chore!: remove JFrog integration (#17353)

- Removes displaying XRay scan results in the dashboard. I'm not sure
  anyone was even using this integration so it's just debt for us to
  maintain. We can open up a separate issue to get rid of the db tables
  once we know for sure that we haven't broken anyone.
This commit is contained in:
Jon Ayers
2025-04-11 14:45:21 -04:00
committed by GitHub
parent 15584e69ef
commit c06ef7c1eb
23 changed files with 2 additions and 1102 deletions

View File

@ -470,16 +470,6 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
r.Get("/", api.userQuietHoursSchedule)
r.Put("/", api.putUserQuietHoursSchedule)
})
r.Route("/integrations", func(r chi.Router) {
r.Use(
apiKeyMiddleware,
api.jfrogEnabledMW,
)
r.Post("/jfrog/xray-scan", api.postJFrogXrayScan)
r.Get("/jfrog/xray-scan", api.jFrogXrayScan)
})
// The /notifications base route is mounted by the AGPL router, so we can't group it here.
// Additionally, because we have a static route for /notifications/templates/system which conflicts
// with the below route, we need to register this route without any mounts or groups to make both work.

View File

@ -1,120 +0,0 @@
package coderd
import (
"net/http"
"github.com/google/uuid"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/codersdk"
)
// Post workspace agent results for a JFrog XRay scan.
//
// @Summary Post JFrog XRay scan by workspace agent ID.
// @ID post-jfrog-xray-scan-by-workspace-agent-id
// @Security CoderSessionToken
// @Accept json
// @Produce json
// @Tags Enterprise
// @Param request body codersdk.JFrogXrayScan true "Post JFrog XRay scan request"
// @Success 200 {object} codersdk.Response
// @Router /integrations/jfrog/xray-scan [post]
func (api *API) postJFrogXrayScan(rw http.ResponseWriter, r *http.Request) {
ctx := r.Context()
var req codersdk.JFrogXrayScan
if !httpapi.Read(ctx, rw, r, &req) {
return
}
err := api.Database.UpsertJFrogXrayScanByWorkspaceAndAgentID(ctx, database.UpsertJFrogXrayScanByWorkspaceAndAgentIDParams{
WorkspaceID: req.WorkspaceID,
AgentID: req.AgentID,
// #nosec G115 - Vulnerability counts are small and fit in int32
Critical: int32(req.Critical),
// #nosec G115 - Vulnerability counts are small and fit in int32
High: int32(req.High),
// #nosec G115 - Vulnerability counts are small and fit in int32
Medium: int32(req.Medium),
ResultsUrl: req.ResultsURL,
})
if httpapi.Is404Error(err) {
httpapi.ResourceNotFound(rw)
return
}
if err != nil {
httpapi.InternalServerError(rw, err)
return
}
httpapi.Write(ctx, rw, http.StatusCreated, codersdk.Response{
Message: "Successfully inserted JFrog XRay scan!",
})
}
// Get workspace agent results for a JFrog XRay scan.
//
// @Summary Get JFrog XRay scan by workspace agent ID.
// @ID get-jfrog-xray-scan-by-workspace-agent-id
// @Security CoderSessionToken
// @Produce json
// @Tags Enterprise
// @Param workspace_id query string true "Workspace ID"
// @Param agent_id query string true "Agent ID"
// @Success 200 {object} codersdk.JFrogXrayScan
// @Router /integrations/jfrog/xray-scan [get]
func (api *API) jFrogXrayScan(rw http.ResponseWriter, r *http.Request) {
var (
ctx = r.Context()
vals = r.URL.Query()
p = httpapi.NewQueryParamParser()
wsID = p.RequiredNotEmpty("workspace_id").UUID(vals, uuid.UUID{}, "workspace_id")
agentID = p.RequiredNotEmpty("agent_id").UUID(vals, uuid.UUID{}, "agent_id")
)
if len(p.Errors) > 0 {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: "Invalid query params.",
Validations: p.Errors,
})
return
}
scan, err := api.Database.GetJFrogXrayScanByWorkspaceAndAgentID(ctx, database.GetJFrogXrayScanByWorkspaceAndAgentIDParams{
WorkspaceID: wsID,
AgentID: agentID,
})
if httpapi.Is404Error(err) {
httpapi.ResourceNotFound(rw)
return
}
if err != nil {
httpapi.InternalServerError(rw, err)
return
}
httpapi.Write(ctx, rw, http.StatusOK, codersdk.JFrogXrayScan{
WorkspaceID: scan.WorkspaceID,
AgentID: scan.AgentID,
Critical: int(scan.Critical),
High: int(scan.High),
Medium: int(scan.Medium),
ResultsURL: scan.ResultsUrl,
})
}
func (api *API) jfrogEnabledMW(next http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
// This doesn't actually use the external auth feature but we want
// to lock this behind an enterprise license and it's somewhat
// related to external auth (in that it is JFrog integration).
if !api.Entitlements.Enabled(codersdk.FeatureMultipleExternalAuth) {
httpapi.RouteNotFound(rw)
return
}
next.ServeHTTP(rw, r)
})
}

