TC-1794 Update to guac v0.7.2 (#77)

TC-1794 Update to guac v0.7.2 Signed-off-by: mrizzi <mrizzi@redhat.com>
trustification · Sep 23, 2024 · 2cf484d · 2cf484d
1 parent c8ad69d
commit 2cf484d
Show file tree

Hide file tree

Showing 62 changed files with 13,484 additions and 7,448 deletions.
diff --git a/cli/Cargo.toml b/cli/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "guac-cli"
-version = "0.3.1"
+version = "0.7.2-0"
 edition = "2021"
 license = "Apache-2.0"
 description = "A command-line interface for working with [Guac](https://guac.sh)."

diff --git a/example/compose/.env b/example/compose/.env
@@ -2,8 +2,8 @@ TRUST_IMAGE=ghcr.io/trustification/trust:latest
 VEXINATION_API_PORT=8081
 BOMBASTIC_API_PORT=8082
 
-GUAC_IMAGE=ghcr.io/trustification/guac:v0.3.0-s3fix
+GUAC_IMAGE=ghcr.io/trustification/guac:v0.7.2-RC2
 #GUAC_IMAGE=local-organic-guac
 GUAC_API_PORT=8085
 GUAC_CSUB_PORT=8086
-GUAC_URL=http://localhost:8085/query
+GUAC_URL=http://localhost:8085/query
diff --git a/example/compose/container_files/guac/guac.yaml b/example/compose/container_files/guac/guac.yaml
@@ -12,7 +12,7 @@ csub-addr: guac-collectsub:2782
 csub-listen-port: 2782
 
 # graphql
-gql-backend: inmem
+gql-backend: keyvalue
 gql-listen-port: 8080
 gql-debug: true
 gql-test-data: false

diff --git a/lib/Cargo.toml b/lib/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "guac"
-version = "0.3.1"
+version = "0.7.2-0"
 edition = "2021"
 license = "Apache-2.0"
 description = "A library that provides toolkit for working with [Guac](https://guac.sh) from Rust."

diff --git a/lib/proto/collectsub.proto b/lib/proto/collectsub.proto
@@ -19,46 +19,46 @@ option go_package = "github.com/guacsec/guac/pkg/collectsub";
 package guacsec.guac.collect_subscriber.schema;
 
 enum CollectDataType {
-    DATATYPE_UNKNOWN = 0;
-    DATATYPE_GIT = 1;
-    DATATYPE_OCI = 2;
-    DATATYPE_PURL = 3;
-    DATATYPE_GITHUB_RELEASE = 4;
+  DATATYPE_UNKNOWN = 0;
+  DATATYPE_GIT = 1;
+  DATATYPE_OCI = 2;
+  DATATYPE_PURL = 3;
+  DATATYPE_GITHUB_RELEASE = 4;
 }
 
 // Generic types
 message CollectEntry {
-    CollectDataType type = 1;
-    string value = 2;
+  CollectDataType type = 1;
+  string value = 2;
+  int64 since_time = 3;
 }
 
-// rpc AddCollectEntry
+// rpc AddCollectEntries
 message AddCollectEntriesRequest {
-    repeated CollectEntry entries = 1;
+  repeated CollectEntry entries = 1;
 }
 
 message AddCollectEntriesResponse {
-    bool success = 1;
+  bool success = 1;
 }
 
-
 // rpc GetCollectEntries
 message CollectEntryFilter {
-    CollectDataType type = 1;
-    string glob = 2;
+  CollectDataType type = 1;
+  string glob = 2;
 }
 
 message GetCollectEntriesRequest {
-    repeated CollectEntryFilter filters = 1;
-    // since_time in unix epoch
-    int64 since_time = 2;
+  repeated CollectEntryFilter filters = 1;
+  // since_time in unix epoch
+  int64 since_time = 2;
 }
 
 message GetCollectEntriesResponse {
-    repeated CollectEntry entries = 1;
+  repeated CollectEntry entries = 1;
 }
 
