From ccb33b4c64b79f188fb02265d00e98209417f1e4 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Thu, 6 Jul 2023 23:27:06 +0100 Subject: [PATCH 1/7] Add email patch method Annotate Getters and Hibernate and Jackson weren't playing nice resulting in errors like - ``` com.fasterxml.jackson.databind.JsonMappingException: Unable to perform requested lazy initialization [com.redhat.pctsec.model.ScanRequests.globalScanProperties] - session is closed and settings disallow loading outside the Session (through reference chain: com.redhat.pctsec.model.Scan["scanRequests"]->com.redhat.pctsec.model.ScanRequests["globalScanProperties"]) ``` Rearrange fields above methods in Scan --- .../java/com/redhat/pctsec/model/Scan.java | 96 ++++++++++--------- .../com/redhat/pctsec/model/ScanRequests.java | 11 ++- .../pctsec/rest/v1alpha1/ScanResource.java | 14 +++ 3 files changed, 76 insertions(+), 45 deletions(-) diff --git a/src/main/java/com/redhat/pctsec/model/Scan.java b/src/main/java/com/redhat/pctsec/model/Scan.java index a1e3daa..8e16131 100644 --- a/src/main/java/com/redhat/pctsec/model/Scan.java +++ b/src/main/java/com/redhat/pctsec/model/Scan.java @@ -1,6 +1,7 @@ package com.redhat.pctsec.model; import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonProperty; import jakarta.persistence.*; import jakarta.transaction.Transactional; import jakarta.validation.constraints.Email; @@ -17,6 +18,50 @@ enum ScanState { @Entity public class Scan { + @Id + @GeneratedValue(strategy = GenerationType.AUTO) + public UUID id; + + + /* + @OneToOne + @NotNull + @JoinColumn(name = "product_id", referencedColumnName = "id") + private String productName; + */ + @Column(name="proudct_name") + private String productName; + + //@Temporal(TemporalType.TIMESTAMP) + + @CreationTimestamp + @JsonIgnore + @Column(name="creation_timestamp") + //@NotNull + private Instant creationTimestamp; + + @UpdateTimestamp + @JsonIgnore + @Column(name="update_timestamp") + //@NotNull + private Instant updateTimestamp; + + @Column(name="state") + @Enumerated(EnumType.STRING) + private ScanState state; + + @Column(name="requestor") + @NotNull + private String requestor; + + @Column(name="report_email") + @Email + private String email; + + @OneToOne(cascade = CascadeType.ALL, fetch=FetchType.LAZY) + @JoinColumn(name = "scan_requests_id", referencedColumnName = "id") + public ScanRequests scanRequests; + public Scan() { this.scanRequests = new ScanRequests(); } @@ -53,7 +98,14 @@ public class Scan { this.requestor = requestor; } + @JsonProperty("email") + @Access(AccessType.PROPERTY) + @Email public String getEmail() { + if(email != null) + return email; + if(getRequestor() != null) + return getRequestor() + "@redhat.com"; return email; } @@ -69,48 +121,4 @@ public class Scan { public void setScanRequests(ScanRequests scanRequests) { this.scanRequests = scanRequests; } - - @Id - @GeneratedValue(strategy = GenerationType.AUTO) - public UUID id; - - - /* - @OneToOne - @NotNull - @JoinColumn(name = "product_id", referencedColumnName = "id") - private String productName; - */ - @Column(name="proudct_name") - private String productName; - - //@Temporal(TemporalType.TIMESTAMP) - - @CreationTimestamp - @JsonIgnore - @Column(name="creation_timestamp") - //@NotNull - private Instant creationTimestamp; - - @UpdateTimestamp - @JsonIgnore - @Column(name="update_timestamp") - //@NotNull - private Instant updateTimestamp; - - @Column(name="state") - @Enumerated(EnumType.STRING) - private ScanState state; - - @Column(name="requestor") - @NotNull - private String requestor; - - @Column(name="report_email") - @Email - private String email; - - @OneToOne(cascade = CascadeType.ALL, fetch=FetchType.LAZY) - @JoinColumn(name = "scan_requests_id", referencedColumnName = "id") - public ScanRequests scanRequests; } diff --git a/src/main/java/com/redhat/pctsec/model/ScanRequests.java b/src/main/java/com/redhat/pctsec/model/ScanRequests.java index cc510e2..2b01b0b 100644 --- a/src/main/java/com/redhat/pctsec/model/ScanRequests.java +++ b/src/main/java/com/redhat/pctsec/model/ScanRequests.java @@ -1,5 +1,7 @@ package com.redhat.pctsec.model; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonProperty; import com.redhat.pctsec.model.api.request.pssaas; import com.redhat.pctsec.model.api.request.scanChain; import io.vertx.mutiny.core.eventbus.EventBus; @@ -19,15 +21,18 @@ public class ScanRequests { @GeneratedValue protected UUID id; - @OneToMany(fetch=FetchType.EAGER, cascade = CascadeType.ALL) + @JsonIgnore + @OneToMany(fetch=FetchType.LAZY, cascade = CascadeType.ALL) @JoinColumn(name = "scan_request_id", referencedColumnName = "id") private Set scanRequests;// = new HashSet<>(); @Column(name="scan_properties") + @JsonIgnore private String globalScanProperties; @Column(name="scan_metadata") + @JsonIgnore private String scanMetadata; @@ -88,6 +93,7 @@ public class ScanRequests { */ } + @JsonProperty("scanRequests") public Set getScanRequests() { return scanRequests; } @@ -96,6 +102,7 @@ public class ScanRequests { this.scanRequests = scanRequests; } + @JsonProperty("globalScanProperties") public String getGlobalScanProperties() { return globalScanProperties; } @@ -104,6 +111,8 @@ public class ScanRequests { this.globalScanProperties = globalScanProperties; } + + @JsonProperty("scanMetadata") public String getScanMetadata() { return scanMetadata; } diff --git a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java index 610c328..60e38bc 100644 --- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java +++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java @@ -10,6 +10,7 @@ import jakarta.enterprise.context.ApplicationScoped; import jakarta.inject.Inject; import jakarta.transaction.Transactional; import jakarta.validation.Valid; +import jakarta.validation.constraints.Email; import jakarta.ws.rs.*; import org.jboss.resteasy.reactive.RestQuery; @@ -106,6 +107,19 @@ public class ScanResource { return s.scanRequests.execute(bus); } + @PATCH + @Path("{id}/{email}") + @Consumes({"application/octet-stream"}) + @Produces({"application/json"}) + @Authenticated + @Transactional + public Scan patchScanEmail(String id, @Email String email) + { + Scan s = sr.findById(UUID.fromString(id)); + s.setEmail(email); + sr.persist(s); + return s; + } @GET @Path("single/git") From 0a7f11d6bf8a59c7c688ae0f77f17d1c493a8b45 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Fri, 7 Jul 2023 00:20:56 +0100 Subject: [PATCH 2/7] Not sure what I did but ORM is working again :-S --- .../java/com/redhat/pctsec/model/Git.java | 2 +- .../java/com/redhat/pctsec/model/Scan.java | 4 ++-- .../com/redhat/pctsec/model/ScanRequest.java | 6 ++--- .../com/redhat/pctsec/model/ScanRequests.java | 22 +++++++++++++------ 4 files changed, 21 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/redhat/pctsec/model/Git.java b/src/main/java/com/redhat/pctsec/model/Git.java index f91eac1..26e649f 100644 --- a/src/main/java/com/redhat/pctsec/model/Git.java +++ b/src/main/java/com/redhat/pctsec/model/Git.java @@ -12,7 +12,7 @@ import java.util.UUID; @Entity public class Git { public Git() { - super(); + } @Id diff --git a/src/main/java/com/redhat/pctsec/model/Scan.java b/src/main/java/com/redhat/pctsec/model/Scan.java index 8e16131..8c3d046 100644 --- a/src/main/java/com/redhat/pctsec/model/Scan.java +++ b/src/main/java/com/redhat/pctsec/model/Scan.java @@ -58,9 +58,9 @@ public class Scan { @Email private String email; - @OneToOne(cascade = CascadeType.ALL, fetch=FetchType.LAZY) + @OneToOne(cascade = CascadeType.ALL, fetch=FetchType.EAGER) @JoinColumn(name = "scan_requests_id", referencedColumnName = "id") - public ScanRequests scanRequests; + public ScanRequests scanRequests = new ScanRequests(); public Scan() { this.scanRequests = new ScanRequests(); diff --git a/src/main/java/com/redhat/pctsec/model/ScanRequest.java b/src/main/java/com/redhat/pctsec/model/ScanRequest.java index 2955d87..24d3ff7 100644 --- a/src/main/java/com/redhat/pctsec/model/ScanRequest.java +++ b/src/main/java/com/redhat/pctsec/model/ScanRequest.java @@ -43,17 +43,17 @@ public class ScanRequest { private RequestType type; - @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL) + @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL) @JoinColumn(name = "brew_build_id", referencedColumnName = "id") @JsonInclude(JsonInclude.Include.NON_NULL) public BrewBuild brewBuild; - @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL) + @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL) @JoinColumn(name = "pnc_build_id", referencedColumnName = "id") @JsonInclude(JsonInclude.Include.NON_NULL) public PNCBuild pncBuild; - @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL) + @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL) @JoinColumn(name = "git_id", referencedColumnName = "id") @JsonInclude(JsonInclude.Include.NON_NULL) public Git git; diff --git a/src/main/java/com/redhat/pctsec/model/ScanRequests.java b/src/main/java/com/redhat/pctsec/model/ScanRequests.java index 2b01b0b..4771ba6 100644 --- a/src/main/java/com/redhat/pctsec/model/ScanRequests.java +++ b/src/main/java/com/redhat/pctsec/model/ScanRequests.java @@ -11,6 +11,8 @@ import java.util.*; import java.util.stream.Collectors; import jakarta.persistence.*; +import jakarta.transaction.Transactional; +import org.jboss.logging.annotations.Property; @ApplicationScoped @Entity @@ -21,10 +23,11 @@ public class ScanRequests { @GeneratedValue protected UUID id; - @JsonIgnore - @OneToMany(fetch=FetchType.LAZY, cascade = CascadeType.ALL) + + + @OneToMany(fetch=FetchType.EAGER, cascade = CascadeType.ALL) @JoinColumn(name = "scan_request_id", referencedColumnName = "id") - private Set scanRequests;// = new HashSet<>(); + public Set scanRequests = new HashSet<>(); @Column(name="scan_properties") @@ -93,16 +96,14 @@ public class ScanRequests { */ } - @JsonProperty("scanRequests") - public Set getScanRequests() { - return scanRequests; - } + public void setScanRequests(Set scanRequests) { this.scanRequests = scanRequests; } @JsonProperty("globalScanProperties") + @Transient public String getGlobalScanProperties() { return globalScanProperties; } @@ -113,6 +114,7 @@ public class ScanRequests { @JsonProperty("scanMetadata") + @Transient public String getScanMetadata() { return scanMetadata; } @@ -120,4 +122,10 @@ public class ScanRequests { public void setScanMetadata(String scanMetadata) { this.scanMetadata = scanMetadata; } + + @JsonProperty("scanRequests") + @Transient + public Set getScanRequests() { + return this.scanRequests; + } } From ca186cdd04dee3e8a0087b87f76748b9cb2a6302 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Fri, 7 Jul 2023 00:34:04 +0100 Subject: [PATCH 3/7] Set email based on requesting kerberos id for now --- .../java/com/redhat/pctsec/model/Scan.java | 4 +-- .../pctsec/rest/v1alpha1/ScanResource.java | 26 +++++++++++++++---- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/redhat/pctsec/model/Scan.java b/src/main/java/com/redhat/pctsec/model/Scan.java index 8c3d046..2398113 100644 --- a/src/main/java/com/redhat/pctsec/model/Scan.java +++ b/src/main/java/com/redhat/pctsec/model/Scan.java @@ -104,9 +104,7 @@ public class Scan { public String getEmail() { if(email != null) return email; - if(getRequestor() != null) - return getRequestor() + "@redhat.com"; - return