Attempt to add PNC Client (Currently Broken)

Hit a bug with pnc rest-easy client builder using javax rather than jakarta which means the class fails to load at runtime for some reason, i've tried various dependency inclusions and exclusions as well as using classic resteasy-client in quarkus, all either cause duplicates or give the same error ``` java.lang.RuntimeException: java.lang.ClassNotFoundException: org.glassfish.jersey.client.JerseyClientBuilder javax.ws.rs.client.ClientBuilder.newBuilder(ClientBuilder.java:86) at org.jboss.pnc.client.ClientBase.<init>(ClientBase.java:76) at org.jboss.pnc.client.ArtifactClient.<init>(ArtifactClient.java:22) at com.redhat.pctsec.model.api.service.PncService.<init>(PncService.java:31) ```
3 years ago · c7bd13c3ac
7 changed files with 298 additions and 6 deletions
--- a/pom.xml
+++ b/pom.xml
@ -12,7 +12,7 @@
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <quarkus.platform.artifact-id>quarkus-bom</quarkus.platform.artifact-id>
    <quarkus.platform.group-id>io.quarkus.platform</quarkus.platform.group-id>
-    <quarkus.platform.version>3.1.2.Final</quarkus.platform.version>
+    <quarkus.platform.version>3.1.3.Final</quarkus.platform.version>
    <skipITs>true</skipITs>
    <surefire-plugin.version>3.0.0</surefire-plugin.version>
  </properties>
@ -87,6 +87,51 @@
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-kubernetes-config</artifactId>
    </dependency>
+    <dependency>
+      <groupId>org.jboss.pnc</groupId>
+      <artifactId>common</artifactId>
+      <version>2.5.1</version>
+    </dependency>
+    <dependency>
+      <groupId>org.jboss.pnc</groupId>
+      <artifactId>rest-client</artifactId>
+      <version>2.5.1</version>
+      <!--
+      <exclusions>
+        <exclusion>
+          <groupId>org.jboss.resteasy</groupId>
+          <artifactId>resteasy-client</artifactId>
+        </exclusion>
+      </exclusions>-->
+    </dependency>
+    <!--
+    <dependency>
+      <groupId>org.jboss.resteasy</groupId>
+      <artifactId>resteasy-client</artifactId>
+      <version>6.2.4.Final</version>
+    </dependency>
+    -->
+    <!--https://groups.google.com/g/quarkus-dev/c/IuicocvL3g8-->
+    <!--
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-rest-client</artifactId>
+    </dependency>-->
+    <!--
+    <dependency>
+      <groupId>org.jboss.resteasy</groupId>
+      <artifactId>resteasy-client</artifactId>
+      <version>3.0.2.Final</version>
+    </dependency>
+    -->
+
+    <dependency>
+      <groupId>org.glassfish.jersey.core</groupId>
+      <artifactId>jersey-client</artifactId>
+      <version>2.34</version>
+    </dependency>
+
+
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-junit5</artifactId>
--- a/src/main/java/com/redhat/pctsec/model/PNCBuild.java
+++ b/src/main/java/com/redhat/pctsec/model/PNCBuild.java
@ -1,23 +1,47 @@
 package com.redhat.pctsec.model;

+import com.redhat.pctsec.model.api.service.PncService;
+import jakarta.inject.Inject;
 import jakarta.persistence.Entity;
+import jakarta.persistence.Transient;
+import org.jboss.pnc.dto.Build;

 import java.net.URI;
 import java.net.URL;

@Entity
 public class PNCBuild extends BuildType{
+
+
+    @Transient
+    PncService pnc;
+
+    @Transient
+    Build build;
+
+    private URI SCMURL;
+    private String revision;
+
    public PNCBuild() {
        super();
    }
+    public Build getBuild() {
+        if(build == null)
+            build = pnc.getBuild(this.buildRef);
+        return build;
+    }

    public PNCBuild(String buildRef) {
        super(buildRef);
+        this.pnc = new PncService();
    }

    @Override
    public URI SCMURL() {
-        return null;
+        if(SCMURL == null)
+            SCMURL = URI.create(getBuild().getScmUrl());
+
+        return this.SCMURL;
    }

