Skip to content

Commit b66e25e

Browse files
authored
fix: Use ingestion API for unknown package flow (#266)
* fix: [SA] Trigger unknown package using Ingestion API. * pip-compile comment updated. * changed conversion mechanism. * updated dependency versions and used custom data type from utis. * PyLint Fix * Added utils as a direct dependency. * Removed flag for unknown package flow ingestion. * Resolved conflits.
1 parent 7556cf4 commit b66e25e

6 files changed

Lines changed: 63 additions & 88 deletions

File tree

openshift/template.yaml

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -101,8 +101,6 @@ objects:
101101
value: "metrics-accumulator"
102102
- name: METRICS_ENDPOINT_URL_PORT
103103
value: "5200"
104-
- name: DISABLE_UNKNOWN_PACKAGE_FLOW
105-
value: ${DISABLE_UNKNOWN_PACKAGE_FLOW}
106104

107105
image: "${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${IMAGE_TAG}"
108106
name: f8a-server-backbone
@@ -228,10 +226,3 @@ parameters:
228226
required: false
229227
name: FLASK_LOGGING_LEVEL
230228
value: "INFO"
231-
232-
- description: Flag to enable or disable the unknown package ingetion flow
233-
displayName: DISABLE UNKNOWN PACKAGE FLOW
234-
required: false
235-
name: DISABLE_UNKNOWN_PACKAGE_FLOW
236-
value: "0"
237-

requirements.in

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,5 +9,5 @@ pydantic
99
psycopg2-binary
1010
sqlalchemy
1111
raven[flask]
12-
f8a_worker @ git+https://github.com/fabric8-analytics/fabric8-analytics-worker.git@066c2f6#egg=f8a_worker
13-
f8a_utils @ git+https://github.com/fabric8-analytics/fabric8-analytics-utils.git@5a5ce60#egg=f8a_utils
12+
f8a_worker @ git+https://github.com/fabric8-analytics/fabric8-analytics-worker.git@cf7b8a7#egg=f8a_worker
13+
f8a_utils @ git+https://github.com/fabric8-analytics/fabric8-analytics-utils.git@95ebbf2#egg=f8a_utils

