fix: resolve 6 reporting issues - SQL schema mismatches, duplicate type, UI dropdown, chart scale, CSV error handling

1. Compliance CSV/PDF: Replace non-existent pd.total_packages with jsonb_array_length(pd.installed_packages) and pd.pending_patches with pd.patch_count. Fix GROUP BY to match new columns. 2. Vulnerability CSV/PDF: Replace non-existent pd.cve_data with jsonb_array_elements on pd.available_patches JSONB, extracting cve_ids via nested lateral join. Replace pd.updated_at with pd.polled_at (actual column name). 3. TypeScript: Remove duplicate PollingConfig interface declaration in frontend/src/types/index.ts. 4. ReportsPage: Replace Group ID text field with Select dropdown populated from GET /api/v1/groups, showing group names instead of requiring UUID input. 5. PDF charts: Increase embed_image scale from 0.18 to 0.28 for better visibility on A4 landscape pages. 6. Vulnerability CSV: Remove invalid (no data) comment row on query failure; return header-only CSV instead to maintain valid CSV format.
2026-05-12 19:59:03 +00:00
parent 4c300087f2
commit 2bbc03b937
5 changed files with 77 additions and 71 deletions
--- a/crates/pm-reports/src/csv.rs
+++ b/crates/pm-reports/src/csv.rs
@ -27,10 +27,10 @@ SELECT
    h.fqdn,
    h.health_status::text AS health_status,
    h.last_patch_at,
-    COALESCE(pd.total_packages, 0)  AS total_packages,
-    COALESCE(pd.pending_patches, 0) AS pending_patches,
-    CASE WHEN COALESCE(pd.total_packages,0) = 0 THEN 100.0
-         ELSE ROUND((1.0 - pd.pending_patches::float / NULLIF(pd.total_packages,0)) * 100, 1)
+    COALESCE(jsonb_array_length(pd.installed_packages), 0)  AS total_packages,
+    COALESCE(pd.patch_count, 0) AS pending_patches,
+    CASE WHEN COALESCE(jsonb_array_length(pd.installed_packages), 0) = 0 THEN 100.0
+         ELSE ROUND((1.0 - pd.patch_count::float / NULLIF(jsonb_array_length(pd.installed_packages), 0)) * 100, 1)
    END AS compliance_pct,
    COALESCE(string_agg(DISTINCT g.name, ', '), '') AS group_names
 FROM hosts h
@ -40,7 +40,7 @@ LEFT JOIN groups g ON g.id = hg.group_id
 WHERE h.id IN (
    SELECT host_id FROM host_groups WHERE group_id = $1
 )
-GROUP BY h.id, pd.total_packages, pd.pending_patches
+GROUP BY h.id, pd.installed_packages, pd.patch_count
 ORDER BY compliance_pct ASC
 ",
        )
@ -57,17 +57,17 @@ SELECT
    h.fqdn,
    h.health_status::text AS health_status,
    h.last_patch_at,
-    COALESCE(pd.total_packages, 0)  AS total_packages,
-    COALESCE(pd.pending_patches, 0) AS pending_patches,
-    CASE WHEN COALESCE(pd.total_packages,0) = 0 THEN 100.0
-         ELSE ROUND((1.0 - pd.pending_patches::float / NULLIF(pd.total_packages,0)) * 100, 1)
+    COALESCE(jsonb_array_length(pd.installed_packages), 0)  AS total_packages,
+    COALESCE(pd.patch_count, 0) AS pending_patches,
+    CASE WHEN COALESCE(jsonb_array_length(pd.installed_packages), 0) = 0 THEN 100.0
+         ELSE ROUND((1.0 - pd.patch_count::float / NULLIF(jsonb_array_length(pd.installed_packages), 0)) * 100, 1)
    END AS compliance_pct,
    COALESCE(string_agg(DISTINCT g.name, ', '), '') AS group_names
 FROM hosts h
 LEFT JOIN host_patch_data pd ON pd.host_id = h.id
 LEFT JOIN host_groups hg ON hg.host_id = h.id
 LEFT JOIN groups g ON g.id = hg.group_id
-GROUP BY h.id, pd.total_packages, pd.pending_patches
