rhel: deprecate updater in favor of VEX updater

We can extract vulnerability information about containers from the
VEX data. This negates the need to look for it in the cvemap.xml file.
This change modifies the VEX updater to allow for ingesting
vulnerabilities in a way that can be matched my the RHCC matcher.

Signed-off-by: crozzy <[email protected]>

datastore/postgres/migrations/matcher/14-delete-rhcc-vulns.sql

@@ -0,0 +1,4 @@
+-- The rhel-vex updater will now be responsible for RHCC advisories so we have
+-- to delete the existing RHCC vulnerabilities.
+DELETE FROM update_operation WHERE updater = 'rhel-container-updater';
+DELETE FROM vuln where updater = 'rhel-container-updater';

datastore/postgres/migrations/migrations.go

@@ -112,4 +112,8 @@ var MatcherMigrations = []migrate.Migration{
 		ID: 13,
 		Up: runFile("matcher/13-delete-rhel-oval.sql"),
 	},
+	{
+		ID: 14,
+		Up: runFile("matcher/14-delete-rhcc-vulns.sql"),
+	},
 }

rhel/rhcc/coalescer_test.go

@@ -21,7 +21,7 @@ func TestCoalescer(t *testing.T) {
 		// Mark them as if they came from this package's package scanner
 		p.RepositoryHint = `rhcc`
 	}
-	repo := []*claircore.Repository{&goldRepo}
+	repo := []*claircore.Repository{&GoldRepo}
 	layerArtifacts := []*indexer.LayerArtifacts{
 		{
 			Hash: test.RandomSHA256Digest(t),
@@ -67,7 +67,7 @@ func TestCoalescer(t *testing.T) {
 		}
 		for _, id := range e.RepositoryIDs {
 			r := ir.Repositories[id]
-			if got, want := r.Name, goldRepo.Name; got != want {
+			if got, want := r.Name, GoldRepo.Name; got != want {
 				t.Errorf("got: %q, want: %q", got, want)
 			}
 		}

rhel/rhcc/matcher.go

@@ -26,7 +26,7 @@ func (*matcher) Name() string { return "rhel-container-matcher" }
 // Filter implements [driver.Matcher].
 func (*matcher) Filter(r *claircore.IndexRecord) bool {
 	return r.Repository != nil &&
-		r.Repository.Name == goldRepo.Name
+		r.Repository.Name == GoldRepo.Name
 }
 
 // Query implements [driver.Matcher].