def requestAvatarId_db(self, credentials):
try:
username = credentials.username
with session_scope() as dbsession:
user_record = db_users.get(username, session=dbsession)
if not user_record:
return defer.fail(credError.UnauthorizedLogin("Invalid user"))
elif not user_record['active']:
return defer.fail(credError.UnauthorizedLogin("Inactive user"))
else:
#from passlib.hash import pbkdf2_sha256
#hashpw = user_record['password']
#if pbkdf2_sha256.verify(credentials.password, hashpw):
if user_record['password'] == credentials.password:
return (defer.succeed(username))
return defer.fail(credError.UnauthorizedLogin("Bad password"))
except Exception as err:
return defer.fail(
credError.UnauthorizedLogin("Auth check exception - " +
str(err)))
return defer.fail(credError.UnauthorizedLogin("Unknown auth failure"))
def _get_content(self, url):
"""
This can be *big*, as in hundreds of MB of data.
Supported url formats:
file://
http(s)://
catalog://<userId>/<bucket>/<name>
:param url:
:return:
"""
split_url = urllib.splittype(url)
if split_url[0] == 'file':
return self._get_file(split_url[1])
elif split_url[0] == 'catalog':
userId, bucket, name = split_url[1][2:].split('/')
# Add auth if necessary
try:
with session_scope() as dbsession:
usr_record = db_users.get(userId, session=dbsession)
if not usr_record:
raise Exception(
'User {} not found, cannot fetch analysis data'.format(
userId))
except:
log.exception(
'Cannot get credentials for user {} fetching the analysis content to load'
.format(userId))
raise
try:
doc = catalog.get_document(
(usr_record['userId'], usr_record['password']), bucket,
name)
return doc
except:
log.exception(
'Error retrieving analysis json from the catalog service')
raise
elif split_url[0].startswith('http'):
retry = 3
while retry > 0:
try:
data_response = requests.get(url=url)
content = data_response.json()
return content
except requests.HTTPError as ex:
log.exception('HTTP exception: {}. Retrying'.format(ex))
retry = retry - 1
time.sleep(retry * 3) # Backoff and retry
except:
log.exception('Non HTTP exception. Retrying')
retry = retry - 1
else:
raise Exception('Cannot get content from url: {}'.format(url))
def get_system_user_auth(session=None):
localconfig = anchore_engine.configuration.localconfig.get_config()
if 'system_user_auth' in localconfig and localconfig[
'system_user_auth'] != (None, None):
return (localconfig['system_user_auth'])
if session:
system_user = db_users.get('anchore-system', session=session)
if system_user:
return ((system_user['userId'], system_user['password']))
return ((None, None))
def do_db_bootstrap(localconfig=None):
with upgrade_context(my_module_upgrade_id) as ctx:
from anchore_engine.db import db_users, session_scope
with session_scope() as dbsession:
# system user
try:
system_user_record = db_users.get('anchore-system', session=dbsession)
if not system_user_record:
rc = db_users.add('anchore-system', str(uuid.uuid4()), {'active': True}, session=dbsession)
else:
db_users.update(system_user_record['userId'], system_user_record['password'], {'active': True}, session=dbsession)
except Exception as err:
raise Exception("Initialization failed: could not fetch/add anchore-system user from/to DB - exception: " + str(err))
def do_db_bootstrap(localconfig=None):
with upgrade_context(my_module_upgrade_id) as ctx:
from anchore_engine.db import db_users, session_scope
with session_scope() as dbsession:
# system user
try:
system_user_record = db_users.get('anchore-system', session=dbsession)
if not system_user_record:
rc = db_users.add('anchore-system', str(uuid.uuid4()), {'active': True}, session=dbsession)
else:
db_users.update(system_user_record['userId'], system_user_record['password'], {'active': True}, session=dbsession)
except Exception as err:
raise Exception("Initialization failed: could not fetch/add anchore-system user from/to DB - exception: " + str(err))
if False and localconfig:
try:
for userId in localconfig['credentials']['users']:
if not localconfig['credentials']['users'][userId]:
localconfig['credentials']['users'][userId] = {}
cuser = localconfig['credentials']['users'][userId]
password = cuser.pop('password', None)
email = cuser.pop('email', None)
if password and email:
db_users.add(userId, password, {'email': email, 'active': True}, session=dbsession)
else:
raise Exception("user defined but has empty password/email: " + str(userId))
user_records = db_users.get_all(session=dbsession)
for user_record in user_records:
if user_record['userId'] == 'anchore-system':
continue
if user_record['userId'] not in localconfig['credentials']['users']:
logger.info("flagging user '"+str(user_record['userId']) + "' as inactive (in DB, not in configuration)")
db_users.update(user_record['userId'], user_record['password'], {'active': False}, session=dbsession)
except Exception as err:
raise Exception("Initialization failed: could not add users from config into DB - exception: " + str(err))
def requestAvatarId_db(self, credentials):
try:
username = str(credentials.username, 'utf-8')
with session_scope() as dbsession:
user_record = db_users.get(username, session=dbsession)
if not user_record:
return defer.fail(credError.UnauthorizedLogin("Invalid user"))
elif not user_record['active']:
return defer.fail(credError.UnauthorizedLogin("Inactive user"))
else:
if user_record['password'] == str(credentials.password,
'utf-8'):
return defer.succeed(username.encode('utf8'))
return defer.fail(credError.UnauthorizedLogin("Bad password"))
except Exception as err:
logger.exception('Error during auth')
return defer.fail(
credError.UnauthorizedLogin("Auth check exception - " +
str(err)))
return defer.fail(credError.UnauthorizedLogin("Unknown auth failure"))
def initialize(localconfig=None,
versions=None,
bootstrap_db=False,
specific_tables=None,
bootstrap_users=False):
"""
Initialize the db for use. Optionally bootstrap it and optionally only for specific entities.