-service ColectSubscriberService {
+service CollectSubscriberService {
   rpc AddCollectEntries(AddCollectEntriesRequest) returns (AddCollectEntriesResponse);
-  rpc GetCollectEntries (GetCollectEntriesRequest) returns (GetCollectEntriesResponse);
+  rpc GetCollectEntries (GetCollectEntriesRequest) returns (stream GetCollectEntriesResponse);
 }
diff --git a/lib/src/client/intrinsic/artifact/mod.rs b/lib/src/client/intrinsic/artifact/mod.rs
@@ -0,0 +1,8 @@
+use crate::client::Id;
+
+#[derive(Default, Debug, Clone)]
+pub struct ArtifactSpec {
+    pub id: Option<Id>,
+    pub algorithm: Option<String>,
+    pub digest: Option<String>,
+}
diff --git a/lib/src/client/intrinsic/certify_bad/ingest.rs b/lib/src/client/intrinsic/certify_bad/ingest.rs
@@ -1,5 +1,5 @@
 use crate::client::intrinsic::certify_bad::CertifyBadInputSpec;
-use crate::client::intrinsic::package::{PackageQualifierInputSpec, PkgInputSpec};
+use crate::client::intrinsic::package::{IDorPkgInput, PackageQualifierInputSpec, PkgInputSpec};
 use crate::client::intrinsic::{MatchFlags, PackageSourceOrArtifactInput, PkgMatchType};
 use chrono::Utc;
 use graphql_client::GraphQLQuery;
@@ -38,6 +38,7 @@ impl From<&CertifyBadInputSpec> for ingest_certify_bad::CertifyBadInputSpec {
             origin: value.origin.clone(),
             collector: value.collector.clone(),
             known_since: value.known_since,
+            document_ref: value.document_ref.clone(),
         }
     }
 }
@@ -55,6 +56,18 @@ impl From<&PkgInputSpec> for ingest_certify_bad::PkgInputSpec {
     }
 }
 
+impl From<&IDorPkgInput> for ingest_certify_bad::IDorPkgInput {
+    fn from(value: &IDorPkgInput) -> Self {
+        Self {
+            package_type_id: value.package_type_id.clone(),
+            package_namespace_id: value.package_namespace_id.clone(),
+            package_name_id: value.package_name_id.clone(),
+            package_version_id: value.package_version_id.clone(),
+            package_input: value.package_input.as_ref().map(|inner| inner.into()),
+        }
+    }
+}
+
 impl From<&PackageQualifierInputSpec> for ingest_certify_bad::PackageQualifierInputSpec {
     fn from(value: &PackageQualifierInputSpec) -> Self {
         Self {

diff --git a/lib/src/client/intrinsic/certify_bad/mod.rs b/lib/src/client/intrinsic/certify_bad/mod.rs
@@ -83,6 +83,7 @@ pub struct CertifyBadSpec {
     pub origin: Option<String>,
     pub collector: Option<String>,
     pub known_since: Option<Time>,
+    pub document_ref: Option<String>,
 }
 
 impl From<&PackageUrl<'_>> for CertifyBadSpec {
@@ -102,4 +103,5 @@ pub struct CertifyBadInputSpec {
     pub origin: String,
     pub collector: String,
     pub known_since: Time,
+    pub document_ref: String,
 }
diff --git a/lib/src/client/intrinsic/certify_bad/query.rs b/lib/src/client/intrinsic/certify_bad/query.rs
@@ -24,6 +24,7 @@ impl From<&CertifyBadSpec> for query_certify_bad::CertifyBadSpec {
             origin: value.origin.clone(),
             collector: value.collector.clone(),
             known_since: value.known_since,
+            document_ref: value.document_ref.clone(),
         }
     }
 }

diff --git a/lib/src/client/intrinsic/certify_good/ingest.rs b/lib/src/client/intrinsic/certify_good/ingest.rs
@@ -2,7 +2,7 @@ use chrono::Utc;
 use graphql_client::GraphQLQuery;
 
