jonny
/
covscanrest
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 Commits
18 Branches
0 Tags
786 KiB
 
 
 
 
 
Tree: 8975fff63d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8975fff63d'
${ noResults }
Leonid Bossis 8975fff63d
change db table field names from mixed naming convention to pythonic convention xxx_yyy_zzz and stop using CamelCase 		3 years ago
schema change db table field names from mixed naming convention to pythonic convention xxx_yyy_zzz and stop using CamelCase 3 years ago
src change db table field names from mixed naming convention to pythonic convention xxx_yyy_zzz and stop using CamelCase 3 years ago
.gitignore change db table field names from mixed naming convention to pythonic convention xxx_yyy_zzz and stop using CamelCase 3 years ago
Google Docs link.txt added the fix for the post request so works as intended and added a link for the working google docs 3 years ago
README.md Updated Readme 3 years ago
READMEOLD.md updated readme to represent API design 3 years ago
mvnw Only contains the very basic API code, a lot of it is only there for demonstration purposes, will add the actual final code/files once the db component is written 3 years ago
mvnw.cmd Only contains the very basic API code, a lot of it is only there for demonstration purposes, will add the actual final code/files once the db component is written 3 years ago
pom.xml added example of using hibernate orm, rest of the objects should be converted to use it (this will be the last commit straight to main proper branches should be used moving forwards) 3 years ago

README.md

See https://docs.google.com/document/d/15yod6K_ZbNkJ_ern7gwpxjBkdJIlHXORfYZ3CGQhnEM/edit?usp=sharing for a full version with images

Introduction

Currently we rely on CPaaS to submit requests to PSSaaS which then invokes the PSSC scanning container. The idea behind the ScanChain api is to act as an interaction point for services to be able to directly access our scan tooling.

Our api will be written in Quarkus for ease of use and deployment to OpenShift, we will also use Tekton to assist with CI/CD.

How to build

To set up the environment. After cloning the repository:

cd <repository>/
quarkus create app quarkus:dev
mvn -N io.takari:maven:wrapper

Also, it is necessary to create a local PostgreSQL instance. For development purposes, the parameters are:

username = postgresql
password = password

ToDo: Create Database Model

To run the Quarkus build in dev mode simply run:

./mvnw compile quarkus:dev

All end points should be avaliable on localhost:8080/{endpoint}. The endpoints are listed in the endpoints section

Deploying to OpenShift (https://quarkus.io/guides/deploying-to-openshift)

Part of the advantage of working with quarkus is the ease of which we can deploy it to OpenShift. We have the OpenShift extension already installed via the pom,

All that should be required to build and deploy OpenShift is to login to OpenShift via the usual method (oc login (creds) for example). Before running a build command:

You can then expose the routes (oc expose {route}), then your application should be accessible on the OpenShift cluster. This is verifiable either by using the console to request which services are running (oc get svc) or by using the web console which should display the service graphically.

Design diagram

API endpoint diagram with all endpoints DB links, connections to further services (PNC API etc)

API endpoints

/{scanId} - GET request for retrieving scans

This is a simple request for retrieving scans that are stored in our postgresql database. The assigned scanId will return the whole scan payload in JSON format.

/ - POST request takes a JSON payload to start scans (Maybe isnt relevant/shouldnt be included in the future)

Creating scans via passing fully formed JSON payloads. The standard JSON format should contain: product-id event-id is-managed-service component-list See appendix 1 for a provided example

/scanRequest - Post request for starting scans

There are several different types of build that should be retrieved from the backend source. Different inputs are required based off the build source.

The required fields for BREW builds are: buildSystemType brewId brewNVR - matches brewId pncId artifactType fileName builtFromSource

The required fields for git builds are: buildSystemType repository reference commitId

The required fields for PNC builds are: buildSystemType buildId

This information should allow us to have all the requirements for retrieving and then starting a scan when requested from the required sources.

/startScan - PUT request to start off the relevant scan

Only requires the scanId and should start off the relevant scan, should return a success only on finished or failure if there's no further response after timeout.

/removeScan - DELETE request to remove a scan build from DB

Only requires the scanId should remove the relevant scan from our DB. Should return a success or failure.

Expanded work to do

Jenkins

Haven't looked into the correct way for the API to interact with Jenkins needs more investigation.

Jira tickets still to do:

https://issues.redhat.com/browse/PSSECMGT-1548 https://issues.redhat.com/browse/PSSECMGT-1549 https://issues.redhat.com/browse/PSSECMGT-1550 https://issues.redhat.com/browse/PSSECMGT-1551 https://issues.redhat.com/browse/PSSECMGT-1552 https://issues.redhat.com/browse/PSSECMGT-1553 https://issues.redhat.com/browse/PSSECMGT-1554

Appendix

Appendix 1