:param versions:
:param bootstrap_db:
:param specific_entities: a list of entity classes to initialize if a subset is desired. Expects a list of classes.
:return:
"""
global engine, Session
if versions is None:
versions = {}
#localconfig = anchore_engine.configuration.localconfig.get_config()
ret = True
try:
db_auth = localconfig['credentials']['database']
# connect to DB using db_connect from configuration
db_connect = None
db_connect_args = {}
db_pool_size = 10
db_pool_max_overflow = 20
if 'db_connect' in db_auth and db_auth['db_connect']:
db_connect = db_auth['db_connect']
if 'db_connect_args' in db_auth and db_auth['db_connect_args']:
db_connect_args = db_auth['db_connect_args']
if 'db_pool_size' in db_auth:
db_pool_size = int(db_auth['db_pool_size'])
if 'db_pool_max_overflow' in db_auth:
db_pool_max_overflow = int(db_auth['db_pool_max_overflow'])
except:
raise Exception(
"could not locate credentials->database entry from configuration: add 'database' section to 'credentials' section in configuration file"
)
db_connect_retry_max = 3
for count in range(0, db_connect_retry_max):
try:
if db_connect:
try:
if db_connect.startswith('sqlite://'):
# Special case for testing with sqlite. Not for production use, unit tests only
engine = sqlalchemy.create_engine(db_connect,
echo=False)
else:
engine = sqlalchemy.create_engine(
db_connect,
connect_args=db_connect_args,
echo=False,
pool_size=db_pool_size,
max_overflow=db_pool_max_overflow)
except Exception as err:
raise Exception("could not connect to DB - exception: " +
str(err))
else:
raise Exception(
"could not locate db_connect string from configuration: add db_connect parameter to configuration file"
)
# set up the global session
try:
Session = sessionmaker(bind=engine)
except Exception as err:
raise Exception("could not create DB session - exception: " +
str(err))
# set up thread-local session factory
init_thread_session()
# create
try:
if specific_tables:
logger.info(
'Initializing only a subset of tables as requested: {}'
.format(specific_tables))
Base.metadata.create_all(engine, tables=specific_tables)
else:
Base.metadata.create_all(engine)
except Exception as err:
raise Exception(
"could not create/re-create DB tables - exception: " +
str(err))
break
except Exception as err:
if count > db_connect_retry_max:
raise Exception(
"could not establish connection to DB after retry - last exception: "
+ str(err))
else:
log.err(
"could not connect to db, retrying in 10 seconds - exception: "
+ str(err))
time.sleep(10)
if bootstrap_db:
from anchore_engine.db import db_anchore, db_users
with session_scope() as dbsession:
# version check
version_record = db_anchore.get(session=dbsession)
if not version_record:
db_anchore.add(versions['service_version'],
versions['db_version'],
versions,
session=dbsession)
version_record = db_anchore.get(session=dbsession)
if bootstrap_users:
# system user
try:
system_user_record = db_users.get('anchore-system',
session=dbsession)
if not system_user_record:
rc = db_users.add('anchore-system',
str(uuid.uuid4()), {'active': True},
session=dbsession)
else:
db_users.update(system_user_record['userId'],
system_user_record['password'],
{'active': True},
session=dbsession)
except Exception as err:
raise Exception(
"Initialization failed: could not fetch/add anchore-system user from/to DB - exception: "
+ str(err))
try:
for userId in localconfig['credentials']['users']:
if not localconfig['credentials']['users'][userId]:
localconfig['credentials']['users'][userId] = {}
cuser = localconfig['credentials']['users'][userId]
password = cuser.pop('password', None)
email = cuser.pop('email', None)
if password and email:
# try:
# from passlib.hash import pbkdf2_sha256
# hashpw = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16)
# password = hashpw
# except:
# pass
db_users.add(userId,
password, {
'email': email,
'active': True
},
session=dbsession)
else:
raise Exception(
"user defined but has empty password/email: " +