View File

@ -1,122 +0,0 @@
package coderd_test
import (
"net/http"
"testing"
"github.com/stretchr/testify/require"
"github.com/coder/coder/v2/coderd/coderdtest"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/database/dbfake"
"github.com/coder/coder/v2/coderd/rbac"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/enterprise/coderd/coderdenttest"
"github.com/coder/coder/v2/enterprise/coderd/license"
"github.com/coder/coder/v2/testutil"
)
func TestJFrogXrayScan(t *testing.T) {
t.Parallel()
t.Run("Post/Get", func(t *testing.T) {
t.Parallel()
ownerClient, db, owner := coderdenttest.NewWithDatabase(t, &coderdenttest.Options{
LicenseOptions: &coderdenttest.LicenseOptions{
Features: license.Features{codersdk.FeatureMultipleExternalAuth: 1},
},
})
tac, ta := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID, rbac.RoleTemplateAdmin())
wsResp := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
OrganizationID: owner.OrganizationID,
OwnerID: ta.ID,
}).WithAgent().Do()
ws := coderdtest.MustWorkspace(t, tac, wsResp.Workspace.ID)
require.Len(t, ws.LatestBuild.Resources, 1)
require.Len(t, ws.LatestBuild.Resources[0].Agents, 1)
agentID := ws.LatestBuild.Resources[0].Agents[0].ID
expectedPayload := codersdk.JFrogXrayScan{
WorkspaceID: ws.ID,
AgentID: agentID,
Critical: 19,
High: 5,
Medium: 3,
ResultsURL: "https://hello-world",
}
ctx := testutil.Context(t, testutil.WaitMedium)
err := tac.PostJFrogXrayScan(ctx, expectedPayload)
require.NoError(t, err)
resp1, err := tac.JFrogXRayScan(ctx, ws.ID, agentID)
require.NoError(t, err)
require.Equal(t, expectedPayload, resp1)
// Can update again without error.
expectedPayload = codersdk.JFrogXrayScan{
WorkspaceID: ws.ID,
AgentID: agentID,
Critical: 20,
High: 22,
Medium: 8,
ResultsURL: "https://goodbye-world",
}
err = tac.PostJFrogXrayScan(ctx, expectedPayload)
require.NoError(t, err)
resp2, err := tac.JFrogXRayScan(ctx, ws.ID, agentID)
require.NoError(t, err)
require.NotEqual(t, expectedPayload, resp1)
require.Equal(t, expectedPayload, resp2)
})
t.Run("MemberPostUnauthorized", func(t *testing.T) {
t.Parallel()
ownerClient, db, owner := coderdenttest.NewWithDatabase(t, &coderdenttest.Options{
LicenseOptions: &coderdenttest.LicenseOptions{
Features: license.Features{codersdk.FeatureMultipleExternalAuth: 1},
},
})
memberClient, member := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID)
wsResp := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
OrganizationID: owner.OrganizationID,
OwnerID: member.ID,
}).WithAgent().Do()
ws := coderdtest.MustWorkspace(t, memberClient, wsResp.Workspace.ID)
require.Len(t, ws.LatestBuild.Resources, 1)
require.Len(t, ws.LatestBuild.Resources[0].Agents, 1)
agentID := ws.LatestBuild.Resources[0].Agents[0].ID
expectedPayload := codersdk.JFrogXrayScan{
WorkspaceID: ws.ID,
AgentID: agentID,
Critical: 19,
High: 5,
Medium: 3,
ResultsURL: "https://hello-world",
}
ctx := testutil.Context(t, testutil.WaitMedium)
err := memberClient.PostJFrogXrayScan(ctx, expectedPayload)
require.Error(t, err)
cerr, ok := codersdk.AsError(err)
require.True(t, ok)
require.Equal(t, http.StatusNotFound, cerr.StatusCode())
err = ownerClient.PostJFrogXrayScan(ctx, expectedPayload)
require.NoError(t, err)
// We should still be able to fetch.
resp1, err := memberClient.JFrogXRayScan(ctx, ws.ID, agentID)
require.NoError(t, err)
require.Equal(t, expectedPayload, resp1)
})
}