def show(details): """ Show list of Anchore data policies. """ ecode = 0 try: policymeta = anchore_policy.load_policymeta() if details: anchore_print(policymeta, do_formatting=True) else: output = {} name = policymeta['name'] output[name] = {} output[name]['id'] = policymeta['id'] output[name]['policies'] = policymeta['policies'] output[name]['whitelists'] = policymeta['whitelists'] output[name]['mappings'] = policymeta['mappings'] anchore_print(output, do_formatting=True) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def add(repos): """ Adds the specified images/tags to the subscription. Tags are formatted as docker image tags. Values are checked against the list of available tags from the service. Run 'anchore subscriptions show' to get the list of available options. Because of this, you must run an initial 'anchore sync catalog' before subscription data is available. Duplicate entries are prevented and will not result in an error, but will be discarded. Tag/repo examples: ubuntu, centos:7, nginx:latest """ if not working_catalog.has_db(): anchore_print_err('No local analysis db detected. You probably need to run "anchore sync catalog" first to initialize') exit(5) repo_list = list(repos) try: working_catalog.subscribe(repo_list) if working_catalog.configuration().cliargs['json']: anchore_print(working_catalog.subscription.get(), do_formatting=True) else: anchore_print('\n'.join(working_catalog.subscription.get())) except: anchore_print_err('Failed adding %s to subscription' % repo_list) exit(1)
def sub(feednames): """ Subscribe to the specified feed(s). """ ecode = 0 current_user_data = contexts.get('anchore_auth', {}).get('user_info', None) if not current_user_data: current_user_tier = 0 else: current_user_tier = int(current_user_data['tier']) try: for feed in feednames: rc, msg = anchore_feeds.subscribe_anchore_feed( feed, current_user_tier) if not rc: ecode = 1 anchore_print_err(msg) else: anchore_print(msg) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def toolbox(anchore_config, ctx, image): """ A collection of tools for operating on images and containers and building anchore modules. Subcommands operate on the specified image passed in as --image <imgid> """ global config, imagelist, nav config = anchore_config ecode = 0 imagelist = [image] if ctx.invoked_subcommand not in ['import', 'delete']: try: try: ret = anchore_utils.discover_imageIds(imagelist) except ValueError as err: raise err else: #imagelist = ret.keys() imagelist = ret except Exception as err: anchore_print_err("could not load any images") sys.exit(1) try: nav = navigator.Navigator(anchore_config=config, imagelist=imagelist, allimages=contexts['anchore_allimages']) except Exception as err: anchore_print_err('operation failed') nav = None ecode = 1
def explore(anchore_config, image, imagefile, include_allanchore): """ Explore image content via queries, visualizations and reports for the selected image(s). Image IDs can be specified as hash ids, repo names (e.g. centos), or tags (e.g. centos:latest). """ global config, imagelist, nav, vis ecode = 0 success = True config = anchore_config if image and imagefile: raise click.BadOptionUsage('Can only use one of --image, --imagefile') try: imagedict = build_image_list(anchore_config, image, imagefile, not (image or imagefile), include_allanchore) imagelist = imagedict.keys() try: ret = anchore_utils.discover_imageIds(imagelist) except ValueError as err: raise err else: imagelist = ret.keys() except Exception as err: anchore_print_err("could not load input images") sys.exit(1)
def purge(dontask): ecode = 0 if not nav: sys.exit(1) try: for i in nav.get_images(): dodelete = False if dontask: dodelete = True else: try: answer = raw_input("Really delete image '"+str(i)+"'? (y/N)") except: answer = "n" if 'y' == answer.lower(): dodelete = True else: anchore_print("Skipping delete.") if dodelete: try: anchore_print("Deleting image '"+str(i)+"'") contexts['anchore_db'].delete_image(i) except Exception as err: raise err except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def audit(anchore_config, image, imagefile, include_allanchore): """ Image IDs can be specified as hash ids, repo names (e.g. centos), or tags (e.g. centos:latest). """ global config, imagelist, nav ecode = 0 success = True config = anchore_config if image and imagefile: raise click.BadOptionUsage('Can only use one of --image, --imagefile') try: imagedict = build_image_list(anchore_config, image, imagefile, not (image or imagefile), include_allanchore) imagelist = imagedict.keys() try: ret = anchore_utils.discover_imageIds(imagelist) except ValueError as err: raise err else: imagelist = ret.keys() except Exception as err: anchore_print_err("could not load input images") sys.exit(1)