 use crate::client::intrinsic::certify_good::CertifyGoodInputSpec;
-use crate::client::intrinsic::package::{PackageQualifierInputSpec, PkgInputSpec};
+use crate::client::intrinsic::package::{IDorPkgInput, PackageQualifierInputSpec, PkgInputSpec};
 use crate::client::intrinsic::{MatchFlags, PackageSourceOrArtifactInput, PkgMatchType};
 
 type Time = chrono::DateTime<Utc>;
@@ -39,6 +39,7 @@ impl From<&CertifyGoodInputSpec> for ingest_certify_good::CertifyGoodInputSpec {
             origin: value.origin.clone(),
             collector: value.collector.clone(),
             known_since: value.known_since,
+            document_ref: value.document_ref.clone(),
         }
     }
 }
@@ -56,6 +57,18 @@ impl From<&PkgInputSpec> for ingest_certify_good::PkgInputSpec {
     }
 }
 
+impl From<&IDorPkgInput> for ingest_certify_good::IDorPkgInput {
+    fn from(value: &IDorPkgInput) -> Self {
+        Self {
+            package_type_id: value.package_type_id.clone(),
+            package_namespace_id: value.package_namespace_id.clone(),
+            package_name_id: value.package_name_id.clone(),
+            package_version_id: value.package_version_id.clone(),
+            package_input: value.package_input.as_ref().map(|inner| inner.into()),
+        }
+    }
+}
+
 impl From<&PackageQualifierInputSpec> for ingest_certify_good::PackageQualifierInputSpec {
     fn from(value: &PackageQualifierInputSpec) -> Self {
         Self {

diff --git a/lib/src/client/intrinsic/certify_good/mod.rs b/lib/src/client/intrinsic/certify_good/mod.rs
@@ -83,6 +83,7 @@ pub struct CertifyGoodSpec {
     pub origin: Option<String>,
     pub collector: Option<String>,
     pub known_since: Option<Time>,
+    pub document_ref: Option<String>,
 }
 
 impl From<&PackageUrl<'_>> for CertifyGoodSpec {
@@ -101,4 +102,5 @@ pub struct CertifyGoodInputSpec {
     pub origin: String,
     pub collector: String,
     pub known_since: Time,
+    pub document_ref: String,
 }
diff --git a/lib/src/client/intrinsic/certify_good/query.rs b/lib/src/client/intrinsic/certify_good/query.rs
@@ -25,6 +25,7 @@ impl From<&CertifyGoodSpec> for query_certify_good::CertifyGoodSpec {
             origin: value.origin.clone(),
             collector: value.collector.clone(),
             known_since: value.known_since,
+            document_ref: value.document_ref.clone(),
         }
     }
 }

diff --git a/lib/src/client/intrinsic/certify_vex_statement/certify_vex_statement.gql b/lib/src/client/intrinsic/certify_vex_statement/certify_vex_statement.gql
@@ -46,7 +46,7 @@ fragment allCertifyVEXStatementTree on CertifyVEXStatement {
     collector
 }
 
-mutation IngestCertifyVexStatement($subject: PackageOrArtifactInput!, $vulnerability: VulnerabilityInputSpec!, $vex_statement: VexStatementInputSpec!) {
+mutation IngestCertifyVexStatement($subject: PackageOrArtifactInput!, $vulnerability: IDorVulnerabilityInput!, $vex_statement: VexStatementInputSpec!) {
     ingestVEXStatement(
         subject: $subject
         vulnerability: $vulnerability
@@ -58,7 +58,7 @@ query QueryCertifyVexStatement($certify_vex_statement_spec: CertifyVEXStatementS
     CertifyVEXStatement(
         certifyVEXStatementSpec: $certify_vex_statement_spec
     ) {
-      ...allCertifyVEXStatementTree
+        ...allCertifyVEXStatementTree
     }
 
