Example #1
0
def test_docker_image_exists(monkeypatch):
    get = MagicMock()
    monkeypatch.setattr('requests.get', get)

    get.return_value = MagicMock(name='response')
    get.return_value.json = lambda: {'tags': ['1.0']}
    assert docker_image_exists('my-registry/foo/bar:1.0') is True

    get.side_effect = requests.HTTPError()
    assert docker_image_exists('foo/bar:1.0') is False

    get.side_effect = requests.HTTPError()
    assert docker_image_exists('my-registry/foo/bar:1.0') is False
Example #2
0
def test_docker_image_exists(monkeypatch):
    get = MagicMock()
    monkeypatch.setattr('requests.get', get)

    get.return_value = MagicMock(name='response')
    get.return_value.json = lambda: {'1.0': 'foo'}
    assert docker_image_exists('my-registry/foo/bar:1.0') == True

    get.return_value = None
    assert docker_image_exists('foo/bar:1.0') == False

    get.return_value = None
    assert docker_image_exists('my-registry/foo/bar:1.0') == False
Example #3
0
def check_docker_image_exists(docker_image: pierone.api.DockerImage):
    if 'pierone' in docker_image.registry:
        try:
            exists = pierone.api.image_exists('pierone', docker_image)
        except pierone.api.Unauthorized:
            msg = textwrap.dedent('''
            Unauthorized: Cannot check whether Docker image "{}" exists in Pier One Docker registry.
            Please generate a "pierone" OAuth access token using "pierone login".
            Alternatively you can skip this check using the "--force" option.
            '''.format(docker_image)).strip()
            raise click.UsageError(msg)

    else:
        exists = docker_image_exists(str(docker_image))
    if not exists:
        raise click.UsageError('Docker image "{}" does not exist'.format(docker_image))
Example #4
0
def check_docker_image_exists(docker_image: pierone.api.DockerImage):
    token = None
    if 'pierone' in docker_image.registry:
        token = get_token(docker_image)
        if not token:
            msg = textwrap.dedent('''
            Unauthorized: Cannot check whether Docker image "{}" exists in Pier One Docker registry.
            Please generate a "pierone" OAuth access token using "pierone login".
            Alternatively you can skip this check using the "--force" option.
            '''.format(docker_image)).strip()
            raise click.UsageError(msg)
        else:
            token = token['access_token']
            exists = pierone.api.image_exists(docker_image, token)
    else:
        exists = docker_image_exists(str(docker_image))

    if not exists:
        raise click.UsageError(
            'Docker image "{}" does not exist'.format(docker_image))

    image_tag = pierone.api.get_image_tag(docker_image, token)
    if image_tag is not None and 'severity_fix_available' in image_tag:
        if image_tag.get('severity_fix_available') not in [
                'COULDNT_FIGURE_OUT', 'NO_CVES_FOUND'
        ]:
            warn_msg = textwrap.dedent('''
                    You are deploying an image that has *{}* severity
                    security fixes easily available!  Please check this artifact
                    tag in pierone and see which software versions you should
                    upgrade to apply those fixes.
                    '''.format(image_tag['severity_fix_available']))
        else:
            # Image is good to deploy!
            return True
    else:
        warn_msg = textwrap.dedent('''
        You are deploying an image that was not automatically checked for
        vulnerabilities. Images stored in Pierone are automatically checked!
        ''')

    click.secho(warn_msg.replace('\n', ' ').strip(), fg='red', bold=True)
    return True
Example #5
0
def check_docker_image_exists(docker_image: pierone.api.DockerImage):
    token = None
    if 'pierone' in docker_image.registry:
        token = get_existing_token('pierone')
        if not token:
            msg = textwrap.dedent('''
            Unauthorized: Cannot check whether Docker image "{}" exists in Pier One Docker registry.
            Please generate a "pierone" OAuth access token using "pierone login".
            Alternatively you can skip this check using the "--force" option.
            '''.format(docker_image)).strip()
            raise click.UsageError(msg)
        else:
            token = token['access_token']
            exists = pierone.api.image_exists(docker_image, token)
    else:
        exists = docker_image_exists(str(docker_image))

    if not exists:
        raise click.UsageError('Docker image "{}" does not exist'.format(docker_image))

    image_tag = pierone.api.get_image_tag(docker_image, token)
    if image_tag is not None and 'severity_fix_available' in image_tag:
        if image_tag.get('severity_fix_available') not in ['COULDNT_FIGURE_OUT',
                                                           'NO_CVES_FOUND']:
            warn_msg = textwrap.dedent('''
                    You are deploying an image that has *{}* severity
                    security fixes easily available!  Please check this artifact
                    tag in pierone and see which software versions you should
                    upgrade to apply those fixes.
                    '''.format(image_tag['severity_fix_available']))
        else:
            # Image is good to deploy!
            return True
    else:
        warn_msg = textwrap.dedent('''
        You are deploying an image that was not automatically checked for
        vulnerabilities. Images stored in Pierone are automatically checked!
        ''')

    click.secho(warn_msg.replace('\n', ' ').strip(), fg='red', bold=True)
    return True