def create_and_teardown_archive_rule(request):
"""
In order to interact with the archives API, a rule must be added first,
which depends on there being an image added as well:
1. Add node:latest image (this isn't currently depended upon in other tests)
2. Add Archive Rule
Note: This appears to only work for the root user ATM, so don't run w/ ft_user
"""
_logger.info("Adding alpine:edge Image for analysis")
add_image_resp = http_post(['images'], {'tag': 'alpine:edge'}, config=request.param)
if add_image_resp.code != 200:
raise RequestFailedError(add_image_resp.url, add_image_resp.code, add_image_resp.body)
wait_for_image_to_analyze(get_image_id(add_image_resp), request.param)
archive_rule_json = {
"analysis_age_days": 0,
"created_at": "2020-08-25T17:15:16.865Z",
"last_updated": "2020-08-25T17:15:16.865Z",
"selector": {
"registry": "docker.io",
"repository": "alpine",
"tag": "edge"
},
"system_global": True,
"tag_versions_newer": 0,
"transition": "archive"
}
_logger.info('Adding Archive Rule')
archive_rule_resp = http_post(['archives', 'rules'], archive_rule_json, config=request.param)
if archive_rule_resp.code != 200:
raise RequestFailedError(archive_rule_resp.url, archive_rule_resp.code, archive_rule_resp.body)
archive_resp = http_post(['archives', 'images'], [get_image_digest(add_image_resp)], config=request.param)
if archive_resp.code != 200:
raise RequestFailedError(archive_resp.url, archive_resp.code, archive_resp.body)
def teardown():
_logger.info('Removing alpine:edge image from anchore')
remove_image_resp = http_del(['images', 'by_id', get_image_id(add_image_resp)], query={'force': True})
if remove_image_resp.code != 200:
raise RequestFailedError(remove_image_resp.url, remove_image_resp.code, remove_image_resp.body)
_logger.info('Removing Archive Rule: rule_id={}'.format(archive_rule_resp.body['rule_id']))
remove_rule_resp = http_del(['archives', 'rules', archive_rule_resp.body['rule_id']])
if remove_rule_resp.code != 200:
raise RequestFailedError(remove_rule_resp.url, remove_rule_resp.code, remove_rule_resp.body)
delete_archive_image_resp = http_del(['archives', 'images', get_image_digest(add_image_resp)],
config=request.param)
if delete_archive_image_resp.code != 200:
raise RequestFailedError(delete_archive_image_resp.url,
delete_archive_image_resp.code,
delete_archive_image_resp.body)
request.addfinalizer(teardown)
return add_image_resp, archive_rule_resp, archive_resp, request.param
def test_get_image_content_ctype(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
resp = http_get(["images", "by_id", image_id, "content", "os"], config=api_conf)
assert resp == APIResponse(200)
def test_get_image_content_ctype(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
resp = http_get(['images', 'by_id', image_id, 'content', 'os'], config=api_conf)
assert resp == APIResponse(200)
def test_get_image_content_java_by_digest(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(['images', image_digest, 'content', 'java'], config=api_conf)
assert resp == APIResponse(200)
def test_get_image_metadata(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(['images', image_digest], config=api_conf)
assert resp == APIResponse(200)
def test_get_image_content_types_by_digest(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(["images", image_digest, "content"], config=api_conf)
assert resp == APIResponse(200)
def test_get_all_image_vulns_by_type(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
resp = http_get(['images', 'by_id', image_id, 'vuln'], config=api_conf)
assert resp == APIResponse(200)
wait_for_image_to_analyze(image_id, api_conf)
vuln_types = resp.body
for v_type in vuln_types:
resp = http_get(['images', 'by_id', image_id, 'vuln', v_type], config=api_conf)
assert resp == APIResponse(200)
def test_get_image_policy_evaluation(self, add_alpine_latest_image, query):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_tag = get_image_tag(add_resp)
query['tag'] = image_tag
if query.get('policyId'):
query['policyId'] = get_first_policy_id(api_conf)
resp = http_get(['images', 'by_id', image_id, 'check'], {'tag': image_tag}, config=api_conf)
assert resp == APIResponse(200)
def test_get_image_file_content_artifacts(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
api_conf_name = str(api_conf.__name__)
if api_conf_name != 'get_api_conf':
pytest.skip(
'Image File Content Search Endpoint only works for root user of admin account: currentUserAPIConf={}'.format(
api_conf_name))
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(['images', image_digest, 'artifacts', 'file_content_search'])
assert resp == APIResponse(200)
def test_get_image_vulns_all_types_by_digest(self, add_alpine_latest_image, query):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(['images', image_digest, 'vuln'], config=api_conf)
assert resp == APIResponse(200)
v_types = resp.body
for v_type in v_types:
resp = http_get(['images', image_digest, 'vuln', v_type], query=query, config=api_conf)
assert resp == APIResponse(200)
def test_get_image_metadata_all_types_by_digest(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(['images', image_digest, 'metadata'], config=api_conf)
assert resp == APIResponse(200)
m_types = resp.body
for m_type in m_types:
resp = http_get(['images', image_digest, 'metadata', m_type], config=api_conf)
assert resp == APIResponse(200)
def test_get_image_policy_evaluation(self, add_alpine_latest_image, query):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_tag = get_image_tag(add_resp)
query["tag"] = image_tag
if query.get("policyId"):
query["policyId"] = get_first_policy_id(api_conf)
resp = http_get(
["images", "by_id", image_id, "check"], {"tag": image_tag}, config=api_conf
)
assert resp == APIResponse(200)
def test_get_image_secret_search(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
api_conf_name = str(api_conf.__name__)
if api_conf_name != "get_api_conf":
pytest.skip(
"Image Secret Search Endpoint only works for root user of admin account: currentUserAPIConf={}"
.format(api_conf_name))
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(["images", image_digest, "artifacts", "secret_search"])
assert resp == APIResponse(200)