 }
diff --git a/lib/src/client/intrinsic/certify_vex_statement/ingest.rs b/lib/src/client/intrinsic/certify_vex_statement/ingest.rs
@@ -1,6 +1,6 @@
 use crate::client::intrinsic::certify_vex_statement::{VexJustification, VexStatementInputSpec, VexStatus};
-use crate::client::intrinsic::package::{PackageQualifierInputSpec, PkgInputSpec};
-use crate::client::intrinsic::vulnerability::{Vulnerability, VulnerabilityInputSpec};
+use crate::client::intrinsic::package::{IDorPkgInput, PackageQualifierInputSpec, PkgInputSpec};
+use crate::client::intrinsic::vulnerability::{IDorVulnerabilityInput, Vulnerability, VulnerabilityInputSpec};
 use crate::client::intrinsic::PackageOrArtifactInput;
 use chrono::Utc;
 use graphql_client::GraphQLQuery;
@@ -40,6 +40,28 @@ impl From<&PkgInputSpec> for ingest_certify_vex_statement::PkgInputSpec {
     }
 }
 
+impl From<&IDorPkgInput> for ingest_certify_vex_statement::IDorPkgInput {
+    fn from(value: &IDorPkgInput) -> Self {
+        Self {
+            package_type_id: value.package_type_id.clone(),
+            package_namespace_id: value.package_namespace_id.clone(),
+            package_name_id: value.package_name_id.clone(),
+            package_version_id: value.package_version_id.clone(),
+            package_input: value.package_input.as_ref().map(|inner| inner.into()),
+        }
+    }
+}
+
+impl From<&IDorVulnerabilityInput> for ingest_certify_vex_statement::IDorVulnerabilityInput {
+    fn from(value: &IDorVulnerabilityInput) -> Self {
+        Self {
+            vulnerability_type_id: value.vulnerability_type_id.clone(),
+            vulnerability_node_id: value.vulnerability_node_id.clone(),
+            vulnerability_input: value.vulnerability_input.as_ref().map(|inner| inner.into()),
+        }
+    }
+}
+
 impl From<&VulnerabilityInputSpec> for ingest_certify_vex_statement::VulnerabilityInputSpec {
     fn from(value: &VulnerabilityInputSpec) -> Self {
         Self {
@@ -68,6 +90,7 @@ impl From<&VexStatementInputSpec> for ingest_certify_vex_statement::VexStatement
             known_since: value.known_since,
             origin: value.origin.clone(),
             collector: value.collector.clone(),
+            document_ref: value.document_ref.clone(),
         }
     }
 }

diff --git a/lib/src/client/intrinsic/certify_vex_statement/mod.rs b/lib/src/client/intrinsic/certify_vex_statement/mod.rs
@@ -4,7 +4,7 @@ mod query;
 use super::vulnerability::Vulnerability;
 use crate::client::intrinsic::certify_vex_statement::ingest::IngestCertifyVexStatement;
 use crate::client::intrinsic::certify_vex_statement::query::{query_certify_vex_statement, QueryCertifyVexStatement};
-use crate::client::intrinsic::vulnerability::{VulnerabilityInputSpec, VulnerabilitySpec};
+use crate::client::intrinsic::vulnerability::{IDorVulnerabilityInput, VulnerabilitySpec};
 use crate::client::intrinsic::{IntrinsicGuacClient, PackageOrArtifact, PackageOrArtifactInput, PackageOrArtifactSpec};
 use crate::client::{Error, Id};
 use chrono::Utc;
@@ -17,7 +17,7 @@ impl IntrinsicGuacClient {
     pub async fn ingest_certify_vex_statement(
         &self,
         subject: &PackageOrArtifactInput,
-        vulnerability: &VulnerabilityInputSpec,
+        vulnerability: &IDorVulnerabilityInput,
         vex_statement: &VexStatementInputSpec,
     ) -> Result<Id, Error> {
         use self::ingest::ingest_certify_vex_statement;
@@ -110,6 +110,7 @@ pub struct VexStatementInputSpec {
     pub known_since: Time,
     pub origin: String,
     pub collector: String,
+    pub document_ref: String,
 }
 
