def create_analysis_archive_rule(rule):
"""
POST /archives/rules
:param rule: the rule's json object definition
:return:
"""
# Permission check on the system_global field, only admins
if rule.get('system_global'):
perm = Permission(GLOBAL_RESOURCE_DOMAIN,
'createArchiveTransitionRule', '*')
# Will raise exception if unauthorized
authorizer.authorize(ApiRequestContextProxy.identity(), [perm])
client = internal_client_for(CatalogClient,
ApiRequestContextProxy.namespace())
try:
return handle_proxy_response(client.add_analysis_archive_rule(rule))
except Exception as ex:
return handle_proxy_response(ex)
import anchore_engine.apis
import anchore_engine.common.helpers
from anchore_engine import db
from anchore_engine.db import db_policyeval
#import catalog_impl
from anchore_engine.services.catalog import catalog_impl
import anchore_engine.common
from anchore_engine.subsys import logger
import anchore_engine.configuration.localconfig
import anchore_engine.subsys.servicestatus
from anchore_engine.apis.authorization import get_authorizer, Permission
authorizer = get_authorizer()
@authorizer.requires([Permission(domain='system', action='*', target='*')])
def get_evals(policyId=None,
imageDigest=None,
tag=None,
evalId=None,
newest_only=False,
interactive=False):
"""
GET /evals
:param bodycontent:
:return:
"""
httpcode = 500
try:
try:
service_record = anchore_engine.subsys.servicestatus.get_my_service_record(
)
return_object = anchore_engine.subsys.servicestatus.get_status(
service_record)
httpcode = 200
except Exception as err:
return_object = str(err)
httpcode = 500
return (return_object, httpcode)
@authorizer.requires([
Permission(domain=RequestingAccountValue(),
action='getPolicyEvaluation',
target='*')
])
def imagepolicywebhook(bodycontent):
# TODO - while the image policy webhook feature is in k8s beta, we've decided to make any errors that occur during check still respond with 'allowed: True'. This should be reverted to default to 'False' on any error, once the k8s feature is further along
return_object = {
"apiVersion": "imagepolicy.k8s.io/v1alpha1",
"kind": "ImageReview",
"status": {
"allowed": True,
"reason": "all images passed anchore policy evaluation"
}
}
httpcode = 200
ret = policy_record
if policy_name:
ret['name'] = policy_name
if policy_description:
ret['description'] = policy_description
except Exception as err:
raise Exception("failed to format policy eval response: " + str(err))
for removekey in ['record_state_val', 'record_state_key']:
ret.pop(removekey, None)
return (ret)
@authorizer.requires([Permission(domain=RequestingAccountValue(), action=AuthActions.list_policies.value, target=None)])
def list_policies(detail=None):
request_inputs = anchore_engine.apis.do_request_prep(request, default_params={'detail': False})
user_auth = request_inputs['auth']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = []
httpcode = 500
userId = request_inputs['userId']
try:
logger.debug('Listing policies')
client = internal_client_for(CatalogClient, request_inputs['userId'])
try:
policy_records = client.list_policies()
accnt = mgr.get_account(accountname)
if not accnt:
raise AccountNotFoundError(accountname)
return accnt
def verify_user(username, accountname, mgr):
usr = mgr.get_user(username)
if not usr or usr['account_name'] != accountname:
raise UserNotFoundError(username)
return usr
@authorizer.requires([
Permission(domain=RequestingAccountValue(),
action=AuthActions.get_account.value,
target=None)
])
def get_users_account():
"""
GET /account
:return:
"""
try:
with session_scope() as session:
mgr = manager_factory.for_session(session)
account = mgr.get_account(ApiRequestContextProxy.namespace())
return account_db_to_msg(account), 200
except Exception as ex:
ret = {}
try:
ret = subscription_record
except Exception as err:
raise Exception("failed to format subscription response: " + str(err))
for removekey in ['record_state_val', 'record_state_key']:
ret.pop(removekey, None)
return (ret)
@authorizer.requires([
Permission(domain=RequestingAccountValue(),
action=AuthActions.list_subscriptions.value,
