securityscanner: add a min image id option

This will enable us to force some instances of the securityworker to
scan only new images.
This commit is contained in:
Jimmy Zelinskie 2017-03-03 13:55:25 -05:00
parent aa2f88d321
commit 4ed0cdda14
4 changed files with 12 additions and 6 deletions

View file

@ -313,6 +313,9 @@ class DefaultConfig(object):
# The number of seconds between indexing intervals in the security scanner
SECURITY_SCANNER_INDEXING_INTERVAL = 30
# If specified, the security scanner will only index images newer than the provided ID.
SECURITY_SCANNER_INDEXING_MIN_ID = None
# If specified, the endpoint to be used for all POST calls to the security scanner.
SECURITY_SCANNER_ENDPOINT_BATCH = None

View file

@ -495,10 +495,13 @@ def get_image_id():
return Image.id
def get_images_eligible_for_scan(clair_version):
def get_images_eligible_for_scan(clair_version, min_id=None):
""" Returns a query that gives all images eligible for a clair scan """
return (get_image_with_storage_and_parent_base()
.where(Image.security_indexed_engine < clair_version))
query = (get_image_with_storage_and_parent_base()
.where(Image.security_indexed_engine < clair_version))
if min_id is not None:
query = query.where(Image.id >= min_id)
return query
def get_image_with_storage_and_parent_base():

View file

@ -589,11 +589,11 @@ class TestSecurityScanner(unittest.TestCase):
# Ensure no images are available for scanning.
self.assertIsNone(model.image.get_min_id_for_sec_scan(expected_version))
self.assertTrue(len(model.image.get_images_eligible_for_scan(expected_version)) == 0)
self.assertTrue(len(model.image.get_images_eligible_for_scan(expected_version, None)) == 0)
# Check for a higher version.
self.assertIsNotNone(model.image.get_min_id_for_sec_scan(expected_version + 1))
self.assertTrue(len(model.image.get_images_eligible_for_scan(expected_version + 1)) > 0)
self.assertTrue(len(model.image.get_images_eligible_for_scan(expected_version + 1, None)) > 0)
def test_notification_worker(self):
layer1 = model.tag.get_tag_image(ADMIN_ACCESS_USER, SIMPLE_REPO, 'latest', include_storage=True)

View file

@ -42,7 +42,7 @@ class SecurityWorker(Worker):
def _index_images(self):
def batch_query():
return get_images_eligible_for_scan(self._target_version)
return get_images_eligible_for_scan(self._target_version, app.config.get('SECURITY_SCANNER_INDEXING_MIN_ID', None))
# Get the ID of the last image we can analyze. Will be None if there are no images in the
# database.