BE: Add filtering for `cluster` to vulnerability report graphQL query
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Why are we doing this work
In order to add dropdown filters for cluster in issue #337882 (closed), we need to support this filter in the relevant GraphQL query.
Relevant links
Non-functional requirements
-
Documentation: update https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/#cicd-variables-for-cluster-image-scanning with new variable CIS_CLUSTER_IDENTIFIER
- [-] Feature flag:
- [-] Performance:
- [-] Testing:
Implementation plan
-
documentation Add information about CIS_CLUSTER_IDENTIFIER
variable to https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/#cicd-variables-for-cluster-image-scanning -
backend Read CIS_CLUSTER_IDENTIFIER
variable in cluster-image-scanning analyzer (https://gitlab.com/gitlab-org/security-products/analyzers/cluster-image-scanning) and add that value to Security Report JSON for each Vulnerability. -
backend Extend Vulnerabilities::Finding
(https://gitlab.com/gitlab-org/gitlab/blob/master/ee/app/models/vulnerabilities/finding.rb#L4) with new scopeby_location_cluster
:scope :by_location_cluster, -> (cluster_ids) { where("vulnerability_occurrences.location -> 'cluster_id' ?| array[:cluster_ids]", cluster_ids: cluster_ids) }
-
backend Extend EE::Vulnerability
(https://gitlab.com/gitlab-org/gitlab/blob/master/ee/app/models/ee/vulnerability.rb#L4) with new scope that uses new scope added inVulnerabilities::Finding
, ie:scope :with_cluster_ids, -> (cluster_ids) { joins(:findings).merge(Vulnerabilities::Finding.by_location_cluster(cluster_ids)) }
-
backend Extend Security::VulnerabilitiesFinder
(https://gitlab.com/gitlab-org/gitlab/blob/master/ee/app/finders/security/vulnerabilities_finder.rb#L20)execute
method (https://gitlab.com/gitlab-org/gitlab/blob/master/ee/app/finders/security/vulnerabilities_finder.rb#L20) with new methodfilter_by_cluster_id
that uses scope defined inVulnerability
, -
backend Extend Resolvers::VulnerabilitiesResolver
(https://gitlab.com/gitlab-org/gitlab/blob/master/ee/app/graphql/resolvers/vulnerabilities_resolver.rb#L4) with new argument (:cluster_id, [GraphQL::Types::String], required: false
)