Skip to content

chore: remove unused rule_num and direct rule zone columns#4785

Draft
tpurschke wants to merge 12 commits into
CactuseSecurity:developfrom
tpurschke:chore/remove-unused-rule-num
Draft

chore: remove unused rule_num and direct rule zone columns#4785
tpurschke wants to merge 12 commits into
CactuseSecurity:developfrom
tpurschke:chore/remove-unused-rule-num

Conversation

@tpurschke

@tpurschke tpurschke commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Removes two sets of deprecated, unused rule columns that nothing in the product reads.

Closes #4789

  • rule_num — a NOT NULL column that nothing read for sorting or display; rule ordering is handled consistently by rule_num_numeric. Its only consumer was a single GraphQL fetch landing in the C# Rule.RuleOrderNumber property, which had zero readers.
  • rule_from_zone / rule_to_zone — direct integer zone columns on rule. Rule zones are represented by the rule_from_zone and rule_to_zone link tables (like the other _resolved tables); the direct columns were never populated meaningfully and had no live readers.

This PR removes all three columns and their now-dead references across every layer.

Changes by layer

  • Database
    • Drop the three columns from the rule table creation schema
    • Remove the columns (and the rule_from_zone/rule_to_zone FKs + indices) from foreign-keys, indices, and the delete-cascade maintenance script
    • Remove rule_num, rule_from_zone, rule_to_zone from the rule_api view and v_active_access_allow_rules / view_rule_with_owner (idempotent funcs / materialized views)
    • New upgrade script 9.1.10.sql: drops the dependent views/functions (CASCADE), drops the columns, then the idempotent scripts recreate the views without the columns afterward (upgrade SQL runs before idempotent funcs)
    • Bump product_version to 9.1.10 + a single revision-history entry
  • Hasura — remove rule_num, rule_from_zone, rule_to_zone select_permissions and the direct src_zone/dst_zone/zone/rules relationships that depended on the columns, across all roles
  • GraphQL — remove the fields from ruleOverview, getTimeBasedRulesByOwner, getRulesByIdWithRefUids, getManagementForNormalizedConfig, getManagementForLatestNormalizedConfig; update the HelpApiFwoQuery example to use the rule_from_zones / rule_to_zones link tables
  • C# — remove Rule.RuleOrderNumber and NormalizedRule.RuleNum (+ mappings); update ExportTest expected JSON
  • Python importer — remove rule_num (and the direct zone fields) from the rule models, the insert path, and the comparison exclude sets; drop rule_num=0 from the vendor normalizers (cp, fortios, fortiadom, asa); update tests + sample config docs

Validation

  • ruff check / ruff format clean; python -m compileall clean; pyright clean
  • 229 Python tests pass
  • dotnet build — 0 warnings / 0 errors
  • 2043 C# tests pass

Notes

  • This is an upgrade-impacting schema change. The fwo_test_installation end-to-end install/upgrade check has not been run yet.
  • Coordinate merge order with v9.2.1 migrate firewall tables to firewall schema (#4793, DB layer) #4796 (firewall schema migration): that PR recreates rule_num / rule_from_zone / rule_to_zone in the new firewall.rule table, so whichever lands second must reconcile these column removals.

🤖 Generated with Claude Code

@tpurschke @claude
chore: remove unused rule.rule_num column
8b83b22 
Rule ordering is handled consistently by rule_num_numeric. The rule_num
column was NOT NULL but never read for sorting or display; it is dropped
across all layers (DB, Hasura, GraphQL, C#, importer, docs, tests).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@tpurschke tpurschke self-assigned this Jun 19, 2026
tpurschke and others added 6 commits June 19, 2026 16:51
@tpurschke
Merge branch 'develop' into chore/remove-unused-rule-num
8985e2d
@tpurschke
remove rule_from/to_zone fields as well
6e44928
@tpurschke
Merge branch 'develop' of https://github.com/CactuseSecurity/firewall…
754f3fb 
…-orchestrator into chore/remove-unused-rule-num
@tpurschke
new upgrade file
f4124f0
@tpurschke
Merge branch 'develop' into chore/remove-unused-rule-num
da2aec5
@tpurschke @claude
docs: tidy revision history and upgrade script
5a5c56d 
Consolidate the rule_num and rule zone-column removals into a single
9.1.10 revision-history entry (drops the duplicate 9.1.10 block and the
stray 9.1.9 header that collided with the existing request-workflow
9.1.9), and remove the redundant duplicate get_rulebase_for_owner drop
in 9.1.10.sql.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@tpurschke tpurschke changed the title chore: remove unused rule.rule_num column chore: remove unused rule_num and direct rule zone columns Jun 21, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jun 22, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@tpurschke tpurschke

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tpurschke