clair: update claircore to 0.0.14

go.mod

@@ -5,7 +5,7 @@ go 1.13
 require (
 	github.com/klauspost/compress v1.9.4
 	github.com/mattn/go-sqlite3 v1.11.0 // indirect
-	github.com/quay/claircore v0.0.13
+	github.com/quay/claircore v0.0.14
 	github.com/rs/zerolog v1.16.0
 	golang.org/x/tools v0.0.0-20191210200704-1bcf67c9cb49 // indirect
 	gopkg.in/yaml.v2 v2.2.5

go.sum

@@ -211,8 +211,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/quay/alas v1.0.1 h1:MuFpGGXyZlDD7+F/hrnMZmzhS8P2bjRzX9DyGmyLA+0=
 github.com/quay/alas v1.0.1/go.mod h1:pseepSrG9pwry1joG7RO/RNRFJaWqiqx9qeoomeYwEk=
-github.com/quay/claircore v0.0.13 h1:d+jlLqECJCrQ6gBnGde/lKz0OdY7ENmBgfvksC2rNe0=
-github.com/quay/claircore v0.0.13/go.mod h1:sHoFUbkDaGyq0tg1uepnE02LTUz55DCPMRl7/OJTPkI=
+github.com/quay/claircore v0.0.14 h1:5vyKXX99sNVUGTJDlEcEi2NThFo6GgQX3eeSkYwf738=
+github.com/quay/claircore v0.0.14/go.mod h1:sHoFUbkDaGyq0tg1uepnE02LTUz55DCPMRl7/OJTPkI=
 github.com/quay/goval-parser v0.7.0 h1:QhJXufv2w5BUzfLJSfLz01yya9MS5SWGtyo8J/EAvkY=
 github.com/quay/goval-parser v0.7.0/go.mod h1:9mCSx+kqC0rq6bKyAWiplMUzTWLpr4HRlez+iuxEkhc=
 github.com/remind101/migrate v0.0.0-20170729031349-52c1edff7319 h1:ukjThsA2ou7AmovpwtMVkNQSuoN/v5U16+JomTz3c7o=

indexer/httpclient.go

@@ -74,8 +74,8 @@ func (s *httpClient) Index(ctx context.Context, manifest *claircore.Manifest) (*
 }
 
 // IndexReport retrieves a IndexReport given a manifest hash string
-func (s *httpClient) IndexReport(ctx context.Context, manifestHash string) (*claircore.IndexReport, bool, error) {
-	u, err := s.addr.Parse(path.Join(IndexReportAPIPath, manifestHash))
+func (s *httpClient) IndexReport(ctx context.Context, manifest claircore.Digest) (*claircore.IndexReport, bool, error) {
+	u, err := s.addr.Parse(path.Join(IndexReportAPIPath, manifest.String()))
 	if err != nil {
 		return nil, false, fmt.Errorf("failed to create request: %v", err)
 	}

indexer/httptransport.go

@@ -45,29 +45,38 @@ func (h *HTTP) IndexReportHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	manifestHash := strings.TrimPrefix(r.URL.Path, IndexReportAPIPath)
-	if manifestHash == "" {
+	manifestStr := strings.TrimPrefix(r.URL.Path, IndexReportAPIPath)
+	if manifestStr == "" {
 		resp := &je.Response{
 			Code:    "bad-request",
 			Message: "malformed path. provide a single manifest hash",
 		}
 		je.Error(w, resp, http.StatusBadRequest)
 		return
 	}
+	manifest, err := claircore.ParseDigest(manifestStr)
+	if err != nil {
+		resp := &je.Response{
+			Code:    "bad-request",
+			Message: "malformed path: " + err.Error(),
+		}
+		je.Error(w, resp, http.StatusBadRequest)
+		return
+	}
 
