From 6982717f255e87f3e2f1797ac3469f088b9b8693 Mon Sep 17 00:00:00 2001 From: Sampath Kumar Date: Wed, 23 Nov 2022 18:48:11 +0100 Subject: [PATCH] migrate code from googleapis/python-containeranalysis (#8529) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Container Analysis samples [(#2258)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/2258) added container analysis samples and tests * Update samples.py [(#2263)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/2263) fixed typo in region tag * Adds updates including compute [(#2436)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/2436) * Adds updates including compute * Python 2 compat pytest * Fixing weird \r\n issue from GH merge * Put asset tests back in * Re-add pod operator test * Hack parameter for k8s pod operator * fix: Use different versions of pytest for python 2 and python3 [(#2558)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/2558) * fix: Use different versions of pytest for python 2 and python3 * fix: delete extra pytest dep * fix: update pytest dependencies in requirements.txt * Simplify noxfile setup. [(#2806)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/2806) * chore(deps): update dependency requests to v2.23.0 * Simplify noxfile and add version control. * Configure appengine/standard to only test Python 2.7. * Update Kokokro configs to match noxfile. * Add requirements-test to each folder. * Remove Py2 versions from everything execept appengine/standard. * Remove conftest.py. * Remove appengine/standard/conftest.py * Remove 'no-sucess-flaky-report' from pytest.ini. * Add GAE SDK back to appengine/standard tests. * Fix typo. * Roll pytest to python 2 version. * Add a bunch of testing requirements. * Remove typo. * Add appengine lib directory back in. * Add some additional requirements. * Fix issue with flake8 args. * Even more requirements. * Readd appengine conftest.py. * Add a few more requirements. * Even more Appengine requirements. * Add webtest for appengine/standard/mailgun. * Add some additional requirements. * Add workaround for issue with mailjet-rest. * Add responses for appengine/standard/mailjet. Co-authored-by: Renovate Bot * Update dependency mock to v4 [(#3216)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/3216) * [container_registry] fix: fix broken test [(#3436)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/3436) * [container_registry] fix: fix broken test fixes #3435 * Use Pub/Sub message receiver that can notify main thread when it has received expected number of messages. * Only test one single occurence. * Use uuid4 wherever makes sense. * test if Pub/Sub client receives at least one message * Update dependency google-cloud-containeranalysis to v0.3.1 [(#3055)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/3055) Co-authored-by: Leah E. Cole <6719667+leahecole@users.noreply.github.com> * Update dependency google-cloud-pubsub to v1.4.2 [(#3340)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/3340) Co-authored-by: Leah E. Cole <6719667+leahecole@users.noreply.github.com> * [container analysis] effective severity [(#3478)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/3478) Use new effective_severity field fixes b/142836422 * [container_registry] fix: bump the pubsub timeout [(#3698)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/3698) fixes #2894 Co-authored-by: Leah E. Cole <6719667+leahecole@users.noreply.github.com> * chore(deps): update dependency google-cloud-pubsub to v1.4.3 [(#3725)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/3725) Co-authored-by: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Co-authored-by: Takashi Matsuo * [container-registry] fix: mark a flaky test [(#3765)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/3765) fixes #2894 * chore(deps): update dependency grafeas to v0.4.0 [(#3172)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/3172) * Update dependency grafeas to v0.4.0 * follow the field name changes Co-authored-by: Leah E. Cole <6719667+leahecole@users.noreply.github.com> Co-authored-by: Takashi Matsuo * chore(deps): update dependency google-cloud-pubsub to v1.5.0 [(#3781)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/3781) Co-authored-by: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> * Replace GCLOUD_PROJECT with GOOGLE_CLOUD_PROJECT. [(#4022)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/4022) * Update dependency google-cloud-pubsub to v1.6.0 [(#4039)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/4039) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [google-cloud-pubsub](https://togithub.com/googleapis/python-pubsub) | minor | `==1.5.0` -> `==1.6.0` | --- ### Release Notes
googleapis/python-pubsub ### [`v1.6.0`](https://togithub.com/googleapis/python-pubsub/blob/master/CHANGELOG.md#​160-httpswwwgithubcomgoogleapispython-pubsubcomparev150v160-2020-06-09) [Compare Source](https://togithub.com/googleapis/python-pubsub/compare/v1.5.0...v1.6.0) ##### Features - Add flow control for message publishing ([#​96](https://www.github.com/googleapis/python-pubsub/issues/96)) ([06085c4](https://www.github.com/googleapis/python-pubsub/commit/06085c4083b9dccdd50383257799904510bbf3a0)) ##### Bug Fixes - Fix PubSub incompatibility with api-core 1.17.0+ ([#​103](https://www.github.com/googleapis/python-pubsub/issues/103)) ([c02060f](https://www.github.com/googleapis/python-pubsub/commit/c02060fbbe6e2ca4664bee08d2de10665d41dc0b)) ##### Documentation - Clarify that Schedulers shouldn't be used with multiple SubscriberClients ([#​100](https://togithub.com/googleapis/python-pubsub/pull/100)) ([cf9e87c](https://togithub.com/googleapis/python-pubsub/commit/cf9e87c80c0771f3fa6ef784a8d76cb760ad37ef)) - Fix update subscription/snapshot/topic samples ([#​113](https://togithub.com/googleapis/python-pubsub/pull/113)) ([e62c38b](https://togithub.com/googleapis/python-pubsub/commit/e62c38bb33de2434e32f866979de769382dea34a)) ##### Internal / Testing Changes - Re-generated service implementaton using synth: removed experimental notes from the RetryPolicy and filtering features in anticipation of GA, added DetachSubscription (experimental) ([#​114](https://togithub.com/googleapis/python-pubsub/pull/114)) ([0132a46](https://togithub.com/googleapis/python-pubsub/commit/0132a4680e0727ce45d5e27d98ffc9f3541a0962)) - Incorporate will_accept() checks into publish() ([#​108](https://togithub.com/googleapis/python-pubsub/pull/108)) ([6c7677e](https://togithub.com/googleapis/python-pubsub/commit/6c7677ecb259672bbb9b6f7646919e602c698570))
--- ### Renovate configuration :date: **Schedule**: At any time (no schedule defined). :vertical_traffic_light: **Automerge**: Disabled by config. Please merge this manually once you are satisfied. :recycle: **Rebasing**: Never, or you tick the rebase/retry checkbox. :no_bell: **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#GoogleCloudPlatform/python-docs-samples). * chore(deps): update dependency grafeas to v0.4.1 [(#4200)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/4200) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [grafeas](https://togithub.com/googleapis/python-grafeas) | patch | `==0.4.0` -> `==0.4.1` | --- ### Release Notes
