parent
b3ddfbc353
commit
822ac7ab4c
@ -0,0 +1,45 @@
|
||||
// Copyright 2015 clair authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package context
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/coreos/pkg/capnslog"
|
||||
"github.com/julienschmidt/httprouter"
|
||||
|
||||
"github.com/coreos/clair/database"
|
||||
)
|
||||
|
||||
var log = capnslog.NewPackageLogger("github.com/coreos/clair", "api")
|
||||
|
||||
type Handler func(http.ResponseWriter, *http.Request, httprouter.Params, *RouteContext) int
|
||||
|
||||
func HTTPHandler(handler Handler, ctx *RouteContext) httprouter.Handle {
|
||||
return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||
status := handler(w, r, p, ctx)
|
||||
statusStr := fmt.Sprintf("%d", status)
|
||||
if status == 0 {
|
||||
statusStr = "???"
|
||||
}
|
||||
|
||||
log.Infof("%s %s %s %s", statusStr, r.Method, r.RequestURI, r.RemoteAddr)
|
||||
}
|
||||
}
|
||||
|
||||
type RouteContext struct {
|
||||
Store database.Datastore
|
||||
}
|
@ -1,102 +0,0 @@
|
||||
// Copyright 2015 clair authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package api
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strconv"
|
||||
|
||||
"github.com/julienschmidt/httprouter"
|
||||
|
||||
"github.com/coreos/clair/database"
|
||||
httputils "github.com/coreos/clair/utils/http"
|
||||
"github.com/coreos/clair/worker"
|
||||
)
|
||||
|
||||
// Version is an integer representing the API version.
|
||||
const Version = 1
|
||||
|
||||
// POSTLayersParameters represents the expected parameters for POSTLayers.
|
||||
type POSTLayersParameters struct {
|
||||
Name, Path, ParentName string
|
||||
}
|
||||
|
||||
// GETVersions returns API and Engine versions.
|
||||
func GETVersions(w http.ResponseWriter, r *http.Request, _ httprouter.Params, _ *Env) {
|
||||
httputils.WriteHTTP(w, http.StatusOK, struct {
|
||||
APIVersion string
|
||||
EngineVersion string
|
||||
}{
|
||||
APIVersion: strconv.Itoa(Version),
|
||||
EngineVersion: strconv.Itoa(worker.Version),
|
||||
})
|
||||
}
|
||||
|
||||
// GETHealth sums up the health of all the registered services.
|
||||
func GETHealth(w http.ResponseWriter, r *http.Request, _ httprouter.Params, e *Env) {
|
||||
// globalHealth, statuses := health.Healthcheck(e.Datastore)
|
||||
//
|
||||
// httpStatus := http.StatusOK
|
||||
// if !globalHealth {
|
||||
// httpStatus = http.StatusServiceUnavailable
|
||||
// }
|
||||
//
|
||||
// httputils.WriteHTTP(w, httpStatus, statuses)
|
||||
return
|
||||
}
|
||||
|
||||
// POSTLayers analyzes a layer and returns the engine version that has been used
|
||||
// for the analysis.
|
||||
func POSTLayers(w http.ResponseWriter, r *http.Request, _ httprouter.Params, e *Env) {
|
||||
var parameters POSTLayersParameters
|
||||
if s, err := httputils.ParseHTTPBody(r, ¶meters); err != nil {
|
||||
httputils.WriteHTTPError(w, s, err)
|
||||
return
|
||||
}
|
||||
|
||||
// Process data.
|
||||
if err := worker.Process(e.Datastore, parameters.Name, parameters.ParentName, parameters.Path); err != nil {
|
||||
httputils.WriteHTTPError(w, 0, err)
|
||||
return
|
||||
}
|
||||
|
||||
// Get engine version and return.
|
||||
httputils.WriteHTTP(w, http.StatusCreated, struct{ Version string }{Version: strconv.Itoa(worker.Version)})
|
||||
}
|
||||
|
||||
// DELETELayers deletes the specified layer and any child layers that are
|
||||
// dependent on the specified layer.
|
||||
func DELETELayers(w http.ResponseWriter, r *http.Request, p httprouter.Params, e *Env) {
|
||||
if err := e.Datastore.DeleteLayer(p.ByName("name")); err != nil {
|
||||
httputils.WriteHTTPError(w, 0, err)
|
||||
return
|
||||
}
|
||||
httputils.WriteHTTP(w, http.StatusNoContent, nil)
|
||||
}
|
||||
|
||||
// GETLayers returns informations about an existing layer, optionally with its features
|
||||
// and vulnerabilities.
