chore: remove remaining harbor integrations

node-packages/commons/src/api.ts

@@ -1386,17 +1386,3 @@ export const getProblemsforProjectEnvironment = async (
   });
   return response.environmentByName.problems;
 };
-
-export const getProblemHarborScanMatches = () => graphqlapi.query(
-    `query getProblemHarborScanMatches {
-      allProblemHarborScanMatchers {
-        id
-        name
-        description
-        defaultLagoonProject
-        defaultLagoonEnvironment
-        defaultLagoonService
-        regex
-      }
-    }`
-);

services/api/Dockerfile

@@ -33,9 +33,7 @@ ENV NODE_ENV=production \
     KEYCLOAK_ADMIN_PASSWORD=admin \
     ELASTICSEARCH_URL=http://logs-db-service:9200 \
     KEYCLOAK_API_CLIENT_SECRET=39d5282d-3684-4026-b4ed-04bbc034b61a \
-    HARBOR_ADMIN_PASSWORD=Harbor12345 \
-    REDIS_PASSWORD=admin \
-    HARBOR_API_VERSION=v2.0
+    REDIS_PASSWORD=admin
 
 # The API is not very resilient to sudden mariadb restarts which can happen when the api and mariadb are starting
 # at the same time. So we have a small entrypoint which waits for mariadb to be fully ready.

services/api/package.json

@@ -15,7 +15,6 @@
     "sync:gitlab:all": "yarn run sync:gitlab:users && yarn run sync:gitlab:groups && yarn run sync:gitlab:projects",
     "sync:opendistro-security": "node --max-http-header-size=80000 dist/helpers/sync-groups-opendistro-security",
     "sync:bitbucket:repo-permissions": "node dist/bitbucket-sync/repo-permissions",
-    "sync:harbor:projects": "node dist/migrations/2-harbor/harborSync.js",
     "migrations:lagoon": "node dist/migrations/lagoon/migrations.js"
   },
   "keywords": [],

services/api/src/resolvers.js

@@ -10,9 +10,6 @@ const {
   deleteProblemsFromSource,
   addProblemsFromSource,
   getProblemSources,
-  getProblemHarborScanMatches,
-  addProblemHarborScanMatch,
-  deleteProblemHarborScanMatch
 } = require('./resources/problem/resolvers');
 
 const {
@@ -581,7 +578,6 @@ const resolvers = {
     allProblems: getAllProblems,
     allGroups: getAllGroups,
     allProjectsInGroup: getAllProjectsInGroup,
-    allProblemHarborScanMatchers: getProblemHarborScanMatches,
     allUsers: getAllUsers,
     allNotifications: getAllNotifications,
     userByEmail: getUserByEmail,
@@ -601,10 +597,8 @@ const resolvers = {
   },
   Mutation: {
     addProblem,
-    addProblemHarborScanMatch,
     deleteProblem,
     deleteProblemsFromSource,
-    deleteProblemHarborScanMatch,
     addFact,
     addFacts,
     addFactsByName,

services/api/src/resources/problem/resolvers.ts

@@ -278,36 +278,3 @@ export const deleteProblemsFromSource: ResolverFn = async (
 
   return 'success';
 };
-
-export const getProblemHarborScanMatches: ResolverFn = async (
-  root,
-  args,
-  { sqlClientPool, hasPermission }
-) => {
-  throw new Error('Harbor-Trivy integration with core removed in Lagoon 2')
-};
-
-export const addProblemHarborScanMatch: ResolverFn = async (
-  root,
-  {
-    input: {
-      name,
-      description,
-      defaultLagoonProject,
-      defaultLagoonEnvironment,
-      defaultLagoonService,
-      regex
-    }
-  },
-  { sqlClientPool, hasPermission, userActivityLogger }
-) => {
-  throw new Error('Harbor-Trivy integration with core removed in Lagoon 2')
-};
-
-export const deleteProblemHarborScanMatch: ResolverFn = async (
-  root,
-  { input: { id } },
-  { sqlClientPool, hasPermission, userActivityLogger }
-) => {
-  throw new Error('Harbor-Trivy integration with core removed in Lagoon 2')
-};

services/api/src/resources/problem/sql.ts

@@ -18,16 +18,6 @@ const standardEnvironmentReturn = {
   deleted: 'deleted'
 };
 
