Update quay sec code to fix problems identified in previous review
- Change get_repository_images_recursive to operate over a single docker image and storage uuid - Move endpoints/sec to endpoints/secscan - Change notification system to work with new Quay-sec format Fixes #768
This commit is contained in:
Joseph Schorr
parent
16c364a90c
commit
a69c9e12fd
7 changed files with 146 additions and 79 deletions
|
|
@ -12,18 +12,23 @@ from data.database import (Image, Repository, ImageStoragePlacement, Namespace,
|
|||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def get_repository_images_recursive(docker_image_ids):
|
||||
""" Returns a query matching the given docker image IDs, along with any which have the image IDs
|
||||
as parents.
|
||||
|
||||
Note: This is a DB intensive operation and should be used sparingly.
|
||||
def get_repository_image_and_deriving(docker_image_id, storage_uuid):
|
||||
""" Returns all matching images with the given docker image ID and storage uuid, along with any
|
||||
images which have the image ID as parents.
|
||||
"""
|
||||
# TODO: test this on MySQL and Postgres
|
||||
inner_images = Image.select(SQL('"%/" || id || "/%"')).where(Image.docker_image_id << docker_image_ids)
|
||||
try:
|
||||
image_found = (Image
|
||||
.select()
|
||||
.join(ImageStorage)
|
||||
.where(Image.docker_image_id == docker_image_id,
|
||||
ImageStorage.uuid == storage_uuid)
|
||||
.get())
|
||||
except Image.DoesNotExist:
|
||||
return Image.select().where(Image.id < 0) # Empty query
|
||||
|
||||
images = Image.select(Image.id).where(Image.docker_image_id << docker_image_ids)
|
||||
recursive_images = Image.select(Image.id).where(Image.ancestors ** inner_images)
|
||||
return recursive_images | images
|
||||
ancestors_pattern = '%s%s/%%' % (image_found.ancestors, image_found.id)
|
||||
return Image.select().where((Image.ancestors ** ancestors_pattern) |
|
||||
(Image.id == image_found.id))
|
||||
|
||||
|
||||
def get_parent_images(namespace_name, repository_name, image_obj):
|
||||
|
|
|
|||
|
|
@ -12,14 +12,17 @@ def _tag_alive(query, now_ts=None):
|
|||
(RepositoryTag.lifetime_end_ts > now_ts))
|
||||
|
||||
|
||||
def get_matching_tags(docker_image_ids, *args):
|
||||
""" Returns a query pointing to all tags that contain the given image(s). """
|
||||
def get_matching_tags(docker_image_id, storage_uuid, *args):
|
||||
""" Returns a query pointing to all tags that contain the image with the
|
||||
given docker_image_id and storage_uuid. """
|
||||
image_query = image.get_repository_image_and_deriving(docker_image_id, storage_uuid)
|
||||
|
||||
return (RepositoryTag
|
||||
.select(*args)
|
||||
.distinct()
|
||||
.join(Image)
|
||||
.where(Image.id << image.get_repository_images_recursive(docker_image_ids),
|
||||
RepositoryTag.lifetime_end_ts >> None))
|
||||
.join(ImageStorage)
|
||||
.where(Image.id << image_query, RepositoryTag.lifetime_end_ts >> None))
|
||||
|
||||
|
||||
def list_repository_tags(namespace_name, repository_name, include_hidden=False,
|
||||
|
|
|
|||
Reference in a new issue