Add a fake security scanner class for easier testing

The FakeSecurityScanner mocks out all calls that Quay is expected to make to the security scanner API, and returns faked data that can be adjusted by the calling test case

test/test_api_usage.py

@@ -14,7 +14,6 @@ from urllib import urlencode
 from urlparse import urlparse, urlunparse, parse_qs
 
 from playhouse.test_utils import assert_query_count, _QueryLogHandler
-from httmock import urlmatch, HTTMock
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.backends import default_backend
 from mockldap import MockLdap
@@ -28,6 +27,7 @@ from initdb import setup_database_for_testing, finished_database_for_testing
 from data import database, model
 from data.database import RepositoryActionCount, Repository as RepositoryTable
 from test.helpers import assert_action_logged
+from util.secscan.fake import fake_security_scanner
 
 from endpoints.api.team import (TeamMember, TeamMemberList, TeamMemberInvite, OrganizationTeam,
                                 TeamPermissions)
@@ -4107,47 +4107,6 @@ class TestSuperUserConfig(ApiTestCase):
       mockldap.stop()
 
 
-
-@urlmatch(netloc=r'(.*\.)?mockclairservice', path=r'/v1/layers/(.+)')
-def get_layer_success_mock(url, request):
-  vulnerabilities = [
-    {
-      "Name": "CVE-2014-9471",
-      "Namespace": "debian:8",
-      "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
-      "Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
-      "Severity": "Low",
-      "FixedBy": "9.23-5"
-    }
-  ]
-
-  features = [
-    {
-      "Name": "coreutils",
-      "Namespace": "debian:8",
-      "Version": "8.23-4",
-      "Vulnerabilities": vulnerabilities,
-    }
-  ]
-
-  if not request.url.index('vulnerabilities') > 0:
-    vulnerabilities = []
-
-    if not request.url.index('features') > 0:
-      features = []
-
-  return py_json.dumps({
-    "Layer": {
-      "Name": "17675ec01494d651e1ccf81dc9cf63959ebfeed4f978fddb1666b6ead008ed52",
-      "Namespace": "debian:8",
-      "ParentName": "140f9bdfeb9784cf8730e9dab5dd12fbd704151cf555ac8cae650451794e5ac2",
-      "IndexedByVersion": 1,
-      "Features": features
-    }
-  })
-
-
-
 class TestRepositoryImageSecurity(ApiTestCase):
   def test_get_vulnerabilities(self):
     self.login(ADMIN_ACCESS_USER)
@@ -4167,7 +4126,9 @@ class TestRepositoryImageSecurity(ApiTestCase):
     layer.save()
 
     # Grab the security info again.
-    with HTTMock(get_layer_success_mock):
+    with fake_security_scanner() as security_scanner:
+      security_scanner.add_layer(security_scanner.layer_id(layer))
+
       response = self.getJsonResponse(RepositoryImageSecurity,
                                       params=dict(repository=ADMIN_ACCESS_USER + '/simple',
                                                   imageid=layer.docker_image_id,