-const standardProblemHarborScanMatchReturn = {
-  id: 'id',
-  name: 'name',
-  description: 'description',
-  default_lagoon_project: 'defaultLagoonProject',
-  default_lagoon_environment: 'defaultLagoonEnvironment',
-  default_lagoon_service: 'defaultLagoonServiceName',
-  regex: 'regex'
-};
-
 export const Sql = {
   selectAllProblems: ({
     source = [],

services/api/src/typeDefs.js

@@ -268,29 +268,6 @@ const typeDefs = gql`
     deleted: String
   }
 
-  type ProblemHarborScanMatch {
-    id: Int
-    name: String
-    description: String
-    defaultLagoonProject: String
-    defaultLagoonEnvironment: String
-    defaultLagoonService: String
-    regex: String
-  }
-
-  input AddProblemHarborScanMatchInput {
-    name: String!
-    description: String!
-    defaultLagoonProject: String
-    defaultLagoonEnvironment: String
-    defaultLagoonService: String
-    regex: String!
-  }
-
-  input DeleteProblemHarborScanMatchInput {
-    id: Int!
-  }
-
   input AddProblemInput {
     id: Int
     environment: Int!
@@ -1401,10 +1378,6 @@ const typeDefs = gql`
     """
     lagoonVersion: JSON
     """
-    Returns all ProblemHarborScanMatchers
-    """
-    allProblemHarborScanMatchers: [ProblemHarborScanMatch] @deprecated(reason: "Harbor-Trivy integration with core removed in Lagoon 2")
-    """
     Returns all AdvancedTaskDefinitions
     """
     allAdvancedTaskDefinitions: [AdvancedTaskDefinition]
@@ -2420,10 +2393,8 @@ const typeDefs = gql`
     cancelDeployment(input: CancelDeploymentInput!): String
     addBackup(input: AddBackupInput!): Backup
     addProblem(input: AddProblemInput!): Problem
-    addProblemHarborScanMatch(input: AddProblemHarborScanMatchInput!): ProblemHarborScanMatch @deprecated(reason: "Harbor-Trivy integration with core removed in Lagoon 2")
     deleteProblem(input: DeleteProblemInput!): String
     deleteProblemsFromSource(input: DeleteProblemsFromSourceInput!): String
-    deleteProblemHarborScanMatch(input: DeleteProblemHarborScanMatchInput!): String @deprecated(reason: "Harbor-Trivy integration with core removed in Lagoon 2")
     addFact(input: AddFactInput!): Fact
     addFacts(input: AddFactsInput!): [Fact] @deprecated(reason: "Use addFactsByName instead")
     addFactsByName(input: AddFactsByNameInput!): [Fact]