str(userId))
user_records = db_users.get_all(session=dbsession)
for user_record in user_records:
if user_record['userId'] == 'anchore-system':
continue
if user_record['userId'] not in localconfig[
'credentials']['users']:
logger.info(
"flagging user '" +
str(user_record['userId']) +
"' as inactive (in DB, not in configuration)")
db_users.update(user_record['userId'],
user_record['password'],
{'active': False},
session=dbsession)
except Exception as err:
raise Exception(
"Initialization failed: could not add users from config into DB - exception: "
+ str(err))
print("Starting up version: " + json.dumps(versions))
print("\tDB version: " + json.dumps(version_record))
try:
rc = do_upgrade(version_record, versions)
if rc:
# if successful upgrade, set the DB values to the incode values
with session_scope() as dbsession:
db_anchore.add(versions['service_version'],
versions['db_version'],
versions,
session=dbsession)
except Exception as err:
raise Exception(
"Initialization failed: upgrade failed - exception: " +
str(err))
return (ret)
def makeService(snames, options, bootstrap_db=False, bootstrap_users=False):
try:
# config and init
configfile = configdir = None
if options['config']:
configdir = options['config']
configfile = os.path.join(options['config'], 'config.yaml')
anchore_engine.configuration.localconfig.load_config(
configdir=configdir, configfile=configfile)
localconfig = anchore_engine.configuration.localconfig.get_config()
localconfig['myservices'] = []
logger.spew("localconfig=" +
json.dumps(localconfig, indent=4, sort_keys=True))
except Exception as err:
log.err("cannot load configuration: exception - " + str(err))
raise err
# get versions of things
try:
versions = anchore_engine.configuration.localconfig.get_versions()
except Exception as err:
log.err("cannot detect versions of service: exception - " + str(err))
raise err
logger.info("initializing database")
# connect to DB
try:
db.initialize(versions=versions,
bootstrap_db=bootstrap_db,
bootstrap_users=bootstrap_users)
except Exception as err:
log.err("cannot connect to configured DB: exception - " + str(err))
raise err
#credential bootstrap
with session_scope() as dbsession:
system_user = db_users.get('anchore-system', session=dbsession)
localconfig['system_user_auth'] = (system_user['userId'],
system_user['password'])
# application object
application = service.Application("multi-service-" + '-'.join(snames))
#from twisted.python.log import ILogObserver, FileLogObserver
#from twisted.python.logfile import DailyLogFile
#logfile = DailyLogFile("ghgh.log", "/tmp/")
#multi-service
retservice = service.MultiService()
retservice.setServiceParent(application)
success = False
try:
scount = 0
for sname in snames:
if sname in localconfig['services'] and localconfig['services'][
sname]['enabled']:
smodule = importlib.import_module("anchore_engine.services." +
sname)
s = smodule.createService(sname, localconfig)
s.setServiceParent(retservice)
rc = smodule.initializeService(sname, localconfig)
if not rc:
raise Exception("failed to initialize service")
rc = smodule.registerService(sname, localconfig)
if not rc:
raise Exception("failed to register service")
logger.debug("starting service: " + sname)
success = True
scount += 1
localconfig['myservices'].append(sname)
else:
log.err(
"service not enabled in config, not starting service: " +
sname)
if scount == 0:
log.err(
"no services/subservices were enabled/started on this host")
success = False
except Exception as err:
log.err("cannot create/init/register service: " + sname +
" - exception: " + str(err))
success = False
if not success:
log.err("cannot start service (see above for information)")
traceback.print_exc('Service init failure')
raise Exception("cannot start service (see above for information)")
return (retservice)
def _get_catalog_creds(self, session):
if not self._catalog_creds:
self._catalog_creds = db_users.get(userId='admin', session=session)
return self._catalog_creds