googleapis/python-grafeas ### [`v0.4.1`](https://togithub.com/googleapis/python-grafeas/blob/master/CHANGELOG.md#​041-httpswwwgithubcomgoogleapispython-grafeascomparev040v041-2020-06-25) [Compare Source](https://togithub.com/googleapis/python-grafeas/compare/v0.4.0...v0.4.1)
--- ### Renovate configuration :date: **Schedule**: At any time (no schedule defined). :vertical_traffic_light: **Automerge**: Disabled by config. Please merge this manually once you are satisfied. :recycle: **Rebasing**: Never, or you tick the rebase/retry checkbox. :no_bell: **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#GoogleCloudPlatform/python-docs-samples). * chore(deps): update dependency google-cloud-pubsub to v1.6.1 [(#4242)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/4242) Co-authored-by: gcf-merge-on-green[bot] <60162190+gcf-merge-on-green[bot]@users.noreply.github.com> * chore(deps): update dependency flaky to v3.7.0 [(#4263)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/4263) * chore(deps): update dependency pytest to v5.4.3 [(#4279)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/4279) * chore(deps): update dependency pytest to v5.4.3 * specify pytest for python 2 in appengine Co-authored-by: Leah Cole * chore(deps): update dependency google-cloud-pubsub to v1.7.0 [(#4290)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/4290) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [google-cloud-pubsub](https://togithub.com/googleapis/python-pubsub) | minor | `==1.6.1` -> `==1.7.0` | --- ### Release Notes
googleapis/python-pubsub ### [`v1.7.0`](https://togithub.com/googleapis/python-pubsub/blob/master/CHANGELOG.md#​170-httpswwwgithubcomgoogleapispython-pubsubcomparev161v170-2020-07-13) [Compare Source](https://togithub.com/googleapis/python-pubsub/compare/v1.6.1...v1.7.0) ##### New Features - Add support for server-side flow control. ([#​143](https://togithub.com/googleapis/python-pubsub/pull/143)) ([04e261c](https://www.github.com/googleapis/python-pubsub/commit/04e261c602a2919cc75b3efa3dab099fb2cf704c)) ##### Dependencies - Update samples dependency `google-cloud-pubsub` to `v1.6.1`. ([#​144](https://togithub.com/googleapis/python-pubsub/pull/144)) ([1cb6746](https://togithub.com/googleapis/python-pubsub/commit/1cb6746b00ebb23dbf1663bae301b32c3fc65a88)) ##### Documentation - Add pubsub/cloud-client samples from the common samples repo (with commit history). ([#​151](https://togithub.com/googleapis/python-pubsub/pull/151)) - Add flow control section to publish overview. ([#​129](https://togithub.com/googleapis/python-pubsub/pull/129)) ([acc19eb](https://www.github.com/googleapis/python-pubsub/commit/acc19eb048eef067d9818ef3e310b165d9c6307e)) - Add a link to Pub/Sub filtering language public documentation to `pubsub.proto`. ([#​121](https://togithub.com/googleapis/python-pubsub/pull/121)) ([8802d81](https://www.github.com/googleapis/python-pubsub/commit/8802d8126247f22e26057e68a42f5b5a82dcbf0d))
--- ### Renovate configuration :date: **Schedule**: At any time (no schedule defined). :vertical_traffic_light: **Automerge**: Disabled by config. Please merge this manually once you are satisfied. :recycle: **Rebasing**: Renovate will not automatically rebase this PR, because other commits have been found. :no_bell: **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#GoogleCloudPlatform/python-docs-samples). * chore(deps): update dependency google-cloud-containeranalysis to v1 [(#4108)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/4108) * chore(deps): update dependency google-cloud-containeranalysis to v1.0.2 [(#4367)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/4367) * Update dependency pytest to v6 [(#4390)](https://github.com/GoogleCloudPlatform/python-docs-samples/issues/4390) * chore(deps): update dependency google-cloud-containeranalysis to v1.0.3 (#31) * feat!: move to microgen (#33) Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly: - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/python-containeranalysis/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) Fixes # 🦕 * chore(deps): update dependency google-cloud-containeranalysis to v2 (#41) * chore(deps): update dependency grafeas to v1.0.1 (#40) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [grafeas](https://togithub.com/googleapis/python-grafeas) | patch | `==1.0.0` -> `==1.0.1` | --- ### Release Notes
googleapis/python-grafeas ### [`v1.0.1`](https://togithub.com/googleapis/python-grafeas/blob/master/CHANGELOG.md#​101-httpswwwgithubcomgoogleapispython-grafeascomparev100v101-2020-08-12) [Compare Source](https://togithub.com/googleapis/python-grafeas/compare/v1.0.0...v1.0.1)
--- ### Renovate configuration :date: **Schedule**: At any time (no schedule defined). :vertical_traffic_light: **Automerge**: Disabled by config. Please merge this manually once you are satisfied. :recycle: **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. :no_bell: **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-containeranalysis). * chore(deps): update dependency google-cloud-pubsub to v2 (#46) Updated sample to use pubsub v2 * chore(deps): update dependency google-cloud-containeranalysis to v2.1.0 (#56) * chore(deps): update dependency google-cloud-pubsub to v2.2.0 (#61) * chore(deps): update dependency mock to v4.0.3 (#67) * chore(deps): update dependency google-cloud-containeranalysis to v2.2.0 (#76) * chore(deps): update dependency google-cloud-containeranalysis to v2.2.1 (#91) * chore(deps): update dependency google-cloud-pubsub to v2.3.0 (#88) * chore(deps): update dependency google-cloud-pubsub to v2.4.0 (#94) * fix: effective severity attribute error (#104) * chore(deps): update dependency google-cloud-containeranalysis to v2.2.2 (#107) * test: fix flaky test (#106) * test: fix flaky test * chore(deps): update dependency google-cloud-pubsub to v2.4.1 (#108) * chore(deps): update dependency google-cloud-containeranalysis to v2.2.3 (#111) * chore(deps): update dependency pytest to v6.2.3 (#115) * chore(deps): update dependency pytest to v6.2.4 (#123) * chore(deps): update dependency google-cloud-pubsub to v2.4.2 (#126) * chore(deps): update dependency google-cloud-pubsub to v2.5.0 (#131) * chore(deps): update dependency grafeas to v1.1.0 (#133) * chore(deps): update dependency google-cloud-containeranalysis to v2.3.0 (#138) * chore(deps): update dependency google-cloud-pubsub to v2.6.0 (#145) [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-pubsub](https://togithub.com/googleapis/python-pubsub) | `==2.5.0` -> `==2.6.0` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.0/compatibility-slim/2.5.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.0/confidence-slim/2.5.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-pubsub ### [`v2.6.0`](https://togithub.com/googleapis/python-pubsub/blob/master/CHANGELOG.md#​260-httpswwwgithubcomgoogleapispython-pubsubcomparev250v260-2021-06-17) [Compare Source](https://togithub.com/googleapis/python-pubsub/compare/v2.5.0...v2.6.0) ##### Features - support customizable retry and timeout settings on the publisher client ([#​299](https://www.github.com/googleapis/python-pubsub/issues/299)) ([7597604](https://www.github.com/googleapis/python-pubsub/commit/7597604b41fa3a1e9bf34addc35c8647dde007cc)) ##### Bug Fixes - ACK deadline set for received messages can be too low ([#​416](https://www.github.com/googleapis/python-pubsub/issues/416)) ([e907f6e](https://www.github.com/googleapis/python-pubsub/commit/e907f6e05f59f64a3b08df3304e92ec960997be6)) - threads can skip the line in publisher flow controller ([#​422](https://www.github.com/googleapis/python-pubsub/issues/422)) ([ef89f55](https://www.github.com/googleapis/python-pubsub/commit/ef89f55a41044e9ad26b91132b4b1be9c7b2c127)) ##### Documentation - block until the streaming pull shuts down ([#​424](https://www.github.com/googleapis/python-pubsub/issues/424)) ([d0d0b70](https://www.github.com/googleapis/python-pubsub/commit/d0d0b704642df8dee893d3f585aeb666e19696fb)) - explain that future.cancel() is non-blocking ([#​420](https://www.github.com/googleapis/python-pubsub/issues/420)) ([c825789](https://www.github.com/googleapis/python-pubsub/commit/c825789bdff310f44cbb132a723e99d1e6331d8f))
