mirror of https://github.com/zulip/zulip.git
integrations: Update harbor for new payload format.
This commit is contained in:
parent
76bff6e1ac
commit
a8217c51de
|
@ -1,9 +1,10 @@
|
|||
{
|
||||
"type": "deleteImage",
|
||||
"type": "DELETE_ARTIFACT",
|
||||
"occur_at": 1571334977,
|
||||
"event_data": {
|
||||
"resources": [
|
||||
{
|
||||
"digest": "sha256:59856107563b1e1b2e48c8635e5cb44fa9b194f6a425e0b668917602213bb5b4",
|
||||
"tag": "latest",
|
||||
"resource_url": "harbor.example.com/example/test:latest"
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"type": "pushImage",
|
||||
"type": "PUSH_ARTIFACT",
|
||||
"occur_at": 1571334632,
|
||||
"event_data": {
|
||||
"resources": [
|
||||
|
|
|
@ -1,54 +1,44 @@
|
|||
{
|
||||
"type": "scanningCompleted",
|
||||
"occur_at": 1571341880,
|
||||
"type": "SCANNING_COMPLETED",
|
||||
"occur_at": 1648715576,
|
||||
"operator": "auto",
|
||||
"event_data": {
|
||||
"resources": [
|
||||
{
|
||||
"digest": "sha256:d55414535f65d9b0ca180a9a591868c93d72e6f7d1de03a315215220e63e622e",
|
||||
"tag": "latest",
|
||||
"resource_url": "harbor.example.com/example/test:latest",
|
||||
"digest": "sha256:b50334049354ed01330403212605dce2f4676a4e787ed113506861d9cf3c5424",
|
||||
"tag": "3.8.1",
|
||||
"resource_url": "harbor.xxx.xxxx.com/test/alpine/helm:3.8.1",
|
||||
"scan_overview": {
|
||||
"image_digest": "sha256:d55414535f65d9b0ca180a9a591868c93d72e6f7d1de03a315215220e63e622e",
|
||||
"scan_status": "finished",
|
||||
"job_id": 5,
|
||||
"severity": 5,
|
||||
"components": {
|
||||
"total": 168,
|
||||
"summary": [
|
||||
{
|
||||
"severity": 5,
|
||||
"count": 12
|
||||
},
|
||||
{
|
||||
"severity": 4,
|
||||
"count": 16
|
||||
},
|
||||
{
|
||||
"severity": 2,
|
||||
"count": 2
|
||||
},
|
||||
{
|
||||
"severity": 3,
|
||||
"count": 7
|
||||
},
|
||||
{
|
||||
"severity": 1,
|
||||
"count": 131
|
||||
"application/vnd.security.vulnerability.report; version=1.1": {
|
||||
"report_id": "65e8a295-749c-44e2-93fe-2ebb49b9e51a",
|
||||
"scan_status": "Success",
|
||||
"severity": "High",
|
||||
"duration": 3,
|
||||
"summary": {
|
||||
"total": 5,
|
||||
"fixable": 5,
|
||||
"summary": {
|
||||
"High": 4,
|
||||
"Unknown": 1
|
||||
}
|
||||
]
|
||||
},
|
||||
"details_key": "71ffc66d04c94f01d2990d7ae908f66e6266bc82e45fdffa12181ea521e3a30c",
|
||||
"creation_time": "2019-10-17T19:50:10.728751Z",
|
||||
"update_time": "2019-10-17T19:51:20.370425Z"
|
||||
"start_time": "2022-03-31T08:32:53Z",
|
||||
"end_time": "2022-03-31T08:32:56Z",
|
||||
"scanner": {
|
||||
"name": "Trivy",
|
||||
"vendor": "Aqua Security",
|
||||
"version": "v0.20.1"
|
||||
},
|
||||
"complete_percent": 100
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
"repository": {
|
||||
"name": "test",
|
||||
"namespace": "example",
|
||||
"repo_full_name": "example/test",
|
||||
"name": "alpine/helm",
|
||||
"namespace": "test",
|
||||
"repo_full_name": "test/alpine/helm",
|
||||
"repo_type": "private"
|
||||
}
|
||||
},
|
||||
"operator": "auto"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
{
|
||||
"type": "SCANNING_COMPLETED",
|
||||
"occur_at": 1655522951,
|
||||
"operator": "auto",
|
||||
"event_data": {
|
||||
"resources": [
|
||||
{
|
||||
"digest": "sha256:59856107563b1e1b2e48c8635e5cb44fa9b194f6a425e0b668917602213bb5b4",
|
||||
"tag": "latest",
|
||||
"resource_url": "demo.goharbor.io/test123/test-image:latest",
|
||||
"scan_overview": {
|
||||
"application/vnd.security.vulnerability.report; version=1.1": {
|
||||
"report_id": "f316b072-38e4-41b1-a1da-91ec0b2e7767",
|
||||
"scan_status": "Success",
|
||||
"severity": "None",
|
||||
"duration": 8,
|
||||
"summary": {
|
||||
"total": 0,
|
||||
"fixable": 0,
|
||||
"summary": {}
|
||||
},
|
||||
"start_time": "2022-06-18T03:29:03Z",
|
||||
"end_time": "2022-06-18T03:29:11Z",
|
||||
"scanner": {
|
||||
"name": "Trivy",
|
||||
"vendor": "Aqua Security",
|
||||
"version": "v0.24.2"
|
||||
},
|
||||
"complete_percent": 100
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