def toolbox(anchore_config, image): """ A collection of tools for operating on images and containers and building anchore modules. Subcommands operate on the specified image passed in as --image <imgid> """ global config, imagelist, nav config = anchore_config ecode = 0 imagelist = [image] try: ret = anchore_utils.discover_imageIds(anchore_config, imagelist) except ValueError as err: raise err else: imagelist = ret.keys() try: nav = navigator.Navigator(anchore_config=config, imagelist=imagelist, allimages=contexts['anchore_allimages']) except Exception as err: anchore_print_err('operation failed') nav = None ecode = 1
def whoami(anchore_config): """ Show user data for current user if available :param anchore_config: :return: """ ecode = 0 try: aa = contexts['anchore_auth'] if aa and 'username' in aa and 'password' in aa: info = { 'Current user': aa['user_info'] if aa['user_info'] else 'anonymous' } anchore_print(info, do_formatting=True) else: anchore_print_err( 'No anchore auth context found. Cannot get user info. Try logging in first' ) ecode = 1 except Exception as err: anchore_print_err('Cannot get user info') ecode = 1 sys.exit(ecode)
def export(outfile): """Export image anchore data to a JSON file.""" if not nav: sys.exit(1) ecode = 0 savelist = list() for imageId in imagelist: try: record = {} record['image'] = {} record['image']['imageId'] = imageId record['image']['imagedata'] = contexts['anchore_db'].load_image_new(imageId) savelist.append(record) except Exception as err: anchore_print_err("could not find record for image ("+str(imageId)+")") ecode = 1 if ecode == 0: try: if outfile == '-': print json.dumps(savelist, indent=4) else: with open(outfile, 'w') as OFH: OFH.write(json.dumps(savelist)) except Exception as err: anchore_print_err("operation failed: " + str(err)) ecode = 1 sys.exit(ecode)
def image_import(infile, force): """Import image anchore data from a JSON file.""" ecode = 0 try: with open(infile, 'r') as FH: savelist = json.loads(FH.read()) except Exception as err: anchore_print_err("could not load input file: " + str(err)) ecode = 1 if ecode == 0: for record in savelist: try: imageId = record['image']['imageId'] if contexts['anchore_db'].is_image_present(imageId) and not force: anchore_print("image ("+str(imageId)+") already exists in DB, skipping import.") else: imagedata = record['image']['imagedata'] try: rc = contexts['anchore_db'].save_image_new(imageId, report=imagedata) if not rc: contexts['anchore_db'].delete_image(imageId) raise Exception("save to anchore DB failed") except Exception as err: contexts['anchore_db'].delete_image(imageId) raise err except Exception as err: anchore_print_err("could not store image ("+str(imageId)+") from import file: "+ str(err)) ecode = 1 sys.exit(ecode)
def export(outfile): """Export image anchore data to a JSON file.""" if not nav: sys.exit(1) ecode = 0 savelist = list() for imageId in imagelist: try: record = {} record['image'] = {} record['image']['imageId'] = imageId record['image']['imagedata'] = contexts[ 'anchore_db'].load_image_new(imageId) savelist.append(record) except Exception as err: anchore_print_err("could not find record for image (" + str(imageId) + ")") ecode = 1 if ecode == 0: try: if outfile == '-': print json.dumps(savelist, indent=4) else: with open(outfile, 'w') as OFH: OFH.write(json.dumps(savelist)) except Exception as err: anchore_print_err("operation failed: " + str(err)) ecode = 1 sys.exit(ecode)
