find work based on tag IDs rather than image IDs

2017-03-06 16:11:17 -05:00 · 2017-03-06 16:11:17 -05:00 · 40636d4103
commit 40636d4103
parent 2cead05f53
2 changed files with 26 additions and 7 deletions
--- a/data/model/tag.py
+++ b/data/model/tag.py
@ -2,7 +2,7 @@ import logging

 from uuid import uuid4

-from peewee import IntegrityError, JOIN_LEFT_OUTER
+from peewee import IntegrityError, JOIN_LEFT_OUTER, fn
 from data.model import (image, db_transaction, DataModelException, _basequery,
                        InvalidManifestException, TagAlreadyCreatedException, StaleTagException)
 from data.database import (RepositoryTag, Repository, Image, ImageStorage, Namespace, TagManifest,
@ -13,13 +13,32 @@ from data.database import (RepositoryTag, Repository, Image, ImageStorage, Names
 logger = logging.getLogger(__name__)


+def get_max_id_for_sec_scan():
+  """ Gets the maximum id for security scanning """
+  return RepositoryTag.select(fn.Max(RepositoryTag.id)).scalar()
+
+
+def get_min_id_for_sec_scan(version):
+  """ Gets the minimum id for a security scanning """
+  return (RepositoryTag
+          .select(fn.Min(RepositoryTag.id))
+          .join(Image)
+          .where(Image.security_indexed_engine < version)
+          .scalar())
+
+
+def get_tag_pk_field():
+  """ Returns the primary key for Image DB model """
+  return RepositoryTag.id
+
+
 def get_tags_images_eligible_for_scan(clair_version):
  Parent = Image.alias()
  ParentImageStorage = ImageStorage.alias()

-  return _tag_alive(Image
+  return _tag_alive(RepositoryTag
                    .select(Image, ImageStorage, Parent, ParentImageStorage, RepositoryTag)
-                    .join(RepositoryTag, on=(RepositoryTag.image == Image.id))
+                    .join(Image, on=(RepositoryTag.image == Image.id))
                    .join(ImageStorage, on=(Image.storage == ImageStorage.id))
                    .switch(Image)
                    .join(Parent, JOIN_LEFT_OUTER, on=(Image.parent == Parent.id))
--- a/workers/securityworker.py
+++ b/workers/securityworker.py
@ -6,8 +6,8 @@ import features
 from app import app, secscan_api, prometheus
 from workers.worker import Worker
 from data.database import UseThenDisconnect
-from data.model.image import get_max_id_for_sec_scan, get_min_id_for_sec_scan, get_image_id
-from data.model.tag import get_tags_images_eligible_for_scan
+from data.model.tag import (get_tags_images_eligible_for_scan, get_tag_pk_field,
+                            get_max_id_for_sec_scan, get_min_id_for_sec_scan)
 from util.secscan.api import SecurityConfigValidator
 from util.secscan.analyzer import LayerAnalyzer, PreemptedException
 from util.migrate.allocator import yield_random_entries
@ -56,14 +56,14 @@ class SecurityWorker(Worker):
    with UseThenDisconnect(app.config):
      to_scan_generator = yield_random_entries(
        batch_query,
-        get_image_id(),
+        get_tag_pk_field(),
        BATCH_SIZE,
        max_id,
        self._min_id,
      )
      for candidate, abt, num_remaining in to_scan_generator:
        try:
-          self._analyzer.analyze_recursively(candidate)
+          self._analyzer.analyze_recursively(candidate.image)
        except PreemptedException:
          logger.info('Another worker pre-empted us for layer: %s', candidate.id)
          abt.set()