[ROX-12358] Follow up on vulnerability request proto change

CHANGELOG.md

@@ -49,6 +49,7 @@ Please avoid adding duplicate information across this changelog and JIRA/doc inp
   `pods`, `events`, and `namespaces`. This fixes an issue when generating diagnostic bundles to now correctly include all relevant information within the namespace of central.
 - ROX-13265: Fix missing rationale and remediation texts for default policy "Deployments should have at least one ingress Network Policy"
 - ROX-13500: Previously, deployment YAML check on V1 CronJob workload would cause Central to panic. This is now fixed.
+- `cves.ids` field of `storage.VulnerabilityRequest` object, which is in the response of `VulnerabilityRequestService` (`/v1/cve/requests/`) endpoints, has been renamed to `cves.cves`.
 
 ## [3.72.0]
 
@@ -178,7 +179,7 @@ Please avoid adding duplicate information across this changelog and JIRA/doc inp
 
 ## [69.0]
 
-- `collector` image with `-slim` in the image tag is no longer published (`collector-slim` with suffix in the image name will continue to be published).
+- `collector` image with `-slim` image tag is no longer published (`collector-slim` with suffix in the image name will continue to be published).
 - `collector-rhel`, `main-rhel`, `scanner-rhel`, and `scanner-db-rhel` images are not published any more. These images were identical to non-rhel ones since version 3.66.
 - Increased default Scanner memory limit from 3000 MiB to 4GiB.
 - API changes/deprecations:

central/cve/common/utils.go

@@ -30,7 +30,7 @@ func SuppressCVEReqToVulnReq(request *v1.SuppressCVERequest, createdAt *types.Ti
 		},
 		Entities: &storage.VulnerabilityRequest_Cves{
 			Cves: &storage.VulnerabilityRequest_CVEs{
-				Ids: request.GetCves(),
+				Cves: request.GetCves(),
 			},
 		},
 		Req: &storage.VulnerabilityRequest_DeferralReq{
@@ -57,7 +57,7 @@ func UnSuppressCVEReqToVulnReq(request *v1.UnsuppressCVERequest) *storage.Vulner
 		},
 		Entities: &storage.VulnerabilityRequest_Cves{
 			Cves: &storage.VulnerabilityRequest_CVEs{
-				Ids: request.GetCves(),
+				Cves: request.GetCves(),
 			},
 		},
 	}

central/graphql/resolvers/search_test.go

@@ -16,7 +16,7 @@ import (
 	policyMocks "github.com/stackrox/rox/central/policy/datastore/mocks"
 	k8sroleMocks "github.com/stackrox/rox/central/rbac/k8srole/datastore/mocks"
 	k8srolebindingMocks "github.com/stackrox/rox/central/rbac/k8srolebinding/datastore/mocks"
-	search2 "github.com/stackrox/rox/central/search"
+	globalSearch "github.com/stackrox/rox/central/search"
 	secretMocks "github.com/stackrox/rox/central/secret/datastore/mocks"
 	serviceAccountMocks "github.com/stackrox/rox/central/serviceaccount/datastore/mocks"
 	v1 "github.com/stackrox/rox/generated/api/v1"
@@ -64,7 +64,7 @@ func TestSearchCategories(t *testing.T) {
 	searchCategories := resolver.getAutoCompleteSearchers()
 	searchFuncs := resolver.getSearchFuncs()
 
-	for globalCategory := range search2.GetGlobalSearchCategories() {
+	for globalCategory := range globalSearch.GetGlobalSearchCategories() {
 		if globalCategory == v1.SearchCategory_IMAGE_INTEGRATIONS {
 			continue
 		}

central/graphql/resolvers/vulnerability_requests_test.go

@@ -99,7 +99,7 @@ const (
 			expiresWhenFixed
 		}
 		cves {
-			ids
+			cves
 		}`
 )
 
@@ -131,7 +131,7 @@ type vulnResponse struct {
 	DeferralReq        *expiryResponse `json:"deferralReq"`
 	UpdatedDeferralReq *expiryResponse `json:"updatedDeferralReq"`
 	Cves               struct {
-		Ids []string `json:"ids"`
+		Cves []string `json:"cves"`
 	} `json:"cves"`
 }
 
@@ -813,7 +813,7 @@ func (s *VulnRequestResolverTestSuite) TestGetVulnerabilityRequests() {
 				if !ok {
 					s.Fail("Got unexpected request given query")
 				}
-				s.validateReturnedRequest(r, req.GetCves().GetIds()[0], storage.VulnerabilityState_DEFERRED, req.GetStatus(), false, img)
+				s.validateReturnedRequest(r, req.GetCves().GetCves()[0], storage.VulnerabilityState_DEFERRED, req.GetStatus(), false, img)
 				s.validateDeferralReq(r, false, req.GetDeferralReq().GetExpiry().GetExpiresOn())
 			}
 		})
@@ -888,7 +888,7 @@ func (s *VulnRequestResolverTestSuite) verifyRequestInStore(id string, state sto
 
