nextflow-io · pditommaso · Oct 14, 2024 · Oct 14, 2024
@@ -189,10 +189,10 @@ tower.accessToken = '<YOUR ACCESS TOKEN>'
 ```
 
 Nextflow will only allow the use of containers with no security
-vulnerabilities when using these settings. You can define the level of accepted vulnerabilities using `wave.scan.levels`. For example:
+vulnerabilities when using these settings. You can define the level of accepted vulnerabilities using `wave.scan.allowedLevels`. For example:
 
 ```
-wave.scan.levels = 'low,medium'
+wave.scan.allowedLevels = 'low,medium'
 ```
 
 The above setting will allow the use of containers with *low* and *medium* vulnerabilities. Accepted values are `low`, `medium`, `high`, and `critical`. See [common vulnerabilities scoring system](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System) for more information about these levels.

diff --git a/plugins/nf-wave/src/main/io/seqera/wave/plugin/WaveClient.groovy b/plugins/nf-wave/src/main/io/seqera/wave/plugin/WaveClient.groovy
@@ -217,7 +217,7 @@ class WaveClient {
                 dryRun: ContainerInspectMode.active(),
                 mirror: config.mirrorMode(),
                 scanMode: config.scanMode(),
-                scanLevels: config.scanLevels()
+                scanLevels: config.scanAllowedLevels()
         )
     }
 
@@ -244,7 +244,7 @@ class WaveClient {
                 dryRun: ContainerInspectMode.active(),
                 mirror: config.mirrorMode(),
                 scanMode: config.scanMode(),
-                scanLevels: config.scanLevels()
+                scanLevels: config.scanAllowedLevels()
         )
         return sendRequest(request)
     }

diff --git a/plugins/nf-wave/src/main/io/seqera/wave/plugin/config/WaveConfig.groovy b/plugins/nf-wave/src/main/io/seqera/wave/plugin/config/WaveConfig.groovy
@@ -54,7 +54,7 @@ class WaveConfig {
     final private Duration buildMaxDuration
     final private Boolean mirrorMode
     final private ScanMode scanMode
-    final private List<ScanLevel> scanLevels
+    final private List<ScanLevel> scanAllowedLevels
 
     WaveConfig(Map opts, Map<String,String> env=System.getenv()) {
         this.enabled = opts.enabled
@@ -74,7 +74,7 @@ class WaveConfig {
         this.httpClientOpts = new HttpOpts(opts.httpClient as Map ?: Map.of())
         this.buildMaxDuration = opts.navigate('build.maxDuration', '40m') as Duration
         this.scanMode = opts.navigate('scan.mode') as ScanMode
-        this.scanLevels = parseScanLevels(opts.navigate('scan.levels'))
+        this.scanAllowedLevels = parseScanLevels(opts.navigate('scan.allowedLevels'))
         // some validation
         validateConfig()
     }
@@ -180,8 +180,8 @@ class WaveConfig {
         return scanMode
     }
 
-    List<ScanLevel> scanLevels() {
-        return scanLevels
+    List<ScanLevel> scanAllowedLevels() {
+        return scanAllowedLevels
     }
 
     protected List<ScanLevel> parseScanLevels(value) {

diff --git a/plugins/nf-wave/src/test/io/seqera/wave/plugin/WaveClientTest.groovy b/plugins/nf-wave/src/test/io/seqera/wave/plugin/WaveClientTest.groovy
@@ -263,7 +263,7 @@ class WaveClientTest extends Specification {
 
     def 'should create request object with scan mode and levels' () {
         given:
-        def session = Mock(Session) { getConfig() >> [wave:[scan:[mode: 'required', levels: 'low,medium']]]}
+        def session = Mock(Session) { getConfig() >> [wave:[scan:[mode: 'required', allowedLevels: 'low,medium']]]}
         def IMAGE =  'foo:latest'
         def wave = new WaveClient(session)
 

diff --git a/plugins/nf-wave/src/test/io/seqera/wave/plugin/config/WaveConfigTest.groovy b/plugins/nf-wave/src/test/io/seqera/wave/plugin/config/WaveConfigTest.groovy
@@ -201,7 +201,7 @@ class WaveConfigTest extends Specification {
         given:
         def config = new WaveConfig([enabled: true])
         expect:
-        config.toString() == 'WaveConfig(enabled:true, endpoint:https://wave.seqera.io, containerConfigUrl:[], tokensCacheMaxDuration:30m, condaOpts:CondaOpts(mambaImage=mambaorg/micromamba:1.5.10-noble; basePackages=conda-forge::procps-ng, commands=null), spackOpts:SpackOpts(basePackages=null, commands=null), strategy:[container, dockerfile, conda, spack], bundleProjectResources:null, buildRepository:null, cacheRepository:null, retryOpts:RetryOpts(delay:450ms, maxDelay:1m 30s, maxAttempts:10, jitter:0.25), httpClientOpts:HttpOpts(), freezeMode:null, preserveFileTimestamp:null, buildMaxDuration:40m, mirrorMode:null, scanMode:null, scanLevels:null)'
+        config.toString() == 'WaveConfig(enabled:true, endpoint:https://wave.seqera.io, containerConfigUrl:[], tokensCacheMaxDuration:30m, condaOpts:CondaOpts(mambaImage=mambaorg/micromamba:1.5.10-noble; basePackages=conda-forge::procps-ng, commands=null), spackOpts:SpackOpts(basePackages=null, commands=null), strategy:[container, dockerfile, conda, spack], bundleProjectResources:null, buildRepository:null, cacheRepository:null, retryOpts:RetryOpts(delay:450ms, maxDelay:1m 30s, maxAttempts:10, jitter:0.25), httpClientOpts:HttpOpts(), freezeMode:null, preserveFileTimestamp:null, buildMaxDuration:40m, mirrorMode:null, scanMode:null, scanAllowedLevels:null)'
     }
 
     def 'should not allow invalid setting' () {
@@ -264,7 +264,7 @@ class WaveConfigTest extends Specification {
     @Unroll
     def 'should validate scan levels' () {
         expect:
-        new WaveConfig(scan: [levels: LEVEL]).scanLevels() == EXPECTED
+        new WaveConfig(scan: [allowedLevels: LEVEL]).scanAllowedLevels() == EXPECTED
         where:
         LEVEL               | EXPECTED
         null                | null