+GROUP BY h.id, pd.installed_packages, pd.patch_count
 ORDER BY compliance_pct ASC
 ",
        )
@ -220,19 +220,19 @@ SELECT
    h.id::text        AS host_id,
    h.display_name,
    h.fqdn,
-    cve.cve_id,
-    cve.package_name,
-    cve.severity,
-    cve.available_version,
-    pd.updated_at     AS last_seen_at
+    cve_id,
+    patch->>'name'    AS package_name,
+    patch->>'severity' AS severity,
+    patch->>'available_version' AS available_version,
+    pd.polled_at      AS last_seen_at
 FROM hosts h
 JOIN host_patch_data pd ON pd.host_id = h.id
-CROSS JOIN LATERAL jsonb_to_recordset(COALESCE(pd.cve_data, '[]'::jsonb))
-  AS cve(cve_id text, package_name text, severity text, available_version text)
-WHERE ($1::timestamptz IS NULL OR pd.updated_at >= $1)
-  AND ($2::timestamptz IS NULL OR pd.updated_at <= $2)
+CROSS JOIN LATERAL jsonb_array_elements(COALESCE(pd.available_patches, '[]'::jsonb)) AS patch
+CROSS JOIN LATERAL jsonb_array_elements_text(COALESCE(patch->'cve_ids', '[]'::jsonb)) AS cve_id
+WHERE ($1::timestamptz IS NULL OR pd.polled_at >= $1)
+  AND ($2::timestamptz IS NULL OR pd.polled_at <= $2)
 ORDER BY
-    CASE cve.severity
+    CASE patch->>'severity'
        WHEN 'critical' THEN 1
        WHEN 'high'     THEN 2
        WHEN 'medium'   THEN 3
@ -274,18 +274,8 @@ ORDER BY
            }
        },
        Err(e) => {
-            tracing::warn!(error = %e, "vulnerability query failed — returning empty rows");
-            // write a comment row indicating empty data
-            wtr.write_record(&[
-                "(no data)",
-                "",
-                "",
-                "",
-                "",
-                "",
-                "",
-                &format!("query error: {}", e),
-            ])?;
+            tracing::warn!(error = %e, "vulnerability query failed — returning header-only CSV");
+            // Return header-only CSV (no invalid comment rows)
        },
    }

--- a/crates/pm-reports/src/pdf.rs
+++ b/crates/pm-reports/src/pdf.rs
@ -250,15 +250,15 @@ async fn compliance_pdf(pool: &sqlx::PgPool, params: &ReportParams) -> anyhow::R
        sqlx::query(
            "
 SELECT h.display_name, h.fqdn,
-    COALESCE(pd.total_packages,0) AS total_packages,
-    COALESCE(pd.pending_patches,0) AS pending_patches,
-    CASE WHEN COALESCE(pd.total_packages,0)=0 THEN 100.0
-         ELSE ROUND((1.0-pd.pending_patches::float/NULLIF(pd.total_packages,0))*100,1)
+    COALESCE(jsonb_array_length(pd.installed_packages),0) AS total_packages,
+    COALESCE(pd.patch_count,0) AS pending_patches,
+    CASE WHEN COALESCE(jsonb_array_length(pd.installed_packages),0)=0 THEN 100.0
+         ELSE ROUND((1.0-pd.patch_count::float/NULLIF(jsonb_array_length(pd.installed_packages),0))*100,1)
    END AS compliance_pct,
    h.health_status::text AS health_status
 FROM hosts h LEFT JOIN host_patch_data pd ON pd.host_id=h.id
 WHERE h.id IN (SELECT host_id FROM host_groups WHERE group_id=$1)
-GROUP BY h.id,pd.total_packages,pd.pending_patches
+GROUP BY h.id, pd.installed_packages, pd.patch_count
 ORDER BY compliance_pct ASC",
        )
        .bind(gid)
@ -269,14 +269,14 @@ ORDER BY compliance_pct ASC",
        sqlx::query(
            "
 SELECT h.display_name, h.fqdn,
-    COALESCE(pd.total_packages,0) AS total_packages,