email; + return getRequestor() + "@redhat.com"; } public void setEmail(String email) { diff --git a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java index 60e38bc..f37b15c 100644 --- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java +++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java @@ -5,6 +5,7 @@ import com.redhat.pctsec.model.api.request.pssaas; import com.redhat.pctsec.model.api.request.scanChain; import com.redhat.pctsec.model.jpa.ScanRepository; import io.quarkus.security.Authenticated; +import io.quarkus.security.identity.SecurityIdentity; import io.vertx.mutiny.core.eventbus.EventBus; import jakarta.enterprise.context.ApplicationScoped; import jakarta.inject.Inject; @@ -30,6 +31,10 @@ public class ScanResource { @Inject EventBus bus; + @Inject + SecurityIdentity identity; + + @POST @Path("PSSaaS") @Consumes({ "application/json" }) @@ -39,9 +44,12 @@ public class ScanResource { { ScanRequests scanRequests = new ScanRequests(scanRequest); Scan s = new Scan(); - s.setRequestor("cpaas"); s.setProductName(scanRequest.productId); s.setScanRequests(scanRequests); + if(!identity.getPrincipal().getName().isEmpty()) + s.setRequestor(identity.getPrincipal().getName()); + else + s.setRequestor("CPaaS"); sr.persist(s); return s; } @@ -65,9 +73,14 @@ public class ScanResource { { ScanRequests scanRequests = new ScanRequests(scanRequest); Scan s = new Scan(); + //Set the requestor to kerberos uid first + if(!identity.getPrincipal().getName().isEmpty()) + s.setRequestor(identity.getPrincipal().getName()); + //Set the email to be our kerberos id + @redhat.com + s.setEmail(s.getEmail()); + //Now set the actual payload requestor s.setRequestor(scanRequest.requestor); s.setProductName(scanRequest.productName); - s.setScanRequests(scanRequests); sr.persist(s); return s; } @@ -129,7 +142,8 @@ public class ScanResource { public Scan singleGit(@RestQuery String repo, @RestQuery String ref) { Scan s = new Scan(); - s.setRequestor("jochrist"); + if(!identity.getPrincipal().getName().isEmpty()) + s.setRequestor(identity.getPrincipal().getName()); s.getScanRequests().addGit(repo,ref); sr.persist(s); return s; @@ -143,7 +157,8 @@ public class ScanResource { public Scan singleGit(@RestQuery String brewId) { Scan s = new Scan(); - s.setRequestor("jochrist"); + if(!identity.getPrincipal().getName().isEmpty()) + s.setRequestor(identity.getPrincipal().getName()); s.getScanRequests().addBrewBuild(brewId); sr.persist(s); return s; @@ -156,7 +171,8 @@ public class ScanResource { public Scan singlePNC(@RestQuery String pncId) { Scan s = new Scan(); - s.setRequestor("jochrist"); + if(!identity.getPrincipal().getName().isEmpty()) + s.setRequestor(identity.getPrincipal().getName()); s.getScanRequests().addPNCBuild(pncId); sr.persist(s); return s; From d2386ac83a95a84b549a949a73899740b1518a78 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Fri, 7 Jul 2023 01:02:04 +0100 Subject: [PATCH 4/7] Set scanRequests on scan, dont put pnc build in json --- src/main/java/com/redhat/pctsec/model/PNCBuild.java | 4 +++- .../java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/redhat/pctsec/model/PNCBuild.java b/src/main/java/com/redhat/pctsec/model/PNCBuild.java index a6f2f88..9cd91af 100644 --- a/src/main/java/com/redhat/pctsec/model/PNCBuild.java +++ b/src/main/java/com/redhat/pctsec/model/PNCBuild.java @@ -1,5 +1,6 @@ package com.redhat.pctsec.model; +import com.fasterxml.jackson.annotation.JsonIgnore; import com.redhat.pctsec.model.api.service.AltPncService; //import com.redhat.pctsec.model.api.service.PncService; import io.quarkus.rest.client.reactive.QuarkusRestClientBuilder; @@ -30,7 +31,8 @@ public class PNCBuild extends BuildType{ */ @Transient - Build build; + @JsonIgnore + private Build