Implement setup tool support for Clair

Fixes #1387

util/config/validator.py

@@ -1,10 +1,9 @@
 import redis
-import os
-import json
 import ldap
 import peewee
 import OpenSSL
 import logging
+import time
 
 from StringIO import StringIO
 from fnmatch import fnmatch
@@ -14,12 +13,14 @@ from data.users.externalldap import LDAPConnection, LDAPUsers
 
 from flask import Flask
 from flask.ext.mail import Mail, Message
-from data.database import validate_database_url, User
+from data.database import validate_database_url
 from storage import get_storage_driver
 from auth.auth_context import get_authenticated_user
 from util.config.oauth import GoogleOAuthConfig, GithubOAuthConfig, GitLabOAuthConfig
 from bitbucket import BitBucket
 from util.security.signing import SIGNING_ENGINES
+from util.secscan.api import SecurityScannerAPI
+from boot import setup_jwt_proxy
 
 from app import app, config_provider, get_app_url, OVERRIDE_CONFIG_DIRECTORY
 
@@ -424,6 +425,23 @@ def _validate_signer(config, _):
   engine.detached_sign(StringIO('test string'))
 
 
+def _validate_security_scanner(config, _):
+  """ Validates the configuration for talking to a Quay Security Scanner. """
+  # Generate a temporary Quay key to use for signing the outgoing requests.
+  setup_jwt_proxy()
+
+  # Wait a few seconds for the JWT proxy to startup.
+  time.sleep(2)
+
+  # Make a ping request to the security service.
+  client = app.config['HTTPCLIENT']
+  api = SecurityScannerAPI(config, None, client=client, skip_validation=True)
+  response = api.ping()
+  if response.status_code != 200:
+    message = 'Expected 200 status code, got %s: %s' % (response.status_code, response.text)
+    raise Exception('Could not ping security scanner: %s' % message)
+
+
 _VALIDATORS = {
   'database': _validate_database,
   'redis': _validate_redis,
@@ -439,4 +457,5 @@ _VALIDATORS = {
   'jwt': _validate_jwt,
   'keystone': _validate_keystone,
   'signer': _validate_signer,
+  'security-scanner': _validate_security_scanner,
 }