def update_policy(bundle, policyId, active=False):
request_inputs = anchore_engine.services.common.do_request_prep(request, default_params={'active': active})
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
logger.debug("Updating policy")
if not bodycontent:
bodycontent = '{}'
else:
jsondata = json.loads(bodycontent)
if not jsondata:
jsondata['policyId'] = policyId
if active:
jsondata['active'] = True
elif 'active' not in jsondata:
jsondata['active'] = False
try:
policy_records = catalog.get_policy(user_auth, policyId=policyId)
except Exception as err:
logger.warn("unable to get policy_records for user (" + str(userId) + ") - exception: " + str(err))
policy_records = []
if policy_records:
policy_record = policy_records[0]
if policy_record['active'] and not jsondata['active']:
httpcode = 500
raise Exception("cannot deactivate an active policy - can only activate an inactive policy")
elif policyId != jsondata['policyId']:
httpcode = 500
raise Exception("policyId in route is different from policyId in payload")
policy_record.update(jsondata)
policy_record['policyId'] = policyId
return_policy_record = catalog.update_policy(user_auth, policyId, policy_record=policy_record)
return_object = [make_response_policy(user_auth, return_policy_record, params)]
httpcode = 200
else:
httpcode = 404
raise Exception("cannot locate specified policyId")
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def update_policy(bundle, policyId, active=False):
request_inputs = anchore_engine.services.common.do_request_prep(
request, default_params={'active': active})
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
logger.debug("Updating policy")
if not bodycontent:
bodycontent = '{}'
jsondata = json.loads(bodycontent)
if not jsondata:
jsondata['policyId'] = policyId
if active:
jsondata['active'] = True
elif 'active' not in jsondata:
jsondata['active'] = False
try:
policy_record = catalog.get_policy(user_auth, policyId=policyId)
except Exception as err:
logger.warn("unable to get policy_records for user (" +
str(userId) + ") - exception: " + str(err))
raise err
if policy_record:
if policy_record['active'] and not jsondata['active']:
httpcode = 500
raise Exception(
"cannot deactivate an active policy - can only activate an inactive policy"
)
elif policyId != jsondata['policyId']:
httpcode = 500
raise Exception(
"policyId in route is different from policyId in payload: {} != {}"
.format(policyId, jsondata['policyId']))
policy_record.update(jsondata)
policy_record['policyId'] = policyId
# schema check
try:
localconfig = anchore_engine.configuration.localconfig.get_config(
)
verify = localconfig.get('internal_ssl_verify', True)
p_client = policy_engine.get_client(user=user_auth[0],
password=user_auth[1],
verify_ssl=verify)
response = p_client.validate_bundle(
policy_bundle=jsondata['policybundle'])
if not response.valid:
httpcode = 400
return_object = anchore_engine.services.common.make_response_error(
'Bundle failed validation',
in_httpcode=400,
detail={
'validation_details':
[x.to_dict() for x in response.validation_details]
})
return (return_object, httpcode)
except ApiException as err:
raise Exception(
'Error response from policy service during bundle validation. Validation could not be performed: {}'
.format(err))
return_policy_record = catalog.update_policy(
user_auth, policyId, policy_record=policy_record)
return_object = [
make_response_policy(user_auth, return_policy_record, params)
]
httpcode = 200
else:
httpcode = 404
raise Exception("cannot locate specified policyId")
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(
err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