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-containeranalysis). * chore(deps): update dependency google-cloud-containeranalysis to v2.4.0 (#152) [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-containeranalysis](https://togithub.com/googleapis/python-containeranalysis) | `==2.3.0` -> `==2.4.0` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.4.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.4.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.4.0/compatibility-slim/2.3.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.4.0/confidence-slim/2.3.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-containeranalysis ### [`v2.4.0`](https://togithub.com/googleapis/python-containeranalysis/blob/master/CHANGELOG.md#​240-httpswwwgithubcomgoogleapispython-containeranalysiscomparev230v240-2021-06-30) [Compare Source](https://togithub.com/googleapis/python-containeranalysis/compare/v2.3.0...v2.4.0) ##### Features - add always_use_jwt_access ([#​147](https://www.github.com/googleapis/python-containeranalysis/issues/147)) ([1f55871](https://www.github.com/googleapis/python-containeranalysis/commit/1f558713a683e3b48d9d7fba2c015e92818850fd)) ##### Bug Fixes - disable always_use_jwt_access ([#​151](https://www.github.com/googleapis/python-containeranalysis/issues/151)) ([7768ae1](https://www.github.com/googleapis/python-containeranalysis/commit/7768ae1ce4a32fa25ef5c0fb86f8981fed038297)) ##### Documentation - omit mention of Python 2.7 in 'CONTRIBUTING.rst' ([#​1127](https://www.github.com/googleapis/python-containeranalysis/issues/1127)) ([#​141](https://www.github.com/googleapis/python-containeranalysis/issues/141)) ([a588841](https://www.github.com/googleapis/python-containeranalysis/commit/a58884154f23caf453040ad314c0a2d4416952f2))
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-containeranalysis). * chore(deps): update dependency google-cloud-pubsub to v2.6.1 (#153) * chore(deps): update dependency grafeas to v1.1.1 (#159) * chore(deps): update dependency google-cloud-containeranalysis to v2.4.1 (#165) [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-containeranalysis](https://togithub.com/googleapis/python-containeranalysis) | `==2.4.0` -> `==2.4.1` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.4.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.4.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.4.1/compatibility-slim/2.4.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.4.1/confidence-slim/2.4.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-containeranalysis ### [`v2.4.1`](https://togithub.com/googleapis/python-containeranalysis/blob/master/CHANGELOG.md#​241-httpswwwgithubcomgoogleapispython-containeranalysiscomparev240v241-2021-07-26) [Compare Source](https://togithub.com/googleapis/python-containeranalysis/compare/v2.4.0...v2.4.1)
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-containeranalysis). * chore(deps): update dependency grafeas to v1.1.2 (#166) * chore(deps): update dependency google-cloud-pubsub to v2.7.0 (#167) * chore(deps): update dependency google-cloud-pubsub to v2.7.1 (#172) * chore(deps): update dependency pytest to v6.2.5 (#176) * chore(deps): update dependency google-cloud-pubsub to v2.8.0 (#179) * chore(deps): update all dependencies (#186) * chore(deps): update dependency grafeas to v1.1.4 (#188) * chore(deps): update dependency grafeas to v1.2.0 (#195) * chore(deps): update dependency google-cloud-containeranalysis to v2.5.0 (#196) * chore(deps): update dependency grafeas to v1.3.0 (#199) * chore(deps): update dependency google-cloud-containeranalysis to v2.6.0 (#200) * chore(deps): update dependency google-cloud-containeranalysis to v2.6.1 (#205) * chore(deps): update all dependencies (#208) * chore(deps): update dependency grafeas to v1.4.0 (#209) * chore(deps): update dependency google-cloud-pubsub to v2.9.0 (#213) * chore(deps): update all dependencies (#227) * chore(deps): update all dependencies * remove python 2.7 from testing Co-authored-by: Dina Graves Portman Co-authored-by: Anthonios Partheniou * chore(deps): update dependency google-cloud-containeranalysis to v2.6.3 (#230) Co-authored-by: Anthonios Partheniou * chore(deps): update dependency google-cloud-containeranalysis to v2.7.0 (#238) Co-authored-by: Anthonios Partheniou * chore(deps): update dependency pytest to v7 (#243) * chore(deps): update dependency pytest to v7.0.1 (#245) [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [pytest](https://docs.pytest.org/en/latest/) ([source](https://togithub.com/pytest-dev/pytest), [changelog](https://docs.pytest.org/en/stable/changelog.html)) | `==7.0.0` -> `==7.0.1` | [![age](https://badges.renovateapi.com/packages/pypi/pytest/7.0.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/pytest/7.0.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/pytest/7.0.1/compatibility-slim/7.0.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/pytest/7.0.1/confidence-slim/7.0.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
pytest-dev/pytest ### [`v7.0.1`](https://togithub.com/pytest-dev/pytest/releases/7.0.1) [Compare Source](https://togithub.com/pytest-dev/pytest/compare/7.0.0...7.0.1) # pytest 7.0.1 (2022-02-11) ## Bug Fixes - [#​9608](https://togithub.com/pytest-dev/pytest/issues/9608): Fix invalid importing of `importlib.readers` in Python 3.9. - [#​9610](https://togithub.com/pytest-dev/pytest/issues/9610): Restore \[UnitTestFunction.obj]{.title-ref} to return unbound rather than bound method. Fixes a crash during a failed teardown in unittest TestCases with non-default \[\__init\_\_]{.title-ref}. Regressed in pytest 7.0.0. - [#​9636](https://togithub.com/pytest-dev/pytest/issues/9636): The `pythonpath` plugin was renamed to `python_path`. This avoids a conflict with the `pytest-pythonpath` plugin. - [#​9642](https://togithub.com/pytest-dev/pytest/issues/9642): Fix running tests by id with `::` in the parametrize portion. - [#​9643](https://togithub.com/pytest-dev/pytest/issues/9643): Delay issuing a `~pytest.PytestWarning`{.interpreted-text role="class"} about diamond inheritance involving `~pytest.Item`{.interpreted-text role="class"} and `~pytest.Collector`{.interpreted-text role="class"} so it can be filtered using `standard warning filters `{.interpreted-text role="ref"}.