build; private URI SCMURL; private String revision; diff --git a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java index f37b15c..ce2a300 100644 --- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java +++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java @@ -81,6 +81,7 @@ public class ScanResource { //Now set the actual payload requestor s.setRequestor(scanRequest.requestor); s.setProductName(scanRequest.productName); + s.setScanRequests(scanRequests); sr.persist(s); return s; } From b07123618dcec9f04a6f6516da1fa92a2360907b Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Fri, 7 Jul 2023 16:01:14 +0100 Subject: [PATCH 5/7] Fix `jakarta.persistence.PersistenceException: Error attempting to apply AttributeConverter` --- src/main/java/com/redhat/pctsec/model/jpa/UriConverter.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/redhat/pctsec/model/jpa/UriConverter.java b/src/main/java/com/redhat/pctsec/model/jpa/UriConverter.java index c96d21f..45eb7a7 100644 --- a/src/main/java/com/redhat/pctsec/model/jpa/UriConverter.java +++ b/src/main/java/com/redhat/pctsec/model/jpa/UriConverter.java @@ -17,6 +17,8 @@ public class UriConverter implements AttributeConverter @Override public URI convertToEntityAttribute(String s) { - return ((s.length() > 0) ? URI.create(s.trim()) : null); + if(s != null) + return ((s.length() > 0) ? URI.create(s.trim()) : null); + return null; } } From 5566213fec2ac20d975a08c536991cc1ef556054 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Fri, 7 Jul 2023 16:01:28 +0100 Subject: [PATCH 6/7] Pass parameters though to OSH tekton run * Alter tekton pipeline/task for from source (haven't done brew builds yet) * Propergate scan options (no validation) it be better to cast to the paramMapper and also have paramMapper give the re-parsed mockbuild command --- .../pipline/osh-client-from-source-pipeline.yaml | 6 ++++++ .../task/osh-client-from-source.yaml | 16 +++++----------- .../java/com/redhat/pctsec/model/PNCBuild.java | 5 +++++ src/main/java/com/redhat/pctsec/model/Scan.java | 9 +++++++++ .../com/redhat/pctsec/model/ScanRequest.java | 10 ++-------- .../com/redhat/pctsec/model/ScanRequests.java | 8 ++++++++ .../com/redhat/pctsec/model/osh/paramMapper.java | 6 ++++++ .../pctsec/rest/v1alpha1/ScanResource.java | 3 +++ .../com/redhat/pctsec/tekton/TaskHandler.java | 11 ++++++----- 9 files changed, 50 insertions(+), 24 deletions(-) diff --git a/k8s/stage/osh-client-tekton/pipline/osh-client-from-source-pipeline.yaml b/k8s/stage/osh-client-tekton/pipline/osh-client-from-source-pipeline.yaml index f806c12..613023a 100644 --- a/k8s/stage/osh-client-tekton/pipline/osh-client-from-source-pipeline.yaml +++ b/k8s/stage/osh-client-tekton/pipline/osh-client-from-source-pipeline.yaml @@ -15,6 +15,10 @@ spec: description: The revision or tag type: string + - name: mock-build-params + description: The parameters to pass to covscan mock-build + type: string + - name: archive-name description: The name of the git archive file type: string @@ -77,6 +81,8 @@ spec: params: - name: targz-file value: $(params.archive-name) + - name: mock-build-params + value: $(params.mock-build-params) runAfter: - archive taskRef: diff --git a/k8s/stage/osh-client-tekton/task/osh-client-from-source.yaml b/k8s/stage/osh-client-tekton/task/osh-client-from-source.yaml index aba0eb1..fe8b38d 100644 --- a/k8s/stage/osh-client-tekton/task/osh-client-from-source.yaml +++ b/k8s/stage/osh-client-tekton/task/osh-client-from-source.yaml @@ -13,15 +13,10 @@ spec: default: "source.tar.gz" description: The filename of the tar.gz we'll be uploading to covscan - - name: scan-profile + - name: mock-build-params type: string - description: The scan profile we will use - default: "snyk-only-unstable" - - - name: tarball-build-script - type: string - description: Parameters to be passed to tarball-build-script - default: ":" + description: Parameters pushed to mock build + default: "-p snyk-only-unstable --tarball-build-script=:" volumes: - name: osh-client-kerb-vol @@ -72,7 +67,6 @@ spec: script: | #!