def query(anchore_config, image, imagefile, include_allanchore, module): """ Image IDs can be specified as hash ids, repo names (e.g. centos), or tags (e.g. centos:latest). Execute the specified query (module) with any parameters it requires. Modules are scripts in a specific location. Each query has its own parameters and outputs. Examples using pre-defined queries: 'anchore query --image nginx:latest list-packages all' 'anchore query has-package wget' 'anchore query --image nginx:latest list-files-detail all' 'anchore query cve-scan all' """ global config, imagelist, nav ecode = 0 success = True config = anchore_config if module: if image and imagefile: raise click.BadOptionUsage( 'Can only use one of --image, --imagefile') try: imagedict = build_image_list(anchore_config, image, imagefile, not (image or imagefile), include_allanchore) imagelist = list(imagedict.keys()) try: ret = anchore_utils.discover_imageIds(imagelist) except ValueError as err: raise err else: #imagelist = ret.keys() imagelist = ret except Exception as err: anchore_print_err("could not load input images") sys.exit(1) try: nav = init_nav_contexts() result = nav.run_query(list(module)) if result: anchore_utils.print_result(config, result) if nav.check_for_warnings(result): ecode = 2 except: anchore_print_err("query operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def image_import(infile): """Import image anchore data from a JSON file.""" ecode = 0 try: with open(infile, 'r') as FH: savelist = json.loads(FH.read()) except Exception as err: anchore_print_err("could not load input file: " + str(err)) ecode = 1 if ecode == 0: for record in savelist: try: imageId = record['image']['imageId'] if contexts['anchore_db'].is_image_present(imageId): anchore_print("image (" + str(imageId) + ") already exists in DB, skipping import.") else: imagedata = record['image']['imagedata'] try: rc = contexts['anchore_db'].save_image_new( imageId, report=imagedata) if not rc: contexts['anchore_db'].delete_image(imageId) raise Exception("save to anchore DB failed") except Exception as err: contexts['anchore_db'].delete_image(imageId) raise err except Exception as err: anchore_print_err("could not store image (" + str(imageId) + ") from import file: " + str(err)) ecode = 1 sys.exit(ecode)
def audit(anchore_config, ctx, image, imagefile, include_allanchore): """ Image IDs can be specified as hash ids, repo names (e.g. centos), or tags (e.g. centos:latest). """ global config, imagelist, nav ecode = 0 success = True config = anchore_config #include_allanchore = True if image and imagefile: raise click.BadOptionUsage('Can only use one of --image, --imagefile') #if image or imagefile: # include_allanchore = False try: imagedict = build_image_list(anchore_config, image, imagefile, not (image or imagefile), include_allanchore) imagelist = imagedict.keys() try: ret = anchore_utils.discover_imageIds(imagelist) except ValueError as err: raise err else: imagelist = ret except Exception as err: anchore_print_err("could not load input images") sys.exit(1)
def query(module): """ Execute the specified query (module) with any parameters it requires. Modules are scripts in a specific location. Each query has its own parameters and outputs. Examples using pre-defined queries: Query all images to see which have the package 'wget' installed: 'anchore explore query has-package wget' """ ecode = 0 try: nav, vis = init_nav_vis_contexts() result = nav.run_query(list(module)) if result: anchore_utils.print_result(config, result) if nav.check_for_warnings(result): ecode = 2 except: anchore_print_err("query operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def status(conf): """ Show anchore system status. """ ecode = 0 try: if conf: if config.cliargs['json']: anchore_print(config.data, do_formatting=True) else: anchore_print( yaml.safe_dump(config.data, indent=True, default_flow_style=False)) else: result = {} if contexts['anchore_db'].check(): result["anchore_db"] = "OK" else: result["anchore_db"] = "NOTINITIALIZED" if anchore_feeds.check(): result["anchore_feeds"] = "OK" else: result["anchore_feeds"] = "NOTSYNCED" afailed = False latest = 0 for imageId in list( contexts['anchore_db'].load_all_images().keys()): amanifest = anchore_utils.load_analyzer_manifest(imageId) for module_name in list(amanifest.keys()): try: if amanifest[module_name]['timestamp'] > latest: latest = amanifest[module_name]['timestamp'] if amanifest[module_name]['status'] != 'SUCCESS': analyzer_failed_imageId = imageId analyzer_failed_name = module_name afailed = True except: pass if latest == 0: result["analyzer_status"] = "NODATA" elif afailed: result[ "analyzer_status"] = "FAIL (" + analyzer_failed_imageId + ")" result["analyzer_latest_run"] = time.ctime(latest) else: result["analyzer_status"] = "OK" result["analyzer_latest_run"] = time.ctime(latest) anchore_print(result, do_formatting=True) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def