Skip to content

ROX-30352: add VM-scoped vulnerability and component endpoints#19666

Draft
ajheflin wants to merge 1 commit intoaheflin/ROX-30352/vm-v2-service-scaffoldfrom
aheflin/ROX-30352/vm-v2-vm-scoped-endpoints
Draft

ROX-30352: add VM-scoped vulnerability and component endpoints#19666
ajheflin wants to merge 1 commit intoaheflin/ROX-30352/vm-v2-service-scaffoldfrom
aheflin/ROX-30352/vm-v2-vm-scoped-endpoints

Conversation

@ajheflin
Copy link
Copy Markdown
Contributor

@ajheflin ajheflin commented Mar 27, 2026
edited by atlassian bot
Loading

Description

Part 4/6 of the VirtualMachineV2Service API stack (ROX-30352).

Adds 4 VM-scoped endpoints:

  • GetVMVulnSummary (GET /v2/virtualmachines/{id}/vuln-summary) - severity counts and fixable/not-fixable totals for a single VM
  • ListVMCVEsByVM (GET /v2/virtualmachines/{vm_id}/cves) - paginated CVE list for a specific VM
  • GetVMCVEComponents (GET /v2/virtualmachines/{vm_id}/cves/{id}/components) - components affected by a CVE on a VM (expanded row)
  • ListVMComponents (GET /v2/virtualmachines/{vm_id}/components) - paginated component list for a VM

Includes conversion functions for CVE and component storage types to API response types.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

Service tests to be added in a follow-up.

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

  • go build ./central/virtualmachine/v2/service/... compiles cleanly

@ajheflin @claude
ROX-30352: add VM-scoped vulnerability and component endpoints
f331507 
Add 4 VM-scoped endpoints to VirtualMachineV2Service:
- GetVMVulnSummary (GET /v2/virtualmachines/{id}/vuln-summary)
- ListVMCVEsByVM (GET /v2/virtualmachines/{vm_id}/cves)
- GetVMCVEComponents (GET /v2/virtualmachines/{vm_id}/cves/{id}/components)
- ListVMComponents (GET /v2/virtualmachines/{vm_id}/components)

Includes conversion functions for CVE and component storage types to
API response types.

Partially generated by AI.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Mar 27, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 27, 2026

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0d69dde7-567e-4649-bf71-4738a51451ca

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch aheflin/ROX-30352/vm-v2-vm-scoped-endpoints

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ajheflin
Copy link
Copy Markdown
Contributor Author

ajheflin commented Mar 27, 2026

This change is part of the following stack:

Change managed by git-spice.

This was referenced Mar 27, 2026
Draft
Draft
Draft
Draft
Draft
@ajheflin ajheflin requested a review from dashrews78 March 27, 2026 18:14
@rhacs-bot
Copy link
Copy Markdown
Contributor

rhacs-bot commented Mar 27, 2026

Images are ready for the commit at f331507.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.11.x-475-gf33150753d.

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 27, 2026

Codecov Report

❌ Patch coverage is 0% with 41 lines in your changes missing coverage. Please review.
✅ Project coverage is 49.35%. Comparing base (c55c117) to head (f331507).

Files with missing lines Patch % Lines
central/convert/storagetov2/virtual_machine_v2.go 0.00% 41 Missing ⚠️
Additional details and impacted files 
@@                             Coverage Diff                              @@
##           aheflin/ROX-30352/vm-v2-service-scaffold   #19666      +/-   ##
============================================================================
+ Coverage                                     49.32%   49.35%   +0.02%     
============================================================================
  Files                                          2744     2744              
  Lines                                        207082   207123      +41     
============================================================================
+ Hits                                         102152   102222      +70     
+ Misses                                        97333    97318      -15     
+ Partials                                       7597     7583      -14
Flag Coverage Δ
go-unit-tests 49.35% <0.00%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dashrews78 dashrews78 Awaiting requested review from dashrews78

Assignees

No one assigned

Labels

ai-assisted area/central do-not-merge/work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ajheflin @rhacs-bot