refactor: use snyk service in commands

internal/commands/snyk/enrich.go

@@ -17,7 +17,8 @@ func NewEnrichCommand(logger *zerolog.Logger) *cobra.Command {
 		Short: "Enrich an SBOM with Snyk data",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			conf := config()
+			cfg := config()
+			svc := snyk.NewService(cfg, logger)
 
 			b, err := utils.GetUserInput(args[0], os.Stdin)
 			if err != nil {
@@ -29,7 +30,7 @@ func NewEnrichCommand(logger *zerolog.Logger) *cobra.Command {
 				logger.Fatal().Err(err).Msg("Failed to read SBOM input")
 			}
 
-			snyk.EnrichSBOM(conf, doc, logger)
+			svc.EnrichSBOM(doc)
 
 			if err := doc.Encode(os.Stdout); err != nil {
 				logger.Fatal().Err(err).Msg("Failed to encode new SBOM")

internal/commands/snyk/packages.go

@@ -16,7 +16,8 @@ func NewPackageCommand(logger *zerolog.Logger) *cobra.Command {
 		Short: "Return package vulnerabilities from Snyk",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			conf := config()
+			cfg := config()
+			svc := snyk.NewService(cfg, logger)
 
 			purl, err := packageurl.FromString(args[0])
 			if err != nil {
@@ -28,23 +29,7 @@ func NewPackageCommand(logger *zerolog.Logger) *cobra.Command {
 				Str("purl", args[0]).
 				Msg("Looking up package vulnerabilities from Snyk")
 
-			auth, err := snyk.AuthFromToken(conf.APIToken)
-			if err != nil {
-				logger.
-					Fatal().
-					Err(err).
-					Msg("Failed to get API credentials")
-			}
-
-			orgID, err := snyk.SnykOrgID(conf, auth)
-			if err != nil {
-				logger.
-					Fatal().
-					Err(err).
-					Msg("Failed to look up user info")
-			}
-
-			resp, err := snyk.GetPackageVulnerabilities(conf, &purl, auth, orgID)
+			resp, err := svc.GetPackageVulnerabilities(&purl)
 			if err != nil {
 				logger.Fatal().Err(err).Msg("Failed to look up package vulnerabilities")
 			}

lib/snyk/enrich_test.go

@@ -17,7 +17,10 @@ func TestEnrichSBOM_CycloneDXWithVulnerabilities(t *testing.T) {
 	teardown := setupTestEnv(t)
 	defer teardown()
 
-	conf := newTestConfig(t)
+	cfg := newTestConfig(t)
+	logger := zerolog.Nop()
+	svc := NewService(cfg, &logger)
+
 	bom := &cdx.BOM{
 		Components: &[]cdx.Component{
 			{
@@ -30,8 +33,7 @@ func TestEnrichSBOM_CycloneDXWithVulnerabilities(t *testing.T) {
 	}
 	doc := &sbom.SBOMDocument{BOM: bom}
 
-	logger := zerolog.Nop()
-	EnrichSBOM(conf, doc, &logger)
+	svc.EnrichSBOM(doc)
 
 	assert.NotNil(t, bom.Vulnerabilities)
 	assert.Len(t, *bom.Vulnerabilities, 1)
@@ -44,7 +46,10 @@ func TestEnrichSBOM_CycloneDXExternalRefs(t *testing.T) {
 	teardown := setupTestEnv(t)
 	defer teardown()
 
-	conf := newTestConfig(t)
+	cfg := newTestConfig(t)
+	logger := zerolog.Nop()
+	svc := NewService(cfg, &logger)
+
 	bom := &cdx.BOM{
 		Components: &[]cdx.Component{
 			{
@@ -57,8 +62,7 @@ func TestEnrichSBOM_CycloneDXExternalRefs(t *testing.T) {
 	}
 	doc := &sbom.SBOMDocument{BOM: bom}
 
