Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1942716: Fix different Image Manifest Vulnerabilities issues #8474

Merged
merged 3 commits into from
Apr 8, 2021
Merged

Bug 1942716: Fix different Image Manifest Vulnerabilities issues #8474

merged 3 commits into from
Apr 8, 2021

Conversation

jerolimov
Copy link
Member

@jerolimov jerolimov commented Mar 25, 2021
edited
Loading

Fixes:
https://issues.redhat.com/browse/OCPBUGSM-26924
https://bugzilla.redhat.com/show_bug.cgi?id=1942716

Analysis / Root cause:
While analyse bug report https://bugzilla.redhat.com/show_bug.cgi?id=1942716 I found three different small issues:

  1. The original color issue where medium severity issues are yellow and low severity issue are orange.
  2. When the user changed the order to "Highest severity" the IMV entries are not ordered correctly. The current order was Critical, High, Low, Medium
  3. When using the search, select IMVs as resource and switch from a project to all projects the app crashs and shows a white screen.

Solution Description:

  1. 0d10db8 Switched both colors
  2. 6156234 Implement a custom order function
  3. 76c8351 Ensure that props.match.params is defined when checking these params.

Screen shots / Gifs for design review:
@openshift/team-devconsole-ux

Admin dashboard with vulnerabilities before (invalid colors):
val-before

After (fixed colors):
val-after

Vulnerability search result before (invalid colors and wrong order):
val-before-wrong-order-as-well

After (fixed colors and order):
order-after

Unit test coverage report:

 PASS  packages/container-security/src/components/__tests__/image-manifest-vuln.spec.tsx (5.833s)
  totalCount
    ✓ should return 0 if vuln status not present
    ✓ Total vuln should be 2
  highestSeverityIndex
    ✓ should return the correct indexes for different priorities
    ✓ renders donut chart with breakdown of vulnerabilities by severity (7ms)
    ✓ renders text breakdown of vulnerabilities by severity (5ms)

Test setup:

  1. Install Quay Container Security operator
  2. Create the 4 deployments below to import Pods with different vulnerabilities.
  3. For the three issues:
    a. Search for IMVs, check the colors
    b. Order by "Highest severity"
    c. switch between your project and all projects
apiVersion: apps/v1
kind: Deployment
metadata:
  name: appvuln-critical
  labels:
    app: appvuln-critical
spec:
  replicas: 1
  selector:
    matchLabels:
      app: appvuln-critical
  template:
    metadata:
      labels:
        app: appvuln-critical
    spec:
      containers:
      - name: appvuln
        image: quay.io/coreos/awscli:master
        command: ["sleep", "123456"]
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: appvuln-high
  labels:
    app: appvuln-high
spec:
  replicas: 1
  selector:
    matchLabels:
      app: appvuln-high
  template:
    metadata:
      labels:
        app: appvuln-high
    spec:
      containers:
      - name: appvuln
        image: quay.io/coreos/helm:release-4.4
        command: ["sleep", "123456"]
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: appvuln-medium
  labels:
    app: appvuln-medium
spec:
  replicas: 1
  selector:
    matchLabels:
      app: appvuln-medium
  template:
    metadata:
      labels:
        app: appvuln-medium
    spec:
      containers:
      - name: appvuln
        image: quay.io/coreos/etcd-operator:v0.7.0
        command: ["sleep", "123456"]
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: appvuln-low
  labels:
    app: appvuln-low
spec:
  replicas: 1
  selector:
    matchLabels:
      app: appvuln-low
  template:
    metadata:
      labels:
        app: appvuln-low
    spec:
      containers:
      - name: appvuln
        image: quay.io/andrewrothstein/ansible-podman:debian_bullseye
        command: ["sleep", "123456"]

Browser conformance:

  • Chrome
  • Firefox
  • Safari
  • Edge

@openshift-ci-robot openshift-ci-robot added bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Mar 25, 2021
@openshift-ci-robot
Copy link
Contributor

@jerolimov: This pull request references Bugzilla bug 1942716, which is invalid:

  • expected the bug to target the "4.8.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1942716: Fix small Image Manifest Vulnerabilities issues

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jerolimov jerolimov changed the title Bug 1942716: Fix small Image Manifest Vulnerabilities issues Bug 1942716: Fix different Image Manifest Vulnerabilities issues Mar 25, 2021
@jerolimov
Copy link
Member Author

/kind bug

@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Mar 25, 2021
@jerolimov
Copy link
Member Author

/bugzilla refresh

@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Mar 25, 2021
@openshift-ci-robot
Copy link
Contributor

@jerolimov: This pull request references Bugzilla bug 1942716, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.8.0) matches configured target release for branch (4.8.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

No GitHub users were found matching the public email listed for the QA contact in Bugzilla (gamore@redhat.com), skipping review request.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot removed the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Mar 25, 2021
@openshift-ci-robot
Copy link
Contributor

@jerolimov: This pull request references Bugzilla bug 1942716, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.8.0) matches configured target release for branch (4.8.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

No GitHub users were found matching the public email listed for the QA contact in Bugzilla (gamore@redhat.com), skipping review request.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jerolimov
Copy link
Member Author

/retest

@openshift-ci-robot
Copy link
Contributor

@jerolimov: This pull request references Bugzilla bug 1942716, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.8.0) matches configured target release for branch (4.8.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

No GitHub users were found matching the public email listed for the QA contact in Bugzilla (gamore@redhat.com), skipping review request.

In response to this:

Bug 1942716: Fix different Image Manifest Vulnerabilities issues

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@debsmita1
Copy link
Contributor

tried out the changes, it works fine
/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 29, 2021
@jerolimov
Copy link
Member Author

jerolimov commented Apr 6, 2021
edited
Loading

/assign @rohitkrai03 @andrewballantyne

Can one of you review / approve this change? Thanks :)

@christianvogt
Copy link
Contributor

/approve

@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: christianvogt, debsmita1, jerolimov

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 7, 2021
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

3 similar comments
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit 75003db into openshift:master Apr 8, 2021
@openshift-ci-robot
Copy link
Contributor

@jerolimov: All pull requests linked via external trackers have merged:

Bugzilla bug 1942716 has been moved to the MODIFIED state.

In response to this:

Bug 1942716: Fix different Image Manifest Vulnerabilities issues

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@spadgett spadgett added this to the v4.8 milestone Apr 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kyoto kyoto Awaiting requested review from kyoto

@TheRealJon TheRealJon Awaiting requested review from TheRealJon

@debsmita1 debsmita1 Awaiting requested review from debsmita1

Assignees

@rohitkrai03 rohitkrai03

@andrewballantyne andrewballantyne

@debsmita1 debsmita1

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
v4.8
Development

Successfully merging this pull request may close these issues.
9 participants
@jerolimov @openshift-ci-robot @debsmita1 @christianvogt @openshift-bot @spadgett @rohitkrai03 @andrewballantyne @openshift-merge-robot