-    COALESCE(pd.pending_patches,0) AS pending_patches,
-    CASE WHEN COALESCE(pd.total_packages,0)=0 THEN 100.0
-         ELSE ROUND((1.0-pd.pending_patches::float/NULLIF(pd.total_packages,0))*100,1)
+    COALESCE(jsonb_array_length(pd.installed_packages),0) AS total_packages,
+    COALESCE(pd.patch_count,0) AS pending_patches,
+    CASE WHEN COALESCE(jsonb_array_length(pd.installed_packages),0)=0 THEN 100.0
+         ELSE ROUND((1.0-pd.patch_count::float/NULLIF(jsonb_array_length(pd.installed_packages),0))*100,1)
    END AS compliance_pct,
    h.health_status::text AS health_status
 FROM hosts h LEFT JOIN host_patch_data pd ON pd.host_id=h.id
-GROUP BY h.id,pd.total_packages,pd.pending_patches
+GROUP BY h.id, pd.installed_packages, pd.patch_count
 ORDER BY compliance_pct ASC",
        )
        .fetch_all(pool)
@ -333,7 +333,7 @@ ORDER BY compliance_pct ASC",
            Ok((raw, w, h)) => {
                pdf.new_page();
                pdf.write_text("Compliance Chart", 16.0, MARGIN, 200.0, true);
-                if let Err(e) = pdf.embed_image(raw, w, h, MARGIN, 10.0, 0.18, 0.18) {
+                if let Err(e) = pdf.embed_image(raw, w, h, MARGIN, 10.0, 0.28, 0.28) {
                    tracing::warn!(error = %e, "chart embed failed");
                }
            },
@ -432,7 +432,7 @@ ORDER BY pjh.started_at DESC",
            Ok((raw, w, h)) => {
                pdf.new_page();
                pdf.write_text("Patch Activity Chart", 16.0, MARGIN, 200.0, true);
-                if let Err(e) = pdf.embed_image(raw, w, h, MARGIN, 10.0, 0.18, 0.18) {
+                if let Err(e) = pdf.embed_image(raw, w, h, MARGIN, 10.0, 0.28, 0.28) {
                    tracing::warn!(error = %e, "chart embed failed");
                }
            },
@ -451,14 +451,17 @@ async fn vulnerability_pdf(pool: &sqlx::PgPool, params: &ReportParams) -> anyhow
    // Query DB FIRST (before creating any non-Send PdfBuilder)
    let query_result = sqlx::query("
 SELECT h.display_name, h.fqdn,
-    cve.cve_id, cve.package_name, cve.severity, cve.available_version,
-    pd.updated_at AS last_seen_at
+    cve_id,
+    patch->>'name' AS package_name,
+    patch->>'severity' AS severity,
+    patch->>'available_version' AS available_version,
+    pd.polled_at AS last_seen_at
 FROM hosts h JOIN host_patch_data pd ON pd.host_id=h.id
-CROSS JOIN LATERAL jsonb_to_recordset(COALESCE(pd.cve_data,'[]'::jsonb))
-  AS cve(cve_id text,package_name text,severity text,available_version text)
-WHERE ($1::timestamptz IS NULL OR pd.updated_at>=$1)
-  AND ($2::timestamptz IS NULL OR pd.updated_at<=$2)
-ORDER BY CASE cve.severity WHEN 'critical' THEN 1 WHEN 'high' THEN 2 WHEN 'medium' THEN 3 ELSE 4 END,
+CROSS JOIN LATERAL jsonb_array_elements(COALESCE(pd.available_patches,'[]'::jsonb)) AS patch
+CROSS JOIN LATERAL jsonb_array_elements_text(COALESCE(patch->'cve_ids','[]'::jsonb)) AS cve_id
+WHERE ($1::timestamptz IS NULL OR pd.polled_at>=$1)
+  AND ($2::timestamptz IS NULL OR pd.polled_at<=$2)
+ORDER BY CASE patch->>'severity' WHEN 'critical' THEN 1 WHEN 'high' THEN 2 WHEN 'medium' THEN 3 ELSE 4 END,
    h.display_name")
        .bind(params.from).bind(params.to).fetch_all(pool).await;
    // Now create PdfBuilder (non-Send Rc types) after all awaits