-	report, ok, err := h.serv.IndexReport(context.Background(), manifestHash)
+	report, ok, err := h.serv.IndexReport(context.Background(), manifest)
 	if !ok {
 		resp := &je.Response{
 			Code:    "not-found",
-			Message: fmt.Sprintf("index report for manifest %s not found", manifestHash),
+			Message: fmt.Sprintf("index report for manifest %q not found", manifest.String()),
 		}
 		je.Error(w, resp, http.StatusNotFound)
 		return
 	}
 	if err != nil {
 		resp := &je.Response{
 			Code:    "internal-server-error",
-			Message: fmt.Sprintf("%w", err),
+			Message: err.Error(),
 		}
 		je.Error(w, resp, http.StatusInternalServerError)
 		return

indexer/service.go

@@ -9,6 +9,6 @@ import (
 // Service creates an interface around claircore.Libindex
 type Service interface {
 	Index(ctx context.Context, manifest *claircore.Manifest) (*claircore.IndexReport, error)
-	IndexReport(ctx context.Context, manifestHash string) (*claircore.IndexReport, bool, error)
+	IndexReport(ctx context.Context, manifes claircore.Digest) (*claircore.IndexReport, bool, error)
 	State() string
 }

matcher/httptransport.go

@@ -25,7 +25,7 @@ type HTTP struct {
 }
 
 type Reporter interface {
-	IndexReport(context.Context, string) (*claircore.IndexReport, bool, error)
+	IndexReport(context.Context, claircore.Digest) (*claircore.IndexReport, bool, error)
 }
 
 func NewHTTPTransport(service Service, r Reporter) (*HTTP, error) {
@@ -51,21 +51,30 @@ func (h *HTTP) VulnerabilityReportHandler(w http.ResponseWriter, r *http.Request
 	ctx, done := context.WithCancel(r.Context())
 	defer done()
 
-	manifestHash := strings.TrimPrefix(r.URL.Path, VulnerabilityReportAPIPath)
-	if manifestHash == "" {
+	manifestStr := strings.TrimPrefix(r.URL.Path, VulnerabilityReportAPIPath)
+	if manifestStr == "" {
 		resp := &je.Response{
 			Code:    "bad-request",
 			Message: "malformed path. provide a single manifest hash",
 		}
 		je.Error(w, resp, http.StatusBadRequest)
 		return
 	}
+	manifest, err := claircore.ParseDigest(manifestStr)
+	if err != nil {
+		resp := &je.Response{
+			Code:    "bad-request",
+			Message: "malformed path: " + err.Error(),
+		}
+		je.Error(w, resp, http.StatusBadRequest)
+		return
+	}
 
-	indexReport, ok, err := h.r.IndexReport(ctx, manifestHash)
+	indexReport, ok, err := h.r.IndexReport(ctx, manifest)
 	if !ok {
 		resp := &je.Response{
 			Code:    "not-found",
-			Message: fmt.Sprintf("index report for manifest %s not found", manifestHash),
+			Message: fmt.Sprintf("index report for manifest %q not found", manifest.String()),
 		}
 		je.Error(w, resp, http.StatusNotFound)
 		return

openapi.yaml

@@ -3,7 +3,7 @@ openapi: "3.0.2"
 info:
   title: "ClairV4"
   description: |
-    ClairV4 is a set of cooperating microservice which scan, index, and
+    ClairV4 is a set of cooperating microservices which scan, index, and
     match your container's content with known vulnerabilities.
   version: "0.1"
   termsOfService: ""
@@ -59,11 +59,11 @@ paths:
         - name: manifest_hash
           in: path
           description: |
-            A content addressable hash which has been indexed previous
-            to this request.
+            A digest of a manifest that has been indexed previous to this
+            request.
           required: true
           schema:
-            type: string
+            $ref: '#/components/schemas/Digest'
       responses:
         200:
           description: IndexReport retrieved
@@ -96,11 +96,11 @@ paths:
         - name: manifest_hash
           in: path
           description: |
-            A content addressable hash which has been indexed previous
-            to this request.
+            A digest of a manifest that has been indexed previous to this
+            request.
           required: true
           schema:
-            type: string
+            $ref: '#/components/schemas/Digest'
       responses:
         201:
           description: VulnerabilityReport Created
@@ -127,7 +127,7 @@ paths:
         internal configuration state.
 