target=None)
])
def list_subscriptions(subscription_key=None, subscription_type=None):
"""
GET /subscriptions
:return: list of subscription objects serialized into json
"""
request_inputs = anchore_engine.apis.do_request_prep(
request,
default_params={
'subscription_key': subscription_key,
'subscription_type': subscription_type
})
method = request_inputs['method']
@authorizer.requires([])
def status():
try:
service_record = anchore_engine.subsys.servicestatus.get_my_service_record()
return_object = anchore_engine.subsys.servicestatus.get_status(service_record)
httpcode = 200
except Exception as err:
return_object = str(err)
httpcode = 500
return(return_object, httpcode)
@authorizer.requires([Permission(domain=RequestingAccountValue(), action='getImageEvaluation', target='*')])
def imagepolicywebhook(bodycontent):
# TODO - while the image policy webhook feature is in k8s beta, we've decided to make any errors that occur during check still respond with 'allowed: True'. This should be reverted to default to 'False' on any error, once the k8s feature is further along
return_object = {
"apiVersion": "imagepolicy.k8s.io/v1alpha1",
"kind": "ImageReview",
"status": {
"allowed": True,
"reason": "all images passed anchore policy evaluation"
}
}
httpcode = 200
try:
import anchore_engine.apis
import anchore_engine.common.helpers
from anchore_engine.clients.services.catalog import CatalogClient
from anchore_engine.clients.services import internal_client_for
from flask import request
from anchore_engine.apis.authorization import get_authorizer, RequestingAccountValue, Permission
from anchore_engine.services.apiext.api import AuthActions
import anchore_engine.common
authorizer = get_authorizer()
@authorizer.requires([
Permission(domain=RequestingAccountValue(),
action=AuthActions.list_events.value,
target=None)
])
def list_events(source_servicename=None,
source_hostid=None,
resource_type=None,
resource_id=None,
level=None,
since=None,
before=None,
page=None,
limit=None):
request_inputs = anchore_engine.apis.do_request_prep(request,
default_params={})
user_auth = request_inputs['auth']
method = request_inputs['method']
import time
from anchore_engine.apis.context import ApiRequestContextProxy
from anchore_engine.services.apiext.api import AuthActions
from anchore_engine.apis.authorization import get_authorizer, RequestingAccountValue, Permission
import anchore_engine.common.pagination
import anchore_engine.common.helpers
from anchore_engine.clients.services.catalog import CatalogClient
from anchore_engine.clients.services import internal_client_for
from flask import request
import anchore_engine.common
authorizer = get_authorizer()
@authorizer.requires([Permission(domain=RequestingAccountValue(), action=AuthActions.get_image.value, target=None)])
def query_vulnerabilities(id=None, page=1, limit=None, affected_package=None, affected_package_version=None):
request_inputs = anchore_engine.apis.do_request_prep(request, default_params={'id': id, 'page': page, 'limit': limit, 'affected_package': affected_package, 'affected_package_version': None})
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs.get('params', {})
return_object = {}
httpcode = 500
try:
client = internal_client_for(CatalogClient, request_inputs['userId'])
if affected_package_version and not affected_package:
httpcode = 400
raise Exception("if affected_package_version is specified, affected_package must also be specified")
ret[datekey] = datetime.datetime.utcfromtimestamp(
registry_record[datekey]).isoformat() + 'Z'
except:
pass
except Exception as err:
raise Exception("failed to format registry response: " + str(err))
for removekey in ['record_state_val', 'record_state_key']:
ret.pop(removekey, None)
return (ret)
@authorizer.requires([
Permission(domain=RequestingAccountValue(),
action=AuthActions.list_registries.value,
target=None)
])
def list_registries():
"""
GET /registries
:return:
"""
request_inputs = anchore_engine.apis.do_request_prep(request,
default_params={})
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
