def get_policy(policyId, detail=None): request_inputs = anchore_engine.services.common.do_request_prep( request, default_params={'detail': True}) user_auth = request_inputs['auth'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: logger.debug('Get policy by bundle Id') try: policy_record = catalog.get_policy(user_auth, policyId=policyId) except Exception as err: logger.warn("unable to get policy_records for user (" + str(userId) + ") - exception: " + str(err)) raise err if policy_record: ret = [] ret.append(make_response_policy(user_auth, policy_record, params)) return_object = ret httpcode = 200 else: httpcode = 404 raise Exception("cannot locate specified policyId") except Exception as err: return_object = anchore_engine.services.common.make_response_error( err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def list_policies(detail=None): request_inputs = anchore_engine.services.common.do_request_prep(request, default_params={'detail': False}) user_auth = request_inputs['auth'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = [] httpcode = 500 userId, pw = user_auth try: logger.debug('Listing policies') try: policy_records = catalog.get_policy(user_auth) except Exception as err: httpcode = 404 raise Exception("unable to get policy_records for user (" + str(userId) + ") - exception: " + str(err)) if policy_records: httpcode = 200 ret = [] for policy_record in policy_records: ret.append(make_response_policy(user_auth, policy_record, params)) return_object = ret else: httpcode = 404 raise Exception('no policies found for user') except Exception as err: logger.debug("operation exception: " + str(err)) return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def update_policy(bundle, policyId, active=False): request_inputs = anchore_engine.services.common.do_request_prep(request, default_params={'active': active}) user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: logger.debug("Updating policy") if not bodycontent: bodycontent = '{}' else: jsondata = json.loads(bodycontent) if not jsondata: jsondata['policyId'] = policyId if active: jsondata['active'] = True elif 'active' not in jsondata: jsondata['active'] = False try: policy_records = catalog.get_policy(user_auth, policyId=policyId) except Exception as err: logger.warn("unable to get policy_records for user (" + str(userId) + ") - exception: " + str(err)) policy_records = [] if policy_records: policy_record = policy_records[0] if policy_record['active'] and not jsondata['active']: httpcode = 500 raise Exception("cannot deactivate an active policy - can only activate an inactive policy") elif policyId != jsondata['policyId']: httpcode = 500 raise Exception("policyId in route is different from policyId in payload") policy_record.update(jsondata) policy_record['policyId'] = policyId return_policy_record = catalog.update_policy(user_auth, policyId, policy_record=policy_record) return_object = [make_response_policy(user_auth, return_policy_record, params)] httpcode = 200 else: httpcode = 404 raise Exception("cannot locate specified policyId") except Exception as err: return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def delete_policy(policyId): request_inputs = anchore_engine.services.common.do_request_prep( request, default_params={}) user_auth = request_inputs['auth'] return_object = {} httpcode = 500 userId, pw = user_auth try: logger.debug("Delete policy") try: try: policy_records = catalog.get_policy(user_auth, policyId=policyId) except Exception as err: logger.warn("unable to get policy_records for user (" + str(userId) + ") - exception: " + str(err)) policy_records = [] if not policy_records: rc = True else: policy_record = policy_records[0] if policy_record['active']: httpcode = 500 raise Exception( "cannot delete an active policy - activate a different policy then delete this one" ) rc = catalog.delete_policy(user_auth, policyId=policyId) except Exception as err: raise err if rc: httpcode = 200 return_object = "deleted" else: httpcode = 500 raise Exception('not deleted') except Exception as err: return_object = anchore_engine.services.common.make_response_error( err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def images_check_impl(request_inputs, image_records): user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = [] httpcode = 500 userId, pw = user_auth try: if 'policyId' in params and params['policyId']: bundle_records = catalog.get_policy(user_auth, policyId=params['policyId']) policyId = params['policyId'] else: bundle_records = catalog.get_active_policy(user_auth) policyId = None if not bundle_records: httpcode = 404 raise Exception("user has no active policy to evalute: " + str(user_auth)) # this is to check that we got at least one evaluation in the response, otherwise routine should throw a 404 atleastone = False if image_records: for image_record in image_records: imageDigest = image_record['imageDigest'] return_object_el = {} return_object_el[imageDigest] = {} tags = [] if params and 'tag' in params and params['tag']: image_info = anchore_engine.services.common.get_image_info(userId, "docker", params['tag'], registry_lookup=False, registry_creds=[]) if 'fulltag' in image_info and image_info['fulltag']: params['tag'] = image_info['fulltag'] tags.append(params['tag']) else: for image_detail in image_record['image_detail']: fulltag = image_detail['registry'] + "/" + image_detail['repo'] + ":" + image_detail['tag'] tags.append(fulltag) for tag in tags: if tag not in return_object_el[imageDigest]: return_object_el[imageDigest][tag] = [] try: if params and 'history' in params and params['history']: results = catalog.get_eval(user_auth, imageDigest=imageDigest, tag=tag, policyId=policyId) else: results = [catalog.get_eval_latest(user_auth, imageDigest=imageDigest, tag=tag, policyId=policyId)] except Exception as err: results = [] httpcode = 200 for result in results: fresult = make_response_policyeval(user_auth, result, params) return_object_el[imageDigest][tag].append(fresult[tag]) atleastone = True if return_object_el: return_object.append(return_object_el) else: httpcode = 404 raise Exception("could not find image record(s) input imageDigest(s)") if not atleastone: httpcode = 404 raise Exception("could not find any evaluations for input images") except Exception as err: logger.debug("operation exception: " + str(err)) return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def update_policy(bundle, policyId, active=False): request_inputs = anchore_engine.services.common.do_request_prep( request, default_params={'active': active}) user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: logger.debug("Updating policy") if not bodycontent: bodycontent = '{}' jsondata = json.loads(bodycontent) if not jsondata: jsondata['policyId'] = policyId if active: jsondata['active'] = True elif 'active' not in jsondata: jsondata['active'] = False try: policy_record = catalog.get_policy(user_auth, policyId=policyId) except Exception as err: logger.warn("unable to get policy_records for user (" + str(userId) + ") - exception: " + str(err)) raise err if policy_record: if policy_record['active'] and not jsondata['active']: httpcode = 500 raise Exception( "cannot deactivate an active policy - can only activate an inactive policy" ) elif policyId != jsondata['policyId']: httpcode = 500 raise Exception( "policyId in route is different from policyId in payload: {} != {}" .format(policyId, jsondata['policyId'])) policy_record.update(jsondata) policy_record['policyId'] = policyId # schema check try: localconfig = anchore_engine.configuration.localconfig.get_config( ) verify = localconfig.get('internal_ssl_verify', True) p_client = policy_engine.get_client(user=user_auth[0], password=user_auth[1], verify_ssl=verify) response = p_client.validate_bundle( policy_bundle=jsondata['policybundle']) if not response.valid: httpcode = 400 return_object = anchore_engine.services.common.make_response_error( 'Bundle failed validation', in_httpcode=400, detail={ 'validation_details': [x.to_dict() for x in response.validation_details] }) return (return_object, httpcode) except ApiException as err: raise Exception( 'Error response from policy service during bundle validation. Validation could not be performed: {}' .format(err)) return_policy_record = catalog.update_policy( user_auth, policyId, policy_record=policy_record) return_object = [ make_response_policy(user_auth, return_policy_record, params) ] httpcode = 200 else: httpcode = 404 raise Exception("cannot locate specified policyId") except Exception as err: return_object = anchore_engine.services.common.make_response_error( err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)