def image_exists(token_name: str, image: DockerImage) -> bool:
token = get_existing_token(token_name)
if not token:
raise Unauthorized()
url = 'https://{}'.format(image.registry)
path = '/v1/repositories/{team}/{artifact}/tags'.format(team=image.team, artifact=image.artifact)
try:
r = request(url, path, token['access_token'])
except:
return False
result = r.json()
return image.tag in result
def image_exists(token_name: str, image: DockerImage) -> bool:
token = get_existing_token(token_name)
if not token:
raise Unauthorized()
url = 'https://{}'.format(image.registry)
path = '/v1/repositories/{team}/{artifact}/tags'.format(
team=image.team, artifact=image.artifact)
try:
r = request(url, path, token['access_token'])
except:
return False
result = r.json()
return image.tag in result
def get_latest_tag(token_name: str, image: DockerImage) -> bool:
token = get_existing_token(token_name)
if not token:
raise Unauthorized()
url = 'https://{}'.format(image.registry)
path = '/teams/{team}/artifacts/{artifact}/tags'.format(team=image.team, artifact=image.artifact)
try:
r = request(url, path, token['access_token'])
except:
return None
result = r.json()
if result:
return sorted(result, key=lambda x: x['created'])[-1]['name']
else:
return None
def get_latest_tag(token_name: str, image: DockerImage) -> bool:
token = get_existing_token(token_name)
if not token:
raise Unauthorized()
url = 'https://{}'.format(image.registry)
path = '/teams/{team}/artifacts/{artifact}/tags'.format(
team=image.team, artifact=image.artifact)
try:
r = request(url, path, token['access_token'])
except:
return None
result = r.json()
if result:
return sorted(result, key=lambda x: x['created'])[-1]['name']
else:
return None
def check_docker_image_exists(docker_image: pierone.api.DockerImage):
token = None
if 'pierone' in docker_image.registry:
token = get_existing_token('pierone')
if not token:
msg = textwrap.dedent('''
Unauthorized: Cannot check whether Docker image "{}" exists in Pier One Docker registry.
Please generate a "pierone" OAuth access token using "pierone login".
Alternatively you can skip this check using the "--force" option.
'''.format(docker_image)).strip()
raise click.UsageError(msg)
else:
token = token['access_token']
exists = pierone.api.image_exists(docker_image, token)
else:
exists = docker_image_exists(str(docker_image))
if not exists:
raise click.UsageError(
'Docker image "{}" does not exist'.format(docker_image))
image_tag = pierone.api.get_image_tag(docker_image, token)
if image_tag is not None and 'severity_fix_available' in image_tag:
if image_tag.get('severity_fix_available') not in [
'COULDNT_FIGURE_OUT', 'NO_CVES_FOUND'
]:
warn_msg = textwrap.dedent('''
You are deploying an image that has *{}* severity
security fixes easily available! Please check this artifact
tag in pierone and see which software versions you should
upgrade to apply those fixes.
'''.format(image_tag['severity_fix_available']))
else:
# Image is good to deploy!
return True
else:
warn_msg = textwrap.dedent('''
You are deploying an image that was not automatically checked for
vulnerabilities. Images stored in Pierone are automatically checked!
''')
click.secho(warn_msg.replace('\n', ' ').strip(), fg='red', bold=True)
return True
def check_docker_image_exists(docker_image: pierone.api.DockerImage):
token = None
if 'pierone' in docker_image.registry:
token = get_existing_token('pierone')
if not token:
msg = textwrap.dedent('''
Unauthorized: Cannot check whether Docker image "{}" exists in Pier One Docker registry.
Please generate a "pierone" OAuth access token using "pierone login".
Alternatively you can skip this check using the "--force" option.
'''.format(docker_image)).strip()
raise click.UsageError(msg)
else:
token = token['access_token']
exists = pierone.api.image_exists(docker_image, token)
else:
exists = docker_image_exists(str(docker_image))
if not exists:
raise click.UsageError('Docker image "{}" does not exist'.format(docker_image))
image_tag = pierone.api.get_image_tag(docker_image, token)
if image_tag is not None and 'severity_fix_available' in image_tag:
if image_tag.get('severity_fix_available') not in ['COULDNT_FIGURE_OUT',
'NO_CVES_FOUND']:
warn_msg = textwrap.dedent('''
You are deploying an image that has *{}* severity
security fixes easily available! Please check this artifact
tag in pierone and see which software versions you should
upgrade to apply those fixes.
'''.format(image_tag['severity_fix_available']))
else:
# Image is good to deploy!
return True
else:
warn_msg = textwrap.dedent('''
You are deploying an image that was not automatically checked for
vulnerabilities. Images stored in Pierone are automatically checked!
''')
click.secho(warn_msg.replace('\n', ' ').strip(), fg='red', bold=True)
return True