login(anchore_config): """ Log into Anchore service using your username/password from anchore.io. """ config = anchore_config ecode = 0 try: username = raw_input("Username: "******"Password: "******"Failed to log in: check your username/password and try again!" ) anchore_print("Message from server: " + ret['text']) else: contexts['anchore_auth'].update(new_anchore_auth) anchore_print("Login successful.") except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def sub(feednames): """ Subscribe to the specified feed(s). """ ecode = 0 current_user_data = contexts.get('anchore_auth', {}).get('user_info', None) if not current_user_data: current_user_tier = 0 else: current_user_tier = int(current_user_data['tier']) try: for feed in feednames: rc, msg = anchore_feeds.subscribe_anchore_feed(feed, current_user_tier) if not rc: ecode = 1 anchore_print_err(msg) else: anchore_print(msg) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def feeds(anchore_config): global config config = anchore_config ecode = 0 emsg = "" success = True try: rc, msg = anchore_feeds.check() if not rc: anchore_print("initializing feed metadata: ...") rc, ret = anchore_feeds.sync_feedmeta() if not rc: emsg = "could not sync feed metadata from service: " + ret[ 'text'] success = False except Exception as err: anchore_print_err('operation failed') sys.exit(1) if not success: anchore_print_err(emsg) sys.exit(1)
def user_images(operation): """ Manages fetching and pushing user images. The operations are: 'input', 'output', 'both'. By default, 'both' is invoked and will execute 'input' then 'output' operations in that order. Scripts are located as follows, assuming $INSTALL_LOC = distro-specific location where pip installs python packages input: $INSTALL_LOC/anchore/anchore-modules/inputs/ output: $INSTALL_LOC/anchore/anchore-modules/outputs/ Scripts are executed in lexicographic order by filename and scripts must be marked as executable to be run. See the README file in each directory for more information. """ if operation == 'input' or operation == 'all': try: anchore_print('Executing input scripts') working_catalog.inputs.execute() anchore_print('Execution of input scripts complete') except: anchore_print_err('Failed executing input scripts') exit(1) if operation == 'output' or operation == 'all': try: anchore_print('Executing output scripts') working_catalog.outputs.execute() anchore_print('Execution of output scripts complete') except: anchore_print_err('Failed executing output scripts') exit(1)
def status(anchore_config): """ Show state of local anchore images and artifacts. Returns structure output with the results of checks of local resources and their staleness compared to the upstream service artifacts for items such as vulnerability data and analysis db entries for subscription images. The output of this command can be used to determine if/when to run a catalog sync and check if new service data is available. This command will use the network to check the service status. """ assert anchore_config is not None try: result = working_catalog.check_status() for k, v in result.items(): if 'sync' in v: result[k] = v['sync'] anchore_print(result, do_formatting=True) except: anchore_print_err( 'Failed checking catalog configuration. Please check config file: %s' % anchore_config.config_file) exit(1)
def list(showgroups): """ Show list of Anchore data feeds. """ ecode = 0 try: result = {} subscribed = {} available = {} feedmeta = anchore_feeds.load_anchore_feedmeta() for feed in feedmeta.keys(): if feedmeta[feed]['subscribed']: subscribed[feed] = {} subscribed[feed]['description'] = feedmeta[feed]['description'] if showgroups: subscribed[feed]['groups'] = feedmeta[feed]['groups'].keys( ) else: available[feed] = {} available[feed]['description'] = feedmeta[feed]['description'] if showgroups: available[feed]['groups'] = feedmeta[feed]['groups'].keys() if available: result['Available'] = available if subscribed: result['Subscribed'] = subscribed anchore_print(result, do_formatting=True) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def query(anchore_config, image, imagefile, include_allanchore, module): """ Image IDs can be specified as hash ids, repo names (e.g. centos), or tags (e.g. centos:latest). Execute the specified query (module) with any parameters it requires. Modules are scripts in a specific location. Each query has its own parameters