def lookup_registry_image(userId, image_info, registry_creds):
digest = None
manifest = None
# TODO: push this upstream in the call chain or wrap with an authz checker
# if not registry_access(userId, image_info['registry']):
# raise Exception("access denied for user ("+str(userId)+") registry ("+str(image_info['registry'])+")")
# else:
# try clause from below is in the else-clause
try:
(
manifest,
digest,
parentdigest,
parentmanifest,
) = docker_registry.get_image_manifest(userId, image_info,
registry_creds)
except Exception as err:
raise anchore_engine.common.helpers.make_anchore_exception(
err,
input_message="cannot fetch image digest/manifest from registry",
input_httpcode=400,
)
return digest, manifest
def get_image_info(userId,
image_type,
input_string,
registry_lookup=False,
registry_creds=[]):
ret = {}
if image_type == 'docker':
try:
image_info = anchore_engine.utils.parse_dockerimage_string(
input_string)
except Exception as err:
raise anchore_engine.common.helpers.make_anchore_exception(
err,
input_message="cannot handle image input string",
input_httpcode=400)
ret.update(image_info)
if registry_lookup and image_info['registry'] != 'localbuild':
#digest, manifest = lookup_registry_image(userId, image_info, registry_creds)
try:
manifest, digest, parentdigest = docker_registry.get_image_manifest(
userId, image_info, registry_creds)
except Exception as err:
raise anchore_engine.common.helpers.make_anchore_exception(
err,
input_message=
"cannot fetch image digest/manifest from registry",
input_httpcode=400)
image_info['digest'] = digest
image_info['fulldigest'] = image_info[
'registry'] + "/" + image_info['repo'] + "@" + digest
image_info['manifest'] = manifest
image_info['parentdigest'] = parentdigest
# if we got a manifest, and the image_info does not yet contain an imageId, try to get it from the manifest
if manifest and not image_info['imageId']:
try:
imageId = re.sub("^sha256:", "",
manifest['config']['digest'])
image_info['imageId'] = imageId
except Exception as err:
logger.debug(
"could not extract imageId from fetched manifest - exception: "
+ str(err))
logger.debug(
"using digest hash as imageId due to incomplete manifest ("
+ str(image_info['fulldigest']) + ")")
htype, image_info['imageId'] = image_info['digest'].split(
":", 1)
ret.update(image_info)
else:
image_info['manifest'] = {}
else:
raise Exception("image type (" + str(image_type) + ") not supported")
return (ret)
def lookup_registry_image(userId, image_info, registry_creds):
digest = None
manifest = None
if not anchore_resources.registry_access(userId, image_info['registry']):
raise Exception("access denied for user (" + str(userId) +
") registry (" + str(image_info['registry']) + ")")
else:
try:
manifest, digest = docker_registry.get_image_manifest(
userId, image_info, registry_creds)
#if 'schemaVersion' not in manifest or manifest['schemaVersion'] != 2:
# raise Exception("manifest schemaVersion != 2 not supported")
except Exception as err:
raise anchore_engine.services.common.make_anchore_exception(
err,
input_message=
"cannot fetch image digest/manifest from registry",
input_httpcode=400)
#raise Exception("cannot fetch image digest/manifest from registry - exception: " + str(err))
return (digest, manifest)
def lookup_registry_image(userId, image_info, registry_creds):
digest = None
manifest = None
# TODO: push this upstream in the call chain or wrap with an authz checker
#if not registry_access(userId, image_info['registry']):
# raise Exception("access denied for user ("+str(userId)+") registry ("+str(image_info['registry'])+")")
#else:
# try clause from below is in the else-clause
try:
manifest, digest = docker_registry.get_image_manifest(
userId, image_info, registry_creds)
#if 'schemaVersion' not in manifest or manifest['schemaVersion'] != 2:
# raise Exception("manifest schemaVersion != 2 not supported")
except Exception as err:
raise anchore_engine.common.helpers.make_anchore_exception(
err,
input_message="cannot fetch image digest/manifest from registry",
input_httpcode=400)
#raise Exception("cannot fetch image digest/manifest from registry - exception: " + str(err))
return (digest, manifest)