Merge pull request #1275 from Quentin-M/min_id_once
Compute min_id only once during securityworker's lifetime
This commit is contained in:
Quentin Machu
commit
5b7d6b0638
1 changed files with 12 additions and 5 deletions
|
|
@ -28,6 +28,12 @@ class SecurityWorker(Worker):
|
|||
self._target_version = secscan_config['ENGINE_VERSION_TARGET']
|
||||
self._analyzer = LayerAnalyzer(app.config, secscan_api)
|
||||
|
||||
# Get the ID of the first image we want to analyze.
|
||||
self._min_id = (Image
|
||||
.select(fn.Min(Image.id))
|
||||
.where(Image.security_indexed_engine < self._target_version)
|
||||
.scalar())
|
||||
|
||||
self.add_operation(self._index_images, INDEXING_INTERVAL)
|
||||
else:
|
||||
logger.warning('Failed to validate security scan configuration')
|
||||
|
|
@ -37,19 +43,20 @@ class SecurityWorker(Worker):
|
|||
base_query = get_image_with_storage_and_parent_base()
|
||||
return base_query.where(Image.security_indexed_engine < self._target_version)
|
||||
|
||||
min_id = (Image
|
||||
.select(fn.Min(Image.id))
|
||||
.where(Image.security_indexed_engine < self._target_version)
|
||||
.scalar())
|
||||
# Get the ID of the last image we can analyze.
|
||||
max_id = Image.select(fn.Max(Image.id)).scalar()
|
||||
|
||||
with UseThenDisconnect(app.config):
|
||||
for candidate, abt in yield_random_entries(batch_query, Image.id, BATCH_SIZE, max_id, min_id):
|
||||
for candidate, abt in yield_random_entries(batch_query, Image.id, BATCH_SIZE, max_id,
|
||||
self._min_id):
|
||||
_, continue_batch = self._analyzer.analyze_recursively(candidate)
|
||||
if not continue_batch:
|
||||
logger.info('Another worker pre-empted us for layer: %s', candidate.id)
|
||||
abt.set()
|
||||
|
||||
# If we reach this point, we analyzed every images up to max_id, next time the worker runs,
|
||||
# we want to start from the next image.
|
||||
self._min_id = max_id + 1
|
||||
|
||||
if __name__ == '__main__':
|
||||
if not features.SECURITY_SCANNER:
|
||||
|
|
|
|||
Reference in a new issue