services/keycloak/lagoon-realm-base-import.json

@@ -891,24 +891,6 @@
               }
             ]
           },
-          {
-            "name": "harbor_scan_match",
-            "ownerManagedAccess": false,
-            "displayName": "Harbor scan match",
-            "attributes": {},
-            "uris": [],
-            "scopes": [
-              {
-                "name": "add"
-              },
-              {
-                "name": "view"
-              },
-              {
-                "name": "delete"
-              }
-            ]
-          },
           {
             "name": "advanced_task",
             "ownerManagedAccess": false,
@@ -2147,17 +2129,6 @@
               "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]"
             }
           },
-          {
-            "name": "Add Harbor Scan Match",
-            "type": "scope",
-            "logic": "POSITIVE",
-            "decisionStrategy": "UNANIMOUS",
-            "config": {
-              "resources": "[\"harbor_scan_match\"]",
-              "scopes": "[\"add\"]",
-              "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]"
-            }
-          },
           {
             "name": "Delete Production Environment",
             "type": "scope",
@@ -2466,17 +2437,6 @@
               "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]"
             }
           },
-          {
-            "name": "Delete Harbor Scan Match",
-            "type": "scope",
-            "logic": "POSITIVE",
-            "decisionStrategy": "UNANIMOUS",
-            "config": {
-              "resources": "[\"harbor_scan_match\"]",
-              "scopes": "[\"delete\"]",
-              "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]"
-            }
-          },
           {
             "name": "View All Openshifts",
             "type": "scope",
@@ -2741,17 +2701,6 @@
               "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]"
             }
           },
-          {
-            "name": "View Harbor Scan Match",
-            "type": "scope",
-            "logic": "POSITIVE",
-            "decisionStrategy": "UNANIMOUS",
-            "config": {
-              "resources": "[\"harbor_scan_match\"]",
-              "scopes": "[\"view\"]",
-              "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]"
-            }
-          },
           {
             "name": "Run Drush sql-sync to Production Environment",
             "type": "scope",

services/keycloak/startup-scripts/00-configure-lagoon.sh

@@ -332,6 +332,31 @@ EOF
 EOF
 }
 
+function migrate_remove_harbor_scan_permissions {
+  # The changes here match the changes that are made in the realm import script
+  # fresh installs will not need to perform this migration as the changes will already be in the import
+  # this will only run on existing installations to get it into a state that matches the realm import
+  CLIENT_ID=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients?clientId=api --config $CONFIG_PATH | jq -r '.[0]["id"]')
+  view_harbor_scan_match=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=View+Harbor+Scan+Match --config $CONFIG_PATH)
+
+  if [ "$view_harbor_scan_match" == "[ ]" ]; then
+      echo "view_harbor_scan_match already removed"
+      return 0
+  fi
+
+  echo Removing old harbor permissions
+
+  echo Delete view_harbor_scan_match permission
+  view_harbor_scan_match_id=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=View+Harbor+Scan+Match --config $CONFIG_PATH | jq -r '.[0]["id"]')
+  /opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$view_harbor_scan_match_id --config $CONFIG_PATH
+  echo Delete add_harbor_scan_match permission
+  add_harbor_scan_match_id=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Add+Harbor+Scan+Match --config $CONFIG_PATH | jq -r '.[0]["id"]')
+  /opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$add_harbor_scan_match_id --config $CONFIG_PATH
+  echo Delete delete_harbor_scan_match permission
+  delete_harbor_scan_match_id=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Delete+Harbor+Scan+Match --config $CONFIG_PATH | jq -r '.[0]["id"]')
+  /opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$delete_harbor_scan_match_id --config $CONFIG_PATH
+}
+
 ##################
 # Initialization #
 ##################
@@ -362,6 +387,7 @@ function configure_keycloak {
     service-api_add_query-groups_permission
     add_notification_view_all
     migrate_admin_organization_permissions
+    migrate_remove_harbor_scan_permissions
 
     # always run last
     sync_client_secrets

services/webhooks2tasks/src/webhooks/problems.ts

@@ -10,16 +10,6 @@ import {
   Project
 } from '../types';
 
-// NOTE: Here we are going through the process of deprecating the Trivy integration
-const enableHarborIntegration = (() => {
-	if(process.env.ENABLE_DEPRECATED_TRIVY_INTEGRATION && process.env.ENABLE_DEPRECATED_TRIVY_INTEGRATION == "true") {
-    console.log("ENABLE_DEPRECATED_TRIVY_INTEGRATION is 'true' -- enabling Harbor/Trivy");
-		return true;
-	}
-  console.log("ENABLE_DEPRECATED_TRIVY_INTEGRATION is not 'true' -- Harbor/Trivy integration is not enabled");
-	return false;
-})();
-
 export async function processProblems(
     rabbitMsg,
     channelWrapperWebhooks