and outputs. Examples using pre-defined queries: 'anchore query --image nginx:latest list-packages all' 'anchore query has-package wget' 'anchore query --image nginx:latest list-files-detail all' 'anchore query cve-scan all' """ global config, imagelist, nav ecode = 0 success = True config = anchore_config if module: if image and imagefile: raise click.BadOptionUsage('Can only use one of --image, --imagefile') try: imagedict = build_image_list(anchore_config, image, imagefile, not (image or imagefile), include_allanchore) imagelist = imagedict.keys() try: ret = anchore_utils.discover_imageIds(imagelist) except ValueError as err: raise err else: #imagelist = ret.keys() imagelist = ret except Exception as err: anchore_print_err("could not load input images") sys.exit(1) try: nav = init_nav_contexts() result = nav.run_query(list(module)) if result: anchore_utils.print_result(config, result) if nav.check_for_warnings(result): ecode = 2 except: anchore_print_err("query operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def toolbox(anchore_config, ctx, image, imageid): """ A collection of tools for operating on images and containers and building anchore modules. Subcommands operate on the specified image passed in as --image <imgid> """ global config, imagelist, nav config = anchore_config ecode = 0 try: # set up imagelist of imageIds if image: imagelist = [image] try: result = anchore_utils.discover_imageIds(imagelist) except ValueError as err: raise err else: imagelist = result elif imageid: if len(imageid) != 64 or re.findall("[^0-9a-fA-F]+", imageid): raise Exception( "input is not a valid imageId (64 characters, a-f, A-F, 0-9)" ) imagelist = [imageid] else: imagelist = [] if ctx.invoked_subcommand not in [ 'import', 'delete', 'kubesync', 'images', 'show' ]: if not imagelist: raise Exception( "for this operation, you must specify an image with '--image' or '--imageid'" ) else: try: nav = navigator.Navigator( anchore_config=config, imagelist=imagelist, allimages=contexts['anchore_allimages']) except Exception as err: nav = None raise err except Exception as err: anchore_print_err('operation failed') ecode = 1 if ecode: sys.exit(ecode)
def exportdb(outdir): """Export all anchore images to JSON files""" ecode = 0 try: imgdir = os.path.join(outdir, "images") feeddir = os.path.join(outdir, "feeds") storedir = os.path.join(outdir, "storedfiles") for d in [outdir, imgdir, feeddir, storedir]: if not os.path.exists(d): os.makedirs(d) anchore_print("exporting images...") imagelist = anchore_utils.get_image_list().keys() for imageId in imagelist: thefile = os.path.join(imgdir, imageId+".json") if not os.path.exists(thefile): with open(thefile, 'w') as OFH: OFH.write(json.dumps(contexts['anchore_db'].load_image_new(imageId))) stored_namespaces = contexts['anchore_db'].load_files_namespaces(imageId) for namespace in stored_namespaces: stored_files = contexts['anchore_db'].load_files_tarfile(imageId, namespace) if os.path.exists(stored_files): thedir = os.path.join(storedir, imageId, namespace) if not os.path.exists(thedir): os.makedirs(thedir) thefile = os.path.join(thedir, "stored_files.tar.gz") shutil.copy(stored_files, thefile) anchore_print("exporting feeds...") feedmeta = contexts['anchore_db'].load_feedmeta() thefile = os.path.join(feeddir, "feedmeta.json") with open(thefile, 'w') as OFH: OFH.write(json.dumps(feedmeta)) for feed in feedmeta: feedobj = feedmeta[feed] for group in feedobj['groups']: groupobj = feedobj['groups'][group] datafiles = groupobj.pop('datafiles', []) for datafile in datafiles: thedir = os.path.join(feeddir, feed, group) if not os.path.exists(thedir): os.makedirs(thedir) thefile = os.path.join(thedir, datafile) if not os.path.exists(thefile): with open(thefile, 'w') as OFH: OFH.write(json.dumps(contexts['anchore_db'].load_feed_group_data(feed, group, datafile))) except Exception as err: anchore_print_err("operation failed: " + str(err)) ecode = 1 sys.exit(ecode)
