add index on control_id for node CloudComplianceControl

deepfence · Jul 9, 2024 · ac4f165 · ac4f165
1 parent 6dce463
commit ac4f165
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 7 deletions.
diff --git a/deepfence_server/handler/scan_reports.go b/deepfence_server/handler/scan_reports.go
@@ -1319,20 +1319,23 @@ func (h *Handler) CountCloudComplianceScanResultsGroupHandler(w http.ResponseWri
 	session := driver.NewSession(ctx, neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead})
 	defer session.Close(ctx)
 
-	tx, err := session.BeginTransaction(ctx, neo4j.WithTxTimeout(30*time.Second))
+	tx, err := session.BeginTransaction(ctx, neo4j.WithTxTimeout(120*time.Second))
 	if err != nil {
 		log.Error().Msgf("%v", err)
 		h.respondError(err, w)
 	}
 	defer tx.Close(ctx)
 
 	query := `
-	MATCH (n:CloudComplianceScan{node_id: $scan_id})-[:DETECTED]-(c:CloudCompliance) ` +
-		reporters.ParseFieldFilters2CypherWhereConditions("c", mo.Some(req.FieldsFilter), true) +
+	MATCH (n:CloudComplianceScan{node_id: $scan_id})-[:DETECTED]-(c:CloudCompliance)
+	` + reporters.ParseFieldFilters2CypherWhereConditions("c", mo.Some(req.FieldsFilter), true) +
 		`
-		WITH n,c
+	CALL {
+		WITH c
 		MATCH (e:CloudComplianceControl{control_id:c.full_control_id})
-		RETURN c.full_control_id as control_id, collect(c.status) as status, COLLECT(DISTINCT e.compliance_type) as compliance_type, e.title as title
+		RETURN COLLECT(DISTINCT e.compliance_type) as compliance_type
+	}
+	RETURN c.full_control_id as control_id, collect(c.status) as status, compliance_type, c.title as title
 	`
 
 	log.Debug().Msgf("Count Cloud ComplianceScan Results Group Handler query: %s", query)

diff --git a/deepfence_server/reporters/lookup/lookup.go b/deepfence_server/reporters/lookup/lookup.go
@@ -341,10 +341,10 @@ func getGenericDirectNodeReport[T reporters.Cypherable](ctx context.Context, fil
 			}
 			RETURN ` + reporters.FieldFilterCypher("n", filter.InFieldFilter) + `, e, resources`
 	}
+
 	log.Debug().Msgf("query: %s", query)
-	r, err = tx.Run(ctx, query,
-		map[string]interface{}{"ids": filter.NodeIds})
 
+	r, err = tx.Run(ctx, query, map[string]interface{}{"ids": filter.NodeIds})
 	if err != nil {
 		return res, err
 	}

diff --git a/deepfence_worker/cronscheduler/init_neo4j.go b/deepfence_worker/cronscheduler/init_neo4j.go
@@ -90,6 +90,8 @@ func initNeo4jDatabase(ctx context.Context) error {
 	RunDisplayError(ctx, session, "CREATE INDEX CloudResourceDepth IF NOT EXISTS FOR (n:CloudResource) ON (n.depth)")
 	RunDisplayError(ctx, session, "CREATE INDEX CloudResourceLinked IF NOT EXISTS FOR (n:CloudResource) ON (n.linked)")
 
+	RunDisplayError(ctx, session, "CREATE INDEX CloudComplianceControlByControlID IF NOT EXISTS FOR (n:CloudComplianceControl) ON (n.control_id)")
+
 	//Set the base updated_at field on the ALIAS relationship
 	RunDisplayError(ctx, session, "WITH TIMESTAMP() as T MATCH(:ContainerImage) -[a:ALIAS]-> (:ImageTag) WHERE a.updated_at IS NULL SET a.updated_at=T")