Raise an APIRequestFailure exception when security scanner is unavailable

Put worker to sleep for the duration of the default indexing interval
when an APIRequestFailure occurs, when the API request fails due to a
connection error, timeout, or other ambiguous errors, from
analyze_layer or get_layer_data .
This commit is contained in:
Kenny Lee Sin Cheong 2017-05-18 23:19:30 -04:00
parent 13439e0ca7
commit 203c0b76e0
3 changed files with 8 additions and 5 deletions

View file

@ -8,7 +8,7 @@ from data.database import Image, IMAGE_NOT_SCANNED_ENGINE_VERSION
from endpoints.notificationevent import VulnerabilityFoundEvent from endpoints.notificationevent import VulnerabilityFoundEvent
from endpoints.v2 import v2_bp from endpoints.v2 import v2_bp
from initdb import setup_database_for_testing, finished_database_for_testing from initdb import setup_database_for_testing, finished_database_for_testing
from util.secscan.api import SecurityScannerAPI from util.secscan.api import SecurityScannerAPI, APIRequestFailure
from util.secscan.analyzer import LayerAnalyzer from util.secscan.analyzer import LayerAnalyzer
from util.secscan.fake import fake_security_scanner from util.secscan.fake import fake_security_scanner
from util.secscan.notifier import SecurityNotificationHandler, ProcessNotificationPageResult from util.secscan.notifier import SecurityNotificationHandler, ProcessNotificationPageResult
@ -160,7 +160,8 @@ class TestSecurityScanner(unittest.TestCase):
security_scanner.set_internal_error_layer_id(security_scanner.layer_id(layer)) security_scanner.set_internal_error_layer_id(security_scanner.layer_id(layer))
analyzer = LayerAnalyzer(app.config, self.api) analyzer = LayerAnalyzer(app.config, self.api)
analyzer.analyze_recursively(layer) with self.assertRaises(APIRequestFailure) as ctx:
analyzer.analyze_recursively(layer)
layer = model.tag.get_tag_image(ADMIN_ACCESS_USER, SIMPLE_REPO, 'latest') layer = model.tag.get_tag_image(ADMIN_ACCESS_USER, SIMPLE_REPO, 'latest')
self.assertAnalyzed(layer, security_scanner, False, -1) self.assertAnalyzed(layer, security_scanner, False, -1)

View file

@ -57,7 +57,7 @@ class LayerAnalyzer(object):
except AnalyzeLayerRetryException: except AnalyzeLayerRetryException:
# Something went wrong when trying to analyze the layer, but we should retry, so leave # Something went wrong when trying to analyze the layer, but we should retry, so leave
# the layer unindexed. Another worker will come along and handle it. # the layer unindexed. Another worker will come along and handle it.
pass raise APIRequestFailure
except MissingParentLayerException: except MissingParentLayerException:
# Pass upward, as missing parent is handled in the analyze_recursively method. # Pass upward, as missing parent is handled in the analyze_recursively method.
raise raise
@ -145,7 +145,7 @@ class LayerAnalyzer(object):
try: try:
layer_data = self._api.get_layer_data(layer, include_vulnerabilities=True) layer_data = self._api.get_layer_data(layer, include_vulnerabilities=True)
except APIRequestFailure: except APIRequestFailure:
layer_data = None raise
if layer_data is not None: if layer_data is not None:
# Dispatch events for any detected vulnerabilities # Dispatch events for any detected vulnerabilities

View file

@ -10,7 +10,7 @@ from workers.worker import Worker
from data.database import UseThenDisconnect from data.database import UseThenDisconnect
from data.model.image import (get_images_eligible_for_scan, get_image_pk_field, from data.model.image import (get_images_eligible_for_scan, get_image_pk_field,
get_max_id_for_sec_scan, get_min_id_for_sec_scan) get_max_id_for_sec_scan, get_min_id_for_sec_scan)
from util.secscan.api import SecurityConfigValidator from util.secscan.api import SecurityConfigValidator, APIRequestFailure
from util.secscan.analyzer import LayerAnalyzer, PreemptedException from util.secscan.analyzer import LayerAnalyzer, PreemptedException
from util.migrate.allocator import yield_random_entries from util.migrate.allocator import yield_random_entries
from endpoints.v2 import v2_bp from endpoints.v2 import v2_bp
@ -73,6 +73,8 @@ class SecurityWorker(Worker):
except PreemptedException: except PreemptedException:
logger.info('Another worker pre-empted us for layer: %s', candidate.id) logger.info('Another worker pre-empted us for layer: %s', candidate.id)
abt.set() abt.set()
except APIRequestFailure:
time.sleep(DEFAULT_INDEXING_INTERVAL)
unscanned_images_gauge.Set(num_remaining) unscanned_images_gauge.Set(num_remaining)