def status(conf): """ Show anchore system status. """ ecode = 0 try: if conf: if config.cliargs['json']: anchore_print(config.data, do_formatting=True) else: anchore_print(yaml.safe_dump(config.data, indent=True, default_flow_style=False)) else: result = {} if contexts['anchore_db'].check(): result["anchore_db"] = "OK" else: result["anchore_db"] = "NOTINITIALIZED" if anchore_feeds.check(): result["anchore_feeds"] = "OK" else: result["anchore_feeds"] = "NOTSYNCED" afailed = False latest = 0 for imageId in contexts['anchore_db'].load_all_images().keys(): amanifest = anchore_utils.load_analyzer_manifest(imageId) for module_name in amanifest.keys(): try: if amanifest[module_name]['timestamp'] > latest: latest = amanifest[module_name]['timestamp'] if amanifest[module_name]['status'] != 'SUCCESS': analyzer_failed_imageId = imageId analyzer_failed_name = module_name afailed = True except: pass if latest == 0: result["analyzer_status"] = "NODATA" elif afailed: result["analyzer_status"] = "FAIL ("+analyzer_failed_imageId+")" result["analyzer_latest_run"] = time.ctime(latest) else: result["analyzer_status"] = "OK" result["analyzer_latest_run"] = time.ctime(latest) anchore_print(result, do_formatting=True) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def policybundle(anchore_config): global config config = anchore_config ecode = 0 emsg = "" success = True if not success: anchore_print_err(emsg) sys.exit(1)
def sync_catalog(): """ Updates the local catalog with the latest from the Anchore web service. Pulls CVE data, analysis metadata for images subscribed to as well as updates to subscribed images directly from Docker Hub. """ try: working_catalog.pull() except: anchore_print_err('Catalog sync failed') exit(1)
def list(showgroups): """ Show list of Anchore data feeds. """ ecode = 0 try: result = {} subscribed = {} available = {} unavailable = {} current_user_data = contexts['anchore_auth']['user_info'] feedmeta = anchore_feeds.load_anchore_feedmeta() for feed in list(feedmeta.keys()): if feedmeta[feed]['subscribed']: subscribed[feed] = {} subscribed[feed]['description'] = feedmeta[feed]['description'] if showgroups: subscribed[feed]['groups'] = list( feedmeta[feed]['groups'].keys()) else: if current_user_data: tier = int(current_user_data['tier']) else: tier = 0 if int(feedmeta[feed]['access_tier']) > tier: collection = unavailable else: collection = available collection[feed] = {} collection[feed]['description'] = feedmeta[feed]['description'] if showgroups and collection == available: collection[feed]['groups'] = list( feedmeta[feed]['groups'].keys()) if available: result['Available'] = available if subscribed: result['Subscribed'] = subscribed if unavailable: result['Unavailable/Insufficient Access Tier'] = unavailable anchore_print(result, do_formatting=True) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def list(showgroups): """ Show list of Anchore data feeds. """ ecode = 0 try: result = {} subscribed = {} available = {} unavailable = {} current_user_data = contexts['anchore_auth']['user_info'] feedmeta = anchore_feeds.load_anchore_feedmeta() for feed in feedmeta.keys(): if feedmeta[feed]['subscribed']: subscribed[feed] = {} subscribed[feed]['description'] = feedmeta[feed]['description'] if showgroups: subscribed[feed]['groups'] = feedmeta[feed]['groups'].keys() else: if current_user_data: tier = int(current_user_data['tier']) else: tier = 0 if int(feedmeta[feed]['access_tier']) > tier: collection = unavailable else: collection = available collection[feed] = {} collection[feed]['description'] = feedmeta[feed]['description'] if showgroups and collection == available: collection[feed]['groups'] = feedmeta[feed]['groups'].keys() if available: result['Available'] = available if subscribed: result['Subscribed'] = subscribed if unavailable: result['Unavailable/Insufficient Access Tier'] = unavailable anchore_print(result, do_formatting=True) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def init_nav_contexts(): try: # use the obj from the current click context. This is a bit hacky, but works as long as this method is # invoked in an execution context of click anchore_config = click.get_current_context().obj nav = navigator.Navigator(anchore_config=anchore_config, imagelist=imagelist, allimages=contexts['anchore_allimages']) return nav except Exception as err: anchore_print_err("explore operation failed") success = False ecode = 1 if not success: contexts['anchore_allimages'].clear() sys.exit(ecode)
def sync(anchore_config): """ Synchronization of images and metadata with the Anchore web service and image sources. The first command run on a new installation of anchore must be 'anchore sync catalog' to initialize the local system. See the catalog subcommand help for more information. """ # Initialize the registry object global working_catalog try: working_catalog = AnchoreCatalog(config=anchore_config) except: anchore_print_err('Failed to initialize catalog internal structures. Cannot continue') exit(1)