requirements.txt

Lines changed: 11 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
#
55
# pip-compile --output-file=requirements.txt requirements.in
66
#
7-
amqp==5.0.2 # via kombu
7+
amqp==2.6.1 # via kombu
88
anymarkup-core==0.8.1 # via anymarkup
99
anymarkup==0.8.1 # via f8a-worker
1010
attrs==20.3.0 # via jsonschema
@@ -14,20 +14,19 @@ blinker==1.4 # via raven
1414
boto3==1.16.25 # via f8a-worker
1515
botocore==1.19.25 # via boto3, f8a-worker, s3transfer
1616
bs4==0.0.1 # via f8a-utils
17-
celery==5.0.2 # via selinon
17+
celery==4.4.7 # via f8a-worker
1818
certifi==2020.11.8 # via requests
1919
cffi==1.14.4 # via cryptography
2020
chardet==3.0.4 # via requests
21-
click-didyoumean==0.0.3 # via celery
22-
click-repl==0.1.6 # via celery
23-
click==7.1.2 # via anymarkup, celery, click-didyoumean, click-repl, flask, selinon
21+
click==7.1.2 # via anymarkup, flask, selinon
2422
codegen==1.0 # via selinon
2523
colorama==0.4.4 # via rainbow-logging-handler
2624
configobj==5.0.6 # via anymarkup
2725
cryptography==3.2.1 # via f8a-utils
28-
git+https://github.com/fabric8-analytics/fabric8-analytics-utils.git@5a5ce60#egg=f8a_utils # via -r requirements.in, f8a-worker
26+
dataclasses==0.8 # via pydantic
27+
git+https://github.com/fabric8-analytics/fabric8-analytics-utils.git@95ebbf2#egg=f8a_utils # via -r requirements.in, f8a-worker
2928
git+https://github.com/fabric8-analytics/fabric8-analytics-version-comparator.git@8a57ac7#egg=f8a_version_comparator # via f8a-utils
30-
git+https://github.com/fabric8-analytics/fabric8-analytics-worker.git@066c2f6#egg=f8a_worker # via -r requirements.in
29+
git+https://github.com/fabric8-analytics/fabric8-analytics-worker.git@cf7b8a7#egg=f8a_worker # via -r requirements.in
3130
flask-cors==3.0.9 # via -r requirements.in
3231
flask==1.1.2 # via -r requirements.in, flask-cors, raven
3332
gevent==20.9.0 # via -r requirements.in
@@ -45,11 +44,10 @@ jmespath==0.10.0 # via boto3, botocore
4544
jsl==0.2.4 # via f8a-worker
4645
json5==0.9.5 # via anymarkup
4746
jsonschema==3.2.0 # via f8a-worker, selinon
48-
kombu==5.0.2 # via celery
47+
kombu==4.6.11 # via celery
4948
logutils==0.3.5 # via rainbow-logging-handler
5049
lxml==4.6.2 # via f8a-utils, f8a-worker
5150
markupsafe==1.1.1 # via jinja2
52-
prompt-toolkit==3.0.8 # via click-repl
5351
psycopg2-binary==2.8.6 # via -r requirements.in
5452
pycparser==2.20 # via cffi
5553
pydantic==1.7.2 # via -r requirements.in
@@ -59,21 +57,20 @@ pytz==2020.4 # via celery
5957
pyyaml==5.3.1 # via anymarkup, f8a-worker, selinon
6058
rainbow-logging-handler==2.2.2 # via selinon
6159
raven[flask]==6.10.0 # via -r requirements.in, f8a-worker
62-
requests-futures==1.0.0 # via -r requirements.in, f8a-worker
60+
requests-futures==1.0.0 # via -r requirements.in, f8a-utils, f8a-worker
6361
requests==2.25.0 # via -r requirements.in, f8a-utils, f8a-worker, requests-futures
6462
s3transfer==0.3.3 # via boto3
65-
selinon[celery]==1.0.0 # via f8a-worker
63+
selinon==1.0.0 # via f8a-worker
6664
semantic-version==2.8.5 # via -r requirements.in, f8a-worker
6765
semver==2.13.0 # via f8a-utils
68-
six==1.15.0 # via anymarkup-core, click-repl, configobj, cryptography, flask-cors, jsonschema, python-dateutil, tenacity
66+
six==1.15.0 # via anymarkup-core, configobj, cryptography, flask-cors, jsonschema, python-dateutil, tenacity
6967
smmap==3.0.4 # via gitdb
7068
soupsieve==2.0.1 # via beautifulsoup4
7169
sqlalchemy==1.3.20 # via -r requirements.in, f8a-worker
7270
tenacity==6.2.0 # via f8a-utils, f8a-worker
7371
toml==0.9.4 # via anymarkup, f8a-worker
7472
urllib3==1.26.2 # via botocore, requests
75-
vine==5.0.0 # via amqp, celery
76-
wcwidth==0.2.5 # via prompt-toolkit
73+
vine==1.3.0 # via amqp, celery
7774
werkzeug==1.0.1 # via f8a-worker, flask
7875
xmltodict==0.12.0 # via anymarkup
7976
zipp==3.4.0 # via importlib-metadata

src/v2/stack_aggregator.py

Lines changed: 23 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,10 @@
1313

1414
from typing import Dict, List, Tuple, Set
1515
from f8a_utils.gh_utils import GithubUtils
16+
from f8a_utils.ingestion_utils import unknown_package_flow
1617

1718
from src.settings import AggregatorSettings
18-
from src.utils import (select_latest_version, server_create_analysis,
19+
from src.utils import (select_latest_version,
1920
persist_data_in_db, post_gremlin, GREMLIN_QUERY_SIZE,
2021
format_date)
2122
from src.v2.models import (StackAggregatorRequest, GitHubDetails, PackageDetails,
@@ -26,6 +27,7 @@
2627
from src.v2.normalized_packages import NormalizedPackages, GoNormalizedPackages
2728
from src.v2.license_service import (get_license_analysis_for_stack,
2829
get_license_service_request_payload)
30+
from f8a_utils import ingestion_utils
2931