 func (s *VulnRequestResolverTestSuite) validateReturnedRequest(ret vulnResponse, cve string, state storage.VulnerabilityState, status storage.RequestStatus, expired bool, img *storage.Image) {
 	s.NotNil(ret)
-	s.Equal(ret.Cves.Ids, []string{cve})
+	s.Equal(ret.Cves.Cves, []string{cve})
 	s.Equal(state.String(), ret.TargetState)
 	s.Equal(status.String(), ret.Status)
 	s.Equal(expired, ret.Expired)

central/vulnerabilityrequest/cache/cache_impl.go

@@ -176,7 +176,7 @@ func (c *vulnReqCacheImpl) addNoLock(request *storage.VulnerabilityRequest) bool
 		return false
 	}
 	cveMap := make(map[string]struct{})
-	for _, cve := range request.GetCves().GetIds() {
+	for _, cve := range request.GetCves().GetCves() {
 		cveMap[cve] = struct{}{}
 	}
 	c.vulnReqByScope[scope][request.GetId()] = &slimRequest{

central/vulnerabilityrequest/manager/requestmgr/manager_impl.go

@@ -80,7 +80,7 @@ func (m *managerImpl) Create(ctx context.Context, req *storage.VulnerabilityRequ
 	}
 
 	// Find all requests for this CVE that are active and approved
-	reqs, err := m.vulnReqs.SearchRawRequests(ctx, utils.GetQueryForApprovedReqsWithSimilarScope(req.GetCves().GetIds()...))
+	reqs, err := m.vulnReqs.SearchRawRequests(ctx, utils.GetQueryForApprovedReqsWithSimilarScope(req.GetCves().GetCves()...))
 	if err != nil {
 		return errors.Wrap(err, "could not search for other vulnerability requests")
 	}
@@ -194,8 +194,8 @@ func (m *managerImpl) SnoozeVulnerabilityOnRequest(_ context.Context, request *s
 			continue
 		}
 		// Determine the effective for the cves in the image scope.
-		cveStateMap := m.activeReqCache.GetEffectiveVulnStateForImage(request.GetCves().GetIds(), img.GetName().GetRegistry(), img.GetName().GetRemote(), img.GetName().GetTag())
-		for _, cve := range request.GetCves().GetIds() {
+		cveStateMap := m.activeReqCache.GetEffectiveVulnStateForImage(request.GetCves().GetCves(), img.GetName().GetRegistry(), img.GetName().GetRemote(), img.GetName().GetTag())
+		for _, cve := range request.GetCves().GetCves() {
 			if err := m.images.UpdateVulnerabilityState(allAccessCtx, cve, []string{imageID}, cveStateMap[cve]); err != nil {
 				return errors.Wrapf(err, "could not un-snooze vulnerabilities for request %s", request.GetId())
 			}
@@ -233,8 +233,8 @@ func (m *managerImpl) UnSnoozeVulnerabilityOnRequest(_ context.Context, request
 			continue
 		}
 		// Determine the effective for the cves in the image scope.
-		cveStateMap := m.activeReqCache.GetEffectiveVulnStateForImage(request.GetCves().GetIds(), img.GetName().GetRegistry(), img.GetName().GetRemote(), img.GetName().GetTag())
-		for _, cve := range request.GetCves().GetIds() {
+		cveStateMap := m.activeReqCache.GetEffectiveVulnStateForImage(request.GetCves().GetCves(), img.GetName().GetRegistry(), img.GetName().GetRemote(), img.GetName().GetTag())
+		for _, cve := range request.GetCves().GetCves() {
 			if err := m.images.UpdateVulnerabilityState(allAccessCtx, cve, []string{imageID}, cveStateMap[cve]); err != nil {
 				return errors.Wrapf(err, "could not un-snooze vulnerabilities for request %s", request.GetId())
 			}
@@ -403,9 +403,8 @@ func (m *managerImpl) getFixableDeferrals() ([]*storage.VulnerabilityRequest, er
 	}
 	var fixableReqs []*storage.VulnerabilityRequest
 	for _, res := range results {
-		for _, cve := range res.GetCves().GetIds() {
+		for _, cve := range res.GetCves().GetCves() {
 			qb := search.NewQueryBuilder().AddBools(search.Fixable, true)
-
 			// TODO: Determine if it's worth checking cvePkg.ContainsComponentBasedCVE(cve.GetTypes()) before doing this. It would involve going to the data store to read CVE data
 			// This is only necessary if somehow there ended up being a deferral on a cluster CVE. Or if it goes from an image cve to node cve
 			// TODO: Test what happens if it's a cluster cve

central/vulnerabilityrequest/manager/requestmgr/manager_impl_test.go

@@ -579,14 +579,14 @@ func (s *VulnRequestManagerTestSuite) TestReObserveFixableDeferrals() {
 	unfixableCVE := img.GetScan().GetComponents()[0].GetVulns()[2].GetCve()
 
