Skip to content

Commit

Permalink
ESC 6B Edge Composition (#379)
Browse files Browse the repository at this point in the history
* handler for 6b composition is done

* cue file for composition

* graph schema

* 6bpath3, 6apath4 updated to have optional group membership

* add test coverage for 6b edge comp

* clean up comments
  • Loading branch information
brandonshearin authored Feb 2, 2024
1 parent ab2ba1f commit 6f1afda
Show file tree
Hide file tree
Showing 6 changed files with 386 additions and 5 deletions.
50 changes: 50 additions & 0 deletions cmd/api/src/analysis/ad/adcs_integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1485,6 +1485,56 @@ func TestADCSESC6b(t *testing.T) {

}

// run edge composition against the group1 node which has an outbound esc 6b edge
if edge, err := tx.Relationships().Filterf(
func() graph.Criteria {
return query.And(
query.Kind(query.Relationship(), ad.ADCSESC6b),
query.Equals(query.StartProperty(common.Name.String()), "Group1"),
)
}).First(); err != nil {
t.Fatalf("error fetching esc6b edge in integration test: %v", err)
} else {
composition, err := ad2.GetADCSESC6bEdgeComposition(context.Background(), db, edge)
require.Nil(t, err)

require.Equal(t, 8, len(composition.AllNodes()))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.Group0))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.Group1))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.CertTemplate1))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.EnterpriseCA))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.RootCA))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.NTAuthStore))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.DC))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.Domain))

}

// run edge composition against the group2 node which has an outbound esc 6b edge
if edge, err := tx.Relationships().Filterf(
func() graph.Criteria {
return query.And(
query.Kind(query.Relationship(), ad.ADCSESC6b),
query.Equals(query.StartProperty(common.Name.String()), "Group2"),
)
}).First(); err != nil {
t.Fatalf("error fetching esc6b edge in integration test: %v", err)
} else {
composition, err := ad2.GetADCSESC6bEdgeComposition(context.Background(), db, edge)
require.Nil(t, err)

require.Equal(t, 8, len(composition.AllNodes()))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.Group0))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.Group2))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.CertTemplate2))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.EnterpriseCA))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.RootCA))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.NTAuthStore))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.DC))
require.True(t, composition.AllNodes().Contains(harness.ESC6bTemplate1Harness.Domain))

}

return nil
})
})
Expand Down
1 change: 1 addition & 0 deletions packages/cue/bh/ad/ad.cue
Original file line number Diff line number Diff line change
Expand Up @@ -1179,6 +1179,7 @@ EdgeCompositionRelationships: [
ADCSESC1,
ADCSESC3,
ADCSESC6a,
ADCSESC6b,
ADCSESC9a,
ADCSESC10a,
]
15 changes: 10 additions & 5 deletions packages/go/analysis/ad/ad.go
Original file line number Diff line number Diff line change
Expand Up @@ -556,6 +556,12 @@ func GetEdgeCompositionPath(ctx context.Context, db graph.Database, edge *graph.
} else {
pathSet = results
}
} else if edge.Kind == ad.ADCSESC6b {
if results, err := GetADCSESC6bEdgeComposition(ctx, db, edge); err != nil {
return err
} else {
pathSet = results
}
} else if edge.Kind == ad.ADCSESC9a {
if results, err := GetADCSESC9aEdgeComposition(ctx, db, edge); err != nil {
return err
Expand Down Expand Up @@ -724,11 +730,10 @@ func ADCSESC6aPath3Pattern(domainId graph.ID, enterpriseCAs, candidateTemplates

func ADCSESC6aPath4Pattern(domainId graph.ID, enterpriseCAs cardinality.Duplex[uint32]) traversal.PatternContinuation {
return traversal.NewPattern().
Outbound(
query.And(
query.Kind(query.Relationship(), ad.MemberOf),
query.Kind(query.End(), ad.Group),
)).
OutboundWithDepth(0, 0, query.And(
query.Kind(query.Relationship(), ad.MemberOf),
query.Kind(query.End(), ad.Group),
)).
Outbound(query.And(
query.KindIn(query.Relationship(), ad.Enroll),
query.KindIn(query.End(), ad.EnterpriseCA),
Expand Down
Loading

0 comments on commit 6f1afda

Please sign in to comment.