3032
logger = logging.getLogger(__name__)
3133
_TRUE = ['true', True, 1, '1']
@@ -306,19 +308,17 @@ def get_result(self) -> StackAggregatorResult:
306308

307309
def initiate_unknown_package_ingestion(self):
308310
"""Ingestion of Unknown dependencies."""
309-
if AggregatorSettings().disable_unknown_package_flow:
310-
logger.warning('Skipping unknown flow %s', self.get_all_unknown_packages())
311-
return
312-
313311
ecosystem = self._normalized_packages.ecosystem
312+
pkg_list = self.get_all_unknown_packages()
313+
unknown_pkgs = set(map(lambda pkg: ingestion_utils.Package(package=pkg.name,
314+
version=pkg.version), pkg_list))
314315
try:
315-
for dep in self.get_all_unknown_packages():
316-
server_create_analysis(ecosystem, dep.name, dep.version, api_flow=True,
317-
force=False, force_graph_sync=True)
318-
except Exception as e: # pylint:disable=W0703,C0103
319-
logger.error('Ingestion failed for {%s, %s, %s}',
320-
ecosystem, dep.name, dep.version)
321-
logger.error(e)
316+
unknown_package_flow(ecosystem, unknown_pkgs)
317+
except Exception as e:
318+
logger.error('Unknown ingestion failed with %s', e)
319+
else:
320+
logger.debug('Unknown ingestion executed for %s packages in %s ecosystem',
321+
len(pkg_list), ecosystem)
322322

323323

324324
class StackAggregator:
@@ -383,10 +383,17 @@ def __init__(self, request: StackAggregatorRequest = None,
383383

384384
def initiate_unknown_package_ingestion(self):
385385
"""Ingestion of Unknown dependencies."""
386-
if AggregatorSettings().disable_unknown_package_flow:
387-
logger.warning('Skipping unknown flow %s', self.get_all_unknown_packages())
388-
return
389-
logger.error('Ingestion is Not active for Golang.')
386+
ecosystem = self._normalized_packages.ecosystem
387+
pkg_list = self.get_all_unknown_packages()
388+
unknown_pkgs = set(map(lambda pkg: ingestion_utils.Package(package=pkg.name,
389+
version=pkg.version), pkg_list))
390+
try:
391+
unknown_package_flow(ecosystem, unknown_pkgs)
392+
except Exception as e:
393+
logger.error('Unknown ingestion failed with %s', e)
394+
else:
395+
logger.debug('Unknown ingestion executed for %s packages in %s ecosystem',
396+
len(pkg_list), ecosystem)
390397

391398
def _get_package_details_with_vulnerabilities(self) -> List[Dict[str, object]]:
392399
"""Get package data from graph along with vulnerability."""

