use of com.epam.pipeline.entity.docker.ManifestV2 in project cloud-pipeline by epam.
the class ToolManager method delete.
/**
* Deletes a Tool from the database and from Docker Registry
* @param registry registry identifier
* @param image Tool's image
* @param hard flag determines if the real image from Docker Registry should be deleted
* @return the deleted Tool entity
*/
@Transactional(propagation = Propagation.REQUIRED)
public Tool delete(String registry, final String image, boolean hard) {
Tool tool = loadTool(registry, image);
if (hard) {
DockerRegistry dockerRegistry = dockerRegistryManager.load(tool.getRegistryId());
List<String> tags = dockerRegistryManager.loadImageTags(dockerRegistry, image);
for (String tag : tags) {
Optional<ManifestV2> manifestOpt = dockerRegistryManager.deleteImage(dockerRegistry, tool.getImage(), tag);
manifestOpt.ifPresent(manifest -> {
dockerRegistryManager.deleteLayer(dockerRegistry, image, manifest.getConfig().getDigest());
Collections.reverse(manifest.getLayers());
for (ManifestV2.Config layer : manifest.getLayers()) {
dockerRegistryManager.deleteLayer(dockerRegistry, image, layer.getDigest());
}
});
}
}
toolVulnerabilityDao.loadAllToolVersionScans(tool.getId()).values().forEach(versionScan -> deleteToolVersionScan(tool.getId(), versionScan.getVersion()));
toolDao.deleteToolIcon(tool.getId());
toolVersionManager.deleteToolVersions(tool.getId());
toolDao.deleteTool(tool.getId());
return tool;
}
use of com.epam.pipeline.entity.docker.ManifestV2 in project cloud-pipeline by epam.
the class AggregatingToolScanManagerTest method setUp.
@Before
public void setUp() throws Exception {
MockitoAnnotations.initMocks(this);
Whitebox.setInternalState(aggregatingToolScanManager, "preferenceManager", preferenceManager);
when(preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_POLICY_DENY_NOT_SCANNED)).thenReturn(DENY_NOT_SCANNED);
when(preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_POLICY_MAX_CRITICAL_VULNERABILITIES)).thenReturn(MAX_CRITICAL_VULNERABILITIES);
when(preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_POLICY_MAX_HIGH_VULNERABILITIES)).thenReturn(MAX_HIGH_VULNERABILITIES);
when(preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_POLICY_MAX_MEDIUM_VULNERABILITIES)).thenReturn(MAX_MEDIUM_VULNERABILITIES);
when(preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_GRACE_HOURS)).thenReturn(0);
// Dummy line, to shut up PMD
Assert.assertNotNull(pipelineConfigurationManager);
testUser.setAdmin(false);
DockerRegistry testRegistry = new DockerRegistry();
testTool = new Tool();
testTool.setId(1L);
testTool.setImage(TEST_IMAGE);
ManifestV2 testManifest = new ManifestV2();
testManifest.setLayers(Arrays.asList(new ManifestV2.Config(DIGEST_1, null), new ManifestV2.Config(DIGEST_2, null), new ManifestV2.Config(DIGEST_3, null)));
toolScanResult.setLastLayerRef(DIGEST_1);
toolScanResult.setScanDate(DateUtils.now());
toolScanResult.setVulnerabilities(Collections.emptyList());
ToolVersion attributes = new ToolVersion();
attributes.setVersion(LATEST_VERSION);
attributes.setDigest(DIGEST_3);
ToolVersion actualAttr = new ToolVersion();
actualAttr.setVersion(ACTUAL_SCANNED_VERSION);
actualAttr.setDigest(DIGEST_3);
actual.setLastLayerRef(aggregatingToolScanManager.getLayerName(TEST_IMAGE, ACTUAL_SCANNED_VERSION));
actual.setScanDate(DateUtils.now());
actual.setSuccessScanDate(DateUtils.now());
actual.setDigest(DIGEST_3);
ClairScanResult testScanResult = new ClairScanResult();
feature = new ClairScanResult.ClairFeature();
feature.setName("test");
feature.setVersion("test1");
clairVulnerability = new ClairScanResult.ClairVulnerability();
clairVulnerability.setSeverity(VulnerabilitySeverity.Critical);
clairVulnerability.setName(TEST_VULNERABILITY_NAME);
clairVulnerability.setDescription(TEST_VULNERABILITY_DESCRIPTION);
feature.setVulnerabilities(Collections.singletonList(clairVulnerability));
testScanResult.setFeatures(Collections.singletonList(feature));
DockerComponentScanResult dockerComponentScanResult = new DockerComponentScanResult();
DockerComponentLayerScanResult layerScanResult = new DockerComponentLayerScanResult();
testDependency = new ToolDependency(1, "latest", "test", "1.0", ToolDependency.Ecosystem.R_PKG, "R Package");
layerScanResult.setDependencies(Collections.singletonList(testDependency));
dockerComponentScanResult.setLayers(Collections.singletonList(layerScanResult));
when(dataStorageApiService.getDataStorages()).thenReturn(Collections.emptyList());
when(versionManager.getValidDockerImage(TEST_IMAGE)).thenReturn(TEST_IMAGE);
when(authManager.getCurrentUser()).thenReturn(testUser);
when(dockerRegistryManager.load(testTool.getRegistryId())).thenReturn(testRegistry);
when(dockerClientFactory.getDockerClient(eq(testRegistry), anyString())).thenReturn(mockDockerClient);
when(mockDockerClient.getManifest(any(), Mockito.anyString(), Mockito.anyString())).thenReturn(Optional.of(testManifest));
when(mockDockerClient.getVersionAttributes(any(), eq(TEST_IMAGE), eq(LATEST_VERSION))).thenReturn(attributes);
