Security scanner garbage collection support

Adds support for calling GC in the security scanner for any layers+storage removed by GC on the Quay side
2016-12-22 14:55:26 -05:00 · 2016-12-22 14:55:26 -05:00 · d609e6a1c4
commit d609e6a1c4
parent 5225642850
4 changed files with 87 additions and 23 deletions
--- a/test/test_secscan.py
+++ b/test/test_secscan.py
@ -650,5 +650,34 @@ class TestSecurityScanner(unittest.TestCase):
      self.assertIsNotNone(notification_queue.get())


+  def test_layer_gc(self):
+    layer = model.tag.get_tag_image(ADMIN_ACCESS_USER, SIMPLE_REPO, 'latest', include_storage=True)
+
+    # Delete the prod tag so that only the `latest` tag remains.
+    model.tag.delete_tag(ADMIN_ACCESS_USER, SIMPLE_REPO, 'prod')
+
+    with fake_security_scanner() as security_scanner:
+      # Analyze the layer.
+      analyzer = LayerAnalyzer(app.config, self.api)
+      analyzer.analyze_recursively(layer)
+
+      layer = model.tag.get_tag_image(ADMIN_ACCESS_USER, SIMPLE_REPO, 'latest')
+      self.assertAnalyzed(layer, security_scanner, True, 1)
+      self.assertTrue(security_scanner.has_layer(security_scanner.layer_id(layer)))
+
+      namespace_user = model.user.get_user(ADMIN_ACCESS_USER)
+      model.user.change_user_tag_expiration(namespace_user, 0)
+
+      # Delete the tag in the repository and GC.
+      model.tag.delete_tag(ADMIN_ACCESS_USER, SIMPLE_REPO, 'latest')
+      time.sleep(1)
+
+      repo = model.repository.get_repository(ADMIN_ACCESS_USER, SIMPLE_REPO)
+      model.repository.garbage_collect_repo(repo)
+
+      # Ensure that the security scanner no longer has the image.
+      self.assertFalse(security_scanner.has_layer(security_scanner.layer_id(layer)))
+
+
 if __name__ == '__main__':
  unittest.main()