def save_policy(user_id, policyId, active, policy_bundle, dbsession): """ Do the save, outside the context of an api call itself. :param user_id: str - requesting usera :param policyId: str - the id for policy :param active: boolean - is active or not :param policy_bundle: dict - bundle content :return: """ try: if archive.put_document(user_id, 'policy_bundles', policyId, policy_bundle): rc = db_policybundle.update(policyId, user_id, active, policy_bundle, session=dbsession) else: rc = False except Exception as err: raise anchore_engine.common.helpers.make_anchore_exception(err, input_message="cannot add policy, failed to update archive/DB", input_httpcode=500) if not rc: raise Exception("DB update failed") else: if active: try: rc = db_policybundle.set_active_policy(policyId, user_id, session=dbsession) except Exception as err: raise Exception("could not set policy as active - exception: " + str(err)) record = db_policybundle.get(user_id, policyId, session=dbsession) record['policybundle'] = policy_bundle return record
def delete_policy(policyId, cleanup_evals=False): """ DELETE /policies/{policyId}?cleanup_evals=true|false :param user_context: :param policyId: :param cleanup_evals: :return: """ httpcode = 200 return_object = True with db.session_scope() as dbsession: request_inputs = anchore_engine.services.common.do_request_prep( connexion.request, default_params={}) user_id = request_inputs['userId'] policy_record = db_policybundle.get(user_id, policyId, session=dbsession) if policy_record: rc, httpcode = do_policy_delete(user_id, policy_record, dbsession, force=True, cleanup_evals=cleanup_evals) if httpcode not in list(range(200, 299)): raise Exception(str(rc)) return return_object, httpcode
def update_policy(policyId, bodycontent): """ PUT /policies/{policyId} Updates a policy :param user_context: :param policyId: :param policy_content: :return: """ try: request_inputs = anchore_engine.apis.do_request_prep(connexion.request, default_params={}) user_id = request_inputs['userId'] bundle_policyId = bodycontent.get('policyId') active = bodycontent.get('active', False) if not bundle_policyId: raise Exception("must include 'policyId' in the json payload for this operation") if policyId != bundle_policyId: raise Exception('Id mismatch between route and bundle content. {} != {}'.format(policyId, bundle_policyId)) policybundle = bodycontent.get('policybundle') with db.session_scope() as dbsession: record = db_policybundle.get(user_id, policyId, session=dbsession) if not record: return anchore_engine.common.helpers.make_anchore_exception(Exception("existing policyId not found to update"), 400) return save_policy(user_id, policyId, active, policybundle, dbsession), 200 except Exception as err: return str(err), 500
def get_policy(policyId): """ GET /policies/{policyId} :param policyId: :return: """ try: object_storage_mgr = object_store.get_manager() request_inputs = anchore_engine.apis.do_request_prep(connexion.request, default_params={}) user_id = request_inputs["userId"] with db.session_scope() as dbsession: record = db_policybundle.get(user_id, policyId=policyId, session=dbsession) if record: record["policybundle"] = {} try: policybundle = object_storage_mgr.get_document( user_id, "policy_bundles", record["policyId"]) if policybundle: record["policybundle"] = policybundle record["policybundlemeta"] = {} meta = object_storage_mgr.get_document_meta( user_id, "policy_bundles", record["policyId"]) if meta: record["policybundlemeta"] = meta except Exception as err: logger.warn( "failed to fetch policy bundle from archive - exception: " + str(err)) raise anchore_engine.common.helpers.make_anchore_exception( err, input_message="failed to fetch policy bundle from archive", input_httpcode=500, ) return record, 200 else: return ( anchore_engine.common.helpers.make_response_error( "Policy bundle {} not found in DB".format(policyId), in_httpcode=404), 404, ) except Exception as err: logger.exception("Uncaught exception") return str(err), 500
