def test_get_event_by_id(self, api_conf):
resp = http_get(["events"], {"page": 1, "limit": 1}, config=api_conf)
assert resp == APIResponse(200)
event_id = get_event_id_from_list_resp(resp.body)
resp = http_get(["events", event_id], config=api_conf)
assert resp == APIResponse(200)
def test_get_event_by_id(self, api_conf):
resp = http_get(['events'], {'page': 1, 'limit': 1}, config=api_conf)
assert resp == APIResponse(200)
event_id = get_event_id_from_list_resp(resp.body)
resp = http_get(['events', event_id], config=api_conf)
assert resp == APIResponse(200)
def test_get_system_services_endpoints(self, api_conf):
"""
Test system services.
NOTE! This only works for the super root user, so if the api_conf isn't that user, skip.
Why do we even keep the api_conf in the function argument you ask? Because it's required in order to allow
for pytest mark parametrization at the class level
"""
api_conf_name = str(api_conf.__name__)
if api_conf_name != 'get_api_conf':
pytest.skip(
'System Services Endpoint only works for root user of admin account: currentUserAPIConf={}'
.format(api_conf_name))
resp = http_get(['system', 'services'], config=api_conf)
assert resp == APIResponse(200)
services = resp.body
for service in services:
service_name = service.get('servicename')
resp = http_get(['system', 'services', service_name],
config=api_conf)
assert resp == APIResponse(200)
service_details = resp.body
resp = http_get([
'system', 'services', service_name,
service_details[0].get('hostid')
],
config=api_conf)
assert resp == APIResponse(200)
def test_get_all_image_vulns_by_type(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
resp = http_get(['images', 'by_id', image_id, 'vuln'], config=api_conf)
assert resp == APIResponse(200)
wait_for_image_to_analyze(image_id, api_conf)
vuln_types = resp.body
for v_type in vuln_types:
resp = http_get(['images', 'by_id', image_id, 'vuln', v_type], config=api_conf)
assert resp == APIResponse(200)
def test_list_events_with_before(self, api_conf):
resp = http_get(
["events"],
{"before": str(datetime.now()), "page": 1, "limit": 1},
config=api_conf,
)
assert resp == APIResponse(200)
def test_list_events_with_resource_id(self, api_conf):
resp = http_get(
["events"],
{"resource_id": "docker.io/alpine:latest", "page": 1, "limit": 1},
config=api_conf,
)
assert resp == APIResponse(200)
def test_list_events_with_resource_type(self, api_conf, r_type):
resp = http_get(
["events"],
{"resource_type": r_type, "page": 1, "limit": 1},
config=api_conf,
)
assert resp == APIResponse(200)
def test_list_events_with_source_servicename(self, api_conf):
resp = http_get(
["events"],
{"source_hostid": "anchore-quickstart", "page": 1, "limit": 1},
config=api_conf,
)
assert resp == APIResponse(200)
def test_list_events_with_source_servicename(self, api_conf, source):
resp = http_get(
["events"],
{"source_servicename": source, "page": 1, "limit": 1},
config=api_conf,
)
assert resp == APIResponse(200)
def test_get_image_vuln_types(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
resp = http_get(["images", "by_id", image_id, "vuln"], config=api_conf)
assert resp == APIResponse(200)
def test_list_subscriptions_with_key(self, add_alpine_subscription):
subscription, api_conf = add_alpine_subscription
resp = http_get(
['subscriptions'],
query={'subscription_key': subscription.get('subscription_key')},
config=api_conf)
assert resp == APIResponse(200)
def get_vulnerabilities(
vulnerability_ids=[],
affected_package=None,
affected_package_version=None,
namespace=None,
):
if not vulnerability_ids:
raise ValueError("Cannot fetch vulnerabilities without ids")
query = {
"id": ",".join(vulnerability_ids),
"affected_package": affected_package,
"affected_package_version": affected_package_version,
"namespace": namespace,
}
vulnerabilities_resp = http_utils.http_get(["query", "vulnerabilities"],
query,
config=policy_engine_api_conf)
if vulnerabilities_resp.code != 200:
raise http_utils.RequestFailedError(
vulnerabilities_resp.url,
vulnerabilities_resp.code,
vulnerabilities_resp.body,
)
return vulnerabilities_resp
def test_get_registry_by_name(self, add_and_teardown_registry):
add_resp, api_conf = add_and_teardown_registry
resp = http_get(
['registries',
quote(get_registry_info()['service_name'], '')],
config=api_conf)
assert resp == APIResponse(200)
def test_query_image_by_vuln(self, add_alpine_latest_image):
"""
These tests seem to always return early because the system needs to be up and running for a while to gather
feed data and analyze images. Good candidates for moving to an external test suite where an environment has
been running for a while.
"""
add_resp, api_conf = add_alpine_latest_image
# Arbitrarily get the first vuln from the os vuln response
try:
first_vuln = (get_alpine_latest_image_os_vuln(
get_image_id(add_resp), get_image_digest(add_resp),
api_conf).body.get("vulnerabilities", [])[0].get("vuln", None))
except IndexError:
self._logger.warning(
"No vulnerabilities found, cannot test query images by vulnerabilities"
)
return
assert first_vuln is not None
resp = http_get(
["query", "images", "by_vulnerability"],
{"vulnerability_id": first_vuln},
config=api_conf,
)
assert resp == APIResponse(200)
def test_list_subscriptions_with_type(self, add_alpine_subscription,
s_type):
subscription, api_conf = add_alpine_subscription
resp = http_get(['subscriptions'],
query={'subscription_type': s_type},
config=api_conf)
assert resp == APIResponse(200)
def await_account_deletion():
"""
This method is helpful for awaiting account deletion of the functional_test account, with a timeout governed
by DELETE_ACCOUNT_TIMEOUT_SEC. It awaits in 5 second intervals.
