Add support to vuln report for pulp_python plugin

closes: #1272

Author: git-hyagi

CHANGES/1272.feature

@@ -0,0 +1 @@
+Added support to vulnerability report for pulp_python plugin.

pulp-glue/pulp_glue/common/context.py

@@ -1284,6 +1284,9 @@ def needs_capability(self, capability: str) -> None:
                 )
             )
 
+    def scan(self) -> t.Any:
+        return self.call("scan", parameters={self.HREF: self.pulp_href})
+
 
 class PulpRemoteContext(PulpEntityContext):
     """

pulp-glue/pulp_glue/core/context.py

@@ -613,3 +613,11 @@ def find(self, **kwargs: t.Any) -> t.Any:
 
     def replicate(self) -> t.Any:
         return self.call("replicate", parameters={self.HREF: self.pulp_href})
+
+
+class PulpVulnerabilityReportContext(PulpEntityContext):
+    ENTITY = _("vulnerability report")
+    ENTITIES = _("vulnerability reports")
+    ID_PREFIX = "vuln_report"
+    HREF = "vulnerability_report_href"
+    NEEDS_PLUGINS = [PluginRequirement("core", specifier=">=3.85.3")]

pulp-glue/pulp_glue/python/context.py

@@ -101,6 +101,7 @@ class PulpPythonRepositoryVersionContext(PulpRepositoryVersionContext):
     HREF = "python_python_repository_version_href"
     ID_PREFIX = "repositories_python_python_versions"
     NEEDS_PLUGINS = [PluginRequirement("python", specifier=">=3.1.0")]
+    CAPABILITIES = {"scan": [PluginRequirement("python", specifier=">=3.21.0")]}
 
 
 class PulpPythonRepositoryContext(PulpRepositoryContext):

pulp_cli/generic.py

@@ -1521,11 +1521,33 @@ def callback(entity_ctx: PulpEntityContext, /) -> None:
     return callback
 
 
+def scan_command(**kwargs: t.Any) -> click.Command:
+    """A factory that creates a scan command."""
+
+    kwargs.setdefault("name", "scan")
+    kwargs.setdefault("help", _("Verify repository version package vulnerabilities."))
+    decorators = kwargs.pop("decorators", [])
+
+    @pulp_command(**kwargs)
+    @pass_entity_context
+    def callback(entity_ctx: PulpEntityContext, /) -> None:
+        """
+        Scan a {entity}.
+        """
+        entity_ctx.needs_capability("scan")
+        entity_ctx.scan()
+
+    for option in decorators:
+        # Decorate callback
+        callback = option(callback)
+    return callback
+
+
 def version_command(**kwargs: t.Any) -> click.Command:
     """
     A factory that creates a repository version command group.
 
-    This group contains `list`, `show`, `destroy` and `repair` subcommands.
+    This group contains `list`, `show`, `destroy`, `repair` and `scan` subcommands.
     If `list_only=True` is passed, only the `list` command will be instantiated.
     Repository lookup options can be provided in `decorators`.
     """
@@ -1545,6 +1567,7 @@ def callback(ctx: click.Context, repository_ctx: PulpRepositoryContext, /) -> No
     if not list_only:
         callback.add_command(show_command(decorators=decorators + [version_option]))
         callback.add_command(destroy_command(decorators=decorators + [version_option]))
+        callback.add_command(scan_command(decorators=decorators + [version_option]))
 
         @callback.command()
         @repository_lookup_option

pulpcore/cli/core/__init__.py

@@ -25,6 +25,7 @@
 from pulpcore.cli.core.upload import upload
 from pulpcore.cli.core.upstream_pulp import upstream_pulp
 from pulpcore.cli.core.user import user
+from pulpcore.cli.core.vulnerability_report import vulnerability_report
 from pulpcore.cli.core.worker import worker
 
 
@@ -52,6 +53,7 @@ def mount(main: click.Group, **kwargs: t.Any) -> None:
     main.add_command(upload)
     main.add_command(upstream_pulp)
     main.add_command(user)
+    main.add_command(vulnerability_report)
     main.add_command(worker)
 
     _orig_get_command = main.get_command

pulpcore/cli/core/vulnerability_report.py

@@ -0,0 +1,28 @@
+import click
+from pulp_glue.common.i18n import get_translation
+from pulp_glue.core.context import PulpVulnerabilityReportContext
+
+from pulpcore.cli.common.generic import (
+    PulpCLIContext,
+    href_option,
+    list_command,
+    pass_pulp_context,
+    pulp_group,
+    show_command,
+)
+
+translation = get_translation(__package__)
+_ = translation.gettext
+
+lookup_options = [href_option]
+
+
+@pulp_group()
+@pass_pulp_context
+@click.pass_context
+def vulnerability_report(ctx: click.Context, pulp_ctx: PulpCLIContext, /) -> None:
+    ctx.obj = PulpVulnerabilityReportContext(pulp_ctx)
+
+
+vulnerability_report.add_command(list_command())
+vulnerability_report.add_command(show_command(decorators=lookup_options))

tests/scripts/pulpcore/test_vulnerability_report.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -eu
+# shellcheck source=tests/scripts/config.source
+. "$(dirname "$(dirname "$(realpath "$0")")")"/config.source
+
+cleanup() {
+  pulp python repository destroy --name python || true
+  pulp python remote destroy --name python || true
+  pulp orphan cleanup --protection-time=0
+}
+trap cleanup EXIT
+
+pulp debug has-plugin --name "core" --specifier ">=3.85.3" || exit 0
+pulp debug has-plugin --name "python" --specifier ">=3.21.0" || exit 0
+
+# create a test repository
+pulp python repository create --name python
+pulp python remote create --name python --url "https://pypi.org/" --includes '["django==5.2.1"]'
+pulp python repository sync --name python --remote python
+
+expect_succ pulp python repository version scan --repository python
+expect_succ pulp vulnerability-report list
+
+VULN_REPORT=$(pulp vulnerability-report list --field pulp_href --limit 1|jq .[0].pulp_href -r)
+expect_succ pulp vulnerability-report show --href "$VULN_REPORT"
+
+#  test with non-implemented content type
+pulp file repository create --name file-repo
+expect_fail pulp file repository version scan --repository file-repo