         A client may be interested in this as a signal that manifests may need
-        to be reindexed.
+        to be re-indexed.
       responses:
         200:
           description: Indexer State
@@ -176,8 +176,8 @@ components:
     Environment:
       value:
         package_db: "var/lib/dpkg/status"
-        introduced_in: |
-          35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a
+        introduced_in: |-
+          sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a
         distribution_id: "1"
 
     Vulnerability:
@@ -262,11 +262,7 @@ components:
           type: string
           example: "var/lib/dpkg/status"
         introduced_in:
-          description: |
-            The container layer the associated package was introduced in.
-          type: string
-          example: |
-            35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a
+          $ref: '#/components/schemas/Digest'
         distribution_id:
           description: |
             The distribution ID found in an associated IndexReport or
@@ -283,12 +279,7 @@ components:
         report for matching Vulnerabilities.
       properties:
         manifest_hash:
-          description: |
-            A content addressable hash uniqually identifying the indexed
-            manifest.
-          type: string
-          example: |
-            2f077db56abccc19f16f140f629ae98e904b4b7d563957a7fc319bd11b82ba36
+          $ref: '#/components/schemas/Digest'
         state:
           description: "The current state of the index operation"
           type: string
@@ -304,7 +295,7 @@ components:
         distributions:
           type: object
           description: |
-            A map of Distribution objects key'd by their Distribution.id
+            A map of Distribution objects keyed by their Distribution.id
             discovered in the manifest.
           example:
             "1":
@@ -321,8 +312,8 @@ components:
               # swagger bug does not allow inline reference here -_-
               # - $ref: '#/components/examples/Environment/value'
               - package_db: "var/lib/dpkg/status"
-                introduced_in: |
-                  35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a
+                introduced_in: |-
+                  sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a
                 distribution_id: "1"
 
           additionalProperties:
@@ -346,10 +337,7 @@ components:
         and package vulnerabilities within a Manifest.
       properties:
         manifest_hash:
-          description: |
-            The content addressable manifest hash this VulnerabilityReport
-            is associated with.
-          type: string
+          $ref: '#/components/schemas/Digest'
         packages:
           type: object
           description: "A map of Package objects indexed by Package.id"
@@ -375,8 +363,8 @@ components:
               # swagger bug does not allow inline reference here -_-
               # - $ref: '#/components/examples/Environment/value'
               - package_db: "var/lib/dpkg/status"
-                introduced_in: |
-                  35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a
+                introduced_in: |-
+                  sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a
                 distribution_id: "1"
           additionalProperties:
             type: array
@@ -518,12 +506,7 @@ components:
         preserve the original container's layer order for accurate usage.
       properties:
         hash:
-          description: |
-            A content addressable hash uniqually identifying this
-            manifest.
-          type: string
-          example: |
-            251f5509d51d9e4119d4ffb70d4820f8e2d7dc72ad15df3ebd7cd755539e40fd
+          $ref: '#/components/schemas/Digest'
         layers:
           type: array
           items:
@@ -535,15 +518,11 @@ components:
       description: "A Layer within a Manifest and where Clair may retrieve it."
       properties:
         hash:
-          type: string
-          description: |
-            A content addressable hash uniqually identifying this layer
-          example: |
-            2f077db56abccc19f16f140f629ae98e904b4b7d563957a7fc319bd11b82ba36
+          $ref: '#/components/schemas/Digest'
         uri:
           type: string
           description: |
-            A URI decribing where the layer may be found. Implementions
+            A URI describing where the layer may be found. Implementations
             MUST support http(s) schemes and MAY support additional
             schemes.
           example: |
@@ -576,3 +555,14 @@ components:
       description: an opaque identifier
       example:
         state: "aae368a064d7c5a433d0bf2c4f5554cc"
+
+    Digest:
+      title: Digest
+      type: string
+      description: |
+        A digest string with prefixed algorithm. The format is described here:
+        https://github.com/opencontainers/image-spec/blob/master/descriptor.md#digests
+
+        Digests are used throughout the API to identify Layers and Manifests.
+      example: |-
+        sha256:fc84b5febd328eccaa913807716887b3eb5ed08bc22cc6933a9ebf82766725e3