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-containeranalysis). * chore(deps): update dependency google-cloud-containeranalysis to v2.7.1 (#246) [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-containeranalysis](https://togithub.com/googleapis/python-containeranalysis) | `==2.7.0` -> `==2.7.1` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.7.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.7.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.7.1/compatibility-slim/2.7.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-containeranalysis/2.7.1/confidence-slim/2.7.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-containeranalysis ### [`v2.7.1`](https://togithub.com/googleapis/python-containeranalysis/blob/HEAD/CHANGELOG.md#​271-httpsgithubcomgoogleapispython-containeranalysiscomparev270v271-2022-02-11) [Compare Source](https://togithub.com/googleapis/python-containeranalysis/compare/v2.7.0...v2.7.1)
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-containeranalysis). * chore(deps): update dependency grafeas to v1.4.2 (#249) * chore(deps): update dependency google-cloud-pubsub to v2.10.0 (#255) * chore(deps): update all dependencies (#256) Co-authored-by: Anthonios Partheniou * chore(deps): update dependency google-cloud-containeranalysis to v2.7.3 (#258) * chore(deps): update dependency google-cloud-pubsub to v2.11.0 (#259) * chore(deps): update dependency pytest to v7.1.0 (#261) * chore(deps): update dependency pytest to v7.1.1 (#262) * chore(deps): update dependency google-cloud-pubsub to v2.12.0 (#274) * chore(deps): update dependency pytest to v7.1.2 (#282) * chore(deps): update all dependencies (#286) * chore(deps): update dependency google-cloud-pubsub to v2.12.1 (#288) * chore(deps): update all dependencies (#295) * chore(deps): update all dependencies * revert Co-authored-by: Anthonios Partheniou Co-authored-by: Ace Nassri * chore(deps): update all dependencies (#308) * chore(deps): update all dependencies * revert Co-authored-by: Anthonios Partheniou * chore(deps): update dependency google-cloud-pubsub to v2.13.5 (#309) * chore(deps): update dependency google-cloud-pubsub to v2.13.6 (#312) * chore(deps): update dependency grafeas to v1.5.1 (#314) Co-authored-by: Anthonios Partheniou * chore(deps): update dependency google-cloud-containeranalysis to v2.9.1 (#315) * chore(deps): update dependency pytest to v7.1.3 (#323) * chore(deps): update dependency google-cloud-pubsub to v2.13.7 (#329) Co-authored-by: Anthonios Partheniou * chore(deps): update all dependencies (#333) * chore(deps): update all dependencies (#336) * chore(deps): update dependency google-cloud-pubsub to v2.13.9 (#337) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-pubsub](https://togithub.com/googleapis/python-pubsub) | `==2.13.7` -> `==2.13.9` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.13.9/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.13.9/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.13.9/compatibility-slim/2.13.7)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.13.9/confidence-slim/2.13.7)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-pubsub ### [`v2.13.9`](https://togithub.com/googleapis/python-pubsub/releases/tag/v2.13.9) [Compare Source](https://togithub.com/googleapis/python-pubsub/compare/v2.13.7...v2.13.9) ##### Bug Fixes - **deps:** Allow protobuf 3.19.5 ([#​801](https://togithub.com/googleapis/python-pubsub/issues/801)) ([fa23503](https://togithub.com/googleapis/python-pubsub/commit/fa235033481783c2ec378b2a26b223bdff206461))
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-containeranalysis). * chore(deps): update dependency google-cloud-pubsub to v2.13.10 (#338) * chore(deps): update dependency pytest to v7.2.0 (#339) * Update blunderbuss.yml and CODEOWNERS * Renamed `container_analysis` to `containeranalysis` * Update README.md * Renamed files. Co-authored-by: Daniel Sanche Co-authored-by: Gus Class Co-authored-by: Christopher Wilcox Co-authored-by: Kurtis Van Gent <31518063+kurtisvg@users.noreply.github.com> Co-authored-by: Renovate Bot Co-authored-by: Takashi Matsuo Co-authored-by: Leah E. Cole <6719667+leahecole@users.noreply.github.com> Co-authored-by: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Co-authored-by: gcf-merge-on-green[bot] <60162190+gcf-merge-on-green[bot]@users.noreply.github.com> Co-authored-by: Leah Cole Co-authored-by: Megan O'Keefe <3137106+askmeegs@users.noreply.github.com> Co-authored-by: Dina Graves Portman Co-authored-by: Anthonios Partheniou Co-authored-by: Ace Nassri Co-authored-by: Dan Lee <71398022+dandhlee@users.noreply.github.com> --- .github/CODEOWNERS | 1 + .github/blunderbuss.yml | 4 + .../container_analysis/README.md | 3 - containeranalysis/snippets/.gitignore | 1 + containeranalysis/snippets/README.md | 54 +++ .../snippets/requirements-test.txt | 1 + containeranalysis/snippets/requirements.txt | 6 + containeranalysis/snippets/samples.py | 373 ++++++++++++++++++ containeranalysis/snippets/samples_test.py | 317 +++++++++++++++ 9 files changed, 757 insertions(+), 3 deletions(-) delete mode 100644 container_registry/container_analysis/README.md create mode 100644 containeranalysis/snippets/.gitignore create mode 100644 containeranalysis/snippets/README.md create mode 100644 containeranalysis/snippets/requirements-test.txt create mode 100644 containeranalysis/snippets/requirements.txt create mode 100644 containeranalysis/snippets/samples.py create mode 100644 containeranalysis/snippets/samples_test.py diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 8d0e50c0eb32..d81e1d1483b3 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -34,6 +34,7 @@ /composer/**/* @leahecole @rachael-ds @rafalbiegacz @GoogleCloudPlatform/python-samples-reviewers /compute/**/* @m-strzelczyk @GoogleCloudPlatform/dee-infra @GoogleCloudPlatform/python-samples-reviewers /container/**/* @GoogleCloudPlatform/dee-platform-ops @GoogleCloudPlatform/python-samples-reviewers +/containeranalysis/**/* @GoogleCloudPlatform/aap-dpes @GoogleCloudPlatform/python-samples-reviewers /data-science-onramp/ @leahecole @bradmiro @GoogleCloudPlatform/python-samples-reviewers /datacatalog/**/* @GoogleCloudPlatform/python-samples-reviewers /dataflow/**/* @davidcavazos @GoogleCloudPlatform/python-samples-reviewers diff --git a/.github/blunderbuss.yml b/.github/blunderbuss.yml index 70830901f191..cb3aa087fe7c 100644 --- a/.github/blunderbuss.yml +++ b/.github/blunderbuss.yml @@ -62,6 +62,10 @@ assign_issues_by: - 'api: texttospeech' to: - GoogleCloudPlatform/dee-platform-ops +- labels: + - 'api: containeranalysis' + to: + - GoogleCloudPlatform/aap-dpes - labels: - 'api: datascienceonramp' to: diff --git a/container_registry/container_analysis/README.md b/container_registry/container_analysis/README.md deleted file mode 100644 index 68aaa646aaa9..000000000000 --- a/container_registry/container_analysis/README.md +++ /dev/null @@ -1,3 +0,0 @@ -These samples have been moved. - -https://github.com/googleapis/python-containeranalysis/tree/main/samples diff --git a/containeranalysis/snippets/.gitignore b/containeranalysis/snippets/.gitignore new file mode 100644 index 000000000000..9e3d04c49501 --- /dev/null +++ b/containeranalysis/snippets/.gitignore @@ -0,0 +1 @@ +venv* diff --git a/containeranalysis/snippets/README.md b/containeranalysis/snippets/README.md new file mode 100644 index 000000000000..e5da544dda3c --- /dev/null +++ b/containeranalysis/snippets/README.md @@ -0,0 +1,54 @@ +Google +Cloud Platform logo + +# Google Cloud Container Analysis Samples + + +Container Analysis scans container images stored in Container Registry for vulnerabilities. +Continuous automated analysis of containers keep you informed about known vulnerabilities so +that you can review and address issues before deployment. + +Additionally, third-party metadata providers can use Container Analysis to store and +retrieve additional metadata for their customers' images, such as packages installed in an image. + + +## Description + +These samples show how to use the [Google Cloud Container Analysis Client Library](https://cloud.google.com/container-registry/docs/reference/libraries). + +## Build and Run +1. **Enable APIs** + - [Enable the Container Analysis API](https://console.cloud.google.com/flows/enableapi?apiid=containeranalysis.googleapis.com) + and create a new project or select an existing project. +1. **Install and Initialize Cloud SDK** + - Follow instructions from the available [quickstarts](https://cloud.google.com/sdk/docs/quickstarts) +1. **Authenticate with GCP** + - Typically, you should authenticate using a [service account key](https://cloud.google.com/docs/authentication/getting-started) +1. **Clone the repo** and cd into this directory + + ``` + git clone https://github.com/GoogleCloudPlatform/python-docs-samples + cd python-docs-samples + ``` + +1. **Set Environment Variables** + + ``` + export GCLOUD_PROJECT="YOUR_PROJECT_ID" + ``` + +1. **Run Tests** + + ``` + nox -s "py36(sample='./containeranalysis')" + ``` + +## Contributing changes + +* See [CONTRIBUTING.md](../../CONTRIBUTING.md) + +## Licensing + +* See [LICENSE](../../LICENSE) + diff --git a/containeranalysis/snippets/requirements-test.txt b/containeranalysis/snippets/requirements-test.txt new file mode 100644 index 000000000000..49780e035690 --- /dev/null +++ b/containeranalysis/snippets/requirements-test.txt @@ -0,0 +1 @@ +pytest==7.2.0 diff --git a/containeranalysis/snippets/requirements.txt b/containeranalysis/snippets/requirements.txt new file mode 100644 index 000000000000..ad6c968e8cfd --- /dev/null +++ b/containeranalysis/snippets/requirements.txt @@ -0,0 +1,6 @@ +google-cloud-pubsub==2.13.10 +google-cloud-containeranalysis==2.9.3 +grafeas==1.6.1 +pytest==7.2.0 +flaky==3.7.0 +mock==4.0.3 diff --git a/containeranalysis/snippets/samples.py b/containeranalysis/snippets/samples.py new file mode 100644 index 000000000000..ecf28c43b837 --- /dev/null +++ b/containeranalysis/snippets/samples.py @@ -0,0 +1,373 @@ +#!/bin/python +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# [START containeranalysis_create_note] +def create_note(note_id, project_id): + """Creates and returns a new vulnerability note.""" + # note_id = 'my-note' + # project_id = 'my-gcp-project' + + from grafeas.grafeas_v1 import Version + from google.cloud.devtools import containeranalysis_v1 + + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + project_name = f"projects/{project_id}" + note = { + 'vulnerability': { + 'details': [ + { + 'affected_cpe_uri': 'your-uri-here', + 'affected_package': 'your-package-here', + 'affected_version_start': { + 'kind': Version.VersionKind.MINIMUM + }, + 'fixed_version': { + 'kind': Version.VersionKind.MAXIMUM + } + } + ] + } + } + response = grafeas_client.create_note(parent=project_name, note_id=note_id, note=note) + return response +# [END containeranalysis_create_note] + + +# [START containeranalysis_delete_note] +def delete_note(note_id, project_id): + """Removes an existing note from the server.""" + # note_id = 'my-note' + # project_id = 'my-gcp-project' + + from google.cloud.devtools import containeranalysis_v1 + + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + note_name = f"projects/{project_id}/notes/{note_id}" + + grafeas_client.delete_note(name=note_name) +# [END containeranalysis_delete_note] + + +# [START containeranalysis_create_occurrence] +def create_occurrence(resource_url, note_id, occurrence_project, note_project): + """ Creates and returns a new occurrence of a previously + created vulnerability note.""" + # resource_url = 'https://gcr.io/my-project/my-image@sha256:123' + # note_id = 'my-note' + # occurrence_project = 'my-gcp-project' + # note_project = 'my-gcp-project' + + from grafeas.grafeas_v1 import Version + from google.cloud.devtools import containeranalysis_v1 + + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + formatted_note = f"projects/{note_project}/notes/{note_id}" + formatted_project = f"projects/{occurrence_project}" + + occurrence = { + 'note_name': formatted_note, + 'resource_uri': resource_url, + 'vulnerability': { + 'package_issue': [ + { + 'affected_cpe_uri': 'your-uri-here', + 'affected_package': 'your-package-here', + 'affected_version': { + 'kind': Version.VersionKind.MINIMUM + }, + 'fixed_version': { + 'kind': Version.VersionKind.MAXIMUM + } + } + ] + } + } + + return grafeas_client.create_occurrence(parent=formatted_project, occurrence=occurrence) +# [END containeranalysis_create_occurrence] + + +# [START