Adapt secscan API for Clair v1.0

Squash /vulnerabilities and /packages as it basically does the same action on Clair and we don't need both for Quay
2016-02-17 14:48:50 -05:00 · 2016-02-17 14:48:50 -05:00 · 4bd5996bbf
commit 4bd5996bbf
parent e5da33578c
1 changed files with 12 additions and 40 deletions
--- a/endpoints/api/secscan.py
+++ b/endpoints/api/secscan.py
@ -1,4 +1,4 @@
-""" List and manage repository vulnerabilities and other sec information. """
+""" List and manage repository vulnerabilities and other security information. """
 import logging
 import features
@ -9,7 +9,7 @@ from app import secscan_api
 from data import model
 from endpoints.api import (require_repo_read, NotFound, DownstreamIssue, path_param,
                           RepositoryParamResource, resource, nickname, show_if, parse_args,
-                           query_param)
+                           query_param, truthy_bool)
 logger = logging.getLogger(__name__)
@ -54,19 +54,19 @@ def _get_status(repo_image):
@show_if(features.SECURITY_SCANNER)
-@resource('/v1/repository/<apirepopath:repository>/image/<imageid>/vulnerabilities')
+@resource('/v1/repository/<apirepopath:repository>/image/<imageid>/security')
@path_param('repository', 'The full path of the repository. e.g. namespace/name')
@path_param('imageid', 'The image ID')
-class RepositoryImageVulnerabilities(RepositoryParamResource):
+class RepositoryImageSecurity(RepositoryParamResource):
  """ Operations for managing the vulnerabilities in a repository image. """
  @require_repo_read
-  @nickname('getRepoImageVulnerabilities')
+  @nickname('getRepoImageSecurity')
  @parse_args()
-  @query_param('minimumPriority', 'Minimum vulnerability priority', type=str,
+  @query_param('vulnerabilities', 'Include vulnerabilities informations', type=truthy_bool,
-               default='Low')
+               default=False)
  def get(self, namespace, repository, imageid, parsed_args):
-    """ Fetches the vulnerabilities (if any) for a repository tag. """
+    """ Fetches the features and vulnerabilities (if any) for a repository tag. """
    repo_image = model.image.get_repo_image(namespace, repository, imageid)
    if repo_image is None:
      raise NotFound()
@ -79,40 +79,12 @@ class RepositoryImageVulnerabilities(RepositoryParamResource):
      }
    layer_id = '%s.%s' % (repo_image.docker_image_id, repo_image.storage.uuid)
-    data = _call_security_api('layers/%s/vulnerabilities', layer_id,
+    if parsed_args.vulnerabilities:
-                              minimumPriority=parsed_args.minimumPriority)
+      data = _call_security_api('layers/%s?vulnerabilities', layer_id)
    else:
      data = _call_security_api('layers/%s?features', layer_id)
    return {
      'status': _get_status(repo_image),
      'data': data,
    }
@show_if(features.SECURITY_SCANNER)
@resource('/v1/repository/<apirepopath:repository>/image/<imageid>/packages')
@path_param('repository', 'The full path of the repository. e.g. namespace/name')
@path_param('imageid', 'The image ID')
 class RepositoryImagePackages(RepositoryParamResource):
  """ Operations for listing the packages added/removed in an image. """
  @require_repo_read
  @nickname('getRepoImagePackages')
  def get(self, namespace, repository, imageid):
    """ Fetches the packages added/removed in the given repo image. """
    repo_image = model.image.get_repo_image(namespace, repository, imageid)
    if repo_image is None:
      raise NotFound()
    if not repo_image.security_indexed:
      return {
        'status': _get_status(repo_image),
      }
    layer_id = '%s.%s' % (repo_image.docker_image_id, repo_image.storage.uuid)
    data = _call_security_api('layers/%s/packages', layer_id)
    return {
      'status': _get_status(repo_image),
      'data': data,
    }