def discover_gates():
config = contexts['anchore_config']
ret = {}
gatesdir = '/'.join([config["scripts_dir"], "gates"])
outputdir = make_anchoretmpdir(config['tmpdir'])
path_overrides = ['/'.join([config['user_scripts_dir'], 'gates'])]
if config['extra_scripts_dir']:
path_overrides = path_overrides + ['/'.join([config['extra_scripts_dir'], 'gates'])]
try:
results = scripting.ScriptSetExecutor(path=gatesdir, path_overrides=path_overrides).execute(capture_output=True, fail_fast=True, cmdline=' '.join([outputdir, 'anchore_get_help']))
except Exception as err:
pass
# walk through outputdir looking for dropped help output
allhelp = {}
for d in os.listdir(outputdir):
gate_name = None
match = re.match("(.*)\.help", d)
if match:
gate_name = match.group(1)
if gate_name:
helpfile = os.path.join(outputdir, d)
with open(helpfile, 'r') as FH:
helpdata = json.loads(FH.read())
allhelp[gate_name] = helpdata
shutil.rmtree(outputdir)
save_gate_help_output(allhelp)
return(allhelp)
def execute_gates(self, image, refresh=True):
self._logger.debug("gate policy evaluation for image " +
str(image.meta['imagename']) + ": begin")
success = True
imagename = image.meta['imageId']
imagedir = image.anchore_imagedir
gatesdir = '/'.join([self.config["scripts_dir"], "gates"])
workingdir = '/'.join([self.config['anchore_data_dir'], 'querytmp'])
outputdir = workingdir
if not self.force and os.path.exists(imagedir + "/gates.done"):
self._logger.info(image.meta['shortId'] + ": evaluated.")
return (True)
self._logger.info(image.meta['shortId'] + ": evaluating policies ...")
for d in [outputdir, workingdir]:
if not os.path.exists(d):
os.makedirs(d)
imgfile = '/'.join(
[workingdir, "queryimages." + str(random.randint(0, 99999999))])
anchore_utils.write_plainfile_fromstr(imgfile, image.meta['imageId'])
if self.policy_override:
policy_data = anchore_utils.read_plainfile_tolist(
self.policy_override)
policies = self.read_policy(policy_data)
else:
policies = self.get_image_policies(image)
paramlist = list()
for p in policies.keys():
for t in policies[p].keys():
if 'params' in policies[p][t] and policies[p][t]['params']:
paramlist.append(policies[p][t]['params'])
if len(paramlist) <= 0:
paramlist.append('all')
path_overrides = ['/'.join([self.config['user_scripts_dir'], 'gates'])]
if self.config['extra_scripts_dir']:
path_overrides = path_overrides + [
'/'.join([self.config['extra_scripts_dir'], 'gates'])
]
results = scripting.ScriptSetExecutor(
path=gatesdir, path_overrides=path_overrides).execute(
capture_output=True,
fail_fast=True,
cmdline=' '.join([
imgfile, self.config['image_data_store'], outputdir,
' '.join(paramlist)
]))
os.remove(imgfile)
for r in results:
(cmd, retcode, output) = r
if retcode:
self._logger.error("FAILED")
self._logger.error("\tCMD: " + cmd)
self._logger.error("\tEXITCODE: " + str(retcode))
self._logger.error("\tOUTPUT: " + output)
success = False
else:
self._logger.debug("")
self._logger.debug("\tCMD: " + cmd)
self._logger.debug("\tEXITCODE: " + str(retcode))
self._logger.debug("\tOUTPUT: " + output)
self._logger.debug("")
if success:
report = self.generate_gates_report(image)
self.anchoreDB.save_gates_report(image.meta['imageId'], report)
self._logger.info(image.meta['shortId'] + ": evaluated.")
self._logger.debug("gate policy evaluation for image " +
str(image.meta['imagename']) + ": end")
return (success)
def __init__(self, path):
self.script_executor = scripting.ScriptSetExecutor(path=path)
def run_analyzers(self, image):
self._logger.debug("running analyzers on image: " +
str(image.meta['imagename']) + ": begin")
imagename = image.meta['imagename']
outputdir = image.anchore_imagedir
shortid = image.meta['shortId']
analyzerdir = '/'.join([self.config["scripts_dir"], "analyzers"])
if not self.force and os.path.exists(outputdir + "/analyzers.done"):
self._logger.debug(
"image already analyzed and --force was not specified, nothing to do"
)
self._logger.info(image.meta['shortId'] + ": analyzed.")
return (True)
self._logger.info(image.meta['shortId'] + ": analyzing ...")
if not os.path.exists(outputdir):
self._logger.debug("outputdir '" + str(outputdir) +
"'not found, creating")
os.makedirs(outputdir)
self._logger.debug("unpacking image")
imagedir = image.unpack()
self._logger.debug("finished unpacking image to directory: " +
str(imagedir))
self._logger.debug("running all analyzers on image")
results = scripting.ScriptSetExecutor(path=analyzerdir).execute(
capture_output=True,
fail_fast=True,
cmdline=' '.join([
imagename, self.config['image_data_store'], outputdir, imagedir
]))
self._logger.debug("analyzers done running" + str(len(results)))
success = True
for r in results:
(cmd, retcode, output) = r
if retcode:
# something failed
self._logger.error("FAILED")
self._logger.error("\tCMD: " + cmd)
self._logger.error("\tEXITCODE: " + str(retcode))
self._logger.error("\tOUTPUT: " + output)
success = False
else:
self._logger.debug("")
self._logger.debug("\tCMD: " + cmd)
self._logger.debug("\tEXITCODE: " + str(retcode))
self._logger.debug("\tOUTPUT: " + output)
self._logger.debug("")
self._logger.debug(
"analyzer commands all finished with successful exit codes")
if success:
self._logger.debug(
"generating analysis report from analyzer outputs and saving")
report = self.generate_analysis_report(image)
self.anchoreDB.save_analysis_report(image.meta['imageId'], report)
self._logger.debug(
"saving image information with updated analysis data")
image.save_image()
anchore_utils.touch_file(outputdir + "/analyzers.done")
self._logger.info(image.meta['shortId'] + ": analyzed.")
self._logger.debug("running analyzers on image: " +
str(image.meta['imagename']) + ": end")
return (success)