 #[derive(Debug, Default)]
@@ -124,4 +125,5 @@ pub struct CertifyVexStatementSpec {
     pub known_since: Option<Time>,
     pub origin: Option<String>,
     pub collector: Option<String>,
+    pub document_ref: Option<String>,
 }
diff --git a/lib/src/client/intrinsic/certify_vex_statement/query.rs b/lib/src/client/intrinsic/certify_vex_statement/query.rs
@@ -40,6 +40,7 @@ impl From<&CertifyVexStatementSpec> for query_certify_vex_statement::CertifyVEXS
             known_since: value.known_since,
             origin: value.origin.clone(),
             collector: value.collector.clone(),
+            document_ref: value.document_ref.clone(),
         }
     }
 }

diff --git a/lib/src/client/intrinsic/certify_vuln/certify_vuln.gql b/lib/src/client/intrinsic/certify_vuln/certify_vuln.gql
@@ -37,10 +37,11 @@ fragment allCertifyVulnTree on CertifyVuln {
         timeScanned
         origin
         collector
+        documentRef
     }
 }
 
-mutation IngestCertifyVuln($package: PkgInputSpec!, $vulnerability: VulnerabilityInputSpec!, $meta: ScanMetadataInput!) {
+mutation IngestCertifyVuln($package: IDorPkgInput!, $vulnerability: IDorVulnerabilityInput!, $meta: ScanMetadataInput!) {
     ingestCertifyVuln(
         pkg: $package
         vulnerability: $vulnerability

diff --git a/lib/src/client/intrinsic/certify_vuln/ingest.rs b/lib/src/client/intrinsic/certify_vuln/ingest.rs
@@ -3,8 +3,8 @@ use chrono::Utc;
 use graphql_client::GraphQLQuery;
 
 use crate::client::intrinsic::certify_vuln::ScanMetadataInput;
-use crate::client::intrinsic::package::{PackageQualifierInputSpec, PkgInputSpec};
-use crate::client::intrinsic::vulnerability::VulnerabilityInputSpec;
+use crate::client::intrinsic::package::{IDorPkgInput, PackageQualifierInputSpec, PkgInputSpec};
+use crate::client::intrinsic::vulnerability::{IDorVulnerabilityInput, VulnerabilityInputSpec};
 
 type Time = chrono::DateTime<Utc>;
 
@@ -51,6 +51,7 @@ impl From<&ScanMetadataInput> for ingest_certify_vuln::ScanMetadataInput {
             scanner_version: value.scanner_version.clone(),
             origin: value.origin.clone(),
             collector: value.collector.clone(),
+            document_ref: value.document_ref.clone(),
         }
     }
 }
@@ -63,3 +64,25 @@ impl From<&PackageQualifierInputSpec> for ingest_certify_vuln::PackageQualifierI
         }
     }
 }
+
+impl From<&IDorPkgInput> for ingest_certify_vuln::IDorPkgInput {
+    fn from(value: &IDorPkgInput) -> Self {
+        Self {
+            package_type_id: value.package_type_id.clone(),
+            package_namespace_id: value.package_namespace_id.clone(),
+            package_name_id: value.package_name_id.clone(),
+            package_version_id: value.package_version_id.clone(),
+            package_input: value.package_input.as_ref().map(|pkg| pkg.into()),
+        }
+    }
+}
+
+impl From<&IDorVulnerabilityInput> for ingest_certify_vuln::IDorVulnerabilityInput {
+    fn from(vuln: &IDorVulnerabilityInput) -> Self {
+        Self {
+            vulnerability_input: vuln.vulnerability_input.as_ref().map(|vuln| vuln.into()),
+            vulnerability_node_id: vuln.vulnerability_node_id.clone(),
+            vulnerability_type_id: vuln.vulnerability_type_id.clone(),
+        }
+    }
+}