"""
start_time_sec = time.time()
result = 200
while result != 404:
time.sleep(5)
ft_get_account_resp = http_get(["accounts", FT_ACCOUNT])
_logger.info(
"Waiting for functional_test account to fully delete. Time Elapsed={}sec".format(
int(time.time() - start_time_sec)
)
)
if not (
ft_get_account_resp.code == 200 or ft_get_account_resp.code == 404
):
_logger.error(ft_get_account_resp)
raise RequestFailedError(
ft_get_account_resp.url,
ft_get_account_resp.code,
ft_get_account_resp.body,
)
if time.time() - start_time_sec >= DELETE_ACCOUNT_TIMEOUT_SEC:
raise TimeoutError(
"Timed out waiting for functional_test account to delete"
)
result = ft_get_account_resp.code
def test_get_image_vuln_types(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
resp = http_get(['images', 'by_id', image_id, 'vuln'], config=api_conf)
assert resp == APIResponse(200)
def test_get_image_metadata_all_types_by_digest(self, add_alpine_latest_image):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(['images', image_digest, 'metadata'], config=api_conf)
assert resp == APIResponse(200)
m_types = resp.body
for m_type in m_types:
resp = http_get(['images', image_digest, 'metadata', m_type], config=api_conf)
assert resp == APIResponse(200)
def test_get_image_vulns_all_types_by_digest(self, add_alpine_latest_image, query):
add_resp, api_conf = add_alpine_latest_image
image_id = get_image_id(add_resp)
wait_for_image_to_analyze(image_id, api_conf)
image_digest = get_image_digest(add_resp)
resp = http_get(['images', image_digest, 'vuln'], config=api_conf)
assert resp == APIResponse(200)
v_types = resp.body
for v_type in v_types:
resp = http_get(['images', image_digest, 'vuln', v_type], query=query, config=api_conf)
assert resp == APIResponse(200)
def wait_for_image_to_analyze(image_id, api_conf: callable):
status = "analyzing"
start_time_sec = time.time()
while status != "analyzed" and time.time() - start_time_sec < WAIT_TIMEOUT_SEC:
resp = http_get(["images", "by_id", image_id], config=api_conf)
status = resp.body[0].get("analysis_status", None)
if status != "analyzed":
_logger.info(
"Waiting for Image Analysis to complete. Elapsed Time={}sec".format(
int(time.time() - start_time_sec)
)
)
time.sleep(5)
if time.time() - start_time_sec >= WAIT_TIMEOUT_SEC:
raise TimeoutError(
"Timed out waiting for Image to Analyze (timeout={}sec)".format(
WAIT_TIMEOUT_SEC
)
)
else:
_logger.info(
"Image Analysis Complete, wait time: {}sec".format(
int(time.time() - start_time_sec)
)
)
def test_disable_and_delete_feed_group(self, api_conf):
ensure_second_feed_enabled(api_conf)
feed_list_resp = http_get(["system", "feeds"], config=api_conf)
assert feed_list_resp == APIResponse(200)
# Pick 2nd feed
feeds = feed_list_resp.body
feed = feeds[1]
feed_name = feed.get("name")
# Arbitrarily pick 1st group
groups = feed.get("groups", [])
group_to_delete = groups[0].get("name")
resp = http_put(
["system", "feeds", feed_name, group_to_delete],
None,
{"enabled": False},
config=api_conf,
)
assert resp == APIResponse(200)
resp = http_del(["system", "feeds", feed_name, group_to_delete],
config=api_conf)
assert resp == APIResponse(200)
def test_list_image(self, add_alpine_latest_image, query):
"""
Atomically test list image functionality with add and teardown (by_id) implicit coverage
"""
add_resp, api_conf = add_alpine_latest_image
resp = http_get(['images'], query=query, config=api_conf)
assert resp == APIResponse(200)
def test_list_events_with_source_servicename(self, api_conf):
resp = http_get(['events'], {
'source_hostid': 'anchore-quickstart',
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_get_registry_by_name(self, add_and_teardown_registry):
add_resp, api_conf = add_and_teardown_registry
resp = http_get(
["registries",
quote(get_registry_info()["service_name"], "")],
config=api_conf,
)
assert resp == APIResponse(200)
def test_list_events_with_resource_id(self, api_conf):
resp = http_get(['events'], {
'resource_id': 'docker.io/alpine:latest',
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_list_subscriptions_with_key(self, add_alpine_subscription):
subscription, api_conf = add_alpine_subscription
resp = http_get(
["subscriptions"],
query={"subscription_key": subscription.get("subscription_key")},
config=api_conf,
)
assert resp == APIResponse(200)
def test_list_events_with_before(self, api_conf):
resp = http_get(['events'], {
'before': str(datetime.now()),
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_list_events_with_level(self, api_conf, level):
resp = http_get(['events'], {
'level': level,
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)
def test_get_subscription_by_id(self, add_alpine_subscription):
subscription, api_conf = add_alpine_subscription
# arbitrarily pick 1st subscription
resp = http_get(['subscriptions',
subscription.get('subscription_id')],
config=api_conf)
assert resp == APIResponse(200)
def test_list_events_with_resource_type(self, api_conf, r_type):
resp = http_get(['events'], {
'resource_type': r_type,
'page': 1,
'limit': 1
},
config=api_conf)
assert resp == APIResponse(200)