    @Override
@ -27,7 +51,9 @@ public class PNCBuild extends BuildType{

    @Override
    public String revision() {
-        return null;
+        if(revision == null)
+            revision = getBuild().getScmTag();
+        return revision;
    }

    public static boolean isValidRef(String ref){
--- a/src/main/java/com/redhat/pctsec/model/api/service/PncService.java
+++ b/src/main/java/com/redhat/pctsec/model/api/service/PncService.java
@ -0,0 +1,195 @@
+/**
+ * Stolen from
+ * https://github.com/project-ncl/sbomer/blob/3b2ef857e8c0cefe9324ea401fa3fbe53499c615/cli/src/main/java/org/jboss/sbomer/cli/feature/sbom/service/PncService.java
+ */
+package com.redhat.pctsec.model.api.service;
+
+//import jakarta.annotation.PostConstruct;
+//import jakarta.annotation.PreDestroy;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.ws.rs.WebApplicationException;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
+import org.jboss.logging.Logger;
+import org.jboss.pnc.client.*;
+import org.jboss.pnc.dto.Artifact;
+import org.jboss.pnc.dto.Build;
+import org.jboss.pnc.dto.BuildConfiguration;
+import org.jboss.pnc.dto.ProductVersionRef;
+
+import java.util.Optional;
+
+/**
+ * A service to interact with the PNC build system.
+ */
+
+//@ApplicationScoped
+public class PncService {
+
+    private static final Logger log = Logger.getLogger(PncService.class);
+
+    public PncService() {
+        artifactClient = new ArtifactClient(getConfiguration());
+        buildClient = new BuildClient(getConfiguration());
+        buildConfigurationClient = new BuildConfigurationClient(getConfiguration());
+    }
+
+    public String getApiUrl() {
+        return apiUrl;
+    }
+
+    @ConfigProperty(name = "pnc.api-url")
+    String apiUrl;
+
+    ArtifactClient artifactClient;
+
+    BuildClient buildClient;
+
+    BuildConfigurationClient buildConfigurationClient;
+
+    /*
+    @PostConstruct
+    void init() {
+        artifactClient = new ArtifactClient(getConfiguration());
+        buildClient = new BuildClient(getConfiguration());
+        buildConfigurationClient = new BuildConfigurationClient(getConfiguration());
+    }
+
+    @PreDestroy
+    void cleanup() {
+        artifactClient.close();
+        buildClient.close();
+        buildConfigurationClient.close();
+    }
+     */
+
+    /**
+     * Setup basic configuration to be able to talk to PNC.
+     *
+     *
+     * @return
+     */
+    public Configuration getConfiguration() {
+        return Configuration.builder().host(apiUrl).protocol("http").build();
+    }
+
+    /**
+     * <p>
+     * Fetch information about the PNC {@link Build} identified by the particular {@code buildId}.
+     * </p>
+     *
+     * <p>
+     * In case the {@link Build} with provided identifier cannot be found {@code null} is returned.
+     * </p>
+     *
+     * @param buildId Tbe {@link Build} identifier in PNC
+     * @return The {@link Build} object or {@code null} in case the {@link Build} could not be found.
+     */
+    public Build getBuild(String buildId) {
+        log.debugv("Fetching Build from PNC with id '{}'", buildId);
+        try {
+            return buildClient.getSpecific(buildId);
+        } catch (RemoteResourceNotFoundException ex) {
+            log.warnv("Build with id '{}' was not found in PNC", buildId);
+            return null;
+        } catch (RemoteResourceException ex) {
+            throw new WebApplicationException("Build could not be retrieved because PNC responded with an error", ex);
+        }
+    }
+
+    /**
+     * <p>
+     * Fetch information about the PNC {@link BuildConfiguration} identified by the particular {@code buildConfigId}.
+     * </p>
+     *
+     * <p>
+     * In case the {@link BuildConfiguration} with provided identifier cannot be found {@code null} is returned.
+     * </p>
+     *
+     * @param buildId Tbe {@link BuildConfiguration} identifier in PNC
+     * @return The {@link BuildConfiguration} object or {@code null} in case the {@link BuildConfiguration} could not be
+     *         found.
+     */
+    public BuildConfiguration getBuildConfig(String buildConfigId) {
+        log.debugv("Fetching BuildConfig from PNC with id '{}'", buildConfigId);
+        try {
+            return buildConfigurationClient.getSpecific(buildConfigId);
+        } catch (RemoteResourceNotFoundException ex) {
+            log.warnv("BuildConfig with id '{}' was not found in PNC", buildConfigId);
+            return null;
+        } catch (RemoteResourceException ex) {
+            throw new WebApplicationException(
+                    "BuildConfig could not be retrieved because PNC responded with an error",
+                    ex);
+        }
+    }
+
+    /**
+     * <p>
+     * Obtains the {@link ProductVersionRef} for a given PNC {@link Build} identifier.
+     * <p>
+     *
+     * @param buildId The {@link Build} identifier to get the Product Version for.
+     * @return The {@link ProductVersionRef} object for the related or {@code null} in case it is not possible to obtain
+     *         it.
+     */
+    public ProductVersionRef getProductVersion(String buildId) {
+        log.debugv("Fetching Product Version information from PNC for build '{}'", buildId);
+
+        if (buildId == null) {
+            return null;
+        }
+        Build build = getBuild(buildId);
+
+        if (build == null) {
+            log.warn("Build related to the SBOM could not be found in PNC, interrupting processing");
+            return null;
+        }
+
+        BuildConfiguration buildConfig = getBuildConfig(build.getBuildConfigRevision().getId());
+
+        if (buildConfig == null) {
+            log.warn("BuildConfig related to the SBOM could not be found in PNC, interrupting processing");
+            return null;
+        }
+
+        ProductVersionRef productVersion = buildConfig.getProductVersion();
+
+        if (productVersion == null) {
+            log.warn(
+                    "BuildConfig related to the SBOM does not provide product version information, interrupting processing");
+            return null;
+        }
+
+        return productVersion;
+    }
+
+    /**
+     * Fetch information about the PNC {@link Artifact} identified by the particular purl.
+     *
+     * @param purl
+     * @return The {@link Artifact} object or {@code null} if it cannot be found.
+     */
+    public Artifact getArtifact(String purl) {
+        log.debugv("Fetching artifact from PNC for purl '{}'", purl);
+
+        try {
+            String artifactQuery = "purl==\"" + purl + "\"";
+            RemoteCollection<Artifact> artifacts = artifactClient
+                    .getAll(null, null, null, Optional.empty(), Optional.of(artifactQuery));
+            if (artifacts.size() == 0) {
+                log.debugv("Artifact with purl '{}' was not found in PNC", purl);
+                return null;
+            } else if (artifacts.size() > 1) {
+                throw new IllegalStateException("There should exist only one artifact with purl " + purl);
+            }
+            return artifacts.iterator().next();
+        } catch (RemoteResourceNotFoundException ex) {
+            throw new WebApplicationException("Artifact with purl" + purl + "was not found in PNC", ex);
+        } catch (RemoteResourceException ex) {
+            throw new WebApplicationException(
+                    "Artifact with purl" + purl + "could not be retrieved because PNC responded with an error",
+                    ex);
+        }
+    }
+
+}
--- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanRequestsResource.java
+++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanRequestsResource.java
@ -9,7 +9,7 @@ import io.quarkus.security.Authenticated;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.*;
-import org.jboss.resteasy.reactive.common.NotImplementedYet;
+//import org.jboss.resteasy.reactive.common.NotImplementedYet;

