        },
     }
 
 

tests/fixbackend/inventory/inventory_service_test.py

@@ -247,6 +247,9 @@ async def test_resource(
     res = await inventory_service.resource(db, NodeId("some_node_id"))
     assert res["neighborhood"] == neighborhood
     assert res["resource"] == azure_virtual_machine_resource_json
+    assert len(res["resource"]["security"]["issues"]) == 1  # resource has one issue
+    assert len(res["failing_checks"]) == 1  # one failing check is loaded
+    assert res["failing_checks"][0]["id"] == res["resource"]["security"]["issues"][0]["check"]  # check id is the same
 
 
 @pytest.mark.asyncio