def create_and_teardown_archive_rule(request): """ In order to interact with the archives API, a rule must be added first, which depends on there being an image added as well: 1. Add node:latest image (this isn't currently depended upon in other tests) 2. Add Archive Rule Note: This appears to only work for the root user ATM, so don't run w/ ft_user """ _logger.info("Adding alpine:edge Image for analysis") add_image_resp = http_post(['images'], {'tag': 'alpine:edge'}, config=request.param) if add_image_resp.code != 200: raise RequestFailedError(add_image_resp.url, add_image_resp.code, add_image_resp.body) wait_for_image_to_analyze(get_image_id(add_image_resp), request.param) archive_rule_json = { "analysis_age_days": 0, "created_at": "2020-08-25T17:15:16.865Z", "last_updated": "2020-08-25T17:15:16.865Z", "selector": { "registry": "docker.io", "repository": "alpine", "tag": "edge" }, "system_global": True, "tag_versions_newer": 0, "transition": "archive" } _logger.info('Adding Archive Rule') archive_rule_resp = http_post(['archives', 'rules'], archive_rule_json, config=request.param) if archive_rule_resp.code != 200: raise RequestFailedError(archive_rule_resp.url, archive_rule_resp.code, archive_rule_resp.body) archive_resp = http_post(['archives', 'images'], [get_image_digest(add_image_resp)], config=request.param) if archive_resp.code != 200: raise RequestFailedError(archive_resp.url, archive_resp.code, archive_resp.body) def teardown(): _logger.info('Removing alpine:edge image from anchore') remove_image_resp = http_del(['images', 'by_id', get_image_id(add_image_resp)], query={'force': True}) if remove_image_resp.code != 200: raise RequestFailedError(remove_image_resp.url, remove_image_resp.code, remove_image_resp.body) _logger.info('Removing Archive Rule: rule_id={}'.format(archive_rule_resp.body['rule_id'])) remove_rule_resp = http_del(['archives', 'rules', archive_rule_resp.body['rule_id']]) if remove_rule_resp.code != 200: raise RequestFailedError(remove_rule_resp.url, remove_rule_resp.code, remove_rule_resp.body) delete_archive_image_resp = http_del(['archives', 'images', get_image_digest(add_image_resp)], config=request.param) if delete_archive_image_resp.code != 200: raise RequestFailedError(delete_archive_image_resp.url, delete_archive_image_resp.code, delete_archive_image_resp.body) request.addfinalizer(teardown) return add_image_resp, archive_rule_resp, archive_resp, request.param
def test_get_image_content_ctype(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) resp = http_get(["images", "by_id", image_id, "content", "os"], config=api_conf) assert resp == APIResponse(200)
def test_get_image_content_ctype(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) resp = http_get(['images', 'by_id', image_id, 'content', 'os'], config=api_conf) assert resp == APIResponse(200)
def test_get_image_content_java_by_digest(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(['images', image_digest, 'content', 'java'], config=api_conf) assert resp == APIResponse(200)
def test_get_image_metadata(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(['images', image_digest], config=api_conf) assert resp == APIResponse(200)
def test_get_image_content_types_by_digest(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(["images", image_digest, "content"], config=api_conf) assert resp == APIResponse(200)
def test_get_all_image_vulns_by_type(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) resp = http_get(['images', 'by_id', image_id, 'vuln'], config=api_conf) assert resp == APIResponse(200) wait_for_image_to_analyze(image_id, api_conf) vuln_types = resp.body for v_type in vuln_types: resp = http_get(['images', 'by_id', image_id, 'vuln', v_type], config=api_conf) assert resp == APIResponse(200)
def test_get_image_policy_evaluation(self, add_alpine_latest_image, query): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_tag = get_image_tag(add_resp) query['tag'] = image_tag if query.get('policyId'): query['policyId'] = get_first_policy_id(api_conf) resp = http_get(['images', 'by_id', image_id, 'check'], {'tag': image_tag}, config=api_conf) assert resp == APIResponse(200)
def test_get_image_file_content_artifacts(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image api_conf_name = str(api_conf.__name__) if api_conf_name != 'get_api_conf': pytest.skip( 'Image File Content Search Endpoint only works for root user of admin account: currentUserAPIConf={}'.format( api_conf_name)) image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(['images', image_digest, 'artifacts', 'file_content_search']) assert resp == APIResponse(200)
def test_get_image_vulns_all_types_by_digest(self, add_alpine_latest_image, query): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(['images', image_digest, 'vuln'], config=api_conf) assert resp == APIResponse(200) v_types = resp.body for v_type in v_types: resp = http_get(['images', image_digest, 'vuln', v_type], query=query, config=api_conf) assert resp == APIResponse(200)
def test_get_image_metadata_all_types_by_digest(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(['images', image_digest, 'metadata'], config=api_conf) assert resp == APIResponse(200) m_types = resp.body for m_type in m_types: resp = http_get(['images', image_digest, 'metadata', m_type], config=api_conf) assert resp == APIResponse(200)
def test_get_image_policy_evaluation(self, add_alpine_latest_image, query): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_tag = get_image_tag(add_resp) query["tag"] = image_tag if query.get("policyId"): query["policyId"] = get_first_policy_id(api_conf) resp = http_get( ["images", "by_id", image_id, "check"], {"tag": image_tag}, config=api_conf ) assert resp == APIResponse(200)
def test_get_image_secret_search(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image api_conf_name = str(api_conf.__name__) if api_conf_name != "get_api_conf": pytest.skip( "Image Secret Search Endpoint only works for root user of admin account: currentUserAPIConf={}" .format(api_conf_name)) image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(["images", image_digest, "artifacts", "secret_search"]) assert resp == APIResponse(200)