def get_policy(policyId, detail=None):
request_inputs = anchore_engine.services.common.do_request_prep(
request, default_params={'detail': True})
user_auth = request_inputs['auth']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
logger.debug('Get policy by bundle Id')
try:
policy_record = catalog.get_policy(user_auth, policyId=policyId)
except Exception as err:
logger.warn("unable to get policy_records for user (" +
str(userId) + ") - exception: " + str(err))
raise err
if policy_record:
ret = []
ret.append(make_response_policy(user_auth, policy_record, params))
return_object = ret
httpcode = 200
else:
httpcode = 404
raise Exception("cannot locate specified policyId")
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(
err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def list_policies(detail=None):
request_inputs = anchore_engine.services.common.do_request_prep(request, default_params={'detail': False})
user_auth = request_inputs['auth']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = []
httpcode = 500
userId, pw = user_auth
try:
logger.debug('Listing policies')
try:
policy_records = catalog.get_policy(user_auth)
except Exception as err:
httpcode = 404
raise Exception("unable to get policy_records for user (" + str(userId) + ") - exception: " + str(err))
if policy_records:
httpcode = 200
ret = []
for policy_record in policy_records:
ret.append(make_response_policy(user_auth, policy_record, params))
return_object = ret
else:
httpcode = 404
raise Exception('no policies found for user')
except Exception as err:
logger.debug("operation exception: " + str(err))
return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def update_policy(bundle, policyId, active=False):
request_inputs = anchore_engine.services.common.do_request_prep(request, default_params={'active': active})
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
logger.debug("Updating policy")
if not bodycontent:
bodycontent = '{}'
else:
jsondata = json.loads(bodycontent)
if not jsondata:
jsondata['policyId'] = policyId
if active:
jsondata['active'] = True
elif 'active' not in jsondata:
jsondata['active'] = False
try:
policy_records = catalog.get_policy(user_auth, policyId=policyId)
except Exception as err:
logger.warn("unable to get policy_records for user (" + str(userId) + ") - exception: " + str(err))
policy_records = []
if policy_records:
policy_record = policy_records[0]
if policy_record['active'] and not jsondata['active']:
httpcode = 500
raise Exception("cannot deactivate an active policy - can only activate an inactive policy")
elif policyId != jsondata['policyId']:
httpcode = 500
raise Exception("policyId in route is different from policyId in payload")
policy_record.update(jsondata)
policy_record['policyId'] = policyId
return_policy_record = catalog.update_policy(user_auth, policyId, policy_record=policy_record)
return_object = [make_response_policy(user_auth, return_policy_record, params)]
httpcode = 200
else:
httpcode = 404
raise Exception("cannot locate specified policyId")
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def delete_policy(policyId):
request_inputs = anchore_engine.services.common.do_request_prep(
request, default_params={})
user_auth = request_inputs['auth']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
logger.debug("Delete policy")
try:
try:
policy_records = catalog.get_policy(user_auth,
policyId=policyId)
except Exception as err:
logger.warn("unable to get policy_records for user (" +
str(userId) + ") - exception: " + str(err))
policy_records = []
if not policy_records:
rc = True
else:
policy_record = policy_records[0]
if policy_record['active']:
httpcode = 500
raise Exception(
"cannot delete an active policy - activate a different policy then delete this one"
)
rc = catalog.delete_policy(user_auth, policyId=policyId)
except Exception as err:
raise err
if rc:
httpcode = 200
return_object = "deleted"
else:
httpcode = 500
raise Exception('not deleted')
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(
err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def images_check_impl(request_inputs, image_records):
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = []
httpcode = 500
userId, pw = user_auth
try:
if 'policyId' in params and params['policyId']:
bundle_records = catalog.get_policy(user_auth, policyId=params['policyId'])
policyId = params['policyId']
else:
bundle_records = catalog.get_active_policy(user_auth)
policyId = None
if not bundle_records:
httpcode = 404
raise Exception("user has no active policy to evalute: " + str(user_auth))
# this is to check that we got at least one evaluation in the response, otherwise routine should throw a 404
atleastone = False
if image_records:
for image_record in image_records:
imageDigest = image_record['imageDigest']
return_object_el = {}
return_object_el[imageDigest] = {}
tags = []
if params and 'tag' in params and params['tag']:
image_info = anchore_engine.services.common.get_image_info(userId, "docker", params['tag'], registry_lookup=False,
registry_creds=[])
if 'fulltag' in image_info and image_info['fulltag']:
params['tag'] = image_info['fulltag']
tags.append(params['tag'])
else:
for image_detail in image_record['image_detail']:
fulltag = image_detail['registry'] + "/" + image_detail['repo'] + ":" + image_detail['tag']
tags.append(fulltag)
for tag in tags:
if tag not in return_object_el[imageDigest]:
return_object_el[imageDigest][tag] = []
try:
if params and 'history' in params and params['history']:
results = catalog.get_eval(user_auth, imageDigest=imageDigest, tag=tag,
policyId=policyId)
else:
results = [catalog.get_eval_latest(user_auth, imageDigest=imageDigest, tag=tag,
policyId=policyId)]
except Exception as err:
results = []
httpcode = 200
for result in results:
fresult = make_response_policyeval(user_auth, result, params)
return_object_el[imageDigest][tag].append(fresult[tag])
atleastone = True
if return_object_el:
return_object.append(return_object_el)
else:
httpcode = 404
raise Exception("could not find image record(s) input imageDigest(s)")
if not atleastone:
httpcode = 404
raise Exception("could not find any evaluations for input images")
except Exception as err:
logger.debug("operation exception: " + str(err))
return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def update_policy(bundle, policyId, active=False):
request_inputs = anchore_engine.services.common.do_request_prep(
request, default_params={'active': active})
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
logger.debug("Updating policy")
if not bodycontent:
bodycontent = '{}'
jsondata = json.loads(bodycontent)
if not jsondata:
jsondata['policyId'] = policyId
if active:
jsondata['active'] = True
elif 'active' not in jsondata:
jsondata['active'] = False
try:
policy_record = catalog.get_policy(user_auth, policyId=policyId)
except Exception as err:
logger.warn("unable to get policy_records for user (" +
str(userId) + ") - exception: " + str(err))
raise err
if policy_record:
if policy_record['active'] and not jsondata['active']:
httpcode = 500
raise Exception(
"cannot deactivate an active policy - can only activate an inactive policy"
)
elif policyId != jsondata['policyId']:
httpcode = 500
raise Exception(
"policyId in route is different from policyId in payload: {} != {}"
.format(policyId, jsondata['policyId']))
policy_record.update(jsondata)
policy_record['policyId'] = policyId
# schema check
try:
localconfig = anchore_engine.configuration.localconfig.get_config(
)
verify = localconfig.get('internal_ssl_verify', True)
p_client = policy_engine.get_client(user=user_auth[0],
password=user_auth[1],
verify_ssl=verify)
response = p_client.validate_bundle(
policy_bundle=jsondata['policybundle'])
if not response.valid:
httpcode = 400
return_object = anchore_engine.services.common.make_response_error(
'Bundle failed validation',
in_httpcode=400,
detail={
'validation_details':
[x.to_dict() for x in response.validation_details]
})
return (return_object, httpcode)
except ApiException as err:
raise Exception(
'Error response from policy service during bundle validation. Validation could not be performed: {}'
.format(err))
return_policy_record = catalog.update_policy(
user_auth, policyId, policy_record=policy_record)
return_object = [
make_response_policy(user_auth, return_policy_record, params)
]
httpcode = 200
else:
httpcode = 404
raise Exception("cannot locate specified policyId")
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(
err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
