def test_load_security_information(secscan_model):
repository = registry_model.lookup_repository("devtable", "complex")
for tag in registry_model.list_all_active_repository_tags(repository):
manifest = registry_model.get_manifest_for_tag(tag)
assert manifest
assert (secscan_model.load_security_information(
manifest, True).status == ScanLookupStatus.NOT_YET_INDEXED)
def test_load_security_information_v2_only(repository, v4_whitelist, initialized_db):
app.config["SECURITY_SCANNER_V4_NAMESPACE_WHITELIST"] = v4_whitelist
secscan_model.configure(app, instance_keys, storage)
repo = registry_model.lookup_repository(*repository)
for tag in registry_model.list_all_active_repository_tags(repo):
manifest = registry_model.get_manifest_for_tag(tag)
assert manifest
result = secscan_model.load_security_information(manifest, True)
assert isinstance(result, SecurityInformationLookupResult)
assert result.status == ScanLookupStatus.NOT_YET_INDEXED
def test_load_security_information(repository, v4_whitelist, initialized_db):
app.config["SECURITY_SCANNER_V4_NAMESPACE_WHITELIST"] = v4_whitelist
app.config["SECURITY_SCANNER_V4_ENDPOINT"] = "http://clairv4:6060"
secscan_api = Mock()
with patch("data.secscan_model.secscan_v4_model.ClairSecurityScannerAPI", secscan_api):
secscan_model.configure(app, instance_keys, storage)
repo = registry_model.lookup_repository(*repository)
for tag in registry_model.list_all_active_repository_tags(repo):
manifest = registry_model.get_manifest_for_tag(tag)
assert manifest
result = secscan_model.load_security_information(manifest, True)
assert isinstance(result, SecurityInformationLookupResult)
assert result.status == ScanLookupStatus.NOT_YET_INDEXED
def test_repository_manifest(client):
with client_with_identity("devtable", client) as cl:
repo_ref = registry_model.lookup_repository("devtable", "simple")
tags = registry_model.list_all_active_repository_tags(repo_ref)
for tag in tags:
manifest_digest = tag.manifest_digest
if manifest_digest is None:
continue
params = {
"repository": "devtable/simple",
"manifestref": manifest_digest,
}
result = conduct_api_call(cl, RepositoryManifest, "GET", params,
None, 200).json
assert result["digest"] == manifest_digest
assert result["manifest_data"]
assert result["image"]
def test_repository_manifest(client):
with client_with_identity('devtable', client) as cl:
repo_ref = registry_model.lookup_repository('devtable', 'simple')
tags = registry_model.list_all_active_repository_tags(repo_ref)
for tag in tags:
manifest_digest = tag.manifest_digest
if manifest_digest is None:
continue
params = {
'repository': 'devtable/simple',
'manifestref': manifest_digest,
}
result = conduct_api_call(cl, RepositoryManifest, 'GET', params,
None, 200).json
assert result['digest'] == manifest_digest
assert result['manifest_data']
assert result['image']
def get(self, namespace, repository):
"""
List the images for the specified repository.
"""
repo_ref = registry_model.lookup_repository(namespace, repository)
if repo_ref is None:
raise NotFound()
tags = registry_model.list_all_active_repository_tags(repo_ref)
images_with_tags = defaultdict(list)
for tag in tags:
legacy_image_id = tag.manifest.legacy_image_root_id
if legacy_image_id is not None:
images_with_tags[legacy_image_id].append(tag)
# NOTE: This is replicating our older response for this endpoint, but
# returns empty for the metadata fields. This is to ensure back-compat
# for callers still using the deprecated API, while not having to load
# all the manifests from storage.
return {
"images": [{
"id":
image_id,
"created":
format_date(
datetime.utcfromtimestamp(
(min([tag.lifetime_start_ts for tag in tags])))),
"comment":
"",
"command":
"",
"size":
0,
"uploading":
False,
"sort_index":
0,
"tags": [tag.name for tag in tags],
"ancestors":
"",
} for image_id, tags in images_with_tags.items()]
}