|
||||
func GETLayers(w http.ResponseWriter, r *http.Request, p httprouter.Params, e *Env) {
|
||||
_, withFeatures := r.URL.Query()["withFeatures"]
|
||||
_, withVulnerabilities := r.URL.Query()["withVulnerabilities"]
|
||||
|
||||
layer, err := e.Datastore.FindLayer(p.ByName("name"), withFeatures, withVulnerabilities)
|
||||
if err != nil {
|
||||
httputils.WriteHTTPError(w, 0, err)
|
||||
return
|
||||
}
|
||||
|
||||
httputils.WriteHTTP(w, http.StatusOK, struct{ Layer database.Layer }{Layer: layer})
|
||||
}
|
@ -1,69 +0,0 @@
|
||||
// Copyright 2015 clair authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
// Package wrappers contains httprouter.Handle wrappers that are used in the API.
|
||||
package api
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/julienschmidt/httprouter"
|
||||
)
|
||||
|
||||
type logWriter struct {
|
||||
http.ResponseWriter
|
||||
status int
|
||||
size int
|
||||
}
|
||||
|
||||
func (lw *logWriter) Header() http.Header {
|
||||
return lw.ResponseWriter.Header()
|
||||
}
|
||||
|
||||
func (lw *logWriter) Write(b []byte) (int, error) {
|
||||
if !lw.Written() {
|
||||
lw.WriteHeader(http.StatusOK)
|
||||
}
|
||||
size, err := lw.ResponseWriter.Write(b)
|
||||
lw.size += size
|
||||
return size, err
|
||||
}
|
||||
|
||||
func (lw *logWriter) WriteHeader(s int) {
|
||||
lw.status = s
|
||||
lw.ResponseWriter.WriteHeader(s)
|
||||
}
|
||||
|
||||
func (lw *logWriter) Size() int {
|
||||
return lw.size
|
||||
}
|
||||
|
||||
func (lw *logWriter) Written() bool {
|
||||
return lw.status != 0
|
||||
}
|
||||
|
||||
func (lw *logWriter) Status() int {
|
||||
return lw.status
|
||||
}
|
||||
|
||||
// Logger wraps an Handler and logs the API call
|
||||
func Logger(fn httprouter.Handle) httprouter.Handle {
|
||||
return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||
lw := &logWriter{ResponseWriter: w}
|
||||
start := time.Now()
|
||||
fn(lw, r, p)
|
||||
log.Infof("%d %s %s (%s)", lw.Status(), r.Method, r.RequestURI, time.Since(start))
|
||||
}
|
||||
}
|
@ -1,101 +0,0 @@
|
||||
// Copyright 2015 clair authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package api
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"net/http"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/julienschmidt/httprouter"
|
||||
|
||||
httputils "github.com/coreos/clair/utils/http"
|
||||
)
|
||||
|
||||
// ErrHandlerTimeout is returned on ResponseWriter Write calls
|
||||
// in handlers which have timed out.
|
||||
var ErrHandlerTimeout = errors.New("http: Handler timeout")
|
||||
|
||||
type timeoutWriter struct {
|
||||
http.ResponseWriter
|
||||
|
||||
mu sync.Mutex
|
||||
timedOut bool
|
||||
wroteHeader bool
|
||||
}
|
||||
|
||||
func (tw *timeoutWriter) Header() http.Header {
|
||||
return tw.ResponseWriter.Header()
|
||||
}
|
||||
|
||||
func (tw *timeoutWriter) Write(p []byte) (int, error) {
|
||||
tw.mu.Lock()
|
||||
defer tw.mu.Unlock()
|
||||
tw.wroteHeader = true // implicitly at least
|
||||
if tw.timedOut {
|
||||
return 0, ErrHandlerTimeout
|
||||
}
|
||||
return tw.ResponseWriter.Write(p)
|
||||
}
|
||||
|
||||
func (tw *timeoutWriter) WriteHeader(status int) {
|
||||
tw.mu.Lock()
|
||||
defer tw.mu.Unlock()
|
||||
if tw.timedOut || tw.wroteHeader {
|
||||
return
|
||||
}
|
||||
tw.wroteHeader = true
|
||||
tw.ResponseWriter.WriteHeader(status)
|
||||
}
|
||||
|
||||
// TimeOut wraps an Handler and ensure that a response is given under
|
||||
// the specified duration.