tests/requirements.txt

Lines changed: 26 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,9 @@
22
# This file is autogenerated by pip-compile
33
# To update, run:
44
#
5-
# pip-compile --output-file=tests/requirements.txt tests/requirements.in
5+
# pip-compile --output-file=requirements.txt requirements.in
66
#
7-
amqp==5.0.2 # via kombu
7+
amqp==2.6.1 # via kombu
88
anymarkup-core==0.8.1 # via anymarkup
99
anymarkup==0.8.1 # via f8a-worker
1010
attrs==20.3.0 # via jsonschema, pytest
@@ -14,32 +14,31 @@ blinker==1.4 # via raven
1414
boto3==1.16.25 # via f8a-worker
1515
botocore==1.19.25 # via boto3, f8a-worker, s3transfer
1616
bs4==0.0.1 # via f8a-utils
17-
celery==5.0.2 # via selinon
17+
celery==4.4.7 # via f8a-worker
1818
certifi==2020.11.8 # via requests
1919
cffi==1.14.4 # via cryptography
2020
chardet==3.0.4 # via requests
21-
click-didyoumean==0.0.3 # via celery
22-
click-repl==0.1.6 # via celery
23-
click==7.1.2 # via anymarkup, celery, click-didyoumean, click-repl, flask, selinon
24-
codecov==2.1.10 # via -r tests/requirements.in
21+
click==7.1.2 # via anymarkup, flask, selinon
22+
codecov==2.1.10 # via -r requirements.in
2523
codegen==1.0 # via selinon
2624
colorama==0.4.4 # via radon, rainbow-logging-handler
2725
configobj==5.0.6 # via anymarkup
2826
coverage==5.3 # via codecov, pytest-cov
2927
cryptography==3.2.1 # via f8a-utils
30-
git+https://github.com/fabric8-analytics/fabric8-analytics-utils.git@5a5ce60#egg=f8a_utils # via -r tests/../requirements.in, f8a-worker
28+
dataclasses==0.8 # via pydantic
29+
git+https://github.com/fabric8-analytics/fabric8-analytics-utils.git@95ebbf2#egg=f8a_utils # via -r ../requirements.in, f8a-worker
3130
git+https://github.com/fabric8-analytics/fabric8-analytics-version-comparator.git@8a57ac7#egg=f8a_version_comparator # via f8a-utils
32-
git+https://github.com/fabric8-analytics/fabric8-analytics-worker.git@066c2f6#egg=f8a_worker # via -r tests/../requirements.in
33-
flask-cors==3.0.9 # via -r tests/../requirements.in
34-
flask==1.1.2 # via -r tests/../requirements.in, flask-cors, raven
31+
git+https://github.com/fabric8-analytics/fabric8-analytics-worker.git@cf7b8a7#egg=f8a_worker # via -r ../requirements.in
32+
flask-cors==3.0.9 # via -r ../requirements.in
33+
flask==1.1.2 # via -r ../requirements.in, flask-cors, raven
3534
future==0.18.2 # via radon
36-
gevent==20.9.0 # via -r tests/../requirements.in
35+
gevent==20.9.0 # via -r ../requirements.in
3736
git2json==0.2.3 # via f8a-worker
3837
gitdb==4.0.5 # via gitpython
3938
gitpython==3.1.11 # via f8a-worker
4039
graphviz==0.15 # via selinon
4140
greenlet==0.4.17 # via gevent
42-
gunicorn==20.0.4 # via -r tests/../requirements.in
41+
gunicorn==20.0.4 # via -r ../requirements.in
4342
idna==2.10 # via requests
4443
importlib-metadata==3.1.0 # via jsonschema, kombu, pluggy, pytest
4544
iniconfig==1.1.1 # via pytest
@@ -49,43 +48,41 @@ jmespath==0.10.0 # via boto3, botocore
4948
jsl==0.2.4 # via f8a-worker
5049
json5==0.9.5 # via anymarkup
5150
jsonschema==3.2.0 # via f8a-worker, selinon
52-
kombu==5.0.2 # via celery
51+
kombu==4.6.11 # via celery
5352
logutils==0.3.5 # via rainbow-logging-handler
5453
lxml==4.6.2 # via f8a-utils, f8a-worker
5554
mando==0.6.4 # via radon
5655
markupsafe==1.1.1 # via jinja2
5756
packaging==20.5 # via pytest
5857
pluggy==0.13.1 # via pytest
59-
prompt-toolkit==3.0.8 # via click-repl
60-
psycopg2-binary==2.8.6 # via -r tests/../requirements.in
58+
psycopg2-binary==2.8.6 # via -r ../requirements.in
6159
py==1.9.0 # via pytest
6260
pycparser==2.20 # via cffi
63-
pydantic==1.7.2 # via -r tests/../requirements.in
61+
pydantic==1.7.2 # via -r ../requirements.in
6462
pyparsing==2.4.7 # via packaging
6563
pyrsistent==0.17.3 # via jsonschema
66-
pytest-cov==2.10.1 # via -r tests/requirements.in
67-
pytest==6.1.2 # via -r tests/requirements.in, pytest-cov
64+
pytest-cov==2.10.1 # via -r requirements.in
65+
pytest==6.1.2 # via -r requirements.in, pytest-cov
6866
python-dateutil==2.8.1 # via botocore
6967
pytz==2020.4 # via celery
7068
pyyaml==5.3.1 # via anymarkup, f8a-worker, selinon
71-
radon==4.3.2 # via -r tests/requirements.in
69+
radon==4.3.2 # via -r requirements.in
7270
rainbow-logging-handler==2.2.2 # via selinon
73-
raven[flask]==6.10.0 # via -r tests/../requirements.in, f8a-worker
74-
requests-futures==1.0.0 # via -r tests/../requirements.in, f8a-worker
75-
requests==2.25.0 # via -r tests/../requirements.in, codecov, f8a-utils, f8a-worker, requests-futures
71+
raven[flask]==6.10.0 # via -r ../requirements.in, f8a-worker
72+
requests-futures==1.0.0 # via -r ../requirements.in, f8a-utils, f8a-worker
73+
requests==2.25.0 # via -r ../requirements.in, codecov, f8a-utils, f8a-worker, requests-futures
7674
s3transfer==0.3.3 # via boto3
77-
selinon[celery]==1.0.0 # via f8a-worker
78-
semantic-version==2.8.5 # via -r tests/../requirements.in, f8a-worker
75+
selinon==1.0.0 # via f8a-worker
76+
semantic-version==2.8.5 # via -r ../requirements.in, f8a-worker
7977
semver==2.13.0 # via f8a-utils
80-
six==1.15.0 # via anymarkup-core, click-repl, configobj, cryptography, flask-cors, jsonschema, mando, python-dateutil, tenacity
78+
six==1.15.0 # via anymarkup-core, configobj, cryptography, flask-cors, jsonschema, mando, python-dateutil, tenacity
8179
smmap==3.0.4 # via gitdb
8280
soupsieve==2.0.1 # via beautifulsoup4
83-
sqlalchemy==1.3.20 # via -r tests/../requirements.in, f8a-worker
81+
sqlalchemy==1.3.20 # via -r ../requirements.in, f8a-worker
8482
tenacity==6.2.0 # via f8a-utils, f8a-worker
8583
toml==0.9.4 # via anymarkup, f8a-worker, pytest
8684
urllib3==1.26.2 # via botocore, requests
87-
vine==5.0.0 # via amqp, celery
88-
wcwidth==0.2.5 # via prompt-toolkit
85+
vine==1.3.0 # via amqp, celery
8986
werkzeug==1.0.1 # via f8a-worker, flask
9087
xmltodict==0.12.0 # via anymarkup
9188
zipp==3.4.0 # via importlib-metadata

