def test_get_event_by_id(self, api_conf):
resp = http_get(['events'], {'page': 1, 'limit': 1}, config=api_conf)
assert resp == APIResponse(200)
event_id = get_event_id_from_list_resp(resp.body)
resp = http_get(['events', event_id], config=api_conf)
assert resp == APIResponse(200)
def test_get_system_services_endpoints(self, api_conf):
"""
Test system services.
NOTE! This only works for the super root user, so if the api_conf isn't that user, skip.
Why do we even keep the api_conf in the function argument you ask? Because it's required in order to allow
for pytest mark parametrization at the class level
"""
api_conf_name = str(api_conf.__name__)
if api_conf_name != 'get_api_conf':
pytest.skip(
'System Services Endpoint only works for root user of admin account: currentUserAPIConf={}'
.format(api_conf_name))
resp = http_get(['system', 'services'], config=api_conf)
assert resp == APIResponse(200)
services = resp.body
for service in services:
service_name = service.get('servicename')
resp = http_get(['system', 'services', service_name],
config=api_conf)
assert resp == APIResponse(200)
service_details = resp.body
resp = http_get([
'system', 'services', service_name,
service_details[0].get('hostid')
],
config=api_conf)
assert resp == APIResponse(200)
def test_get_all_image_vulns_by_type(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
resp = http_get(['images', 'by_id', image_id, 'vuln'], config=api_conf)
assert resp == APIResponse(200)
wait_for_image_to_analyze(image_id, api_conf)
vuln_types = resp.body
for v_type in vuln_types:
resp = http_get(['images', 'by_id', image_id, 'vuln', v_type], config=api_conf)
assert resp == APIResponse(200)
def test_delete_admin_user(self, api_conf):
create_ft_account_user('deletion_test', 'lebronForPresident', api_conf)
delete_resp = http_del(
['accounts', FT_ACCOUNT, 'users', 'deletion_test'],
config=api_conf)
assert delete_resp == APIResponse(204)
def test_get_registry_by_name(self, add_and_teardown_registry):
add_resp, api_conf = add_and_teardown_registry
resp = http_get(
['registries',
quote(get_registry_info()['service_name'], '')],
config=api_conf)
assert resp == APIResponse(200)
def test_get_image_vuln_types(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
resp = http_get(['images', 'by_id', image_id, 'vuln'], config=api_conf)
assert resp == APIResponse(200)
def test_system_feeds_sync(self, api_conf):
"""
Should run fairly close to last to ensure test performance
"""
resp = http_post(['system', 'feeds'], None, {'sync': True}, config=api_conf)
assert resp == APIResponse(200)
def test_list_events_with_source_servicename(self, api_conf):
resp = http_get(['events'], {
'source_hostid': 'anchore-quickstart',
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_list_image(self, add_alpine_latest_image, query):
"""
Atomically test list image functionality with add and teardown (by_id) implicit coverage
"""
add_resp, api_conf = add_alpine_latest_image
resp = http_get(['images'], query=query, config=api_conf)
assert resp == APIResponse(200)
def test_disable_and_delete_system_feeds(self, api_conf):
"""
Since this does kinda change some of the state around feeds be sure to not re-order without considering the
other feed-related tests below
"""
feed_list_resp = http_get(['system', 'feeds'], config=api_conf)
assert feed_list_resp == APIResponse(200)
# Pick arbitrary first feed to disable & then delete
feeds = feed_list_resp.body
feed_to_delete = feeds[0].get('name')
resp = http_put(['system', 'feeds', feed_to_delete], None, {'enabled': False}, config=api_conf)
assert resp == APIResponse(200)
resp = http_del(['system', 'feeds', feed_to_delete], config=api_conf)
assert resp == APIResponse(200)
def test_list_events_with_level(self, api_conf, level):
resp = http_get(['events'], {
'level': level,
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_update_registry_by_name(self, add_and_teardown_registry):
add_resp, api_conf = add_and_teardown_registry
get_resp = http_get(
['registries',
quote(get_registry_info()['service_name'], '')],
config=api_conf)
assert get_resp == APIResponse(200)
# copy payload from existing (password isn't provided, so re-add it)
update_payload = copy.copy(get_resp.body[0])
update_payload[
'registry_name'] = 'updated_registry_name_functional_test'
update_payload['registry_pass'] = get_registry_info()['pass']
update_resp = http_put(['registries', 'docker-registry:5000'],
payload=update_payload,
config=api_conf)
assert update_resp == APIResponse(200)
def test_list_events_with_before(self, api_conf):
resp = http_get(['events'], {
'before': str(datetime.now()),
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_list_events_with_resource_id(self, api_conf):
resp = http_get(['events'], {
'resource_id': 'docker.io/alpine:latest',
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_list_events_with_resource_type(self, api_conf, r_type):
resp = http_get(['events'], {
'resource_type': r_type,
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_add_user(self, api_conf):
create_resp = http_post(['accounts', FT_ACCOUNT, 'users'], {
'username': '******',