containeranalysis_delete_occurrence] +def delete_occurrence(occurrence_id, project_id): + """Removes an existing occurrence from the server.""" + # occurrence_id = basename(occurrence.name) + # project_id = 'my-gcp-project' + + from google.cloud.devtools import containeranalysis_v1 + + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + parent = f"projects/{project_id}/occurrences/{occurrence_id}" + grafeas_client.delete_occurrence(name=parent) +# [END containeranalysis_delete_occurrence] + + +# [START containeranalysis_get_note] +def get_note(note_id, project_id): + """Retrieves and prints a specified note from the server.""" + # note_id = 'my-note' + # project_id = 'my-gcp-project' + + from google.cloud.devtools import containeranalysis_v1 + + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + note_name = f"projects/{project_id}/notes/{note_id}" + response = grafeas_client.get_note(name=note_name) + return response +# [END containeranalysis_get_note] + + +# [START containeranalysis_get_occurrence] +def get_occurrence(occurrence_id, project_id): + """retrieves and prints a specified occurrence from the server.""" + # occurrence_id = basename(occurrence.name) + # project_id = 'my-gcp-project' + + from google.cloud.devtools import containeranalysis_v1 + + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + parent = f"projects/{project_id}/occurrences/{occurrence_id}" + return grafeas_client.get_occurrence(name=parent) +# [END containeranalysis_get_occurrence] + + +# [START containeranalysis_discovery_info] +def get_discovery_info(resource_url, project_id): + """Retrieves and prints the discovery occurrence created for a specified + image. The discovery occurrence contains information about the initial + scan on the image.""" + # resource_url = 'https://gcr.io/my-project/my-image@sha256:123' + # project_id = 'my-gcp-project' + + from google.cloud.devtools import containeranalysis_v1 + + filter_str = 'kind="DISCOVERY" AND resourceUrl="{}"'.format(resource_url) + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + project_name = f"projects/{project_id}" + response = grafeas_client.list_occurrences(parent=project_name, + filter_=filter_str) + for occ in response: + print(occ) +# [END containeranalysis_discovery_info] + + +# [START containeranalysis_occurrences_for_note] +def get_occurrences_for_note(note_id, project_id): + """Retrieves all the occurrences associated with a specified Note. + Here, all occurrences are printed and counted.""" + # note_id = 'my-note' + # project_id = 'my-gcp-project' + + from google.cloud.devtools import containeranalysis_v1 + + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + note_name = f"projects/{project_id}/notes/{note_id}" + + response = grafeas_client.list_note_occurrences(name=note_name) + count = 0 + for o in response: + # do something with the retrieved occurrence + # in this sample, we will simply count each one + count += 1 + return count +# [END containeranalysis_occurrences_for_note] + + +# [START containeranalysis_occurrences_for_image] +def get_occurrences_for_image(resource_url, project_id): + """Retrieves all the occurrences associated with a specified image. + Here, all occurrences are simply printed and counted.""" + # resource_url = 'https://gcr.io/my-project/my-image@sha256:123' + # project_id = 'my-gcp-project' + + from google.cloud.devtools import containeranalysis_v1 + + filter_str = 'resourceUrl="{}"'.format(resource_url) + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + project_name = f"projects/{project_id}" + + response = grafeas_client.list_occurrences(parent=project_name, + filter=filter_str) + count = 0 + for o in response: + # do something with the retrieved occurrence + # in this sample, we will simply count each one + count += 1 + return count +# [END containeranalysis_occurrences_for_image] + + +# [START containeranalysis_pubsub] +def pubsub(subscription_id, timeout_seconds, project_id): + """Respond to incoming occurrences using a Cloud Pub/Sub subscription.""" + # subscription_id := 'my-occurrences-subscription' + # timeout_seconds = 20 + # project_id = 'my-gcp-project' + + import time + from google.cloud.pubsub import SubscriberClient + + client = SubscriberClient() + subscription_name = client.subscription_path(project_id, subscription_id) + receiver = MessageReceiver() + client.subscribe(subscription_name, receiver.pubsub_callback) + + # listen for 'timeout' seconds + for _ in range(timeout_seconds): + time.sleep(1) + # print and return the number of pubsub messages received + print(receiver.msg_count) + return receiver.msg_count + + +class MessageReceiver: + """Custom class to handle incoming Pub/Sub messages.""" + def __init__(self): + # initialize counter to 0 on initialization + self.msg_count = 0 + + def pubsub_callback(self, message): + # every time a pubsub message comes in, print it and count it + self.msg_count += 1 + print('Message {}: {}'.format(self.msg_count, message.data)) + message.ack() + + +def create_occurrence_subscription(subscription_id, project_id): + """Creates a new Pub/Sub subscription object listening to the + Container Analysis Occurrences topic.""" + # subscription_id := 'my-occurrences-subscription' + # project_id = 'my-gcp-project' + + from google.api_core.exceptions import AlreadyExists + from google.cloud.pubsub import SubscriberClient + + topic_id = 'container-analysis-occurrences-v1' + client = SubscriberClient() + topic_name = f"projects/{project_id}/topics/{topic_id}" + subscription_name = client.subscription_path(project_id, subscription_id) + success = True + try: + client.create_subscription({"name": subscription_name, "topic": topic_name}) + except AlreadyExists: + # if subscription already exists, do nothing + pass + else: + success = False + return success +# [END containeranalysis_pubsub] + + +# [START containeranalysis_poll_discovery_occurrence_finished] +def poll_discovery_finished(resource_url, timeout_seconds, project_id): + """Returns the discovery occurrence for a resource once it reaches a + terminal state.""" + # resource_url = 'https://gcr.io/my-project/my-image@sha256:123' + # timeout_seconds = 20 + # project_id = 'my-gcp-project' + + import time + from grafeas.grafeas_v1 import