Example #1
0
def image_exists(token_name: str, image: DockerImage) -> bool:
    token = get_existing_token(token_name)
    if not token:
        raise Unauthorized()

    url = 'https://{}'.format(image.registry)
    path = '/v1/repositories/{team}/{artifact}/tags'.format(team=image.team, artifact=image.artifact)

    try:
        r = request(url, path, token['access_token'])
    except:
        return False
    result = r.json()
    return image.tag in result
Example #2
0
def image_exists(token_name: str, image: DockerImage) -> bool:
    token = get_existing_token(token_name)
    if not token:
        raise Unauthorized()

    url = 'https://{}'.format(image.registry)
    path = '/v1/repositories/{team}/{artifact}/tags'.format(
        team=image.team, artifact=image.artifact)

    try:
        r = request(url, path, token['access_token'])
    except:
        return False
    result = r.json()
    return image.tag in result
Example #3
0
def get_latest_tag(token_name: str, image: DockerImage) -> bool:
    token = get_existing_token(token_name)
    if not token:
        raise Unauthorized()

    url = 'https://{}'.format(image.registry)
    path = '/teams/{team}/artifacts/{artifact}/tags'.format(team=image.team, artifact=image.artifact)

    try:
        r = request(url, path, token['access_token'])
    except:
        return None
    result = r.json()
    if result:
        return sorted(result, key=lambda x: x['created'])[-1]['name']
    else:
        return None
Example #4
0
def get_latest_tag(token_name: str, image: DockerImage) -> bool:
    token = get_existing_token(token_name)
    if not token:
        raise Unauthorized()

    url = 'https://{}'.format(image.registry)
    path = '/teams/{team}/artifacts/{artifact}/tags'.format(
        team=image.team, artifact=image.artifact)

    try:
        r = request(url, path, token['access_token'])
    except:
        return None
    result = r.json()
    if result:
        return sorted(result, key=lambda x: x['created'])[-1]['name']
    else:
        return None
def check_docker_image_exists(docker_image: pierone.api.DockerImage):
    token = None
    if 'pierone' in docker_image.registry:
        token = get_existing_token('pierone')
        if not token:
            msg = textwrap.dedent('''
            Unauthorized: Cannot check whether Docker image "{}" exists in Pier One Docker registry.
            Please generate a "pierone" OAuth access token using "pierone login".
            Alternatively you can skip this check using the "--force" option.
            '''.format(docker_image)).strip()
            raise click.UsageError(msg)
        else:
            token = token['access_token']
            exists = pierone.api.image_exists(docker_image, token)
    else:
        exists = docker_image_exists(str(docker_image))

    if not exists:
        raise click.UsageError(
            'Docker image "{}" does not exist'.format(docker_image))

    image_tag = pierone.api.get_image_tag(docker_image, token)
    if image_tag is not None and 'severity_fix_available' in image_tag:
        if image_tag.get('severity_fix_available') not in [
                'COULDNT_FIGURE_OUT', 'NO_CVES_FOUND'
        ]:
            warn_msg = textwrap.dedent('''
                    You are deploying an image that has *{}* severity
                    security fixes easily available!  Please check this artifact
                    tag in pierone and see which software versions you should
                    upgrade to apply those fixes.
                    '''.format(image_tag['severity_fix_available']))
        else:
            # Image is good to deploy!
            return True
    else:
        warn_msg = textwrap.dedent('''
        You are deploying an image that was not automatically checked for
        vulnerabilities. Images stored in Pierone are automatically checked!
        ''')

    click.secho(warn_msg.replace('\n', ' ').strip(), fg='red', bold=True)
    return True
def check_docker_image_exists(docker_image: pierone.api.DockerImage):
    token = None
    if 'pierone' in docker_image.registry:
        token = get_existing_token('pierone')
        if not token:
            msg = textwrap.dedent('''
            Unauthorized: Cannot check whether Docker image "{}" exists in Pier One Docker registry.
            Please generate a "pierone" OAuth access token using "pierone login".
            Alternatively you can skip this check using the "--force" option.
            '''.format(docker_image)).strip()
            raise click.UsageError(msg)
        else:
            token = token['access_token']
            exists = pierone.api.image_exists(docker_image, token)
    else:
        exists = docker_image_exists(str(docker_image))

    if not exists:
        raise click.UsageError('Docker image "{}" does not exist'.format(docker_image))

    image_tag = pierone.api.get_image_tag(docker_image, token)
    if image_tag is not None and 'severity_fix_available' in image_tag:
        if image_tag.get('severity_fix_available') not in ['COULDNT_FIGURE_OUT',
                                                           'NO_CVES_FOUND']:
            warn_msg = textwrap.dedent('''
                    You are deploying an image that has *{}* severity
                    security fixes easily available!  Please check this artifact
                    tag in pierone and see which software versions you should
                    upgrade to apply those fixes.
                    '''.format(image_tag['severity_fix_available']))
        else:
            # Image is good to deploy!
            return True
    else:
        warn_msg = textwrap.dedent('''
        You are deploying an image that was not automatically checked for
        vulnerabilities. Images stored in Pierone are automatically checked!
        ''')

    click.secho(warn_msg.replace('\n', ' ').strip(), fg='red', bold=True)
    return True