integrations: Update harbor for new payload format.

2022-06-18 09:30:25 +00:00 · 2022-06-18 09:30:25 +00:00 · a8217c51de
parent 76bff6e1ac
commit a8217c51de
6 changed files with 116 additions and 79 deletions
--- a/zerver/webhooks/harbor/fixtures/delete_image.json
+++ b/zerver/webhooks/harbor/fixtures/delete_image.json
@ -1,9 +1,10 @@
 {
-    "type": "deleteImage",
+    "type": "DELETE_ARTIFACT",
    "occur_at": 1571334977,
    "event_data": {
        "resources": [
            {
+                "digest": "sha256:59856107563b1e1b2e48c8635e5cb44fa9b194f6a425e0b668917602213bb5b4",
                "tag": "latest",
                "resource_url": "harbor.example.com/example/test:latest"
            }
--- a/zerver/webhooks/harbor/fixtures/push_image.json
+++ b/zerver/webhooks/harbor/fixtures/push_image.json
@ -1,5 +1,5 @@
 {
-    "type": "pushImage",
+    "type": "PUSH_ARTIFACT",
    "occur_at": 1571334632,
    "event_data": {
        "resources": [
--- a/zerver/webhooks/harbor/fixtures/scanning_completed.json
+++ b/zerver/webhooks/harbor/fixtures/scanning_completed.json
@ -1,54 +1,44 @@
 {
-    "type": "scanningCompleted",
-    "occur_at": 1571341880,
+    "type": "SCANNING_COMPLETED",
+    "occur_at": 1648715576,
+    "operator": "auto",
    "event_data": {
-        "resources": [
-            {
-                "digest": "sha256:d55414535f65d9b0ca180a9a591868c93d72e6f7d1de03a315215220e63e622e",
-                "tag": "latest",
-                "resource_url": "harbor.example.com/example/test:latest",
-                "scan_overview": {
-                    "image_digest": "sha256:d55414535f65d9b0ca180a9a591868c93d72e6f7d1de03a315215220e63e622e",
-                    "scan_status": "finished",
-                    "job_id": 5,
-                    "severity": 5,
-                    "components": {
-                        "total": 168,
-                        "summary": [
-                            {
-                                "severity": 5,
-                                "count": 12
-                            },
-                            {
-                                "severity": 4,
-                                "count": 16
-                            },
-                            {
-                                "severity": 2,
-                                "count": 2
-                            },
-                            {
-                                "severity": 3,
-                                "count": 7
-                            },
-                            {
-                                "severity": 1,
-                                "count": 131
-                            }
-                        ]
-                    },
-                    "details_key": "71ffc66d04c94f01d2990d7ae908f66e6266bc82e45fdffa12181ea521e3a30c",
-                    "creation_time": "2019-10-17T19:50:10.728751Z",
-                    "update_time": "2019-10-17T19:51:20.370425Z"
+      "resources": [
+        {
+          "digest": "sha256:b50334049354ed01330403212605dce2f4676a4e787ed113506861d9cf3c5424",
+          "tag": "3.8.1",
+          "resource_url": "harbor.xxx.xxxx.com/test/alpine/helm:3.8.1",
+          "scan_overview": {
+            "application/vnd.security.vulnerability.report; version=1.1": {
+              "report_id": "65e8a295-749c-44e2-93fe-2ebb49b9e51a",
+              "scan_status": "Success",
+              "severity": "High",
+              "duration": 3,
+              "summary": {
+                "total": 5,
+                "fixable": 5,
+                "summary": {
+                  "High": 4,
+                  "Unknown": 1
                }
+              },
+              "start_time": "2022-03-31T08:32:53Z",
+              "end_time": "2022-03-31T08:32:56Z",
+              "scanner": {
+                "name": "Trivy",
+                "vendor": "Aqua Security",
+                "version": "v0.20.1"
+              },
+              "complete_percent": 100
            }
-        ],
-        "repository": {
-            "name": "test",
-            "namespace": "example",
-            "repo_full_name": "example/test",
-            "repo_type": "private"
+          }
        }
-    },
-    "operator": "auto"
+      ],
+      "repository": {
+        "name": "alpine/helm",
+        "namespace": "test",
+        "repo_full_name": "test/alpine/helm",
+        "repo_type": "private"
+      }
+    }
 }
--- a/zerver/webhooks/harbor/fixtures/scanning_completed_no_vulnerability.json
+++ b/zerver/webhooks/harbor/fixtures/scanning_completed_no_vulnerability.json
@ -0,0 +1,41 @@
+{
+    "type": "SCANNING_COMPLETED",
+    "occur_at": 1655522951,
+    "operator": "auto",
+    "event_data": {
+        "resources": [
+            {
+                "digest": "sha256:59856107563b1e1b2e48c8635e5cb44fa9b194f6a425e0b668917602213bb5b4",
+                "tag": "latest",
+                "resource_url": "demo.goharbor.io/test123/test-image:latest",
+                "scan_overview": {
+                    "application/vnd.security.vulnerability.report; version=1.1": {
+                        "report_id": "f316b072-38e4-41b1-a1da-91ec0b2e7767",
+                        "scan_status": "Success",
+                        "severity": "None",
+                        "duration": 8,
+                        "summary": {
+                            "total": 0,
+                            "fixable": 0,
+                            "summary": {}
+                        },
+                        "start_time": "2022-06-18T03:29:03Z",
+                        "end_time": "2022-06-18T03:29:11Z",
+                        "scanner": {
+                            "name": "Trivy",
+                            "vendor": "Aqua Security",
+                            "version": "v0.24.2"
+                        },
+                        "complete_percent": 100
+                    }
+                }
+            }
+        ],
+        "repository": {
+            "name": "test-image",
+            "namespace": "test123",
+            "repo_full_name": "test123/test-image",
+            "repo_type": "public"
+        }
+    }
+}
--- a/zerver/webhooks/harbor/tests.py
+++ b/zerver/webhooks/harbor/tests.py
@ -22,16 +22,24 @@ class HarborHookTests(WebhookTestCase):
        self.assert_json_success(result)