DiscoveryOccurrence + from google.cloud.devtools import containeranalysis_v1 + + deadline = time.time() + timeout_seconds + + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + project_name = f"projects/{project_id}" + + discovery_occurrence = None + while discovery_occurrence is None: + time.sleep(1) + filter_str = 'resourceUrl="{}" \ + AND noteProjectId="goog-analysis" \ + AND noteId="PACKAGE_VULNERABILITY"'.format(resource_url) + # [END containeranalysis_poll_discovery_occurrence_finished] + # The above filter isn't testable, since it looks for occurrences in a + # locked down project fall back to a more permissive filter for testing + filter_str = 'kind="DISCOVERY" AND resourceUrl="{}"'\ + .format(resource_url) + # [START containeranalysis_poll_discovery_occurrence_finished] + result = grafeas_client.list_occurrences(parent=project_name, filter=filter_str) + # only one occurrence should ever be returned by ListOccurrences + # and the given filter + for item in result: + discovery_occurrence = item + if time.time() > deadline: + raise RuntimeError('timeout while retrieving discovery occurrence') + + status = DiscoveryOccurrence.AnalysisStatus.PENDING + while status != DiscoveryOccurrence.AnalysisStatus.FINISHED_UNSUPPORTED \ + and status != DiscoveryOccurrence.AnalysisStatus.FINISHED_FAILED \ + and status != DiscoveryOccurrence.AnalysisStatus.FINISHED_SUCCESS: + time.sleep(1) + updated = grafeas_client.get_occurrence(name=discovery_occurrence.name) + status = updated.discovery.analysis_status + if time.time() > deadline: + raise RuntimeError('timeout while waiting for terminal state') + return discovery_occurrence +# [END containeranalysis_poll_discovery_occurrence_finished] + + +# [START containeranalysis_vulnerability_occurrences_for_image] +def find_vulnerabilities_for_image(resource_url, project_id): + """"Retrieves all vulnerability occurrences associated with a resource.""" + # resource_url = 'https://gcr.io/my-project/my-image@sha256:123' + # project_id = 'my-gcp-project' + + from google.cloud.devtools import containeranalysis_v1 + + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + project_name = f"projects/{project_id}" + + filter_str = 'kind="VULNERABILITY" AND resourceUrl="{}"'\ + .format(resource_url) + return list(grafeas_client.list_occurrences(parent=project_name, filter=filter_str)) +# [END containeranalysis_vulnerability_occurrences_for_image] + + +# [START containeranalysis_filter_vulnerability_occurrences] +def find_high_severity_vulnerabilities_for_image(resource_url, project_id): + """Retrieves a list of only high vulnerability occurrences associated + with a resource.""" + # resource_url = 'https://gcr.io/my-project/my-image@sha256:123' + # project_id = 'my-gcp-project' + + from grafeas.grafeas_v1 import Severity + from google.cloud.devtools import containeranalysis_v1 + + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + project_name = f"projects/{project_id}" + + filter_str = 'kind="VULNERABILITY" AND resourceUrl="{}"'\ + .format(resource_url) + vulnerabilities = grafeas_client.list_occurrences(parent=project_name, filter=filter_str) + filtered_list = [] + for v in vulnerabilities: + if v.vulnerability.effective_severity == Severity.HIGH or v.vulnerability.effective_severity == Severity.CRITICAL: + filtered_list.append(v) + return filtered_list +# [END containeranalysis_filter_vulnerability_occurrences] diff --git a/containeranalysis/snippets/samples_test.py b/containeranalysis/snippets/samples_test.py new file mode 100644 index 000000000000..dd9bce6c1771 --- /dev/null +++ b/containeranalysis/snippets/samples_test.py @@ -0,0 +1,317 @@ +#!/bin/python +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from os import environ +from os.path import basename +import threading +import time +import uuid + +from google.api_core.exceptions import AlreadyExists +from google.api_core.exceptions import InvalidArgument +from google.api_core.exceptions import NotFound +from google.cloud.devtools import containeranalysis_v1 +from google.cloud.pubsub import PublisherClient, SubscriberClient + +from grafeas.grafeas_v1 import DiscoveryOccurrence +from grafeas.grafeas_v1 import NoteKind +from grafeas.grafeas_v1 import Severity +from grafeas.grafeas_v1 import Version +import pytest + +import samples + +PROJECT_ID = environ['GOOGLE_CLOUD_PROJECT'] +SLEEP_TIME = 1 +TRY_LIMIT = 20 + + +class MessageReceiver: + """Custom class to handle incoming Pub/Sub messages.""" + def __init__(self, expected_msg_nums, done_event): + # initialize counter to 0 on initialization + self.msg_count = 0 + self.expected_msg_nums = expected_msg_nums + self.done_event = done_event + + def pubsub_callback(self, message): + # every time a pubsub message comes in, print it and count it + self.msg_count += 1 + print('Message {}: {}'.format(self.msg_count, message.data)) + message.ack() + if (self.msg_count == self.expected_msg_nums): + self.done_event.set() + + +class TestContainerAnalysisSamples: + + def setup_method(self, test_method): + print('SETUP {}'.format(test_method.__name__)) + self.note_id = 'note-{}'.format(uuid.uuid4()) + self.image_url = '{}.{}'.format(uuid.uuid4(), test_method.__name__) + self.note_obj = samples.create_note(self.note_id, PROJECT_ID) + + def teardown_method(self, test_method): + print('TEAR DOWN {}'.format(test_method.