vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

workers.securityworker: find eligible tag images

Browse source
This commit is contained in:
Jimmy Zelinskie 2017-03-06 14:36:53 -05:00
parent 16ccc946f3
commit 904b902295
2 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
data/model/tag.py
View file

@ -2,7 +2,7 @@ import logging
from uuid import uuid4 from uuid import uuid4
from peewee import IntegrityError from peewee import IntegrityError, JOIN_LEFT_OUTER
from data.model import (image, db_transaction, DataModelException, _basequery, from data.model import (image, db_transaction, DataModelException, _basequery,
InvalidManifestException, TagAlreadyCreatedException, StaleTagException) InvalidManifestException, TagAlreadyCreatedException, StaleTagException)
from data.database import (RepositoryTag, Repository, Image, ImageStorage, Namespace, TagManifest, from data.database import (RepositoryTag, Repository, Image, ImageStorage, Namespace, TagManifest,
@ -13,6 +13,20 @@ from data.database import (RepositoryTag, Repository, Image, ImageStorage, Names
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
def get_tags_images_eligible_for_scan(clair_version):
Parent = Image.alias()
ParentImageStorage = ImageStorage.alias()
return _tag_alive(Image
.select(Image, ImageStorage, Parent, ParentImageStorage, RepositoryTag)
.join(RepositoryTag, on=(RepositoryTag.image == Image.id))
.join(ImageStorage, on=(Image.storage == ImageStorage.id))
.switch(Image)
.join(Parent, JOIN_LEFT_OUTER, on=(Image.parent == Parent.id))
.join(ParentImageStorage, JOIN_LEFT_OUTER, on=(ParentImageStorage.id == Parent.storage))
.where(Image.security_indexed_engine < clair_version))
def _tag_alive(query, now_ts=None): def _tag_alive(query, now_ts=None):
if now_ts is None: if now_ts is None:
now_ts = get_epoch_timestamp() now_ts = get_epoch_timestamp()

6
workers/securityworker.py
View file

@ -6,8 +6,8 @@ import features
from app import app, secscan_api, prometheus from app import app, secscan_api, prometheus
from workers.worker import Worker from workers.worker import Worker
from data.database import UseThenDisconnect from data.database import UseThenDisconnect
from data.model.image import (get_images_eligible_for_scan, get_max_id_for_sec_scan, from data.model.image import get_max_id_for_sec_scan, get_min_id_for_sec_scan, get_image_id
get_min_id_for_sec_scan, get_image_id) from data.model.tag import get_tags_images_eligible_for_scan
from util.secscan.api import SecurityConfigValidator from util.secscan.api import SecurityConfigValidator
from util.secscan.analyzer import LayerAnalyzer, PreemptedException from util.secscan.analyzer import LayerAnalyzer, PreemptedException
from util.migrate.allocator import yield_random_entries from util.migrate.allocator import yield_random_entries
@ -43,7 +43,7 @@ class SecurityWorker(Worker):
def _index_images(self): def _index_images(self):
def batch_query(): def batch_query():
return get_images_eligible_for_scan(self._target_version) return get_tags_images_eligible_for_scan(self._target_version)
# Get the ID of the last image we can analyze. Will be None if there are no images in the # Get the ID of the last image we can analyze. Will be None if there are no images in the
# database. # database.