tests/v2/test_stack_aggregator.py

Lines changed: 1 addition & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -203,24 +203,7 @@ def test_with_2_public_vuln_for_registered(_mock_license, _mock_gremlin):
203203
vulnerable_dependencies[0].public_vulnerabilities) == 2
204204

205205

206-
@mock.patch('src.v2.stack_aggregator.server_create_analysis')
207-
@mock.patch('src.v2.stack_aggregator.post_gremlin')
208-
def test_unknown_flow_with_disabled_flag(_mock_gremlin, _mock_unknown, monkeypatch):
209-
"""Test unknown flow."""
210-
with open("tests/v2/data/graph_response_2_public_vuln.json", "r") as fin:
211-
_mock_gremlin.return_value = json.load(fin)
212-
213-
payload = _request_body()
214-
# add unknown package as direct dependency
215-
payload['packages'].append(_SIX.dict())
216-
217-
# Disabled unknown flow check
218-
monkeypatch.setenv('DISABLE_UNKNOWN_PACKAGE_FLOW', '1')
219-
StackAggregator().execute(payload, persist=False)
220-
_mock_unknown.assert_not_called()
221-
222-
223-
@mock.patch('src.v2.stack_aggregator.server_create_analysis')
206+
@mock.patch('src.v2.stack_aggregator.unknown_package_flow')
224207
@mock.patch('src.v2.stack_aggregator.post_gremlin')
225208
@mock.patch('src.v2.stack_aggregator.get_license_analysis_for_stack')
226209
def test_unknown_flow(_mock_license, _mock_gremlin, _mock_unknown):

0 commit comments

Comments
 (0)