def discover_gates(self):
ret = {}
dirmap = {
'/'.join([self.config["scripts_dir"], "gates"]):'base',
'/'.join([self.config['user_scripts_dir'], 'gates']):'user'
}
if self.config['extra_scripts_dir']:
dirmap['/'.join([self.config['extra_scripts_dir'], 'gates'])] = 'xtra'
for gdir in dirmap.keys():
gtype = dirmap[gdir]
gatesdir = gdir
for f in os.listdir(gatesdir):
thegate = '/'.join([gatesdir, f])
if os.access(thegate, os.R_OK ^ os.X_OK):
tmpdir = anchore_utils.make_anchoretmpdir(self.config['tmpdir'])
namedir = '/'.join([tmpdir, 'namedir'])
os.makedirs(namedir)
imgfile = '/'.join([tmpdir, 'images'])
anchore_utils.write_plainfile_fromlist(imgfile, self.images)
cmdobj = scripting.ScriptExecutor(path=gatesdir, script_name=f)
out = cmdobj.execute(capture_output=True, cmdline=' '.join([imgfile,self.config['image_data_store'], namedir, 'anchore_getname']))
for ff in os.listdir(namedir):
if gtype not in ret:
ret[gtype] = {}
ret[gtype][f] = ff
shutil.rmtree(tmpdir)
return(ret)
def edit_policy_file(self, editpolicy=False, whitelist=False):
ret = True
if not editpolicy and not whitelist:
# nothing to do
return (ret)
for imageId in self.images:
if editpolicy:
data = self.anchoreDB.load_gate_policy(imageId)
else:
data = self.anchoreDB.load_gate_whitelist(imageId)
if not data:
self._logger.info(
"Cannot find existing data to edit, skipping: " +
str(imageId))
else:
tmpdir = anchore_utils.make_anchoretmpdir("/tmp")
try:
thefile = os.path.join(tmpdir, "anchorepol." + imageId)
anchore_utils.write_plainfile_fromlist(thefile, data)
if "EDITOR" in os.environ:
cmd = os.environ["EDITOR"].split()
cmd.append(thefile)
try:
subprocess.check_output(cmd, shell=False)
except:
ret = False
elif os.path.exists("/bin/vi"):
try:
rc = os.system("/bin/vi " + thefile)
if rc:
ret = False
except:
ret = False
else:
self._logger.info(
"Cannot find editor to use: please set the EDITOR environment variable and try again"
)
break
ret = False
newdata = anchore_utils.read_plainfile_tolist(thefile)
if editpolicy:
self.anchoreDB.save_gate_policy(imageId, newdata)
else:
self.anchoreDB.save_gate_whitelist(imageId, newdata)
except Exception as err:
pass
finally:
if tmpdir:
shutil.rmtree(tmpdir)
return (ret)
def savebundle(destdir):
if not nav:
sys.exit(1)
if not destdir:
destdir = "/tmp/"
imagedir = anchore_utils.make_anchoretmpdir(destdir)
ecode = 0
try:
anchore_print("Bundling images: " + ' '.join(nav.get_images()) + " to " + imagedir)
anchoreDB = contexts['anchore_db']
docker_cli = contexts['docker_cli']
for imageId in nav.get_images():
try:
container = docker_cli.create_container(imageId, 'true')
except Exception as err:
_logger.error("unable to run create container for exporting: " + str(self.meta['imageId']) + ": error: " + str(err))
return(False)
else:
bundle_rootfs = os.path.join(imagedir, imageId + "_dockerexport.tar")
with open(bundle_rootfs, 'w') as FH:
tar = docker_cli.export(container.get('Id'))
while not tar.closed:
FH.write(tar.read(4096*16))
try:
docker_cli.remove_container(container=container.get('Id'), force=True)
except:
_logger.error("unable to delete (cleanup) temporary container - proceeding but zombie container may be left in docker: " + str(err))
image_report_final = os.path.join(imagedir, 'image_report.json')
rdata = contexts['anchore_allimages'][imageId].generate_image_report()
with open(image_report_final, 'w') as FH:
FH.write(json.dumps(rdata))
rootfsdir = anchore_utils.make_anchoretmpdir(imagedir)
bundle_rootfs_final = os.path.join(imagedir, 'squashed.tar')
bundle_final = os.path.join(imagedir, imageId + "_anchore.tar")
tarcmd = ["tar", "-C", rootfsdir, "-x", "-f", bundle_rootfs]
try:
import subprocess
subprocess.check_output(tarcmd)
except Exception as err:
print str(err)
tarcmd = ["tar", "-C", rootfsdir, "-c", "-f", bundle_rootfs_final, '.']
try:
import subprocess
subprocess.check_output(tarcmd)
except Exception as err:
print str(err)
os.remove(bundle_rootfs)
shutil.rmtree(rootfsdir)
tarcmd = ["tar", "-C", imagedir, "-c", "-f", bundle_final, 'squashed.tar', 'image_report.json']
try:
import subprocess
subprocess.check_output(tarcmd)
except Exception as err:
print str(err)
os.remove(bundle_rootfs_final)
os.remove(image_report_final)
except:
anchore_print_err("operation failed")
ecode = 1
sys.exit(ecode)