def get_policy(policyId): """ GET /policies/{policyId} :param policyId: :return: """ try: request_inputs = anchore_engine.apis.do_request_prep(connexion.request, default_params={}) user_id = request_inputs['userId'] with db.session_scope() as dbsession: record = db_policybundle.get(user_id, policyId=policyId, session=dbsession) if record: record['policybundle'] = {} try: policybundle = archive.get_document(user_id, 'policy_bundles', record['policyId']) if policybundle: record['policybundle'] = policybundle record['policybundlemeta'] = {} meta = archive.get_document_meta(user_id, 'policy_bundles', record['policyId']) if meta: record['policybundlemeta'] = meta except Exception as err: logger.warn( "failed to fetch policy bundle from archive - exception: " + str(err)) raise anchore_engine.common.helpers.make_anchore_exception( err, input_message="failed to fetch policy bundle from archive", input_httpcode=500) return record, 200 else: return anchore_engine.common.helpers.make_response_error( 'Policy bundle {} not found in DB'.format(policyId), in_httpcode=404), 404 except Exception as err: logger.exception('Uncaught exception') return str(err), 500
def update_policy(policyId, bodycontent): """ PUT /policies/{policyId} Updates a policy :param user_context: :param policyId: :param policy_content: :return: """ try: request_inputs = anchore_engine.apis.do_request_prep(connexion.request, default_params={}) user_id = request_inputs["userId"] bundle_policyId = bodycontent.get("policyId") active = bodycontent.get("active", False) if not bundle_policyId: raise Exception( "must include 'policyId' in the json payload for this operation" ) if policyId != bundle_policyId: raise Exception( "Id mismatch between route and bundle content. {} != {}". format(policyId, bundle_policyId)) policybundle = bodycontent.get("policybundle") with db.session_scope() as dbsession: record = db_policybundle.get(user_id, policyId, session=dbsession) if not record: return ( anchore_engine.common.helpers.make_response_error( "Existing policyId not found to update", in_httpcode=404), 404, ) return save_policy(user_id, policyId, active, policybundle, dbsession), 200 except Exception as err: logger.exception("Uncaught exception") return str(err), 500
def save_policy(user_id, policyId, active, policy_bundle, dbsession): """ Do the save, outside the context of an api call itself. :param user_id: str - requesting usera :param policyId: str - the id for policy :param active: boolean - is active or not :param policy_bundle: dict - bundle content :return: """ try: active_record = db_policybundle.get_active_policy(user_id, session=dbsession) last_active_policyId = active_record.get('policyId', None) except: last_active_policyId = None object_store_mgr = object_store.get_manager() # if update is to currently active bundle, check if the bundle content is to be changed if last_active_policyId == policyId: try: last_policy_bundle_content = object_store_mgr.get_document( user_id, 'policy_bundles', policyId) if last_policy_bundle_content: last_policy_bundle_digest = hashlib.sha256( anchore_engine.utils.ensure_bytes( json.dumps(last_policy_bundle_content, sort_keys=True))).hexdigest() new_policy_bundle_digest = hashlib.sha256( anchore_engine.utils.ensure_bytes( json.dumps(policy_bundle, sort_keys=True))).hexdigest() if last_policy_bundle_digest != new_policy_bundle_digest: event = anchore_engine.subsys.events.ActivePolicyBundleContentChange( user_id=user_id, data={ 'policy_id': policyId, 'last_policy_bundle_digest': last_policy_bundle_digest, 'current_policy_bundle_digest': new_policy_bundle_digest }) try: anchore_engine.services.catalog.catalog_impl._add_event( event, dbsession) except: logger.warn( 'Ignoring error creating active policy content change event' ) except Exception as err: logger.warn( "Could not evaluate bundle content different on save for active bundle - exception: {}" .format(err)) try: if object_store_mgr.put_document(user_id, 'policy_bundles', policyId, policy_bundle): rc = db_policybundle.update(policyId, user_id, active, policy_bundle, session=dbsession) else: rc = False except Exception as err: raise anchore_engine.common.helpers.make_anchore_exception( err, input_message="cannot add policy, failed to update archive/DB", input_httpcode=500) if not rc: raise Exception("DB update failed") else: if active: try: rc = db_policybundle.set_active_policy(policyId, user_id, session=dbsession) if rc: if policyId != last_active_policyId: # a new policy is now active event = anchore_engine.subsys.events.ActivePolicyBundleIdChange( user_id=user_id, data={ 'last_policy_bundle_id': last_active_policyId, 'current_policy_bundle_id': policyId }) try: anchore_engine.services.catalog.catalog_impl._add_event( event, dbsession) except: logger.warn( 'Ignoring error creating active policy id change event' ) except Exception as err: raise Exception( "could not set policy as active - exception: " + str(err)) record = db_policybundle.get(user_id, policyId, session=dbsession) record['policybundle'] = policy_bundle return record