/bin/bash - echo $(params.scan-profile) - echo $(params.tarball-build-script) + echo $(params.mock-build-params) echo $(params.targz-file) - covscan mock-build -p $(params.scan-profile) --tarball-build-script=$(params.tarball-build-script) /workspace/source-tars/$(params.targz-file) + covscan mock-build $(params.mock-build-params) /workspace/source-tars/$(params.targz-file) diff --git a/src/main/java/com/redhat/pctsec/model/PNCBuild.java b/src/main/java/com/redhat/pctsec/model/PNCBuild.java index 9cd91af..ef54558 100644 --- a/src/main/java/com/redhat/pctsec/model/PNCBuild.java +++ b/src/main/java/com/redhat/pctsec/model/PNCBuild.java @@ -20,8 +20,10 @@ public class PNCBuild extends BuildType{ @Transient + @JsonIgnore public static final String apiUrl = ConfigProvider.getConfig().getValue("pnc.api-url",String.class); @Transient + @JsonIgnore private static final AltPncService pnc = QuarkusRestClientBuilder.newBuilder().baseUri(URI.create(apiUrl)).build(AltPncService.class); @@ -30,6 +32,7 @@ public class PNCBuild extends BuildType{ PncService pnc; */ + @Transient @JsonIgnore private Build build; @@ -40,6 +43,8 @@ public class PNCBuild extends BuildType{ public PNCBuild() { super(); } + @Transient + @JsonIgnore public Build getBuild() { if(build == null) build = pnc.getBuild(this.buildRef); diff --git a/src/main/java/com/redhat/pctsec/model/Scan.java b/src/main/java/com/redhat/pctsec/model/Scan.java index 2398113..71c7e28 100644 --- a/src/main/java/com/redhat/pctsec/model/Scan.java +++ b/src/main/java/com/redhat/pctsec/model/Scan.java @@ -119,4 +119,13 @@ public class Scan { public void setScanRequests(ScanRequests scanRequests) { this.scanRequests = scanRequests; } + + @JsonIgnore + @Transient + public void propergateOptions(){ + //In future lets export this scan object as YAML + getScanRequests().propergateOptions(); + String covscanArgs = " --email-to " + this.getEmail() + " --comment \"" + this.productName + "\""; + getScanRequests().scanRequests.forEach(sr -> sr.setScanProperties(sr.getScanProperties() + covscanArgs)); + } } diff --git a/src/main/java/com/redhat/pctsec/model/ScanRequest.java b/src/main/java/com/redhat/pctsec/model/ScanRequest.java index 24d3ff7..8bc16d3 100644 --- a/src/main/java/com/redhat/pctsec/model/ScanRequest.java +++ b/src/main/java/com/redhat/pctsec/model/ScanRequest.java @@ -22,7 +22,7 @@ public class ScanRequest { @GeneratedValue protected UUID id; private String metadata; - private String oshScanOptions; + //private String oshScanOptions; public EventBus getBus() { return bus; @@ -58,13 +58,6 @@ public class ScanRequest { @JsonInclude(JsonInclude.Include.NON_NULL) public Git git; - public String getOshScanOptions() { - return oshScanOptions; - } - - public void setOshScanOptions(String oshScanOptions) { - this.oshScanOptions = oshScanOptions; - } public String getScanProperties() { return scanProperties; @@ -77,6 +70,7 @@ public class ScanRequest { @Column(name="scan_properties") public String scanProperties; public ScanRequest() { + } public ScanRequest(BrewBuild brewBuild) diff --git a/src/main/java/com/redhat/pctsec/model/ScanRequests.java b/src/main/java/com/redhat/pctsec/model/ScanRequests.java index 4771ba6..35d722f 100644 --- a/src/main/java/com/redhat/pctsec/model/ScanRequests.java +++ b/src/main/java/com/redhat/pctsec/model/ScanRequests.java @@ -128,4 +128,12 @@ public class ScanRequests { public Set getScanRequests() { return this.scanRequests; } + + @JsonIgnore + @Transient + public void propergateOptions(){ + //In future lets export this scan object as YAML + //If its empy overwrite with the global options + getScanRequests().stream().filter(eso -> eso.getScanProperties() == null).forEach(sr -> sr.setScanProperties(getGlobalScanProperties())); + } } diff --git a/src/main/java/com/redhat/pctsec/model/osh/paramMapper.java b/src/main/java/com/redhat/pctsec/model/osh/paramMapper.java index dc0ed64..32322e6 100644 --- a/src/main/java/com/redhat/pctsec/model/osh/paramMapper.java +++ b/src/main/java/com/redhat/pctsec/model/osh/paramMapper.java @@ -32,6 +32,12 @@ public class paramMapper { " of a local file") private String brewBuild; + @Option(names = {"--email-to"}, description = "Email address for email repots") + private String emailTo; + + @Option(names = {"--comment"}, description = "Comments to add to scan request") + private String comment; + public paramMapper(){} public paramMapper(String params){ diff --git a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java index ce2a300..a826944 100644 --- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java +++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java @@ -61,6 +61,7 @@ public class ScanResource { public List createRunPSSAAS(@Valid pssaas scanRequest) { Scan s = this.createPSSAAS(scanRequest); + s.propergateOptions(); return s.scanRequests.execute(bus); } @@ -93,6 +94,7 @@ public class ScanResource { public List createRunScanChain(@Valid scanChain scanRequest) { Scan s = this.createScanChain(scanRequest); + s.propergateOptions(); return s.scanRequests.execute(bus); } @GET @@ -118,6 +120,7 @@ public class ScanResource { public List scanRequestExe(String id) { Scan s = sr.findById(UUID.fromString(id)); + s.propergateOptions(); return s.scanRequests.execute(bus); } diff --git a/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java b/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java index b240716..8a26960 100644 --- a/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java +++ b/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java @@ -46,19 +46,19 @@ public class TaskHandler { switch(scanTask.getScanRequest().getType()) { case BREW: - scanTask.setTektonRunId(invokeScanTask(scanTask.getScanRequest().brewBuild.buildRef)); + scanTask.setTektonRunId(invokeScanTask(scanTask.getScanRequest().brewBuild.buildRef, "")); scanTask.setState(ScanTaskState.RUNNING); break; case PNC: String repo = scanTask.getScanRequest().pncBuild.SCMURL().toString(); String ref = scanTask.getScanRequest().pncBuild.revision(); - scanTask.setTektonRunId(invokeOshScmScanPipeline(repo, ref)); + scanTask.setTektonRunId(invokeOshScmScanPipeline(repo, ref, scanTask.getScanRequest().getScanProperties())); scanTask.setState(ScanTaskState.RUNNING); break; case GIT: - scanTask.setTektonRunId(invokeOshScmScanPipeline(scanTask.getScanRequest().git.repo.toString(), scanTask.getScanRequest().git.ref)); + scanTask.setTektonRunId(invokeOshScmScanPipeline(scanTask.getScanRequest().git.repo.toString(), scanTask.getScanRequest().git.ref, scanTask.getScanRequest().getScanProperties())); scanTask.setState(ScanTaskState.RUNNING); break; } @@ -66,7 +66,7 @@ public class TaskHandler { return scanTask; } - public String invokeScanTask(String buildId) { + public String invokeScanTask(String buildId, String mockbuildArgs) { // String buildId = "xterm-366-8.el9"; String scanProfile = "snyk-only-unstable"; @@ -89,7 +89,7 @@ public class TaskHandler { return taskRun.getMetadata().getName(); } - public String invokeOshScmScanPipeline(String repo, String ref) { + public String invokeOshScmScanPipeline(String repo, String ref, String mockBuildArgs) { PodSecurityContext securityContext = new PodSecurityContextBuilder() .withRunAsNonRoot(true) @@ -126,6 +126,7 @@ public class TaskHandler { .withNewPipelineRef().withName(PIPELINE_REFERENCE).endPipelineRef() .addNewParam().withName("repo-url").withNewValue(repo).endParam() .addNewParam().withName("revision").withNewValue(ref).endParam() + .addNewParam().withName("mock-build-params").withNewValue(mockBuildArgs).endParam() .withWorkspaces(workspaceBindings) .endSpec() .build(); From 6069d11e1ca228e2dc41209acb32a859ab35214e Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Fri, 7 Jul 2023 19:45:24 +0100 Subject: [PATCH 7/7] Fix issues pointed out in https://gitlab.cee.redhat.com/pct-security/covscanrest/-/merge_requests/13 --- src/main/java/com/redhat/pctsec/model/Scan.java | 11 ++++++----- .../java/com/redhat/pctsec/model/ScanRequests.java | 2 +- .../com/redhat/pctsec/rest/v1alpha1/ScanResource.java | 6 +++--- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/main/java/com/redhat/pctsec/model/Scan.java b/src/main/java/com/redhat/pctsec/model/Scan.java index 71c7e28..95fd891 100644 --- a/src/main/java/com/redhat/pctsec/model/Scan.java +++ b/src/main/java/com/redhat/pctsec/model/Scan.java @@ -29,7 +29,7 @@ public class Scan { @JoinColumn(name = "product_id", referencedColumnName = "id") private String productName; */ - @Column(name="proudct_name") + @Column(name="product_name") private String productName; //@Temporal(TemporalType.TIMESTAMP) @@ -54,7 +54,7 @@ public class Scan { @NotNull private String requestor; - @Column(name="report_email") + @Column(name="email") @Email private String email; @@ -102,8 +102,9 @@ public class Scan { @Access(AccessType.PROPERTY) @Email public String getEmail() { - if(email != null) + if(email != null) { return email; + } return getRequestor() + "@redhat.com"; } @@ -122,9 +123,9 @@ public class Scan { @JsonIgnore @Transient - public void propergateOptions(){ + public void propagateOptions(){ //In future lets export this scan object as YAML - getScanRequests().propergateOptions(); + getScanRequests().propagateOptions(); String covscanArgs = " --email-to " + this.getEmail() + " --comment \"" + this.productName + "\""; getScanRequests().scanRequests.forEach(sr -> sr.setScanProperties(sr.getScanProperties() + covscanArgs)); } diff --git a/src/main/java/com/redhat/pctsec/model/ScanRequests.java b/src/main/java/com/redhat/pctsec/model/ScanRequests.java index 35d722f..9d2199f 100644 --- a/src/main/java/com/redhat/pctsec/model/ScanRequests.java +++ b/src/main/java/com/redhat/pctsec/model/ScanRequests.java @@ -131,7 +131,7 @@ public class ScanRequests { @JsonIgnore @Transient - public void propergateOptions(){ + public void propagateOptions(){ //In future lets export this scan object as YAML //If its empy overwrite with the global options getScanRequests().stream().filter(eso -> eso.getScanProperties() == null).forEach(sr -> sr.setScanProperties(getGlobalScanProperties())); diff --git a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java index a826944..046970d 100644 --- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java +++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java @@ -61,7 +61,7 @@ public class ScanResource { public List createRunPSSAAS(@Valid pssaas scanRequest) { Scan s = this.createPSSAAS(scanRequest); - s.propergateOptions(); + s.propagateOptions(); return s.scanRequests.execute(bus); } @@ -94,7 +94,7 @@ public class ScanResource { public List createRunScanChain(@Valid scanChain scanRequest) { Scan s = this.createScanChain(scanRequest); - s.propergateOptions(); + s.propagateOptions(); return s.scanRequests.execute(bus); } @GET @@ -120,7 +120,7 @@ public class ScanResource { public List scanRequestExe(String id) { Scan s = sr.findById(UUID.fromString(id)); - s.propergateOptions(); + s.propagateOptions(); return s.scanRequests.execute(bus); }