Pull out security scanner validation into validator class

2017-02-09 17:28:39 -08:00 · 2017-02-09 17:28:39 -08:00 · 3db4c15459
commit 3db4c15459
parent c0f7530b29
5 changed files with 168 additions and 29 deletions
--- a/util/config/validator.py
+++ b/util/config/validator.py
@ -1,5 +1,4 @@
 import logging
-import time

 from StringIO import StringIO
 from hashlib import sha1
@ -11,13 +10,11 @@ from flask import Flask
 from app import app, config_provider, get_app_url, OVERRIDE_CONFIG_DIRECTORY
 from auth.auth_context import get_authenticated_user
 from bitbucket import BitBucket
-from boot import setup_jwt_proxy
 from data.database import validate_database_url
 from data.users import LDAP_CERT_FILENAME
 from oauth.services.github import GithubOAuthService
 from oauth.services.google import GoogleOAuthService
 from oauth.services.gitlab import GitLabOAuthService
-from util.secscan.api import SecurityScannerAPI
 from util.registry.torrent import torrent_jwt
 from util.security.signing import SIGNING_ENGINES
 from util.security.ssl import load_certificate, CertInvalidException, KeyInvalidException
@ -29,6 +26,7 @@ from util.config.validators.validate_email import EmailValidator
 from util.config.validators.validate_ldap import LDAPValidator
 from util.config.validators.validate_keystone import KeystoneValidator
 from util.config.validators.validate_jwt import JWTAuthValidator
+from util.config.validators.validate_secscan import SecurityScannerValidator

 logger = logging.getLogger(__name__)

@ -248,30 +246,6 @@ def _validate_signer(config, user_obj, _):
  engine.detached_sign(StringIO('test string'))


-def _validate_security_scanner(config, user_obj, _):
-  """ Validates the configuration for talking to a Quay Security Scanner. """
-  client = app.config['HTTPCLIENT']
-  api = SecurityScannerAPI(app, config, None, client=client, skip_validation=True)
-
-  if not config.get('TESTING', False):
-    # Generate a temporary Quay key to use for signing the outgoing requests.
-    setup_jwt_proxy()
-
-  # We have to wait for JWT proxy to restart with the newly generated key.
-  max_tries = 5
-  response = None
-  while max_tries > 0:
-    response = api.ping()
-    if response.status_code == 200:
-      return
-
-    time.sleep(1)
-    max_tries = max_tries - 1
-
-  message = 'Expected 200 status code, got %s: %s' % (response.status_code, response.text)
-  raise ConfigValidationException('Could not ping security scanner: %s' % message)
-
-
 def _validate_bittorrent(config, user_obj, _):
  """ Validates the configuration for using BitTorrent for downloads. """
  announce_url = config.get('BITTORRENT_ANNOUNCE_URL')
@ -328,6 +302,6 @@ VALIDATORS = {
  JWTAuthValidator.name: JWTAuthValidator.validate,
  KeystoneValidator.name: KeystoneValidator.validate,
  'signer': _validate_signer,
-  'security-scanner': _validate_security_scanner,
+  SecurityScannerValidator.name: SecurityScannerValidator.validate,
  'bittorrent': _validate_bittorrent,
 }