Pull out security scanner validation into validator class

2017-02-09 17:28:39 -08:00 · 2017-02-09 17:28:39 -08:00 · 3db4c15459
commit 3db4c15459
parent c0f7530b29
5 changed files with 168 additions and 29 deletions
--- a/util/config/validators/validate_secscan.py
+++ b/util/config/validators/validate_secscan.py
@ -0,0 +1,36 @@
+import time
+
+from app import app
+from boot import setup_jwt_proxy
+from util.secscan.api import SecurityScannerAPI
+from util.config.validators import BaseValidator, ConfigValidationException
+
+class SecurityScannerValidator(BaseValidator):
+  name = "security-scanner"
+
+  @classmethod
+  def validate(cls, config, user, user_password):
+    """ Validates the configuration for talking to a Quay Security Scanner. """
+    if not config.get('FEATURE_SECURITY_SCANNER', False):
+      return
+
+    client = app.config['HTTPCLIENT']
+    api = SecurityScannerAPI(app, config, None, client=client, skip_validation=True)
+
+    if not config.get('TESTING', False):
+      # Generate a temporary Quay key to use for signing the outgoing requests.
+      setup_jwt_proxy()
+
+    # We have to wait for JWT proxy to restart with the newly generated key.
+    max_tries = 5
+    response = None
+    while max_tries > 0:
+      response = api.ping()
+      if response.status_code == 200:
+        return
+
+      time.sleep(1)
+      max_tries = max_tries - 1
+
+    message = 'Expected 200 status code, got %s: %s' % (response.status_code, response.text)
+    raise ConfigValidationException('Could not ping security scanner: %s' % message)