 import java.util.UUID;

@ -35,7 +35,7 @@ public class ScanRequestsResource {
    @Authenticated
    public ScanRequests addScanRequest(String id, ScanRequest scanRequest)
    {
-        throw new NotImplementedYet();
+        throw new WebApplicationException("Not implemented");
    }

 }
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -57,6 +57,7 @@ quarkus.arc.remove-unused-beans=false
 %stage.quarkus.openshift.route.target-port=https
 %stage.quarkus.openshift.route.tls.insecure-edge-termination-policy=redirect
 %stage.quarkus.openshift.namespace=pct-security-tooling
+quarkus.openshift.namespace=pct-security-tooling

 ##########################################
 #   Kerberos Specifics                   #
@ -80,5 +81,10 @@ tekton.pipeline.ref=osh-client-from-source
 tekton.task.ref=osh-scan-task
 tekton.service-account=${quarkus.openshift.service-account}

+##########################################
+#   PNC Settings                         #
+##########################################
+pnc.api-url=http://orch.psi.redhat.com
+


--- a/src/test/java/com/redhat/pctsec/model/test/PNCBuildTest.java
+++ b/src/test/java/com/redhat/pctsec/model/test/PNCBuildTest.java
@ -0,0 +1,19 @@
+package com.redhat.pctsec.model.test;
+
+import com.redhat.pctsec.model.PNCBuild;
+import io.quarkus.test.junit.QuarkusTest;
+import jakarta.inject.Inject;
+import org.junit.jupiter.api.Test;
+
+@QuarkusTest
+public class PNCBuildTest {
+
+
+
+    @Test
+    public void testBuildFetch(){
+        PNCBuild pb = new PNCBuild("AZAQZSPFDRQAA");
+        System.out.println(pb.SCMURL());
+        System.out.println(pb.revision());
+    }
+}
--- a/src/test/java/com/redhat/pctsec/model/test/paramMapperTest.java
+++ b/src/test/java/com/redhat/pctsec/model/test/paramMapperTest.java
@ -1,5 +1,6 @@
-package com.redhat.pctsec.model.osh;
+package com.redhat.pctsec.model.test;

+import com.redhat.pctsec.model.osh.paramMapper;
 import io.quarkus.test.junit.QuarkusTest;
 import jakarta.inject.Inject;
 import org.junit.jupiter.api.Test;