Add a SecScanEndpoint class and move all the cert and config handling in there

endpoints/api/__init__.py

@@ -423,5 +423,5 @@ import endpoints.api.tag
 import endpoints.api.team
 import endpoints.api.trigger
 import endpoints.api.user
-import endpoints.api.sec
+import endpoints.api.secscan
 

endpoints/api/secscan.py

@@ -2,11 +2,10 @@
 
 import logging
 import features
-import requests
 import json
+import requests
 
-from urlparse import urljoin
-from app import app
+from app import secscan_endpoint
 from data import model
 from endpoints.api import (require_repo_read, NotFound, DownstreamIssue, path_param,
                            RepositoryParamResource, resource, nickname, show_if, parse_args,
@@ -15,17 +14,11 @@ from endpoints.api import (require_repo_read, NotFound, DownstreamIssue, path_pa
 
 logger = logging.getLogger(__name__)
 
+
 def _call_security_api(relative_url, *args, **kwargs):
   """ Issues an HTTP call to the sec API at the given relative URL. """
-  url = urljoin(app.config['SECURITY_SCANNER']['ENDPOINT'], relative_url % args)
-
-  client = app.config['HTTPCLIENT']
-  timeout = app.config['SECURITY_SCANNER'].get('API_CALL_TIMEOUT', 1)
-
-  logger.debug('Looking up sec information: %s', url)
-
   try:
-    response = client.get(url, params=kwargs, timeout=timeout)
+    response = secscan_endpoint.call_api(relative_url, *args, **kwargs)
   except requests.exceptions.Timeout:
     raise DownstreamIssue(payload=dict(message='API call timed out'))
   except requests.exceptions.ConnectionError:
@@ -40,8 +33,7 @@ def _call_security_api(relative_url, *args, **kwargs):
     raise DownstreamIssue(payload=dict(message='Non-json response from downstream service'))
 
   if response.status_code / 100 != 2:
-    logger.warning('Got %s status code to call %s: %s', response.status_code, url,
-                   response.text)
+    logger.warning('Got %s status code to call: %s', response.status_code, response.text)
     raise DownstreamIssue(payload=dict(message=response_data['Message']))
 
   return response_data
@@ -73,7 +65,7 @@ class RepositoryTagVulnerabilities(RepositoryParamResource):
         'security_indexed': False
       }
 
-    data = _call_security_api('/layers/%s/vulnerabilities', tag_image.docker_image_id,
+    data = _call_security_api('layers/%s/vulnerabilities', tag_image.docker_image_id,
                               minimumPriority=args.minimumPriority)
 
     return {
@@ -102,7 +94,7 @@ class RepositoryImagePackages(RepositoryParamResource):
         'security_indexed': False
       }
 
-    data = _call_security_api('/layers/%s/packages', repo_image.docker_image_id)
+    data = _call_security_api('layers/%s/packages/diff', repo_image.docker_image_id)
 
     return {
       'security_indexed': True,