rename secscan_endpoint and move db close to API

2015-11-10 15:01:33 -05:00 · 2015-11-10 15:01:33 -05:00 · 8e2868737b
commit 8e2868737b
parent 270010105d
6 changed files with 33 additions and 30 deletions
--- a/workers/security_notification_worker.py
+++ b/workers/security_notification_worker.py
@ -6,10 +6,10 @@ from collections import defaultdict

 import features

-from app import app, secscan_notification_queue, secscan_endpoint
+from app import secscan_notification_queue, secscan_api
 from data import model
 from data.database import (Image, ImageStorage, ExternalNotificationEvent,
-                           Repository, RepositoryNotification, RepositoryTag, CloseForLongOperation)
+                           Repository, RepositoryNotification, RepositoryTag)
 from endpoints.notificationhelper import spawn_notification
 from workers.queueworker import QueueWorker

@ -42,11 +42,11 @@ class SecurityNotificationWorker(QueueWorker):
                                         Repository, Image, ImageStorage)

      # Additionally filter to tags only in repositories that have the event setup.
-      matching = (tags
-                  .switch(RepositoryTag)
-                  .join(Repository)
-                  .join(RepositoryNotification)
-                  .where(RepositoryNotification.event == event))
+      matching = list(tags
+                      .switch(RepositoryTag)
+                      .join(Repository)
+                      .join(RepositoryNotification)
+                      .where(RepositoryNotification.event == event))

      check_map = {}
      for tag in matching:
@ -55,9 +55,8 @@ class SecurityNotificationWorker(QueueWorker):
        logger.debug('Checking if layer %s is vulnerable to %s', tag_layer_id, cve_id)

        if not tag_layer_id in check_map:
-          with CloseForLongOperation(app.config):
-            is_vulerable = secscan_endpoint.check_layer_vulnerable(tag_layer_id, cve_id)
-            check_map[tag_layer_id] = is_vulerable
+          is_vulerable = secscan_api.check_layer_vulnerable(tag_layer_id, cve_id)
+          check_map[tag_layer_id] = is_vulerable

        logger.debug('Result of layer %s is vulnerable to %s check: %s', tag_layer_id, cve_id,
                     check_map[tag_layer_id])
@ -80,8 +79,6 @@ class SecurityNotificationWorker(QueueWorker):
        },
      }

-      # TODO(jschorr): only add this notification if the repository's event(s) defined meet
-      # the priority minimum.
      spawn_notification(repository_map[repository_id], 'vulnerability_found', event_data)


--- a/workers/securityworker.py
+++ b/workers/securityworker.py
@ -12,7 +12,7 @@ from endpoints.notificationhelper import spawn_notification
 from collections import defaultdict
 from sys import exc_info
 from peewee import JOIN_LEFT_OUTER
-from app import app, storage, OVERRIDE_CONFIG_DIRECTORY, secscan_endpoint
+from app import app, storage, OVERRIDE_CONFIG_DIRECTORY, secscan_api
 from workers.worker import Worker
 from data.database import (Image, ImageStorage, ImageStorageLocation, ImageStoragePlacement,
                           db_random_func, UseThenDisconnect, RepositoryTag, Repository,
@ -256,7 +256,7 @@ class SecurityWorker(Worker):
          # callback code, etc.
          try:
            logger.debug('Loading vulnerabilities for layer %s', img['image_id'])
-            response = secscan_endpoint.call_api('layers/%s/vulnerabilities', request['ID'])
+            response = secscan_api.call('layers/%s/vulnerabilities', request['ID'])
          except requests.exceptions.Timeout:
            logger.debug('Timeout when calling Sec')
            continue