-	logger := zerolog.Nop()
-	EnrichSBOM(conf, doc, &logger)
+	svc.EnrichSBOM(doc)
 
 	assert.NotNil(t, bom.Components)
 	refs := (*bom.Components)[0].ExternalReferences
@@ -79,7 +83,10 @@ func TestEnrichSBOM_CycloneDXExternalRefs_WithNamespace(t *testing.T) {
 	teardown := setupTestEnv(t)
 	defer teardown()
 
-	conf := newTestConfig(t)
+	cfg := newTestConfig(t)
+	logger := zerolog.Nop()
+	svc := NewService(cfg, &logger)
+
 	bom := &cdx.BOM{
 		Components: &[]cdx.Component{
 			{
@@ -92,8 +99,7 @@ func TestEnrichSBOM_CycloneDXExternalRefs_WithNamespace(t *testing.T) {
 	}
 	doc := &sbom.SBOMDocument{BOM: bom}
 
-	logger := zerolog.Nop()
-	EnrichSBOM(conf, doc, &logger)
+	svc.EnrichSBOM(doc)
 
 	assert.NotNil(t, bom.Components)
 	refs := (*bom.Components)[0].ExternalReferences
@@ -114,7 +120,10 @@ func TestEnrichSBOM_CycloneDXWithVulnerabilities_NestedComponents(t *testing.T)
 	teardown := setupTestEnv(t)
 	defer teardown()
 
-	conf := newTestConfig(t)
+	cfg := newTestConfig(t)
+	logger := zerolog.Nop()
+	svc := NewService(cfg, &logger)
+
 	bom := &cdx.BOM{
 		Components: &[]cdx.Component{
 			{
@@ -135,8 +144,7 @@ func TestEnrichSBOM_CycloneDXWithVulnerabilities_NestedComponents(t *testing.T)
 	}
 	doc := &sbom.SBOMDocument{BOM: bom}
 
-	logger := zerolog.Nop()
-	EnrichSBOM(conf, doc, &logger)
+	svc.EnrichSBOM(doc)
 
 	assert.NotNil(t, bom.Vulnerabilities)
 	assert.Len(t, *bom.Vulnerabilities, 2)
@@ -146,7 +154,10 @@ func TestEnrichSBOM_CycloneDXWithoutVulnerabilities(t *testing.T) {
 	teardown := setupTestEnv(t)
 	defer teardown()
 
-	conf := newTestConfig(t)
+	cfg := newTestConfig(t)
+	logger := zerolog.Nop()
+	svc := NewService(cfg, &logger)
+
 	bom := &cdx.BOM{
 		Components: &[]cdx.Component{
 			{
@@ -159,8 +170,7 @@ func TestEnrichSBOM_CycloneDXWithoutVulnerabilities(t *testing.T) {
 	}
 	doc := &sbom.SBOMDocument{BOM: bom}
 
-	logger := zerolog.Nop()
-	EnrichSBOM(conf, doc, &logger)
+	svc.EnrichSBOM(doc)
 
 	assert.Nil(t, bom.Vulnerabilities, "should not extend vulnerabilities if there are none")
 }
@@ -169,7 +179,10 @@ func TestEnrichSBOM_SPDXWithVulnerabilities(t *testing.T) {
 	teardown := setupTestEnv(t)
 	defer teardown()
 
-	conf := newTestConfig(t)
+	cfg := newTestConfig(t)
+	logger := zerolog.Nop()
+	svc := NewService(cfg, &logger)
+
 	bom := &spdx_2_3.Document{
 		Packages: []*spdx_2_3.Package{
 			{
@@ -188,8 +201,7 @@ func TestEnrichSBOM_SPDXWithVulnerabilities(t *testing.T) {
 	}
 	doc := &sbom.SBOMDocument{BOM: bom}
 
