gRPC API & internals redesign #432
Conversation
api/v2/clairpb/clair.proto
Outdated
| @@ -26,57 +27,63 @@ message Vulnerability { | |||
| string link = 4; | |||
| string severity = 5; | |||
| string metadata = 6; | |||
| // fixed_by only exists when querying features | |||
There was a problem hiding this comment.
Can we treat comments like Go ones? Full sentences 80 char lines.
api/v2/clairpb/clair.proto
Outdated
| } | ||
|
|
||
| message Feature { | ||
| message ClairStatus { | ||
| // all listers and detectors implemented in this clair version |
There was a problem hiding this comment.
Is this what Clair is built with or configured with?
There was a problem hiding this comment.
all built-in listers/detectors. The listers and detectors are not configurable now, should I add that to this PR?
There was a problem hiding this comment.
Nope, we can do that later, just as long as nothing here prevents us from doing so.
api/v2/clairpb/clair.proto
Outdated
| string name = 2; | ||
| } | ||
|
|
||
| message PagedVulnerableAncestries { | ||
| string this_token = 1; | ||
| string next_token = 2; |
There was a problem hiding this comment.
maybe rename these 'current_page' and 'next_page'
api/v2/rpc.go
Outdated
| if err != nil { | ||
| return nil, status.Error(codes.Internal, err.Error()) | ||
| } | ||
|
|
There was a problem hiding this comment.
any reason you don't defer the rollback here and instead explicitly call it for each branch below?
There was a problem hiding this comment.
I don't think Rollback() should ever be called after Commit() on success.
There was a problem hiding this comment.
Rollback() from database/sql actually is safe to do this and is considered an idiomatic pattern to do so. I think it makes sense both ways, though.
KeyboardNerd
force-pushed
the
ancestry_
branch
5 times, most recently
from
2a479a9 to
47e2e2a
Compare
KeyboardNerd
force-pushed
the
ancestry_
branch
3 times, most recently
from
3e3b9c8 to
4c0b6ac
Compare
|
I'm using my analyze_local_images fork's py tools to test the APIs, which seems to work properly. I'll do more concurrency tests and the web hook tests. Besides the implementation of new schema and analyzing functions, I also added the knob to control feature listers and namespace detectors to scan the layers and updaters to fetch vuln src. |
database/models.go
Outdated
|
|
||
| // For output purposes. Only make sense when the feature version is in the context of an image. | ||
| AddedBy Layer | ||
| // AffectedFeature is used determine whether a namespaced feature is affected. |
There was a problem hiding this comment.
AffectedFeature is used to determine whether a namespaced feature is affected by a Vulnerability.
api/v2/clairpb/convert.go
Outdated
| return nil, err | ||
| } | ||
|
|
||
| // encrypt page numbers |
There was a problem hiding this comment.
this isn't a particularly useful comment
api/v2/clairpb/convert.go
Outdated
| } | ||
|
|
||
| // encrypt page numbers | ||
| nextToken, err := dbVuln.Next.Encrypt(paginationKey) |
There was a problem hiding this comment.
What happens when there is no next page? Is there a special constant for that or does this function need to handle nil?
api/v2/clairpb/convert.go
Outdated
| }, | ||
| }, nil | ||
| } | ||
| pbOldVuln, err := PagedVulnerableAncestriesFromDatabaseModel(dbOldVuln, paginationKey) |
There was a problem hiding this comment.
What happens if there is no old vulnerability? Doesn't this need to handle nil?
api/v2/rpc.go
Outdated
| } | ||
|
|
||
| if !ok { | ||
| return nil, status.Error(codes.NotFound, "requested ancestry \""+ancestry.Name+" \" is not found") |
There was a problem hiding this comment.
raw string literals will make this easier to read
return nil, status.Error(`requested ancestry "` + ancestry.Name + `" is not found`)| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
worker.go
Outdated
| } | ||
|
|
||
| log.WithFields(log.Fields{logLayerName: name, "path": cleanURL(path), "engine version": Version, "parent layer": parentName, "format": imageFormat}).Debug("processing layer") | ||
| // TODO: to fix, when there are duplicated layers |
There was a problem hiding this comment.
actually it's not true! the layers are deduplicated before the function call
worker.go
Outdated
| if err != nil { | ||
| return | ||
| return err | ||
| } |
worker.go
Outdated
| // version format -> feature ID -> feature | ||
| features := map[string]map[string]database.NamespacedFeature{} | ||
| for _, layer := range ancestryLayers { | ||
| // at start of the loop, namespaces and features always contain the previous |
There was a problem hiding this comment.
capital at the start of sentences, end with periods, lol grammar
worker_test.go
Outdated
| _ "github.com/coreos/clair/ext/featurefmt/dpkg" | ||
| _ "github.com/coreos/clair/ext/featurefmt/rpm" | ||
| "github.com/coreos/clair/ext/featurens" |
There was a problem hiding this comment.
pull these up to where they used to be
Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed.
KeyboardNerd
force-pushed
the
ancestry_
branch
from
167a97c to
a5c6400
Compare
|
I think we should rename the API package to just "api" or "v3" (because Clair v3) in order to avoid confusion. After that I think this is safe to merge! |
gRPC API & internals redesign
This is a large Pull Request that will contain a number of chunks. For easier code review, the Clair V3 PR will contains these commits separately.