From e570b41ab02d7454c9a33adf5c56aaef66c06de1 Mon Sep 17 00:00:00 2001 From: Mistah J <26472282+mistahj67@users.noreply.github.com> Date: Wed, 7 Aug 2024 12:54:07 -0700 Subject: [PATCH] chore: swap app config defaults to schema.sql --- cmd/api/src/database/migration/app_config.go | 77 ------------------- cmd/api/src/database/migration/migration.go | 4 - .../database/migration/migrations/schema.sql | 19 +++++ 3 files changed, 19 insertions(+), 81 deletions(-) delete mode 100644 cmd/api/src/database/migration/app_config.go diff --git a/cmd/api/src/database/migration/app_config.go b/cmd/api/src/database/migration/app_config.go deleted file mode 100644 index b8df175e9e..0000000000 --- a/cmd/api/src/database/migration/app_config.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2023 Specter Ops, Inc. -// -// Licensed under the Apache License, Version 2.0 -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// SPDX-License-Identifier: Apache-2.0 - -package migration - -import ( - "fmt" - - "github.com/specterops/bloodhound/log" - "github.com/specterops/bloodhound/src/model/appcfg" - "gorm.io/gorm" -) - -func (s *Migrator) setAppConfigDefaults() error { - if err := s.setParameterDefaults(); err != nil { - return err - } - - return s.setFeatureFlagDefaults() -} - -func (s *Migrator) setFeatureFlagDefaults() error { - return s.DB.Transaction(func(tx *gorm.DB) error { - for flagKey, availableFlag := range appcfg.AvailableFlags() { - count := int64(0) - - if result := tx.Model(&appcfg.FeatureFlag{}).Where("key = ?", flagKey).Count(&count); count == 0 { - if result := tx.Create(&availableFlag); result.Error != nil { - return fmt.Errorf("error creating feature flag %s: %w", flagKey, result.Error) - } - - log.Infof("Feature flag %s created", flagKey) - } else if result.Error != nil { - return fmt.Errorf("error looking up existing feature flag %s: %w", flagKey, result.Error) - } - } - - return nil - }) -} - -func (s *Migrator) setParameterDefaults() error { - return s.DB.Transaction(func(tx *gorm.DB) error { - if availParams, err := appcfg.AvailableParameters(); err != nil { - return fmt.Errorf("error checking AvailableParameters: %w", err) - } else { - for parameterKey, availableParameter := range availParams { - count := int64(0) - - if result := tx.Model(&appcfg.Parameter{}).Where("key = ?", parameterKey).Count(&count); count == 0 { - if result := tx.Create(&availableParameter); result.Error != nil { - return fmt.Errorf("error setting configuration parameter %s(%s): %w", parameterKey, availableParameter.Name, result.Error) - } - - log.Infof("Configuration parameter %s created", parameterKey) - } else if result.Error != nil { - return fmt.Errorf("error looking up existing feature flag %s: %w", parameterKey, result.Error) - } - } - - return nil - } - }) -} diff --git a/cmd/api/src/database/migration/migration.go b/cmd/api/src/database/migration/migration.go index 28b95304c8..c37e419c1e 100644 --- a/cmd/api/src/database/migration/migration.go +++ b/cmd/api/src/database/migration/migration.go @@ -62,9 +62,5 @@ func (s *Migrator) Migrate() error { return fmt.Errorf("failed to execute stepwise migrations: %w", err) } - if err := s.setAppConfigDefaults(); err != nil { - return err - } - return nil } diff --git a/cmd/api/src/database/migration/migrations/schema.sql b/cmd/api/src/database/migration/migrations/schema.sql index 93fbad6858..b704624d44 100644 --- a/cmd/api/src/database/migration/migrations/schema.sql +++ b/cmd/api/src/database/migration/migrations/schema.sql @@ -670,3 +670,22 @@ INSERT INTO roles_permissions (role_id, permission_id) VALUES ((SELECT id FROM r INSERT INTO roles_permissions (role_id, permission_id) VALUES ((SELECT id FROM roles WHERE roles.name = 'Read-Only'), (SELECT id FROM permissions WHERE permissions.authority = 'graphdb' and permissions.name = 'Read')); INSERT INTO roles_permissions (role_id, permission_id) VALUES ((SELECT id FROM roles WHERE roles.name = 'Upload-Only'), (SELECT id FROM permissions WHERE permissions.authority = 'clients' and permissions.name = 'Tasking')); INSERT INTO roles_permissions (role_id, permission_id) VALUES ((SELECT id FROM roles WHERE roles.name = 'Upload-Only'), (SELECT id FROM permissions WHERE permissions.authority = 'graphdb' and permissions.name = 'Write')); + +-- Populate feature_flags table + +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (1, current_timestamp, current_timestamp, 'dark_mode', 'Dark Mode', 'Allows users to enable or disable dark mode via a toggle in the settings menu', false, true); +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (2, current_timestamp, current_timestamp, 'enable_saml_sso', 'SAML Single Sign-On Support', 'Enables SSO authentication flows and administration panels to third party SAML identity providers.', true, false); +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (3, current_timestamp, current_timestamp, 'scope_collection_by_ou', 'Enable SharpHound OU Scoped Collections', 'Enables scoping SharpHound collections to specific lists of OUs.', true, false); +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (4, current_timestamp, current_timestamp, 'clear_graph_data', 'Clear Graph Data', 'Enables the ability to delete all nodes and edges from the graph database.', true, false); +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (5, current_timestamp, current_timestamp, 'fedramp_eula', 'FedRAMP EULA', 'Enables showing the FedRAMP EULA on every login. (Enterprise only)', false, false); +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (6, current_timestamp, current_timestamp, 'adcs', 'Enable collection and processing of Active Directory Certificate Services Data', 'Enables the ability to collect, analyze, and explore Active Directory Certificate Services data and previews new attack paths.', false, false); +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (7, current_timestamp, current_timestamp, 'risk_exposure_new_calculation', 'Use new tier zero risk exposure calculation', 'Enables the use of new tier zero risk exposure metatree metrics.', false, false); +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (8, current_timestamp, current_timestamp, 'butterfly_analysis', 'Enhanced Asset Inbound-Outbound Exposure Analysis', 'Enables more extensive analysis of attack path findings that allows BloodHound to help the user prioritize remediation of the most exposed assets.', false, false); +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (9, current_timestamp, current_timestamp, 'azure_support', 'Enable Azure Support', 'Enables Azure support.', true, false); +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (10, current_timestamp, current_timestamp, 'reconciliation', 'Reconciliation', 'Enables Reconciliation', true, false); +INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (11, current_timestamp, current_timestamp, 'entity_panel_cache', 'Enable application level caching', 'Enables the use of application level caching for entity panel queries', true, false); + +-- Populate parameters table + +INSERT INTO parameters (key, name, description, value, id, created_at, updated_at) VALUES ('auth.password_expiration_window', 'Local Auth Password Expiry Window', 'This configuration parameter sets the local auth password expiry window for users that have valid auth secrets. Values for this configuration must follow the duration specification of ISO-8601.', '{"duration": "P90D"}', 1, current_timestamp, current_timestamp); +INSERT INTO parameters (key, name, description, value, id, created_at, updated_at) VALUES ('neo4j.configuration', 'Neo4j Configuration Parameters', 'This configuration parameter sets the BatchWriteSize and the BatchFlushSize for Neo4J.', '{"batch_write_size": 20000, "write_flush_size": 100000}', 2, current_timestamp, current_timestamp);