|
||||
//
|
||||
// If the handler takes longer than the time limit, the wrapper responds with
|
||||
// a Service Unavailable error, an error message and the handler response which
|
||||
// may come later is ignored.
|
||||
//
|
||||
// After a timeout, any write the handler to its ResponseWriter will return
|
||||
// ErrHandlerTimeout.
|
||||
//
|
||||
// If the duration is 0, the wrapper does nothing.
|
||||
func TimeOut(d time.Duration, fn httprouter.Handle) httprouter.Handle {
|
||||
if d == 0 {
|
||||
return fn
|
||||
}
|
||||
|
||||
return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||
done := make(chan bool)
|
||||
tw := &timeoutWriter{ResponseWriter: w}
|
||||
|
||||
go func() {
|
||||
fn(tw, r, p)
|
||||
done <- true
|
||||
}()
|
||||
|
||||
select {
|
||||
case <-done:
|
||||
return
|
||||
case <-time.After(d):
|
||||
tw.mu.Lock()
|
||||
defer tw.mu.Unlock()
|
||||
if !tw.wroteHeader {
|
||||
httputils.WriteHTTPError(tw.ResponseWriter, http.StatusServiceUnavailable, ErrHandlerTimeout)
|
||||
}
|
||||
tw.timedOut = true
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,62 @@
|
||||
// Copyright 2015 clair authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package v1
|
||||
|
||||
type ErrorResponse struct {
|
||||
Error string
|
||||
Type string
|
||||
}
|
||||
|
||||
type Layer struct {
|
||||
Name string
|
||||
Path string
|
||||
Parent string
|
||||
IndexedByVersion int
|
||||
Features []Feature
|
||||
}
|
||||
|
||||
type Vulnerability struct {
|
||||
Name string
|
||||
Namespace string
|
||||
Description string
|
||||
Severity string
|
||||
FixedBy string
|
||||
FixedIn []Feature
|
||||
}
|
||||
|
||||
type Feature struct {
|
||||
Name string
|
||||
Namespace string
|
||||
Version string
|
||||
Vulnerabilities []Vulnerability
|
||||
}
|
||||
|
||||
type Notification struct {
|
||||
Name string
|
||||
Created string
|
||||
Notified string
|
||||
Deleted string
|
||||
Limit int
|
||||
Page string
|
||||
NextPage string
|
||||
Old VulnerabilityWithLayers
|
||||
New VulnerabilityWithLayers
|
||||
Changed []string
|
||||
}
|
||||
|
||||
type VulnerabilityWithLayers struct {
|
||||
Vulnerability Vulnerability
|
||||
LayersIntroducingVulnerability []string
|
||||
}
|
@ -0,0 +1,56 @@
|
||||
// Copyright 2015 clair authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
// Package v1 implements the first version of the Clair API.
|
||||
package v1
|
||||
|
||||
import (
|
||||
"github.com/julienschmidt/httprouter"
|
||||
|
||||
"github.com/coreos/clair/api/context"
|
||||
)
|
||||
|
||||
// NewRouter creates an HTTP router for version 1 of the Clair API.