"repository": {
|
||||
"name": "test-image",
|
||||
"namespace": "test123",
|
||||
"repo_full_name": "test123/test-image",
|
||||
"repo_type": "public"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -22,16 +22,24 @@ class HarborHookTests(WebhookTestCase):
|
|||
self.assert_json_success(result)
|
||||
|
||||
def test_scanning_completed(self) -> None:
|
||||
expected_topic = "example/test"
|
||||
expected_topic = "test/alpine/helm"
|
||||
|
||||
expected_message = """
|
||||
Image scan completed for `example/test:latest`. Vulnerabilities by severity:
|
||||
Image scan completed for `test/alpine/helm:3.8.1`. Vulnerabilities by severity:
|
||||
|
||||
* High: **12**
|
||||
* Medium: **16**
|
||||
* Low: **7**
|
||||
* Unknown: **2**
|
||||
* None: **131**
|
||||
* High: **4**
|
||||
* Unknown: **1**
|
||||
""".strip()
|
||||
|
||||
self.check_webhook("scanning_completed", expected_topic, expected_message)
|
||||
|
||||
def test_scanning_completed_no_vulnerability(self) -> None:
|
||||
expected_topic = "test123/test-image"
|
||||
|
||||
expected_message = """
|
||||
Image scan completed for `test123/test-image:latest`. Vulnerabilities by severity:
|
||||
|
||||
None
|
||||
""".strip()
|
||||
|
||||
self.check_webhook("scanning_completed_no_vulnerability", expected_topic, expected_message)
|
||||
|
|
|
@ -12,12 +12,12 @@ from zerver.lib.webhooks.common import check_send_webhook_message
|
|||
from zerver.models import Realm, UserProfile
|
||||
|
||||
IGNORED_EVENTS = [
|
||||
"downloadChart",
|
||||
"deleteChart",
|
||||
"uploadChart",
|
||||
"pullImage",
|
||||
"deleteImage",
|
||||
"scanningFailed",
|
||||
"DOWNLOAD_CHART",
|
||||
"DELETE_CHART",
|
||||
"UPLOAD_CHART",
|
||||
"PULL_ARTIFACT",
|
||||
"DELETE_ARTIFACT",
|
||||
"SCANNING_FAILED",
|
||||
]
|
||||
|
||||
|
||||
|
@ -45,14 +45,6 @@ def handle_push_image_event(
|
|||
return f"{operator_username} pushed image `{image_name}:{image_tag}`"
|
||||
|
||||
|
||||
VULNERABILITY_SEVERITY_NAME_MAP = {
|
||||
1: "None",
|
||||
2: "Unknown",
|
||||
3: "Low",
|
||||
4: "Medium",
|
||||
5: "High",
|
||||
}
|
||||
|
||||
SCANNING_COMPLETED_TEMPLATE = """
|
||||
Image scan completed for `{image_name}:{image_tag}`. Vulnerabilities by severity:
|
||||
|
||||
|
@ -64,12 +56,17 @@ def handle_scanning_completed_event(
|
|||
payload: Dict[str, Any], user_profile: UserProfile, operator_username: str
|
||||
) -> str:
|
||||
scan_results = ""
|
||||
scan_summaries = payload["event_data"]["resources"][0]["scan_overview"]["components"]["summary"]
|
||||
summaries_sorted = sorted(scan_summaries, key=lambda x: x["severity"], reverse=True)
|
||||
for scan_summary in summaries_sorted:
|
||||
scan_results += "* {}: **{}**\n".format(
|
||||
VULNERABILITY_SEVERITY_NAME_MAP[scan_summary["severity"]], scan_summary["count"]
|
||||
)
|
||||
scan_overview = payload["event_data"]["resources"][0]["scan_overview"]
|
||||
if "application/vnd.security.vulnerability.report; version=1.1" not in scan_overview:
|
||||
raise UnsupportedWebhookEventType("Unsupported harbor scanning webhook payload")
|
||||
scan_summaries = scan_overview["application/vnd.security.vulnerability.report; version=1.1"][
|
||||
"summary"
|
||||
]["summary"]
|
||||
if len(scan_summaries) > 0:
|
||||
for severity, count in scan_summaries.items():
|
||||
scan_results += "* {}: **{}**\n".format(severity, count)
|
||||
else:
|
||||
scan_results += "None\n"
|
||||
|
||||
return SCANNING_COMPLETED_TEMPLATE.format(
|
||||
image_name=payload["event_data"]["repository"]["repo_full_name"],
|
||||
|
@ -79,8 +76,8 @@ def handle_scanning_completed_event(
|
|||
|
||||
|
||||
EVENT_FUNCTION_MAPPER = {
|
||||
"pushImage": handle_push_image_event,
|
||||
"scanningCompleted": handle_scanning_completed_event,
|
||||
"PUSH_ARTIFACT": handle_push_image_event,
|
||||
"SCANNING_COMPLETED": handle_scanning_completed_event,
|
||||
}
|
||||
|
||||
ALL_EVENT_TYPES = list(EVENT_FUNCTION_MAPPER.keys())
|
||||
|
|
Loading…
Reference in New Issue