From 4bd5996bbf1f5244f26dd389c2c670575c5cca09 Mon Sep 17 00:00:00 2001 From: Quentin Machu Date: Wed, 17 Feb 2016 14:48:50 -0500 Subject: [PATCH] Adapt secscan API for Clair v1.0 Squash /vulnerabilities and /packages as it basically does the same action on Clair and we don't need both for Quay --- endpoints/api/secscan.py | 52 ++++++++++------------------------------ 1 file changed, 12 insertions(+), 40 deletions(-) diff --git a/endpoints/api/secscan.py b/endpoints/api/secscan.py index 91a5ee891..146227a76 100644 --- a/endpoints/api/secscan.py +++ b/endpoints/api/secscan.py @@ -1,4 +1,4 @@ -""" List and manage repository vulnerabilities and other sec information. """ +""" List and manage repository vulnerabilities and other security information. """ import logging import features @@ -9,7 +9,7 @@ from app import secscan_api from data import model from endpoints.api import (require_repo_read, NotFound, DownstreamIssue, path_param, RepositoryParamResource, resource, nickname, show_if, parse_args, - query_param) + query_param, truthy_bool) logger = logging.getLogger(__name__) @@ -54,19 +54,19 @@ def _get_status(repo_image): @show_if(features.SECURITY_SCANNER) -@resource('/v1/repository//image//vulnerabilities') +@resource('/v1/repository//image//security') @path_param('repository', 'The full path of the repository. e.g. namespace/name') @path_param('imageid', 'The image ID') -class RepositoryImageVulnerabilities(RepositoryParamResource): +class RepositoryImageSecurity(RepositoryParamResource): """ Operations for managing the vulnerabilities in a repository image. """ @require_repo_read - @nickname('getRepoImageVulnerabilities') + @nickname('getRepoImageSecurity') @parse_args() - @query_param('minimumPriority', 'Minimum vulnerability priority', type=str, - default='Low') + @query_param('vulnerabilities', 'Include vulnerabilities informations', type=truthy_bool, + default=False) def get(self, namespace, repository, imageid, parsed_args): - """ Fetches the vulnerabilities (if any) for a repository tag. """ + """ Fetches the features and vulnerabilities (if any) for a repository tag. """ repo_image = model.image.get_repo_image(namespace, repository, imageid) if repo_image is None: raise NotFound() @@ -79,40 +79,12 @@ class RepositoryImageVulnerabilities(RepositoryParamResource): } layer_id = '%s.%s' % (repo_image.docker_image_id, repo_image.storage.uuid) - data = _call_security_api('layers/%s/vulnerabilities', layer_id, - minimumPriority=parsed_args.minimumPriority) + if parsed_args.vulnerabilities: + data = _call_security_api('layers/%s?vulnerabilities', layer_id) + else: + data = _call_security_api('layers/%s?features', layer_id) return { 'status': _get_status(repo_image), 'data': data, } - - -@show_if(features.SECURITY_SCANNER) -@resource('/v1/repository//image//packages') -@path_param('repository', 'The full path of the repository. e.g. namespace/name') -@path_param('imageid', 'The image ID') -class RepositoryImagePackages(RepositoryParamResource): - """ Operations for listing the packages added/removed in an image. """ - - @require_repo_read - @nickname('getRepoImagePackages') - def get(self, namespace, repository, imageid): - """ Fetches the packages added/removed in the given repo image. """ - repo_image = model.image.get_repo_image(namespace, repository, imageid) - if repo_image is None: - raise NotFound() - - if not repo_image.security_indexed: - return { - 'status': _get_status(repo_image), - } - - layer_id = '%s.%s' % (repo_image.docker_image_id, repo_image.storage.uuid) - data = _call_security_api('layers/%s/packages', layer_id) - - return { - 'status': _get_status(repo_image), - 'data': data, - } -