Add clusterAgent.vulnerabilityImages to GraphQL API

Changelog: added EE: true

Add clusterAgent.vulnerabilityImages to GraphQL API
b6b53821 · Alan (Maciej) Paruszewski · Luke Duncalfe · 4dd6167e · b6b53821 · b6b53821
--- a/app/graphql/types/clusters/agent_type.rb
+++ b/app/graphql/types/clusters/agent_type.rb
@@ -71,3 +71,5 @@ def web_path
    end
  end
 end
+Types::Clusters::AgentType.prepend_mod
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -10387,6 +10387,7 @@ GitLab CI/CD configuration template.
 | <a id="clusteragentname"></a>`name` | [`String`](#string) | Name of the cluster agent. |
 | <a id="clusteragentproject"></a>`project` | [`Project`](#project) | Project this cluster agent is associated with. |
 | <a id="clusteragentupdatedat"></a>`updatedAt` | [`Time`](#time) | Timestamp the cluster agent was updated. |
+| <a id="clusteragentvulnerabilityimages"></a>`vulnerabilityImages` | [`VulnerabilityContainerImageConnection`](#vulnerabilitycontainerimageconnection) | Container images reported on the agent vulnerabilities. (see [Connections](#connections)) |
 | <a id="clusteragentwebpath"></a>`webPath` | [`String`](#string) | Web path of the cluster agent. |
 #### Fields with arguments
--- a/ee/app/graphql/ee/types/clusters/agent_type.rb
+++ b/ee/app/graphql/ee/types/clusters/agent_type.rb
+# frozen_string_literal: true
+module EE
+  module Types
+    module Clusters
+      module AgentType
+        extend ActiveSupport::Concern
+        prepended do
+          field :vulnerability_images,
+                type: ::Types::Vulnerabilities::ContainerImageType.connection_type,
+                null: true,
+                description: 'Container images reported on the agent vulnerabilities.',
+                resolver: ::Resolvers::Vulnerabilities::ContainerImagesResolver
+        end
+      end
+    end
+  end
+end
--- a/ee/app/models/ee/clusters/agent.rb
+++ b/ee/app/models/ee/clusters/agent.rb
@@ -6,6 +6,8 @@ module Agent
      extend ActiveSupport::Concern
      prepended do
+        has_many :vulnerability_reads, class_name: 'Vulnerabilities::Read', foreign_key: :casted_cluster_agent_id
        scope :for_projects, -> (projects) { where(project: projects) }
      end
    end

--- a/ee/spec/graphql/ee/types/clusters/agent_type_spec.rb
+++ b/ee/spec/graphql/ee/types/clusters/agent_type_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe GitlabSchema.types['ClusterAgent'] do
+  it 'includes the ee specific fields' do
+    expect(described_class).to have_graphql_fields(
+      :vulnerability_images
+    ).at_least
+  end
+  describe 'vulnerability_images' do
+    let_it_be(:project) { create(:project) }
+    let_it_be(:user) { create(:user) }
+    let_it_be(:cluster_agent) { create(:cluster_agent, project: project) }
+    let_it_be(:vulnerability) do
+      create(:vulnerability, :with_cluster_image_scanning_finding,
+        agent_id: cluster_agent.id, project: project, report_type: :cluster_image_scanning)
+    end
+    before do
+      stub_licensed_features(security_dashboard: true)
+      project.add_developer(user)
+    end
+    let_it_be(:query) do
+      %(
+        query {
+          project(fullPath: "#{project.full_path}") {
+            clusterAgent(name: "#{cluster_agent.name}") {
+              vulnerabilityImages {
+                nodes {
+                  name
+                }
+              }
+            }
+          }
+        }
+      )
+    end
+    subject(:vulnerability_images) do
+      result = GitlabSchema.execute(query, context: { current_user: current_user }).as_json
+      result.dig('data', 'project', 'clusterAgent', 'vulnerabilityImages', 'nodes', 0)
+    end
+    context 'when user is not logged in' do
+      let(:current_user) { nil }
+      it { is_expected.to be_nil }
+    end
+    context 'when user is logged in' do
+      let(:current_user) { user }
+      it 'returns a list of container images reported for vulnerabilities' do
+        expect(vulnerability_images).to eq('name' => 'alpine:3.7')
+      end
+    end
+  end
+end
--- a/ee/spec/models/ee/clusters/agent_spec.rb
+++ b/ee/spec/models/ee/clusters/agent_spec.rb
@@ -4,6 +4,7 @@
 RSpec.describe Clusters::Agent do
  it { is_expected.to include_module(EE::Clusters::Agent) }
+  it { is_expected.to have_many(:vulnerability_reads) }
  describe '.for_projects' do
    let_it_be(:agent_1) { create(:cluster_agent) }

--- a/spec/graphql/types/clusters/agent_type_spec.rb
+++ b/spec/graphql/types/clusters/agent_type_spec.rb
@@ -9,5 +9,5 @@
  it { expect(described_class).to require_graphql_authorizations(:read_cluster) }
-  it { expect(described_class).to have_graphql_fields(fields) }
+  it { expect(described_class).to include_graphql_fields(*fields) }
 end