def restore(inputfile, destination_root): """ Restore an anchore installation from a previously backed up tar file. """ ecode = 0 try: anchore_print('Restoring anchore system from backup file %s ...' % (str(inputfile.name))) restoredir = config.restore(destination_root, inputfile) anchore_print("Anchore restored.") except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def backup(outputdir): """ Backup an anchore installation to a tarfile. """ ecode = 0 try: anchore_print('Backing up anchore system to directory '+str(outputdir)+' ...') backupfile = config.backup(outputdir) anchore_print({"anchore_backup_tarball":str(backupfile)}, do_formatting=True) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def toolbox(anchore_config, ctx, image, imageid): """ A collection of tools for operating on images and containers and building anchore modules. Subcommands operate on the specified image passed in as --image <imgid> """ global config, imagelist, nav config = anchore_config ecode = 0 try: # set up imagelist of imageIds if image: imagelist = [image] try: result = anchore_utils.discover_imageIds(imagelist) except ValueError as err: raise err else: imagelist = result elif imageid: if len(imageid) != 64 or re.findall("[^0-9a-fA-F]+",imageid): raise Exception("input is not a valid imageId (64 characters, a-f, A-F, 0-9)") imagelist = [imageid] else: imagelist = [] if ctx.invoked_subcommand not in ['import', 'delete', 'kubesync', 'images', 'show']: if not imagelist: raise Exception("for this operation, you must specify an image with '--image' or '--imageid'") else: try: nav = navigator.Navigator(anchore_config=config, imagelist=imagelist, allimages=contexts['anchore_allimages']) except Exception as err: nav = None raise err except Exception as err: anchore_print_err('operation failed') ecode = 1 if ecode: sys.exit(ecode)
def show(feed): """ Show detailed feed information """ ecode = 0 try: feedmeta = anchore_feeds.load_anchore_feedmeta() if feed in feedmeta: result = {} groups = list(feedmeta[feed].get('groups', {}).values()) result['name'] = feed result['access_tier'] = int(feedmeta[feed].get('access_tier')) result['description'] = feedmeta[feed].get('description') result['groups'] = {} if 'subscribed' not in feedmeta[feed]: result['subscribed'] = False else: result['subscribed'] = feedmeta[feed]['subscribed'] for g in groups: result['groups'][g['name']] = { 'access_tier': int(g.get('access_tier')), 'description': g.get('description'), 'last_update': datetime.datetime.fromtimestamp( g.get('last_update')).isoformat() if 'last_update' in g else 'None', 'prev_update': datetime.datetime.fromtimestamp( g.get('prev_update')).isoformat() if 'prev_update' in g else 'None' } anchore_print(result, do_formatting=True) else: anchore_print_err( 'Unknown feed name. Valid feeds can be seen withe the "list" command' ) ecode = 1 except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def sync(anchore_config): """ Synchronization of images and metadata with the Anchore web service and image sources. The first command run on a new installation of anchore must be 'anchore sync catalog' to initialize the local system. See the catalog subcommand help for more information. """ # Initialize the registry object global working_catalog try: working_catalog = AnchoreCatalog(config=anchore_config) except: anchore_print_err( 'Failed to initialize catalog internal structures. Cannot continue' ) exit(1)
def show_familytree(): """Show image family tree image IDs""" if not nav: sys.exit(1) ecode = 0 try: result = nav.run_query(['show-familytree', 'all']) if result: anchore_utils.print_result(config, result) except: anchore_print_err("operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def logout(anchore_config): """ Log out of Anchore service """ ecode = 0 try: aa = contexts['anchore_auth'] if aa: anchore_auth.anchore_auth_invalidate(aa) if 'auth_file' in aa: os.remove(aa['auth_file']) print "Logout successful." except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def backup(outputdir): """ Backup an anchore installation to a tarfile. """ ecode = 0 try: anchore_print('Backing up anchore system to directory ' + str(outputdir) + ' ...') backupfile = config.backup(outputdir) anchore_print({"anchore_backup_tarball": str(backupfile)}, do_formatting=True) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def show_familytree(): """Show image family tree image IDs""" if not nav: sys.exit(1) ecode = 0 try: result = nav.get_familytree() if result: anchore_utils.print_result(config, result) except: anchore_print_err("operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def show_dockerfile(): """Generate (or display actual) image Dockerfile""" if not nav: sys.exit(1) ecode = 0 try: result = nav.run_query(['show-dockerfile', 'all']) if result: anchore_utils.print_result(config, result) except: anchore_print_err("operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def show_layers(): """Show image layer IDs""" if not nav: sys.exit(1) ecode = 0 try: result = nav.run_query(['show-layers', 'all']) if result: anchore_utils.print_result(config, result) except: anchore_print_err("operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def generate_dockerfile(): """Generate (or display actual) image Dockerfile""" if not nav: sys.exit(1) ecode = 0 try: result = nav.get_dockerfile_contents() if result: anchore_utils.print_result(config, result, outputmode='raw') except: anchore_print_err("operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def show_taghistory(): """Show history of all known repo/tags for image""" if not nav: sys.exit(1) ecode = 0 try: result = nav.get_taghistory() if result: anchore_utils.print_result(config, result) except: anchore_print_err("operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def visualize(): """ Visualization provides a graphical representation of the relationship between images. Output is a set of image files in the tmp dir specified in the anchore config.yaml file or /tmp by default. """ ecode = 0 args={} try: nav, vis = init_nav_vis_contexts() vis.run() except: anchore_print_err("visualize operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def sync(infile, outfile): """ Sync (download) latest policies from the Anchore.io service. """ ecode = 0 try: rc, ret = anchore_policy.sync_policymeta(bundlefile=infile, outfile=outfile) if not rc: anchore_print_err(ret['text']) ecode = 1 elif outfile and outfile == '-': anchore_print(ret['text']) except Exception as err: anchore_print_err('operation failed') ecode = 1 sys.exit(ecode)
def show(): """Show image summary information""" ecode = 0 try: o = collections.OrderedDict() inimage = imagelist[0] anchoreDB = contexts['anchore_db'] image = anchoreDB.load_image(inimage) if image: mymeta = image['meta'] alltags_current = image['anchore_current_tags'] distrodict = anchore_utils.get_distro_from_imageId(inimage) distro = distrodict['DISTRO'] distrovers = distrodict['DISTROVERS'] base = image['familytree'][0] o['IMAGEID'] = mymeta.pop('imageId', "N/A") o['REPOTAGS'] = alltags_current o['DISTRO'] = distro o['DISTROVERS'] = distrovers o['HUMANNAME'] = mymeta.pop('humanname', "N/A") o['SHORTID'] = mymeta.pop('shortId', "N/A") o['PARENTID'] = mymeta.pop('parentId', "N/A") o['BASEID'] = base o['IMAGETYPE'] = mymeta.pop('usertype', "N/A") for k in o.keys(): if type(o[k]) is list: s = ' '.join(o[k]) else: s = str(o[k]) print k+"='"+s+"'" else: raise Exception("cannot locate input image in anchore DB") except Exception as err: anchore_print_err("operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)
def report(): """ Show analysis report of the specified image(s). The analysis report includes information on: \b Image Id - The image id (as a hash) Type - The type of image (--imagetype option used when anchore analyze was run) CurrentTags - The current set of repo tags on the image AllTags - The set of all repo tags that have been on the image during analysis passes GateStatus - The overall aggregate gate output status: GO|STOP|WARN Size - The size in bytes of the image on disk Counts - The counts for various attributes of the images such as packages, files, and suid files BaseDiffs - Differences of this image from its base image Report outputs these entries in a table format by default. """ ecode = 0 try: nav = init_nav_contexts() result = nav.generate_reports() #result = generate_reports(imagelist, showall=all, showdetails=details) if result: anchore_utils.print_result(config, result) except: anchore_print_err("operation failed") ecode = 1 contexts['anchore_allimages'].clear() sys.exit(ecode)