def get_vulnerabilities( vulnerability_ids=[], affected_package=None, affected_package_version=None, namespace=None, ): if not vulnerability_ids: raise ValueError("Cannot fetch vulnerabilities without ids") query = { "id": ",".join(vulnerability_ids), "affected_package": affected_package, "affected_package_version": affected_package_version, "namespace": namespace, } vulnerabilities_resp = http_utils.http_get(["query", "vulnerabilities"], query, config=policy_engine_api_conf) if vulnerabilities_resp.code != 200: raise http_utils.RequestFailedError( vulnerabilities_resp.url, vulnerabilities_resp.code, vulnerabilities_resp.body, ) return vulnerabilities_resp
def create_raw_object(bucket: str, archiveid: str, content: str) -> http_utils.APIResponse: if not bucket: raise ValueError( "Cannot create document to object store without bucket") if not archiveid: raise ValueError( "Cannot create document to object store without archiveid") if not content: raise ValueError( "Cannot create document to object store without content") create_document_resp = http_utils.http_post_bytes( ["objects", "raw", bucket, archiveid], content, config=catalog_api_conf) if create_document_resp.code != 200: raise http_utils.RequestFailedError( create_document_resp.url, create_document_resp.code, create_document_resp.body, ) return create_document_resp
def ingress_image(fetch_url: str, image_id: str) -> http_utils.APIResponse: if not fetch_url: raise ValueError( "Cannot ingress image to policy engine without fetch url") if not image_id: raise ValueError( "Cannot ingress image to policy engine without image id") payload = { "fetch_url": fetch_url, "user_id": policy_engine_api_conf().get("ANCHORE_API_USER"), "image_id": image_id, } ingress_image_resp = http_utils.http_post(["images"], payload, config=policy_engine_api_conf) if ingress_image_resp.code != 200: raise http_utils.RequestFailedError(ingress_image_resp.url, ingress_image_resp.code, ingress_image_resp.body) return ingress_image_resp
def delete_image(image_id: str) -> http_utils.APIResponse: if not image_id: raise ValueError("Cannot ingress image to policy engine without image id") delete_image_resp = http_utils.http_del( ["users", policy_engine_api_conf().get("ANCHORE_API_USER"), "images", image_id], config=policy_engine_api_conf, ) if delete_image_resp.code > 299: raise http_utils.RequestFailedError( delete_image_resp.url, delete_image_resp.code, delete_image_resp.body ) return delete_image_resp
def get_feeds(include_counts=None, refresh_counts=None): query = { "include_counts": include_counts, "refresh_counts": refresh_counts, } get_feeds_resp = http_utils.http_get(["feeds"], query, config=policy_engine_api_conf) if get_feeds_resp.code != 200: raise http_utils.RequestFailedError( get_feeds_resp.url, get_feeds_resp.code, get_feeds_resp.body, ) return get_feeds_resp
def feeds_sync(force_flush=None, feed=None): payload = { "force_flush": force_flush, "feed": feed, "user_id": policy_engine_api_conf().get("ANCHORE_API_USER"), } feed_sync_resp = http_utils.http_post(["feeds"], payload, config=policy_engine_api_conf) if feed_sync_resp.code != 200: raise http_utils.RequestFailedError(feed_sync_resp.url, feed_sync_resp.code, feed_sync_resp.body) return feed_sync_resp
def delete_document(bucket: str, archiveid: str) -> http_utils.APIResponse: if not bucket: raise ValueError( "Cannot delete document to object store without bucket") if not archiveid: raise ValueError( "Cannot delete document to object store without archiveid") del_document_resp = http_utils.http_del(["objects", bucket, archiveid], config=catalog_api_conf) if del_document_resp.code != 200: raise http_utils.RequestFailedError(del_document_resp.url, del_document_resp.code, del_document_resp.body) return del_document_resp
def get_raw_object(bucket: str, archiveid: str) -> http_utils.APIResponse: if not bucket: raise ValueError( "Cannot get document from object store without bucket") if not archiveid: raise ValueError( "Cannot fet document from object store without archiveid") get_document_resp = http_utils.http_get( ["objects", "raw", bucket, archiveid], config=catalog_api_conf, extra_headers={"Content-Type": "application/octet-stream"}, ) if get_document_resp.code != 200: raise http_utils.RequestFailedError(get_document_resp.url, get_document_resp.code, get_document_resp.body) return get_document_resp
def get_image_vulnerabilities(image_id: str) -> http_utils.APIResponse: if not image_id: raise ValueError("Cannot ingress image to policy engine without image id") image_vulnerabilities_resp = http_utils.http_get( [ "users", policy_engine_api_conf().get("ANCHORE_API_USER"), "images", image_id, "vulnerabilities", ], config=policy_engine_api_conf, ) if image_vulnerabilities_resp.code != 200: raise http_utils.RequestFailedError( image_vulnerabilities_resp.url, image_vulnerabilities_resp.code, image_vulnerabilities_resp.body, ) return image_vulnerabilities_resp
def get_images_by_vulnerability( vulnerability_id: str, severity: Optional[str] = None, namespace: Optional[str] = None, affected_package: Optional[str] = None, vendor_only: bool = True, ) -> http_utils.APIResponse: if not vulnerability_id: raise ValueError("Cannot query image by vulnerability without vulnerability id") query = {"vulnerability_id": vulnerability_id, "vendor_only": vendor_only} if not isinstance(severity, type(None)): query["severity"] = severity if not isinstance(namespace, type(None)): query["namespace"] = namespace if not isinstance(affected_package, type(None)): query["affected_package"] = affected_package image_by_vuln_resp = http_utils.http_get( [ "users", policy_engine_api_conf().get("ANCHORE_API_USER"), "query", "images", "by_vulnerability", ], query=query, config=policy_engine_api_conf, ) if image_by_vuln_resp.code != 200: raise http_utils.RequestFailedError( image_by_vuln_resp.url, image_by_vuln_resp.code, image_by_vuln_resp.body, ) return image_by_vuln_resp
def add_document(bucket: str, archiveid: str, object: Dict) -> http_utils.APIResponse: if not bucket: raise ValueError("Cannot add document to object store without bucket") if not archiveid: raise ValueError( "Cannot add document to object store without archiveid") if not object: raise ValueError("Cannot add document to object store without object") payload = object add_document_resp = http_utils.http_post(["objects", bucket, archiveid], payload, config=catalog_api_conf) if add_document_resp.code != 200: raise http_utils.RequestFailedError(add_document_resp.url, add_document_resp.code, add_document_resp.body) return add_document_resp