[ROX-11912] Add support for clusters and cluster count for cluster vulnerabilities (stackrox#2523)

* Add support for clusters and cluster count for cluster vulnerabilities

Author: md2119

central/graphql/resolvers/cluster_vulnerabilities.go

@@ -22,6 +22,8 @@ func init() {
 		// NOTE: This list is and should remain alphabetically ordered
 		schema.AddType("ClusterVulnerability",
 			append(commonVulnerabilitySubResolvers,
+				"clusterCount(query: String): Int!",
+				"clusters(query: String, pagination: Pagination): [Cluster!]!",
 				"vulnerabilityType: String!",
 				"vulnerabilityTypes: [String!]!",
 			)),
@@ -45,6 +47,8 @@ func init() {
 type ClusterVulnerabilityResolver interface {
 	CommonVulnerabilityResolver
 
+	ClusterCount(ctx context.Context, args RawQuery) (int32, error)
+	Clusters(ctx context.Context, args PaginatedQuery) ([]*clusterResolver, error)
 	VulnerabilityType() string
 	VulnerabilityTypes() []string
 }
@@ -311,9 +315,15 @@ func withOpenShiftTypeFiltering(q string) string {
 }
 
 func (resolver *clusterCVEResolver) withClusterVulnerabilityScope(ctx context.Context) context.Context {
+	if features.PostgresDatastore.Enabled() {
+		return scoped.Context(ctx, scoped.Scope{
+			ID:    resolver.data.GetId(),
+			Level: v1.SearchCategory_CLUSTER_VULNERABILITIES,
+		})
+	}
 	return scoped.Context(ctx, scoped.Scope{
 		ID:    resolver.data.GetId(),
-		Level: v1.SearchCategory_CLUSTER_VULNERABILITIES,
+		Level: v1.SearchCategory_VULNERABILITIES,
 	})
 }
 
@@ -333,6 +343,26 @@ func (resolver *clusterCVEResolver) getClusterCVEQuery() *v1.Query {
 Sub Resolver Functions
 */
 
+// Clusters returns resolvers for clusters affected by cluster vulnerability.
+func (resolver *clusterCVEResolver) Clusters(ctx context.Context, args PaginatedQuery) ([]*clusterResolver, error) {
+	defer metrics.SetGraphQLOperationDurationTime(time.Now(), pkgMetrics.ClusterCVEs, "Clusters")
+
+	if err := readClusters(ctx); err != nil {
+		return nil, err
+	}
+	return resolver.root.Clusters(resolver.withClusterVulnerabilityScope(ctx), args)
+}
+
+// ClusterCount returns a number of clusters affected by cluster vulnerability.
+func (resolver *clusterCVEResolver) ClusterCount(ctx context.Context, args RawQuery) (int32, error) {
+	defer metrics.SetGraphQLOperationDurationTime(time.Now(), pkgMetrics.ClusterCVEs, "ClusterCount")
+
+	if err := readClusters(ctx); err != nil {
+		return 0, err
+	}
+	return resolver.root.ClusterCount(resolver.withClusterVulnerabilityScope(ctx), args)
+}
+
 func (resolver *clusterCVEResolver) VulnerabilityType() string {
 	return resolver.data.GetType().String()
 }

central/graphql/resolvers/vulnerabilities.go

@@ -105,6 +105,9 @@ type VulnerabilityResolver interface {
 	Nodes(ctx context.Context, args PaginatedQuery) ([]*nodeResolver, error)
 	NodeCount(ctx context.Context, args RawQuery) (int32, error)
 
+	ClusterCount(ctx context.Context, args RawQuery) (int32, error)
+	Clusters(ctx context.Context, args PaginatedQuery) ([]*clusterResolver, error)
+
 	UnusedVarSink(ctx context.Context, args RawQuery) *int32
 
 	Suppressed(ctx context.Context) bool

central/graphql/resolvers/vulnerabilities_v1.go

@@ -275,6 +275,28 @@ func (evr *EmbeddedVulnerabilityResolver) NodeCount(ctx context.Context, args Ra
 	return nodeLoader.CountFromQuery(ctx, query)
 }
 
+// Clusters returns resolvers for clusters affected by cluster vulnerability.
+func (evr *EmbeddedVulnerabilityResolver) Clusters(ctx context.Context, args PaginatedQuery) ([]*clusterResolver, error) {
+	defer metrics.SetGraphQLOperationDurationTime(time.Now(), pkgMetrics.ClusterCVEs, "Clusters")
+
+	if err := readClusters(ctx); err != nil {
+		return nil, err
+	}
+	query := search.AddRawQueriesAsConjunction(args.String(), evr.vulnRawQuery())
+	return evr.root.Clusters(ctx, PaginatedQuery{Query: &query, Pagination: args.Pagination})
+}
+
+// ClusterCount returns a number of clusters affected by cluster vulnerability.
+func (evr *EmbeddedVulnerabilityResolver) ClusterCount(ctx context.Context, args RawQuery) (int32, error) {
+	defer metrics.SetGraphQLOperationDurationTime(time.Now(), pkgMetrics.ClusterCVEs, "ClusterCount")
+
+	if err := readClusters(ctx); err != nil {
+		return 0, err
+	}
+	query := search.AddRawQueriesAsConjunction(args.String(), evr.vulnRawQuery())
+	return evr.root.ClusterCount(ctx, RawQuery{Query: &query})
+}
+
 func (resolver *Resolver) getComponentsForAffectedCluster(ctx context.Context, cve *schema.NVDCVEFeedJSON10DefCVEItem, ct utils.CVEType) (int, int, error) {
 	clusters, err := resolver.ClusterDataStore.GetClusters(ctx)
 	if err != nil {

central/graphql/resolvers/vulnerabilities_v2.go

@@ -866,6 +866,28 @@ func (resolver *cVEResolver) NodeCount(ctx context.Context, args RawQuery) (int3
 	return nodeLoader.CountFromQuery(resolver.addScopeContext(query))
 }
 
+// Clusters returns resolvers for clusters affected by cluster vulnerability.
+func (resolver *cVEResolver) Clusters(ctx context.Context, args PaginatedQuery) ([]*clusterResolver, error) {
+	defer metrics.SetGraphQLOperationDurationTime(time.Now(), pkgMetrics.ClusterCVEs, "Clusters")
+
+	if err := readClusters(ctx); err != nil {
+		return nil, err
+	}
+	query := search.AddRawQueriesAsConjunction(args.String(), resolver.getCVERawQuery())
+	return resolver.root.Clusters(ctx, PaginatedQuery{Query: &query, Pagination: args.Pagination})
+}
+
+// ClusterCount returns a number of clusters affected by cluster vulnerability.
+func (resolver *cVEResolver) ClusterCount(ctx context.Context, args RawQuery) (int32, error) {
+	defer metrics.SetGraphQLOperationDurationTime(time.Now(), pkgMetrics.ClusterCVEs, "ClusterCount")
+
+	if err := readClusters(ctx); err != nil {
+		return 0, err
+	}
+	query := search.AddRawQueriesAsConjunction(args.String(), resolver.getCVERawQuery())
+	return resolver.root.ClusterCount(ctx, RawQuery{Query: &query})
+}
+
 // These return dummy values, as they should not be accessed from the top level vuln resolver, but the embedded
 // version instead.