    def test_scanning_completed(self) -> None:
-        expected_topic = "example/test"
+        expected_topic = "test/alpine/helm"

        expected_message = """
-Image scan completed for `example/test:latest`. Vulnerabilities by severity:
+Image scan completed for `test/alpine/helm:3.8.1`. Vulnerabilities by severity:

-* High: **12**
-* Medium: **16**
-* Low: **7**
-* Unknown: **2**
-* None: **131**
+* High: **4**
+* Unknown: **1**
        """.strip()

        self.check_webhook("scanning_completed", expected_topic, expected_message)
+
+    def test_scanning_completed_no_vulnerability(self) -> None:
+        expected_topic = "test123/test-image"
+
+        expected_message = """
+Image scan completed for `test123/test-image:latest`. Vulnerabilities by severity:
+
+None
+        """.strip()
+
+        self.check_webhook("scanning_completed_no_vulnerability", expected_topic, expected_message)
--- a/zerver/webhooks/harbor/view.py
+++ b/zerver/webhooks/harbor/view.py
@ -12,12 +12,12 @@ from zerver.lib.webhooks.common import check_send_webhook_message
 from zerver.models import Realm, UserProfile

 IGNORED_EVENTS = [
-    "downloadChart",
-    "deleteChart",
-    "uploadChart",
-    "pullImage",
-    "deleteImage",
-    "scanningFailed",
+    "DOWNLOAD_CHART",
+    "DELETE_CHART",
+    "UPLOAD_CHART",
+    "PULL_ARTIFACT",
+    "DELETE_ARTIFACT",
+    "SCANNING_FAILED",
 ]


@ -45,14 +45,6 @@ def handle_push_image_event(
    return f"{operator_username} pushed image `{image_name}:{image_tag}`"


-VULNERABILITY_SEVERITY_NAME_MAP = {
-    1: "None",
-    2: "Unknown",
-    3: "Low",
-    4: "Medium",
-    5: "High",
-}
-
 SCANNING_COMPLETED_TEMPLATE = """
 Image scan completed for `{image_name}:{image_tag}`. Vulnerabilities by severity:

@ -64,12 +56,17 @@ def handle_scanning_completed_event(
    payload: Dict[str, Any], user_profile: UserProfile, operator_username: str
 ) -> str:
    scan_results = ""
-    scan_summaries = payload["event_data"]["resources"][0]["scan_overview"]["components"]["summary"]
-    summaries_sorted = sorted(scan_summaries, key=lambda x: x["severity"], reverse=True)
-    for scan_summary in summaries_sorted:
-        scan_results += "* {}: **{}**\n".format(
-            VULNERABILITY_SEVERITY_NAME_MAP[scan_summary["severity"]], scan_summary["count"]
-        )
+    scan_overview = payload["event_data"]["resources"][0]["scan_overview"]
+    if "application/vnd.security.vulnerability.report; version=1.1" not in scan_overview:
+        raise UnsupportedWebhookEventType("Unsupported harbor scanning webhook payload")
+    scan_summaries = scan_overview["application/vnd.security.vulnerability.report; version=1.1"][
+        "summary"
+    ]["summary"]
+    if len(scan_summaries) > 0:
+        for severity, count in scan_summaries.items():
+            scan_results += "* {}: **{}**\n".format(severity, count)
+    else:
+        scan_results += "None\n"

    return SCANNING_COMPLETED_TEMPLATE.format(
        image_name=payload["event_data"]["repository"]["repo_full_name"],
@ -79,8 +76,8 @@ def handle_scanning_completed_event(


 EVENT_FUNCTION_MAPPER = {
-    "pushImage": handle_push_image_event,
-    "scanningCompleted": handle_scanning_completed_event,
+    "PUSH_ARTIFACT": handle_push_image_event,
+    "SCANNING_COMPLETED": handle_scanning_completed_event,
 }

 ALL_EVENT_TYPES = list(EVENT_FUNCTION_MAPPER.keys())