Merge pull request #3357 from quay/joseph.schorr/QUAY-1327/dont-scan-uploading
Make sure images in the process of being uploaded are not scanned by Clair
This commit is contained in:
commit
f917de8c70
3 changed files with 11 additions and 1 deletions
|
@ -446,7 +446,8 @@ def get_image_pk_field():
|
||||||
def get_images_eligible_for_scan(clair_version):
|
def get_images_eligible_for_scan(clair_version):
|
||||||
""" Returns a query that gives all images eligible for a clair scan """
|
""" Returns a query that gives all images eligible for a clair scan """
|
||||||
return (get_image_with_storage_and_parent_base()
|
return (get_image_with_storage_and_parent_base()
|
||||||
.where(Image.security_indexed_engine < clair_version))
|
.where(Image.security_indexed_engine < clair_version)
|
||||||
|
.where(ImageStorage.uploading == False))
|
||||||
|
|
||||||
|
|
||||||
def get_image_with_storage_and_parent_base():
|
def get_image_with_storage_and_parent_base():
|
||||||
|
|
|
@ -145,6 +145,7 @@ class _ManifestBuilder(object):
|
||||||
def assign_layer_blob(self, layer, blob, computed_checksums):
|
def assign_layer_blob(self, layer, blob, computed_checksums):
|
||||||
""" Assigns a blob to a layer. """
|
""" Assigns a blob to a layer. """
|
||||||
assert blob
|
assert blob
|
||||||
|
assert not blob.uploading
|
||||||
|
|
||||||
repo_image = model.image.get_image_by_db_id(layer.db_id)
|
repo_image = model.image.get_image_by_db_id(layer.db_id)
|
||||||
if repo_image is None:
|
if repo_image is None:
|
||||||
|
|
|
@ -104,6 +104,14 @@ class LayerAnalyzer(object):
|
||||||
# Nothing more to do.
|
# Nothing more to do.
|
||||||
return
|
return
|
||||||
|
|
||||||
|
# Make sure the image's storage is not marked as uploading. If so, nothing more to do.
|
||||||
|
if layer.storage.uploading:
|
||||||
|
if not set_secscan_status(layer, False, self._target_version):
|
||||||
|
raise PreemptedException
|
||||||
|
|
||||||
|
# Nothing more to do.
|
||||||
|
return
|
||||||
|
|
||||||
# Analyze the image.
|
# Analyze the image.
|
||||||
previously_security_indexed_successfully = layer.security_indexed
|
previously_security_indexed_successfully = layer.security_indexed
|
||||||
previous_security_indexed_engine = layer.security_indexed_engine
|
previous_security_indexed_engine = layer.security_indexed_engine
|
||||||
|
|
Reference in a new issue