__name__)) + try: + samples.delete_note(self.note_id, PROJECT_ID) + except NotFound: + pass + + def test_create_note(self): + new_note = samples.get_note(self.note_id, PROJECT_ID) + assert new_note.name == self.note_obj.name + + def test_delete_note(self): + samples.delete_note(self.note_id, PROJECT_ID) + try: + samples.get_note(self.note_obj, PROJECT_ID) + except InvalidArgument: + pass + else: + # didn't raise exception we expected + assert (False) + + def test_create_occurrence(self): + created = samples.create_occurrence(self.image_url, + self.note_id, + PROJECT_ID, + PROJECT_ID) + retrieved = samples.get_occurrence(basename(created.name), PROJECT_ID) + assert created.name == retrieved.name + # clean up + samples.delete_occurrence(basename(created.name), PROJECT_ID) + + def test_delete_occurrence(self): + created = samples.create_occurrence(self.image_url, + self.note_id, + PROJECT_ID, + PROJECT_ID) + samples.delete_occurrence(basename(created.name), PROJECT_ID) + try: + samples.get_occurrence(basename(created.name), PROJECT_ID) + except NotFound: + pass + else: + # didn't raise exception we expected + assert False + + def test_occurrences_for_image(self): + orig_count = samples.get_occurrences_for_image(self.image_url, + PROJECT_ID) + occ = samples.create_occurrence(self.image_url, + self.note_id, + PROJECT_ID, + PROJECT_ID) + new_count = 0 + tries = 0 + while new_count != 1 and tries < TRY_LIMIT: + tries += 1 + new_count = samples.get_occurrences_for_image(self.image_url, + PROJECT_ID) + time.sleep(SLEEP_TIME) + assert new_count == 1 + assert orig_count == 0 + # clean up + samples.delete_occurrence(basename(occ.name), PROJECT_ID) + + def test_occurrences_for_note(self): + orig_count = samples.get_occurrences_for_note(self.note_id, + PROJECT_ID) + occ = samples.create_occurrence(self.image_url, + self.note_id, + PROJECT_ID, + PROJECT_ID) + new_count = 0 + tries = 0 + while new_count != 1 and tries < TRY_LIMIT: + tries += 1 + new_count = samples.get_occurrences_for_note(self.note_id, + PROJECT_ID) + time.sleep(SLEEP_TIME) + assert new_count == 1 + assert orig_count == 0 + # clean up + samples.delete_occurrence(basename(occ.name), PROJECT_ID) + + @pytest.mark.flaky(max_runs=3, min_passes=1) + def test_pubsub(self): + # create topic if needed + client = SubscriberClient() + try: + topic_id = 'container-analysis-occurrences-v1' + topic_name = {"name": f"projects/{PROJECT_ID}/topics/{topic_id}"} + publisher = PublisherClient() + publisher.create_topic(topic_name) + except AlreadyExists: + pass + + subscription_id = 'container-analysis-test-{}'.format(uuid.uuid4()) + subscription_name = client.subscription_path(PROJECT_ID, + subscription_id) + samples.create_occurrence_subscription(subscription_id, PROJECT_ID) + + # I can not make it pass with multiple messages. My guess is + # the server started to dedup? + message_count = 1 + try: + job_done = threading.Event() + receiver = MessageReceiver(message_count, job_done) + client.subscribe(subscription_name, receiver.pubsub_callback) + + for i in range(message_count): + occ = samples.create_occurrence( + self.image_url, self.note_id, PROJECT_ID, PROJECT_ID) + time.sleep(SLEEP_TIME) + samples.delete_occurrence(basename(occ.name), PROJECT_ID) + time.sleep(SLEEP_TIME) + # We saw occational failure with 60 seconds timeout, so we bumped it + # to 180 seconds. + # See also: python-docs-samples/issues/2894 + job_done.wait(timeout=180) + print('done. msg_count = {}'.format(receiver.msg_count)) + assert message_count <= receiver.msg_count + finally: + # clean up + client.delete_subscription({"subscription": subscription_name}) + + def test_poll_discovery_occurrence_fails(self): + # try with no discovery occurrence + try: + samples.poll_discovery_finished(self.image_url, 5, PROJECT_ID) + except RuntimeError: + pass + else: + # we expect timeout error + assert False + + @pytest.mark.flaky(max_runs=3, min_passes=1) + def test_poll_discovery_occurrence(self): + # create discovery occurrence + note_id = 'discovery-note-{}'.format(uuid.uuid4()) + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + note = { + 'discovery': { + 'analysis_kind': NoteKind.DISCOVERY + } + } + grafeas_client.\ + create_note(parent=f"projects/{PROJECT_ID}", note_id=note_id, note=note) + occurrence = { + 'note_name': f"projects/{PROJECT_ID}/notes/{note_id}", + 'resource_uri': self.image_url, + 'discovery': { + 'analysis_status': DiscoveryOccurrence.AnalysisStatus + .FINISHED_SUCCESS + } + } + created = grafeas_client.\ + create_occurrence(parent=f"projects/{PROJECT_ID}", + occurrence=occurrence) + + disc = samples.poll_discovery_finished(self.image_url, 10, PROJECT_ID) + status = disc.discovery.analysis_status + assert disc is not None + assert status == DiscoveryOccurrence.AnalysisStatus.FINISHED_SUCCESS + + # clean up + samples.delete_occurrence(basename(created.name), PROJECT_ID) + samples.delete_note(note_id, PROJECT_ID) + + def test_find_vulnerabilities_for_image(self): + occ_list = samples.find_vulnerabilities_for_image(self.image_url, + PROJECT_ID) + assert len(occ_list) == 0 + + created = samples.create_occurrence(self.image_url, + self.note_id, + PROJECT_ID, + PROJECT_ID) + tries = 0 + count = 0 + while count != 1 and tries < TRY_LIMIT: + tries += 1 + occ_list = samples.find_vulnerabilities_for_image(self.image_url, + PROJECT_ID) + count = len(occ_list) + time.sleep(SLEEP_TIME) + assert len(occ_list) == 1 + samples.delete_occurrence(basename(created.name), PROJECT_ID) + + def test_find_high_severity_vulnerabilities(self): + occ_list = samples.find_high_severity_vulnerabilities_for_image( + self.image_url, + PROJECT_ID) + assert len(occ_list) == 0 + + # create new high severity vulnerability + note_id = 'discovery-note-{}'.format(uuid.uuid4()) + client = containeranalysis_v1.ContainerAnalysisClient() + grafeas_client = client.get_grafeas_client() + note = { + 'vulnerability': { + 'severity': Severity.CRITICAL, + 'details': [ + { + 'affected_cpe_uri': 'your-uri-here', + 'affected_package': 'your-package-here', + 'affected_version_start': { + 'kind': Version.VersionKind.MINIMUM + }, + 'fixed_version': { + 'kind': Version.VersionKind.MAXIMUM + } + } + ] + } + } + grafeas_client.\ + create_note(parent=f"projects/{PROJECT_ID}", note_id=note_id, note=note) + occurrence = { + 'note_name': f"projects/{PROJECT_ID}/notes/{note_id}", + 'resource_uri': self.image_url, + 'vulnerability': { + 'effective_severity': Severity.CRITICAL, + 'package_issue': [ + { + 'affected_cpe_uri': 'your-uri-here', + 'affected_package': 'your-package-here', + 'affected_version': { + 'kind': Version.VersionKind.MINIMUM + }, + 'fixed_version': { + 'kind': Version.VersionKind.MAXIMUM + } + } + ] + } + } + created = grafeas_client.\ + create_occurrence(parent=f"projects/{PROJECT_ID}", + occurrence=occurrence) + # query again + tries = 0 + count = 0 + while count != 1 and tries < TRY_LIMIT: + tries += 1 + occ_list = samples.find_vulnerabilities_for_image(self.image_url, + PROJECT_ID) + count = len(occ_list) + time.sleep(SLEEP_TIME) + assert len(occ_list) == 1 + # clean up + samples.delete_occurrence(basename(created.name), PROJECT_ID) + samples.delete_note(note_id, PROJECT_ID)