Add API endpoint for retrieving security status by *manifest*, rather than Docker V1 image ID
This commit is contained in:
Joseph Schorr
parent
0150abc488
commit
cf539487a1
4 changed files with 107 additions and 33 deletions
|
|
@ -70,7 +70,7 @@ from endpoints.api.superuser import (SuperUserLogs, SuperUserList, SuperUserMana
|
|||
SuperUserServiceKeyApproval, SuperUserTakeOwnership,
|
||||
SuperUserCustomCertificates, SuperUserCustomCertificate)
|
||||
from endpoints.api.globalmessages import (GlobalUserMessage, GlobalUserMessages,)
|
||||
from endpoints.api.secscan import RepositoryImageSecurity
|
||||
from endpoints.api.secscan import RepositoryImageSecurity, RepositoryManifestSecurity
|
||||
from endpoints.api.suconfig import (SuperUserRegistryStatus, SuperUserConfig, SuperUserConfigFile,
|
||||
SuperUserCreateInitialSuperUser)
|
||||
from endpoints.api.manifest import RepositoryManifestLabels, ManageRepositoryManifestLabel
|
||||
|
|
@ -4257,14 +4257,24 @@ class TestRepositoryImageSecurity(ApiTestCase):
|
|||
def test_get_vulnerabilities(self):
|
||||
self.login(ADMIN_ACCESS_USER)
|
||||
|
||||
tag = model.tag.get_active_tag(ADMIN_ACCESS_USER, 'simple', 'latest')
|
||||
layer = model.tag.get_tag_image(ADMIN_ACCESS_USER, 'simple', 'latest')
|
||||
|
||||
tag_manifest = database.TagManifest.get(tag=tag)
|
||||
|
||||
# Grab the security info for the tag. It should be queued.
|
||||
response = self.getJsonResponse(RepositoryImageSecurity,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/simple',
|
||||
imageid=layer.docker_image_id,
|
||||
vulnerabilities='true'))
|
||||
self.assertEquals('queued', response['status'])
|
||||
manifest_response = self.getJsonResponse(RepositoryManifestSecurity,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/simple',
|
||||
manifestref=tag_manifest.digest,
|
||||
vulnerabilities='true'))
|
||||
|
||||
image_response = self.getJsonResponse(RepositoryImageSecurity,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/simple',
|
||||
imageid=layer.docker_image_id,
|
||||
vulnerabilities='true'))
|
||||
|
||||
self.assertEquals(manifest_response, image_response)
|
||||
self.assertEquals('queued', image_response['status'])
|
||||
|
||||
# Mark the layer as indexed.
|
||||
layer.security_indexed = True
|
||||
|
|
@ -4275,12 +4285,19 @@ class TestRepositoryImageSecurity(ApiTestCase):
|
|||
with fake_security_scanner() as security_scanner:
|
||||
security_scanner.add_layer(security_scanner.layer_id(layer))
|
||||
|
||||
response = self.getJsonResponse(RepositoryImageSecurity,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/simple',
|
||||
imageid=layer.docker_image_id,
|
||||
vulnerabilities='true'))
|
||||
self.assertEquals('scanned', response['status'])
|
||||
self.assertEquals(1, response['data']['Layer']['IndexedByVersion'])
|
||||
manifest_response = self.getJsonResponse(RepositoryManifestSecurity,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/simple',
|
||||
manifestref=tag_manifest.digest,
|
||||
vulnerabilities='true'))
|
||||
|
||||
image_response = self.getJsonResponse(RepositoryImageSecurity,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/simple',
|
||||
imageid=layer.docker_image_id,
|
||||
vulnerabilities='true'))
|
||||
|
||||
self.assertEquals(manifest_response, image_response)
|
||||
self.assertEquals('scanned', image_response['status'])
|
||||
self.assertEquals(1, image_response['data']['Layer']['IndexedByVersion'])
|
||||
|
||||
|
||||
class TestSuperUserCustomCertificates(ApiTestCase):
|
||||
|
|
|
|||
Reference in a new issue