def update_policy(bundle, policyId, active=False): request_inputs = anchore_engine.services.common.do_request_prep(request, default_params={'active': active}) user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: logger.debug("Updating policy") if not bodycontent: bodycontent = '{}' else: jsondata = json.loads(bodycontent) if not jsondata: jsondata['policyId'] = policyId if active: jsondata['active'] = True elif 'active' not in jsondata: jsondata['active'] = False try: policy_records = catalog.get_policy(user_auth, policyId=policyId) except Exception as err: logger.warn("unable to get policy_records for user (" + str(userId) + ") - exception: " + str(err)) policy_records = [] if policy_records: policy_record = policy_records[0] if policy_record['active'] and not jsondata['active']: httpcode = 500 raise Exception("cannot deactivate an active policy - can only activate an inactive policy") elif policyId != jsondata['policyId']: httpcode = 500 raise Exception("policyId in route is different from policyId in payload") policy_record.update(jsondata) policy_record['policyId'] = policyId return_policy_record = catalog.update_policy(user_auth, policyId, policy_record=policy_record) return_object = [make_response_policy(user_auth, return_policy_record, params)] httpcode = 200 else: httpcode = 404 raise Exception("cannot locate specified policyId") except Exception as err: return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def update_policy(bundle, policyId, active=False): request_inputs = anchore_engine.services.common.do_request_prep( request, default_params={'active': active}) user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: logger.debug("Updating policy") if not bodycontent: bodycontent = '{}' jsondata = json.loads(bodycontent) if not jsondata: jsondata['policyId'] = policyId if active: jsondata['active'] = True elif 'active' not in jsondata: jsondata['active'] = False try: policy_record = catalog.get_policy(user_auth, policyId=policyId) except Exception as err: logger.warn("unable to get policy_records for user (" + str(userId) + ") - exception: " + str(err)) raise err if policy_record: if policy_record['active'] and not jsondata['active']: httpcode = 500 raise Exception( "cannot deactivate an active policy - can only activate an inactive policy" ) elif policyId != jsondata['policyId']: httpcode = 500 raise Exception( "policyId in route is different from policyId in payload: {} != {}" .format(policyId, jsondata['policyId'])) policy_record.update(jsondata) policy_record['policyId'] = policyId # schema check try: localconfig = anchore_engine.configuration.localconfig.get_config( ) verify = localconfig.get('internal_ssl_verify', True) p_client = policy_engine.get_client(user=user_auth[0], password=user_auth[1], verify_ssl=verify) response = p_client.validate_bundle( policy_bundle=jsondata['policybundle']) if not response.valid: httpcode = 400 return_object = anchore_engine.services.common.make_response_error( 'Bundle failed validation', in_httpcode=400, detail={ 'validation_details': [x.to_dict() for x in response.validation_details] }) return (return_object, httpcode) except ApiException as err: raise Exception( 'Error response from policy service during bundle validation. Validation could not be performed: {}' .format(err)) return_policy_record = catalog.update_policy( user_auth, policyId, policy_record=policy_record) return_object = [ make_response_policy(user_auth, return_policy_record, params) ] httpcode = 200 else: httpcode = 404 raise Exception("cannot locate specified policyId") except Exception as err: return_object = anchore_engine.services.common.make_response_error( err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)