def edit_policy_file(self, editpolicy=False, whitelist=False):
ret = True
if not editpolicy and not whitelist:
# nothing to do
return(ret)
for imageId in self.images:
if editpolicy:
data = self.anchoreDB.load_gate_policy(imageId)
else:
data = self.anchoreDB.load_gate_whitelist(imageId)
if not data:
self._logger.info("Cannot find existing data to edit, skipping: " + str(imageId))
else:
tmpdir = anchore_utils.make_anchoretmpdir("/tmp")
try:
thefile = os.path.join(tmpdir, "anchorepol."+imageId)
anchore_utils.write_plainfile_fromlist(thefile, data)
if "EDITOR" in os.environ:
cmd = os.environ["EDITOR"].split()
cmd.append(thefile)
try:
subprocess.check_output(cmd, shell=False)
except:
ret = False
elif os.path.exists("/bin/vi"):
try:
rc = os.system("/bin/vi " + thefile)
if rc:
ret = False
except:
ret = False
else:
self._logger.info("Cannot find editor to use: please set the EDITOR environment variable and try again")
break
#newdata = anchore_utils.read_plainfile_tolist(thefile)
try:
policy = anchore_policy.read_policy(name='default', file=thefile)
newdata = policy['default']
except Exception as err:
newdata = []
if editpolicy:
self.anchoreDB.save_gate_policy(imageId, newdata)
else:
self.anchoreDB.save_gate_whitelist(imageId, newdata)
except Exception as err:
pass
finally:
if tmpdir:
shutil.rmtree(tmpdir)
return(ret)
def edit_policy_file(self, editpolicy=False, whitelist=False):
ret = True
if not editpolicy and not whitelist:
# nothing to do
return (ret)
for imageId in self.images:
if editpolicy:
data = self.anchoreDB.load_gate_policy(imageId)
else:
data = self.anchoreDB.load_gate_whitelist(imageId)
if not data:
self._logger.info(
"Cannot find existing data to edit, skipping: " +
str(imageId))
else:
tmpdir = anchore_utils.make_anchoretmpdir("/tmp")
try:
thefile = os.path.join(tmpdir, "anchorepol." + imageId)
anchore_utils.write_plainfile_fromlist(thefile, data)
if "EDITOR" in os.environ:
cmd = os.environ["EDITOR"].split()
cmd.append(thefile)
try:
subprocess.check_output(cmd, shell=False)
except:
ret = False
elif os.path.exists("/bin/vi"):
try:
rc = os.system("/bin/vi " + thefile)
if rc:
ret = False
except:
ret = False
else:
self._logger.info(
"Cannot find editor to use: please set the EDITOR environment variable and try again"
)
break
#newdata = anchore_utils.read_plainfile_tolist(thefile)
try:
policy = anchore_policy.read_policy(name='default',
file=thefile)
newdata = policy['default']
except Exception as err:
newdata = []
if editpolicy:
self.anchoreDB.save_gate_policy(imageId, newdata)
else:
self.anchoreDB.save_gate_whitelist(imageId, newdata)
except Exception as err:
pass
finally:
if tmpdir:
shutil.rmtree(tmpdir)
return (ret)
def save_gate_whitelist(self, imageId, data):
thedir = os.path.join(self.imagerootdir, imageId)
if not os.path.exists(thedir):
os.makedirs(thedir)
thefile = os.path.join(thedir, 'anchore_gate.whitelist')
return (anchore_utils.write_plainfile_fromlist(thefile, data))
def save_gate_eval_output(self, imageId, gate_name, data):
thedir = os.path.join(self.imagerootdir, imageId, "gates_output")
if not os.path.exists(thedir):
os.makedirs(thedir)
thefile = os.path.join(thedir, gate_name + ".eval")
return (anchore_utils.write_plainfile_fromlist(thefile, data))