Change secscan API endpoints to use new registry model interface

2018-08-23 16:36:04 -04:00 · 2018-08-23 16:36:04 -04:00 · 46edebe6b0
commit 46edebe6b0
parent dcaa98a428
6 changed files with 81 additions and 37 deletions
--- a/endpoints/api/secscan.py
+++ b/endpoints/api/secscan.py
@ -4,7 +4,8 @@ import logging
 import features

 from app import secscan_api
-from data import model
+from data.registry_model import registry_model
+from data.registry_model.datatypes import SecurityScanStatus
 from endpoints.api import (require_repo_read, path_param,
                           RepositoryParamResource, resource, nickname, show_if, parse_args,
                           query_param, truthy_bool, disallow_for_app_repositories)
@ -15,37 +16,24 @@ from util.secscan.api import APIRequestFailure

 logger = logging.getLogger(__name__)

-
-class SCAN_STATUS(object):
-  """ Security scan status enum """
-  SCANNED = 'scanned'
-  FAILED = 'failed'
-  QUEUED = 'queued'
-
-
-def _get_status(repo_image):
-  """ Returns the SCAN_STATUS value for the given image. """
-  if repo_image.security_indexed_engine is not None and repo_image.security_indexed_engine >= 0:
-    return SCAN_STATUS.SCANNED if repo_image.security_indexed else SCAN_STATUS.FAILED
-
-  return SCAN_STATUS.QUEUED
-
-def _security_status_for_image(namespace, repository, repo_image, include_vulnerabilities=True):
+def _security_info(manifest_or_legacy_image, include_vulnerabilities=True):
  """ Returns a dict representing the result of a call to the security status API for the given
-      image.
+      manifest or image.
  """
-  if not repo_image.security_indexed:
-    logger.debug('Image %s under repository %s/%s not security indexed',
-                 repo_image.docker_image_id, namespace, repository)
+  status = registry_model.get_security_status(manifest_or_legacy_image)
+  if status is None:
+    raise NotFound()
+
+  if status != SecurityScanStatus.SCANNED:
    return {
-      'status': _get_status(repo_image),
+      'status': status.value,
    }

  try:
    if include_vulnerabilities:
-      data = secscan_api.get_layer_data(repo_image, include_vulnerabilities=True)
+      data = secscan_api.get_layer_data(manifest_or_legacy_image, include_vulnerabilities=True)
    else:
-      data = secscan_api.get_layer_data(repo_image, include_features=True)
+      data = secscan_api.get_layer_data(manifest_or_legacy_image, include_features=True)
  except APIRequestFailure as arf:
    raise DownstreamIssue(arf.message)

@ -53,7 +41,7 @@ def _security_status_for_image(namespace, repository, repo_image, include_vulner
    raise NotFound()

  return {
-    'status': _get_status(repo_image),
+    'status': status.value,
    'data': data,
  }

@ -73,12 +61,16 @@ class RepositoryImageSecurity(RepositoryParamResource):
               default=False)
  def get(self, namespace, repository, imageid, parsed_args):
    """ Fetches the features and vulnerabilities (if any) for a repository image. """
-    repo_image = model.image.get_repo_image(namespace, repository, imageid)
-    if repo_image is None:
+    repo_ref = registry_model.lookup_repository(namespace, repository)
+    if repo_ref is None:
      raise NotFound()

-    return _security_status_for_image(namespace, repository, repo_image,
-                                      parsed_args.vulnerabilities)
+    legacy_image = registry_model.get_legacy_image(repo_ref, imageid)
+    if legacy_image is None:
+      raise NotFound()
+
+    return _security_info(legacy_image, parsed_args.vulnerabilities)
+

@resource(MANIFEST_DIGEST_ROUTE + '/security')
@show_if(features.SECURITY_SCANNER)
@ -94,12 +86,12 @@ class RepositoryManifestSecurity(RepositoryParamResource):
  @query_param('vulnerabilities', 'Include vulnerabilities informations', type=truthy_bool,
               default=False)
  def get(self, namespace, repository, manifestref, parsed_args):
-    try:
-      tag_manifest = model.tag.load_manifest_by_digest(namespace, repository, manifestref)
-    except model.DataModelException:
+    repo_ref = registry_model.lookup_repository(namespace, repository)
+    if repo_ref is None:
      raise NotFound()

-    repo_image = tag_manifest.tag.image
+    manifest = registry_model.lookup_manifest_by_digest(repo_ref, manifestref, allow_dead=True)
+    if manifest is None:
+      raise NotFound()

-    return _security_status_for_image(namespace, repository, repo_image,
-                                      parsed_args.vulnerabilities)
+    return _security_info(manifest, parsed_args.vulnerabilities)