feat: trustification requests will not show oss-index data unless requested

Signed-off-by: Ruben Romero Montes <[email protected]>

Author: ruromero

deploy/exhort.yaml

@@ -35,16 +35,6 @@ spec:
             secretKeyRef:
               name: exhort-secret
               key: api-snyk-token
-        - name: API_OSSINDEX_TRUSTIFICATION_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: exhort-secret
-              key: api-ossindex-trustification-token
-        - name: API_OSSINDEX_TRUSTIFICATION_USER
-          valueFrom:
-            secretKeyRef:
-              name: exhort-secret
-              key: api-ossindex-trustification-user  
         - name: MONITORING_ENABLED
           value: "true"
         - name: MONITORING_SENTRY_DSN

deploy/openshift/template.yaml

@@ -147,17 +147,7 @@ objects:
                   valueFrom:
                     secretKeyRef:
                       name: exhort-secret
-                      key: api-snyk-token
-                - name: API_OSSINDEX_TRUSTIFICATION_TOKEN
-                  valueFrom:
-                    secretKeyRef:
-                      name: exhort-secret
-                      key: api-ossindex-trustification-token
-                - name: API_OSSINDEX_TRUSTIFICATION_USER
-                  valueFrom:
-                    secretKeyRef:
-                      name: exhort-secret
-                      key: api-ossindex-trustification-user               
+                      key: api-snyk-token            
                 - name: TELEMETRY_WRITE_KEY
                   valueFrom:
                     secretKeyRef:

src/main/java/com/redhat/exhort/integration/providers/VulnerabilityProvider.java

@@ -44,6 +44,8 @@
 @RegisterForReflection
 public class VulnerabilityProvider {
 
+  private static final String TRUSTIFICATION_SOURCE = "trustification";
+
   @ConfigProperty(name = "api.snyk.disabled", defaultValue = "false")
   boolean snykDisabled;
 
@@ -89,7 +91,7 @@ public List<String> getProvidersFromQueryParam(@Headers Map<String, String> head
     var props = URISupport.parseQuery(query);
     var providers = getProviders(props);
     if (providers == null || providers.isEmpty()) {
-      return getEnabled();
+      return filterProvidersBySource(headers, getEnabled());
     }
     var missing =
         providers.stream()
@@ -101,6 +103,15 @@ public List<String> getProvidersFromQueryParam(@Headers Map<String, String> head
     throw new ClientErrorException("Unsupported providers: " + missing, 422);
   }
 
+  private List<String> filterProvidersBySource(
+      Map<String, String> headers, List<String> providers) {
+    var source = headers.get(Constants.RHDA_SOURCE_HEADER);
+    if (TRUSTIFICATION_SOURCE.equals(source)) {
+      return providers.stream().filter(Predicate.not(Constants.OSS_INDEX_PROVIDER::equalsIgnoreCase)).toList();
+    }
+    return providers;
+  }
+
   @SuppressWarnings("unchecked")
   private List<String> getProviders(Map<String, Object> props) {
     var o = props.get(Constants.PROVIDERS_PARAM);

src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexIntegration.java

@@ -20,7 +20,6 @@
 
 import java.util.Base64;
 import java.util.List;
-import java.util.Optional;
 
 import org.apache.camel.Exchange;
 import org.apache.camel.builder.AggregationStrategies;
@@ -40,17 +39,9 @@
 @ApplicationScoped
 public class OssIndexIntegration extends EndpointRouteBuilder {
 
-  private static final String TRUSTIFICATION_SOURCE = "trustification";
-
   @ConfigProperty(name = "api.ossindex.timeout", defaultValue = "10s")
   String timeout;
 
-  @ConfigProperty(name = "api.ossindex.trustification.user")
-  Optional<String> trustificationUser;
-
-  @ConfigProperty(name = "api.ossindex.trustification.token")
-  Optional<String> trustificationToken;
-
   @Inject VulnerabilityProvider vulnerabilityProvider;
 
   @Inject OssIndexResponseHandler responseHandler;
@@ -64,7 +55,6 @@ public void configure() {
     from(direct("ossIndexScan"))
       .routeId("ossIndexScan")
       .transform(method(OssIndexRequestBuilder.class, "split"))
-      .process(this::authenticateTrustificationSource)
       .choice()
         .when(method(OssIndexRequestBuilder.class, "missingAuthHeaders"))
           .setBody(method(OssIndexResponseHandler.class, "unauthenticatedResponse"))
@@ -127,17 +117,4 @@ private void processComponentRequest(Exchange exchange) {
     message.removeHeader(Constants.OSS_INDEX_USER_HEADER);
     message.removeHeader(Constants.OSS_INDEX_TOKEN_HEADER);
   }
-
-  private void authenticateTrustificationSource(Exchange exchange) {
-    var headers = exchange.getIn().getHeaders();
-    var source = headers.get(Constants.RHDA_SOURCE_HEADER);
-    if (!TRUSTIFICATION_SOURCE.equals(source)) {
-      return;
-    }
-    if (!headers.containsKey(Constants.OSS_INDEX_USER_HEADER)
-        && !headers.containsKey(Constants.OSS_INDEX_TOKEN_HEADER)) {
-      headers.put(Constants.OSS_INDEX_USER_HEADER, trustificationUser.orElse(null));
-      headers.put(Constants.OSS_INDEX_TOKEN_HEADER, trustificationToken.orElse(null));
-    }
-  }
 }

src/main/resources/application.properties

@@ -5,9 +5,6 @@ project.name=${pom.name}
 project.version=${pom.version}
 project.build=${timestamp}
 
-
-
-
 api.snyk.token=placeholder
 api.snyk.host=https://app.snyk.io/api/v1
 # api.snyk.timeout=10s