예제 #1
0
from anchore_engine.apis.authorization import (
    ActionBoundPermission,
    RequestingAccountValue,
)


authorizer = get_authorizer()

IMPORT_BUCKET = "image_content_imports"

MAX_UPLOAD_SIZE = 100 * 1024 * 1024  # 100 MB
OPERATION_EXPIRATION_DELTA = datetime.timedelta(hours=24)


@authorizer.requires([ActionBoundPermission(domain=RequestingAccountValue())])
def create_operation():
    """
    POST /imports/images

    :return:
    """
    try:
        client = internal_client_for(
            CatalogClient, userId=ApiRequestContextProxy.namespace()
        )
        resp = client.create_image_import()
        return resp, 200
    except api_exceptions.AnchoreApiError as ex:
        return (
            make_response_error(ex, in_httpcode=ex.__response_code__),
예제 #2
0
def status():
    try:
        service_record = anchore_engine.subsys.servicestatus.get_my_service_record(
        )
        return_object = anchore_engine.subsys.servicestatus.get_status(
            service_record)
        httpcode = 200
    except Exception as err:
        return_object = str(err)
        httpcode = 500

    return (return_object, httpcode)


@authorizer.requires([
    Permission(domain=RequestingAccountValue(),
               action='getPolicyEvaluation',
               target='*')
])
def imagepolicywebhook(bodycontent):

    # TODO - while the image policy webhook feature is in k8s beta, we've decided to make any errors that occur during check still respond with 'allowed: True'.  This should be reverted to default to 'False' on any error, once the k8s feature is further along

    return_object = {
        "apiVersion": "imagepolicy.k8s.io/v1alpha1",
        "kind": "ImageReview",
        "status": {
            "allowed": True,
            "reason": "all images passed anchore policy evaluation"
        }
    }
예제 #3
0

@authorizer.requires([])
def status():
    try:
        service_record = anchore_engine.subsys.servicestatus.get_my_service_record()
        return_object = anchore_engine.subsys.servicestatus.get_status(service_record)
        httpcode = 200
    except Exception as err:
        return_object = str(err)
        httpcode = 500

    return(return_object, httpcode)


@authorizer.requires([Permission(domain=RequestingAccountValue(), action='getImageEvaluation', target='*')])
def imagepolicywebhook(bodycontent):

    # TODO - while the image policy webhook feature is in k8s beta, we've decided to make any errors that occur during check still respond with 'allowed: True'.  This should be reverted to default to 'False' on any error, once the k8s feature is further along

    return_object = {
        "apiVersion": "imagepolicy.k8s.io/v1alpha1",
        "kind": "ImageReview",
        "status": {
            "allowed": True,
            "reason": "all images passed anchore policy evaluation"
        }
    }
    httpcode = 200

    try:
예제 #4
0
        ret = policy_record
        if policy_name:
            ret['name'] = policy_name
        if policy_description:
            ret['description'] = policy_description

    except Exception as err:
        raise Exception("failed to format policy eval response: " + str(err))

    for removekey in ['record_state_val', 'record_state_key']:
        ret.pop(removekey, None)

    return (ret)


@authorizer.requires([Permission(domain=RequestingAccountValue(), action=AuthActions.list_policies.value, target=None)])
def list_policies(detail=None):
    request_inputs = anchore_engine.apis.do_request_prep(request, default_params={'detail': False})
    user_auth = request_inputs['auth']
    bodycontent = request_inputs['bodycontent']
    params = request_inputs['params']

    return_object = []
    httpcode = 500
    userId = request_inputs['userId']

    try:
        logger.debug('Listing policies')
        client = internal_client_for(CatalogClient, request_inputs['userId'])
        try:
            policy_records = client.list_policies()
예제 #5
0
import time

from anchore_engine.apis.context import ApiRequestContextProxy
from anchore_engine.services.apiext.api import AuthActions
from anchore_engine.apis.authorization import get_authorizer, RequestingAccountValue, Permission
import anchore_engine.common.pagination
import anchore_engine.common.helpers
from anchore_engine.clients.services.catalog import CatalogClient
from anchore_engine.clients.services import internal_client_for
from flask import request

import anchore_engine.common

authorizer = get_authorizer()

@authorizer.requires([Permission(domain=RequestingAccountValue(), action=AuthActions.get_image.value, target=None)])
def query_vulnerabilities(id=None, page=1, limit=None, affected_package=None, affected_package_version=None):
    request_inputs = anchore_engine.apis.do_request_prep(request, default_params={'id': id, 'page': page, 'limit': limit, 'affected_package': affected_package, 'affected_package_version': None})
    method = request_inputs['method']
    bodycontent = request_inputs['bodycontent']
    params = request_inputs.get('params', {})

    return_object = {}
    httpcode = 500

    try:
        client = internal_client_for(CatalogClient, request_inputs['userId'])
        if affected_package_version and not affected_package:
            httpcode = 400
            raise Exception("if affected_package_version is specified, affected_package must also be specified")