'password': '******'
},
config=api_conf)
assert create_resp == APIResponse(200)
delete_ft_account_user('creation_test', api_conf)
def test_list_events_with_source_servicename(self, api_conf, source):
resp = http_get(['events'], {
'source_servicename': source,
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_get_image_metadata_all_types_by_digest(self,
add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(['images', image_digest, 'metadata'], config=api_conf)
assert resp == APIResponse(200)
m_types = resp.body
for m_type in m_types:
resp = http_get(['images', image_digest, 'metadata', m_type],
config=api_conf)
assert resp == APIResponse(200)
def test_list_events_with_since(self, api_conf):
five_min_ago = str(datetime.now() - timedelta(minutes=5))
resp = http_get(['events'], {
'since': five_min_ago,
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_get_image_content_ctype(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
resp = http_get(['images', 'by_id', image_id, 'content', 'os'], config=api_conf)
assert resp == APIResponse(200)
def test_get_archived_images_by_digest(self,
create_and_teardown_archive_rule):
"""
Implicitly tests adding an image to the archive and deleting it
"""
image_resp, rule_resp, archive_resp, api_conf = create_and_teardown_archive_rule
image_digest = get_image_digest(image_resp)
resp = http_get(['archives', 'images', image_digest], config=api_conf)
assert resp == APIResponse(200)
def test_get_image_vulns_all_types_by_digest(self, add_alpine_latest_image,
query):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(['images', image_digest, 'vuln'], config=api_conf)
assert resp == APIResponse(200)
v_types = resp.body
for v_type in v_types:
resp = http_get(['images', image_digest, 'vuln', v_type],
query=query,
config=api_conf)
assert resp == APIResponse(200)
def test_disable_and_delete_feed_group(self, api_conf):
ensure_second_feed_enabled(api_conf)
feed_list_resp = http_get(['system', 'feeds'], config=api_conf)
assert feed_list_resp == APIResponse(200)
# Pick 2nd feed
feeds = feed_list_resp.body
feed = feeds[1]
feed_name = feed.get('name')
# Arbitrarily pick 1st group
groups = feed.get('groups', [])
group_to_delete = groups[0].get('name')
resp = http_put(['system', 'feeds', feed_name, group_to_delete], None, {'enabled': False}, config=api_conf)
assert resp == APIResponse(200)
resp = http_del(['system', 'feeds', feed_name, group_to_delete], config=api_conf)
assert resp == APIResponse(200)
def test_add_credential(self, api_conf):
"""
Do an add-in-place (i.e. do not change the password as it is depended on throughout the other tests)
"""
resp = http_post(['user', 'credentials'], {
'type': 'password',
'value': api_conf()['ANCHORE_API_PASS']
},
config=api_conf)
assert resp == APIResponse(200)
def test_query_image_by_content(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
# Arbitrarily get the first package from the os content response
first_package = get_alpine_latest_image_os_content(get_image_id(add_resp),
get_image_digest(add_resp),
api_conf).body.get('content', [])[0].get('package', None)
assert first_package is not None
resp = http_get(['query', 'images', 'by_package'], {'name': first_package}, config=api_conf)
assert resp == APIResponse(200)
def test_add_oauth_token(self):
api_conf = get_api_conf()
payload = {
'grant_type': 'password',
'username': api_conf['ANCHORE_API_USER'],
'password': api_conf['ANCHORE_API_PASS'],
'client_id': 'anonymous'
}
resp = http_post_url_encoded(['oauth', 'token'], payload)
assert resp == APIResponse(200)
def test_get_image_content_types_by_digest(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(['images', image_digest, 'content'], config=api_conf)
assert resp == APIResponse(200)
def test_update_policy_by_id(self,
create_policy_from_artifact_and_teardown):
"""
Just gonna do a simple update (name change) here
"""
policy_bundle, policy_id, api_conf = create_policy_from_artifact_and_teardown
resp = http_get(['policies', policy_id], config=api_conf)
policy_json = resp.body[0]
policy_json['name'] = 'UpdatedName'
resp = http_put(['policies', policy_id], policy_json, config=api_conf)
assert resp == APIResponse(200)
def test_query_vuln(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
# Arbitrarily get the first vuln from the os vuln response for alpine image
try:
first_vuln = get_alpine_latest_image_os_vuln(get_image_id(add_resp),
get_image_digest(add_resp),
api_conf).body.get('vulnerabilities', [])[0].get('vuln', None)
except IndexError:
self._logger.warning('No vulnerabilities found, cannot test query vulnerabilities')
return
assert first_vuln is not None
resp = http_get(['query', 'vulnerabilities'], {'id': first_vuln}, config=api_conf)
assert resp == APIResponse(200)
def test_get_image_policy_evaluation(self, add_alpine_latest_image, query):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_tag = get_image_tag(add_resp)
query['tag'] = image_tag
if query.get('policyId'):
query['policyId'] = get_first_policy_id(api_conf)
resp = http_get(['images', 'by_id', image_id, 'check'], {'tag': image_tag}, config=api_conf)
assert resp == APIResponse(200)