-	logger := zerolog.Nop()
-	EnrichSBOM(conf, doc, &logger)
+	svc.EnrichSBOM(doc)
 
 	vulnRef := bom.Packages[0].PackageExternalReferences[3]
 	assert.Equal(t, "SECURITY", vulnRef.Category)
@@ -202,7 +214,10 @@ func TestEnrichSBOM_SPDXExternalRefs(t *testing.T) {
 	teardown := setupTestEnv(t)
 	defer teardown()
 
-	conf := newTestConfig(t)
+	cfg := newTestConfig(t)
+	logger := zerolog.Nop()
+	svc := NewService(cfg, &logger)
+
 	bom := &spdx_2_3.Document{
 		Packages: []*spdx_2_3.Package{
 			{
@@ -222,8 +237,7 @@ func TestEnrichSBOM_SPDXExternalRefs(t *testing.T) {
 
 	doc := &sbom.SBOMDocument{BOM: bom}
 
-	logger := zerolog.Nop()
-	EnrichSBOM(conf, doc, &logger)
+	svc.EnrichSBOM(doc)
 
 	assert.NotNil(t, bom.Packages)
 	refs := (*bom.Packages[0]).PackageExternalReferences

lib/snyk/self_test.go

@@ -27,7 +27,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestGetSnykOrg_Success(t *testing.T) {
+func TestSnykOrgID_Success(t *testing.T) {
 	expectedOrg := uuid.MustParse("00000000-0000-0000-0000-000000000000")
 	auth, err := securityprovider.NewSecurityProviderApiKey("header", "name", "value")
 	require.NoError(t, err)
@@ -43,7 +43,7 @@ func TestGetSnykOrg_Success(t *testing.T) {
 	assert.Equal(t, expectedOrg, *actualOrg)
 }
 
-func TestGetSnykOrg_Unauthorized(t *testing.T) {
+func TestSnykOrgID_Unauthorized(t *testing.T) {
 	auth, err := securityprovider.NewSecurityProviderApiKey("header", "name", "value")
 	require.NoError(t, err)
 

lib/snyk/service.go

@@ -0,0 +1,53 @@
+package snyk
+
+import (
+	"github.com/deepmap/oapi-codegen/pkg/securityprovider"
+	"github.com/google/uuid"
+	"github.com/package-url/packageurl-go"
+	"github.com/rs/zerolog"
+
+	"github.com/snyk/parlay/lib/sbom"
+	"github.com/snyk/parlay/snyk/issues"
+)
+
+type Service interface {
+	EnrichSBOM(*sbom.SBOMDocument) *sbom.SBOMDocument
+	GetPackageVulnerabilities(*packageurl.PackageURL) (*issues.FetchIssuesPerPurlResponse, error)
+}
+
+type serviceImpl struct {
+	cfg    *Config
+	logger *zerolog.Logger
+}
+
+var _ Service = (*serviceImpl)(nil)
+
+func NewService(cfg *Config, logger *zerolog.Logger) Service {
+	return &serviceImpl{cfg, logger}
+}
+
+func (svc *serviceImpl) EnrichSBOM(doc *sbom.SBOMDocument) *sbom.SBOMDocument {
+	return EnrichSBOM(svc.cfg, doc, svc.logger)
+}
+
+func (svc *serviceImpl) GetPackageVulnerabilities(purl *packageurl.PackageURL) (*issues.FetchIssuesPerPurlResponse, error) {
+	auth, err := svc.getAuth()
+	if err != nil {
+		return nil, err
+	}
+
+	orgID, err := svc.getOrgID(auth)
+	if err != nil {
+		return nil, err
+	}
+
+	return GetPackageVulnerabilities(svc.cfg, purl, auth, orgID)
+}
+
+func (svc *serviceImpl) getAuth() (*securityprovider.SecurityProviderApiKey, error) {
+	return AuthFromToken(svc.cfg.APIToken)
+}
+
+func (svc *serviceImpl) getOrgID(auth *securityprovider.SecurityProviderApiKey) (*uuid.UUID, error) {
+	return SnykOrgID(svc.cfg, auth)
+}