when(mockDockerClient.getVersionAttributes(any(), eq(TEST_IMAGE), eq(ACTUAL_SCANNED_VERSION))).thenReturn(actualAttr);
when(clairService.scanLayer(any(ClairScanRequest.class))).then((Answer<MockCall<ClairScanRequest>>) invocation -> new MockCall<>((ClairScanRequest) invocation.getArguments()[0]));
when(clairService.getScanResult(Mockito.anyString())).thenReturn(new MockCall<>(testScanResult));
when(compScanService.scanLayer(any(DockerComponentScanRequest.class))).then((Answer<MockCall<DockerComponentScanRequest>>) invocation -> new MockCall<>((DockerComponentScanRequest) invocation.getArguments()[0]));
when(compScanService.getScanResult(Mockito.anyString())).thenReturn(new MockCall<>(dockerComponentScanResult));
when(messageHelper.getMessage(Mockito.anyString(), Mockito.any())).thenReturn("testMessage");
when(messageHelper.getMessage(any(), any())).thenReturn("testMessage");
when(toolManager.loadByNameOrId(TEST_IMAGE)).thenReturn(testTool);
when(toolManager.loadToolVersionScan(testTool.getId(), LATEST_VERSION)).thenReturn(Optional.of(toolScanResult));
when(toolManager.loadToolVersionScan(testTool.getId(), ACTUAL_SCANNED_VERSION)).thenReturn(Optional.of(actual));
ToolVersion actual = new ToolVersion();
actual.setDigest(DIGEST_3);
when(toolVersionManager.loadToolVersion(testTool.getId(), ACTUAL_SCANNED_VERSION)).thenReturn(actual);
ToolVersion old = new ToolVersion();
old.setDigest(DIGEST_2);
when(toolVersionManager.loadToolVersion(testTool.getId(), LATEST_VERSION)).thenReturn(old);
when(toolManager.getTagFromImageName(Mockito.anyString())).thenReturn(LATEST_VERSION);
}
use of com.epam.pipeline.entity.docker.ManifestV2 in project cloud-pipeline by epam.
the class TestUtils method configureDockerClientMock.
/**
* Helper method for mocking DockerClient functionality
* @param dockerClientMock a {@link DockerClient} mock object
* @param dockerClientFactoryMock a {@link DockerClientFactory} mock object
* @return a mocking ManifestV2
*/
public static ManifestV2 configureDockerClientMock(DockerClient dockerClientMock, DockerClientFactory dockerClientFactoryMock) {
ManifestV2 mockManifest = new ManifestV2();
mockManifest.setConfig(new ManifestV2.Config(TEST_DIGEST, null));
mockManifest.setDigest(TEST_DIGEST);
mockManifest.setLayers(Collections.singletonList(new ManifestV2.Config(TEST_DIGEST, null)));
Mockito.doReturn(dockerClientMock).when(dockerClientFactoryMock).getDockerClient(any());
Mockito.doReturn(dockerClientMock).when(dockerClientFactoryMock).getDockerClient(any(), any());
Mockito.doReturn(Collections.singletonList(LATEST_TAG)).when(dockerClientMock).getImageTags(any(), anyString());
Mockito.doReturn(Optional.of(mockManifest)).when(dockerClientMock).deleteImage(any(), any(), any());
ToolVersion toolVersion = new ToolVersion();
toolVersion.setDigest("test_digest");
toolVersion.setSize(DOCKER_SIZE);
toolVersion.setVersion("test_version");
Mockito.doReturn(toolVersion).when(dockerClientMock).getVersionAttributes(any(), any(), any());
return mockManifest;
}
use of com.epam.pipeline.entity.docker.ManifestV2 in project cloud-pipeline by epam.
the class DockerClient method getVersionAttributes.
public ToolVersion getVersionAttributes(final DockerRegistry registry, final String imageName, final String tag) {
ToolVersion attributes = new ToolVersion();
attributes.setVersion(tag);
ManifestV2 manifestV2 = getManifest(registry, imageName, tag).orElseThrow(() -> new IllegalArgumentException(String.format("Cannot get manifest for image %s/%s", imageName, tag)));
attributes.setDigest(manifestV2.getDigest());
attributes.setSize(manifestV2.getLayers().stream().mapToLong(ManifestV2.Config::getSize).sum());
attributes.setModificationDate(getLatestDate(registry, imageName, tag));
return attributes;
}
use of com.epam.pipeline.entity.docker.ManifestV2 in project cloud-pipeline by epam.
the class DockerClient method getManifest.
/**
* Gets a V2 Manifest for a specified image and tag
* @param registry a registry, where image is located
* @param imageName a name of an image (repository)
* @param tag tag name
* @return image's manifest
*/
public Optional<ManifestV2> getManifest(DockerRegistry registry, String imageName, String tag) {
String url = String.format(IMAGE_DESCRIPTION_URL, registry.getPath(), imageName, tag);
try {
URI uri = new URI(url);
ResponseEntity<ManifestV2> response = getRestTemplate().exchange(uri, HttpMethod.GET, getV2AuthHeaders(), new ParameterizedTypeReference<ManifestV2>() {
});
if (response.getStatusCode() == HttpStatus.OK) {
List<String> digest = response.getHeaders().get("docker-content-digest");
ManifestV2 manifest = response.getBody();
manifest.setDigest(digest.get(0));
return Optional.of(manifest);
} else {
throw new UnexpectedResponseStatusException(response.getStatusCode());
}
} catch (URISyntaxException | UnexpectedResponseStatusException e) {
LOGGER.error(e.getMessage(), e);
throw new DockerConnectionException(url, e.getMessage());
} catch (HttpClientErrorException e) {
LOGGER.error(e.getMessage(), e);
return Optional.empty();
}
}
Aggregations