stackrox · dhaus67 · Jun 13, 2022 · Jun 12, 2022 · Jun 13, 2022 · Jun 13, 2022
@@ -158,7 +158,7 @@ jobs:
       - run:
           name: Get Roxctl binary and set the image name
           command: |
-            cci-export IMAGE_NAME "quay.io/rhacs-eng/main:3.0.55.x-4-gd2e48c0fd6"
+            cci-export IMAGE_NAME "quay.io/rhacs-eng/main:3.70.0"
             cci-export BASE_DIR "/home/circleci/jenkins-plugin"
             docker login -u  "${QUAY_RHACS_ENG_RO_USERNAME}" --password-stdin \<<<"${QUAY_RHACS_ENG_RO_PASSWORD}" quay.io
             cci-export REGISTRY_USERNAME "$QUAY_RHACS_ENG_RO_USERNAME"
@@ -170,21 +170,13 @@ jobs:
 
       - *setupGoogleAppCreds
 
-      - run:
-          name: Creating License Key
-          command: |
-            export ROX_LICENSE_KEY="$(./licenses/ci.sh  --not-valid-after +6h)"
-            touch /tmp/data.lic
-            chmod 0600 /tmp/data.lic
-            echo $ROX_LICENSE_KEY >> /tmp/data.lic
       - run:
           name: Generate central bundle
           command: |
             ./roxctl central generate k8s pvc \
-              --license /tmp/data.lic \
               --main-image "${IMAGE_NAME}" \
-              --scanner-image quay.io/rhacs-eng/scanner:2.10.0 \
-              --scanner-db-image quay.io/rhacs-eng/scanner-db:2.10.0
+              --scanner-image quay.io/rhacs-eng/scanner:2.24.0 \
+              --scanner-db-image quay.io/rhacs-eng/scanner-db:2.24.0
             export ROX_PASSWORD="$(cat central-bundle/password)"
             cci-export ROX_USERNAME "admin"
             cci-export ROX_PASSWORD "$ROX_PASSWORD"

@@ -3,6 +3,7 @@ import static com.offbytwo.jenkins.model.BuildResult.FAILURE
 import static com.offbytwo.jenkins.model.BuildResult.SUCCESS
 import static com.stackrox.model.StorageEnforcementAction.FAIL_BUILD_ENFORCEMENT
 import static com.stackrox.model.StorageLifecycleStage.BUILD
+import static com.stackrox.model.StorageLifecycleStage.DEPLOY
 
 import com.offbytwo.jenkins.model.BuildResult
 
@@ -11,7 +12,6 @@ import com.stackrox.model.StorageImageNamePolicy
 import com.stackrox.model.StorageListPolicy
 import com.stackrox.model.StoragePolicy
 import com.stackrox.model.StoragePolicyFields
-import com.stackrox.model.StorageSeverity
 
 import spock.lang.Unroll
 
@@ -22,12 +22,11 @@ class ImageScanningTest extends BaseSpecification {
     @Unroll
     def "image scanning test with toggle enforcement(#imageName, #policyName,  #enforcements, #endStatus)"() {
         when:
-        updatePolicy("Latest tag", "latest", [])
         StoragePolicy enforcementPolicy = updatePolicy(policyName, "latest", enforcements)
 
         then:
         assert enforcementPolicy.enforcementActions == enforcements
-        assert enforcementPolicy.lifecycleStages == [BUILD]
+        assert enforcementPolicy.lifecycleStages == [BUILD, DEPLOY]
 
         when:
         BuildResult status = jenkins.createAndRunJob(
@@ -38,9 +37,9 @@ class ImageScanningTest extends BaseSpecification {
 
         where:
         "data inputs are: "
-        imageName      | policyName          | enforcements             | endStatus
-        "nginx:latest" | "Fixable CVSS >= 7" | []                       | SUCCESS
-        "nginx:latest" | "Fixable CVSS >= 7" | [FAIL_BUILD_ENFORCEMENT] | FAILURE
+        imageName      | policyName   | enforcements             | endStatus
+        "nginx:latest" | "Latest tag" | []                       | SUCCESS
+        "nginx:latest" | "Latest tag" | [FAIL_BUILD_ENFORCEMENT] | FAILURE
     }
 
     @Unroll
@@ -51,7 +50,7 @@ class ImageScanningTest extends BaseSpecification {
 
         then:
         assert enforcementPolicy.enforcementActions == enforcements
-        assert enforcementPolicy.lifecycleStages == [BUILD]
+        assert enforcementPolicy.lifecycleStages == [BUILD, DEPLOY]
 
         when:
         BuildResult status = jenkins.createAndRunJob(
@@ -93,15 +92,11 @@ class ImageScanningTest extends BaseSpecification {
         def policyId = policies.find { it.name == policyName }?.id
         assert policyId != null
 
-        StoragePolicy updatedPolicy = new StoragePolicy()
-                .name(policyName)
-                .lifecycleStages([BUILD])
-                .severity(StorageSeverity.MEDIUM_SEVERITY)
-                .fields(new StoragePolicyFields().imageName(
-                        new StorageImageNamePolicy().tag(tag)))
-                .categories(["Image Assurance"])
-                .enforcementActions(enforcements)
-        restApiClient.updatePolicy(updatedPolicy, policyId)
+        def policy = restApiClient.getPolicy(policyId)
+        policy.setEnforcementActions(enforcements)
+        policy.setFields(new StoragePolicyFields().imageName(new StorageImageNamePolicy().tag(tag)))
+        policy.setDisabled(false)
+        restApiClient.updatePolicy(policy, policyId)
         return restApiClient.getPolicy(policyId)
     }