|
||||
func NewRouter(ctx *context.RouteContext) *httprouter.Router {
|
||||
router := httprouter.New()
|
||||
|
||||
// Layers
|
||||
router.POST("/layers", context.HTTPHandler(postLayer, ctx))
|
||||
router.GET("/layers/:layerName", context.HTTPHandler(getLayer, ctx))
|
||||
router.DELETE("/layers/:layerName", context.HTTPHandler(deleteLayer, ctx))
|
||||
|
||||
// Namespaces
|
||||
router.GET("/namespaces", context.HTTPHandler(getNamespaces, ctx))
|
||||
|
||||
// Vulnerabilities
|
||||
router.POST("/namespaces/:namespaceName/vulnerabilities", context.HTTPHandler(postVulnerability, ctx))
|
||||
router.GET("/namespaces/:namespaceName/vulnerabilities/:vulnerabilityName", context.HTTPHandler(getVulnerability, ctx))
|
||||
router.PATCH("/namespaces/:namespaceName/vulnerabilities/:vulnerabilityName", context.HTTPHandler(patchVulnerability, ctx))
|
||||
router.DELETE("/namespaces/:namespaceName/vulnerabilities/:vulnerabilityName", context.HTTPHandler(deleteVulnerability, ctx))
|
||||
|
||||
// Fixes
|
||||
router.POST("/namespaces/:namespaceName/vulnerabilities/:vulnerabilityName/fixes", context.HTTPHandler(postFix, ctx))
|
||||
router.GET("/namespaces/:namespaceName/vulnerabilities/:vulernabilityName/fixes", context.HTTPHandler(getFixes, ctx))
|
||||
router.PUT("/namespaces/:namespaceName/vulnerabilities/:vulnerabilityName/fixes/:fixName", context.HTTPHandler(putFix, ctx))
|
||||
router.DELETE("/namespaces/:namespaceName/vulnerabilities/:vulnerabilityName/fixes/:fixName", context.HTTPHandler(deleteFix, ctx))
|
||||
|
||||
// Notifications
|
||||
router.GET("/notifications/:notificationName", context.HTTPHandler(getNotification, ctx))
|
||||
router.DELETE("/notifications/:notificationName", context.HTTPHandler(deleteNotification, ctx))
|
||||
|
||||
// Metrics
|
||||
router.GET("/metrics", context.HTTPHandler(getMetrics, ctx))
|
||||
|
||||
return router
|
||||
}
|
@ -0,0 +1,123 @@
|
||||
// Copyright 2015 clair authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package v1
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"io"
|
||||
"net/http"
|
||||
|
||||
"github.com/julienschmidt/httprouter"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
|
||||
"github.com/coreos/clair/api/context"
|
||||
cerrors "github.com/coreos/clair/utils/errors"
|
||||
"github.com/coreos/clair/worker"
|
||||
)
|
||||
|
||||
// maxBodySize restricts client requests to 1MiB.
|
||||
const maxBodySize int64 = 1048576
|
||||
|
||||
func decodeJSON(r *http.Request, v interface{}) error {
|
||||
defer r.Body.Close()
|
||||
return json.NewDecoder(io.LimitReader(r.Body, maxBodySize)).Decode(v)
|
||||
}
|
||||
|
||||
func writeError(w io.Writer, err error, errType string) {
|
||||
err = json.NewEncoder(w).Encode(ErrorResponse{Error{err.Error(), errType}})
|
||||
if err != nil {
|
||||
panic("v1: failed to marshal error response: " + err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
func postLayer(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
request := LayerRequest{}
|
||||
err := decodeJSON(r, &request)
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
writeError(w, err, "BadRequest")
|
||||
return http.StatusBadRequest
|
||||
}
|
||||
|
||||
err = worker.Process(ctx.Store, request.Layer.Name, request.Layer.ParentName, request.Layer.Path, request.Layer.Format)
|
||||
if err != nil {
|
||||
if _, ok := err.(*cerrors.ErrBadRequest); ok {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
writeError(w, err, "BadRequest")
|
||||
}
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
writeError(w, err, "InternalServerError")
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusCreated)
|
||||
return http.StatusCreated
|
||||
}
|
||||
|
||||
func getLayer(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
// ez
|
||||
return 0
|
||||
}
|
||||
func deleteLayer(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
// ez
|
||||
return 0
|
||||
}
|
||||
|
||||
func getNamespaces(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
return 0
|
||||
}
|
||||
|
||||
func postVulnerability(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
// ez
|
||||
return 0
|
||||
}
|
||||
func getVulnerability(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
// ez
|
||||
return 0
|
||||
}
|
||||
func patchVulnerability(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
// ez
|
||||
return 0
|
||||
}
|
||||
func deleteVulnerability(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
// ez
|
||||
return 0
|
||||
}
|
||||
|
||||
func postFix(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
return 0
|
||||
}
|
||||
func getFixes(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
return 0
|
||||
}
|
||||
func putFix(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
return 0
|
||||
}
|
||||
func deleteFix(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
return 0
|
||||
}
|
||||
|
||||
func getNotification(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
// ez
|
||||
return 0
|
||||
}
|
||||
func deleteNotification(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
// ez
|
||||
return 0
|
||||
}
|
||||
|
||||
func getMetrics(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) int {
|
||||
prometheus.Handler().ServeHTTP(w, r)
|
||||
return 0
|
||||
}
|
Loading…
Reference in new issue