Fix deleting repos when sec scan or signing is disabled

Make sure we don't invoke the APIs to non-existent endpoints

util/secscan/api.py

@@ -1,5 +1,7 @@
 import logging
 
+from abc import ABCMeta, abstractmethod
+from six import add_metaclass
 from urlparse import urljoin
 
 import requests
@@ -9,11 +11,12 @@ from flask import url_for
 from data.database import CloseForLongOperation
 from data import model
 from data.model.storage import get_storage_locations
+from util import get_app_url
+from util.abchelpers import nooper
 from util.failover import failover, FailoverException
 from util.secscan.validator import SecurityConfigValidator
 from util.security.instancekeys import InstanceKeys
 from util.security.registry_jwt import generate_bearer_token, build_context_and_subject
-from util import get_app_url
 
 
 TOKEN_VALIDITY_LIFETIME_S = 60  # Amount of time the security scanner has to call the layer URL
@@ -64,14 +67,88 @@ def compute_layer_id(layer):
 
 
 class SecurityScannerAPI(object):
-  """ Helper class for talking to the Security Scan service (Clair). """
+  """ Helper class for talking to the Security Scan service (usually Clair). """
   def __init__(self, app, config, storage, client=None, skip_validation=False):
-    if not skip_validation:
-      config_validator = SecurityConfigValidator(config)
-      if not config_validator.valid():
-        logger.warning('Invalid config provided to SecurityScannerAPI')
-        return
+    feature_enabled = config.get('FEATURE_SECURITY_SCANNER', False)
+    has_valid_config = skip_validation
 
+    if not skip_validation and feature_enabled:
+      config_validator = SecurityConfigValidator(config)
+      has_valid_config = config_validator.valid()
+
+    if feature_enabled and has_valid_config:
+      self.state = ImplementedSecurityScannerAPI(app, config, storage, client=client)
+    else:
+      self.state = NoopSecurityScannerAPI()
+
+  def __getattr__(self, name):
+    return getattr(self.state, name, None)
+
+
+@add_metaclass(ABCMeta)
+class SecurityScannerAPIInterface(object):
+  """ Helper class for talking to the Security Scan service (usually Clair). """
+  @abstractmethod
+  def cleanup_layers(self, layers):
+    """ Callback invoked by garbage collection to cleanup any layers that no longer
+        need to be stored in the security scanner.
+    """
+    pass
+
+  @abstractmethod
+  def ping(self):
+    """ Calls GET on the metrics endpoint of the security scanner to ensure it is running
+        and properly configured. Returns the HTTP response.
+    """
+    pass
+
+  @abstractmethod
+  def delete_layer(self, layer):
+    """ Calls DELETE on the given layer in the security scanner, removing it from
+        its database.
+    """
+    pass
+
+  @abstractmethod
+  def analyze_layer(self, layer):
+    """ Posts the given layer to the security scanner for analysis, blocking until complete.
+        Returns the analysis version on success or raises an exception deriving from
+        AnalyzeLayerException on failure. Callers should handle all cases of AnalyzeLayerException.
+    """
+    pass
+
+  @abstractmethod
+  def check_layer_vulnerable(self, layer_id, cve_name):
+    """ Checks to see if the layer with the given ID is vulnerable to the specified CVE. """
+    pass
+
+  @abstractmethod
+  def get_notification(self, notification_name, layer_limit=100, page=None):
+    """ Gets the data for a specific notification, with optional page token.
+        Returns a tuple of the data (None on failure) and whether to retry.
+    """
+    pass
+
+  @abstractmethod
+  def mark_notification_read(self, notification_name):
+    """ Marks a security scanner notification as read. """
+    pass
+
+  @abstractmethod
+  def get_layer_data(self, layer, include_features=False, include_vulnerabilities=False):
+    """ Returns the layer data for the specified layer. On error, returns None. """
+    pass
+
+
+@nooper
+class NoopSecurityScannerAPI(SecurityScannerAPIInterface):
+  """ No-op version of the security scanner API. """
+  pass
+
+
+class ImplementedSecurityScannerAPI(SecurityScannerAPIInterface):
+  """ Helper class for talking to the Security Scan service (Clair). """
+  def __init__(self, app, config, storage, client=None):
     self._app = app
     self._config = config
     self._instance_keys = InstanceKeys(app)
@@ -153,10 +230,6 @@ class SecurityScannerAPI(object):
     """ Callback invoked by garbage collection to cleanup any layers that no longer
         need to be stored in the security scanner.
     """
-    if self._config is None:
-      # Security scanner not enabled.
-      return
-
     for layer in layers:
       self.delete_layer(layer)
 
@@ -339,9 +412,6 @@ class SecurityScannerAPI(object):
 
   def _request(self, method, endpoint, path, body, params, timeout):
     """ Issues an HTTP request to the security endpoint. """
-    if self._config is None:
-      raise Exception('Cannot call unconfigured security system')
-
     url = _join_api_url(endpoint, self._config.get('SECURITY_SCANNER_API_VERSION', 'v1'), path)
     signer_proxy_url = self._config.get('JWTPROXY_SIGNER', 'localhost:8080')
 
@@ -358,9 +428,6 @@ class SecurityScannerAPI(object):
     """ Issues an HTTP request to the security endpoint handling the logic of using an alternative
         BATCH endpoint for non-GET requests and failover for GET requests.
     """
-    if self._config is None:
-      raise Exception('Cannot call unconfigured security system')
-
     timeout = self._config.get('SECURITY_SCANNER_API_TIMEOUT_SECONDS', 1)
     endpoint = self._config['SECURITY_SCANNER_ENDPOINT']