Merge pull request #3120 from quay/joseph.schorr/QUAY-989/ip-api-key

Fix the IP data lookup to take in an API key

config.py

@@ -519,6 +519,9 @@ class DefaultConfig(ImmutableConfig):
   # creator IP is deemed a threat.
   THREAT_NAMESPACE_MAXIMUM_BUILD_COUNT = None
 
+  # The API Key to use when requesting IP information.
+  IP_DATA_API_KEY = None
+
   # For Billing Support Only: The number of allowed builds on a namespace that has been billed
   # successfully.
   BILLED_NAMESPACE_MAXIMUM_BUILD_COUNT = None

util/config/schema.py

@@ -74,6 +74,7 @@ INTERNAL_ONLY_PROPERTIES = {
 
   'BILLED_NAMESPACE_MAXIMUM_BUILD_COUNT',
   'THREAT_NAMESPACE_MAXIMUM_BUILD_COUNT',
+  'IP_DATA_API_KEY',
 
   'SECURITY_SCANNER_ENDPOINT_BATCH',
   'SECURITY_SCANNER_API_TIMEOUT_SECONDS',

util/ipresolver/__init__.py

@@ -68,18 +68,24 @@ class IPResolver(IPResolverInterface):
     if self.app.config.get('THREAT_NAMESPACE_MAXIMUM_BUILD_COUNT') is None:
       return False
 
+    if self.app.config.get('IP_DATA_API_KEY') is None:
+      return False
+
     if not ip_address:
       return False
 
+    api_key = self.app.config['IP_DATA_API_KEY']
+
     try:
       logger.debug('Requesting IP data for IP %s', ip_address)
-      r = requests.get('https://api.ipdata.co/%s/en' % ip_address, timeout=1)
+      r = requests.get('https://api.ipdata.co/%s/threat?api-key=%s' % (ip_address, api_key),
+                       timeout=1)
       if r.status_code != 200:
         logger.debug('Got non-200 response for IP %s: %s', ip_address, r.status_code)
         return False
 
       logger.debug('Got IP data for IP %s: %s => %s', ip_address, r.status_code, r.json())
-      threat_data = r.json().get('threat', {})
+      threat_data = r.json()
       return threat_data.get('is_threat', False) or threat_data.get('is_bogon', False)
     except requests.RequestException:
       logger.exception('Got exception when trying to lookup IP Address')