 	timedDeferral := newDeferral("timed-deferral", false, storage.RequestStatus_DENIED, protoconv.ConvertTimeToTimestamp(time.Now().Add(1*time.Hour)))
-	timedDeferral.Entities = &storage.VulnerabilityRequest_Cves{Cves: &storage.VulnerabilityRequest_CVEs{Ids: []string{fixableCVE}}}
+	timedDeferral.Entities = &storage.VulnerabilityRequest_Cves{Cves: &storage.VulnerabilityRequest_CVEs{Cves: []string{fixableCVE}}}
 
 	fixableDeferralPendingUpdate := newDeferralExpiresWhenFixed("fixable-defferal-pending-update", fixableCVE, false, storage.RequestStatus_APPROVED, nil)
 	fixableDeferralPendingUpdate.UpdatedReq =
 		&storage.VulnerabilityRequest_UpdatedDeferralReq{UpdatedDeferralReq: &storage.DeferralRequest{Expiry: &storage.RequestExpiry{Expiry: &storage.RequestExpiry_ExpiresOn{ExpiresOn: protoconv.ConvertTimeToTimestamp(time.Now().Add(1 * time.Hour))}}}}
 
 	timedDeferralPendingUpdate := newDeferral("timed-deferral-pending-update", false, storage.RequestStatus_APPROVED_PENDING_UPDATE, protoconv.ConvertTimeToTimestamp(time.Now().Add(30*24*time.Hour)))
-	timedDeferralPendingUpdate.Entities = &storage.VulnerabilityRequest_Cves{Cves: &storage.VulnerabilityRequest_CVEs{Ids: []string{fixableCVE}}}
+	timedDeferralPendingUpdate.Entities = &storage.VulnerabilityRequest_Cves{Cves: &storage.VulnerabilityRequest_CVEs{Cves: []string{fixableCVE}}}
 	timedDeferralPendingUpdate.UpdatedReq =
 		&storage.VulnerabilityRequest_UpdatedDeferralReq{UpdatedDeferralReq: &storage.DeferralRequest{Expiry: &storage.RequestExpiry{Expiry: &storage.RequestExpiry_ExpiresWhenFixed{ExpiresWhenFixed: true}}}}
 
@@ -763,7 +763,7 @@ func newDeferralExpiresWhenFixed(id, cve string, expired bool, status storage.Re
 		},
 		Entities: &storage.VulnerabilityRequest_Cves{
 			Cves: &storage.VulnerabilityRequest_CVEs{
-				Ids: []string{cve},
+				Cves: []string{cve},
 			},
 		},
 	}
@@ -789,7 +789,7 @@ func newFalsePositive(id, cve string, expired bool, status storage.RequestStatus
 		},
 		Entities: &storage.VulnerabilityRequest_Cves{
 			Cves: &storage.VulnerabilityRequest_CVEs{
-				Ids: []string{cve},
+				Cves: []string{cve},
 			},
 		},
 	}

central/vulnerabilityrequest/utils/util.go

@@ -53,7 +53,7 @@ func CreateVulnRequestProto(ctx context.Context, reqType storage.VulnerabilitySt
 		},
 		Entities: &storage.VulnerabilityRequest_Cves{
 			Cves: &storage.VulnerabilityRequest_CVEs{
-				Ids: []string{cve},
+				Cves: []string{cve},
 			},
 		},
 		Scope: scope,
@@ -108,7 +108,7 @@ func GetAffectedImagesQuery(request *storage.VulnerabilityRequest, query *v1.Que
 func GetImageQueryForVulnReq(request *storage.VulnerabilityRequest) (*v1.Query, error) {
 	requestScope := request.GetScope()
 	if requestScope.GetGlobalScope() != nil {
-		return search.NewQueryBuilder().AddExactMatches(search.CVE, request.GetCves().GetIds()...).ProtoQuery(), nil
+		return search.NewQueryBuilder().AddExactMatches(search.CVE, request.GetCves().GetCves()...).ProtoQuery(), nil
 	}
 
 	if imageScope := requestScope.GetImageScope(); imageScope != nil {

central/vulnerabilityrequest/validator/validate.go

@@ -116,7 +116,7 @@ func validateScope(req *storage.VulnerabilityRequest) error {
 }
 
 func validateEntities(req *storage.VulnerabilityRequest) error {
-	if len(req.GetCves().GetIds()) == 0 {
+	if len(req.GetCves().GetCves()) == 0 {
 		return errors.New("request must indicate the vulnerabilities for which request is opened")
 	}
 	return nil

central/vulnerabilityrequest/validator/validator_test.go

@@ -19,7 +19,7 @@ func TestValidateNewSuppressVulnRequest(t *testing.T) {
 		Scope:       getImageScope("docker.io", "stackrox/main", "latest"),
 		Entities: &storage.VulnerabilityRequest_Cves{
 			Cves: &storage.VulnerabilityRequest_CVEs{
-				Ids: []string{"cve1"},
+				Cves: []string{"cve1"},
 			},
 		},
 		Req: &storage.VulnerabilityRequest_DeferralReq{