Commit Graph

124 Commits

Author SHA1 Message Date
Jimmy Zelinskie
9b5afc79ca api/worker: introduce optional authorization
This allows clients to specify the contents of the HTTP Authorization
header so that Clair can access protected resources.
2016-05-04 15:47:14 -04:00
Jimmy Zelinskie
7aa88690af api: WriteHeader on health endpoint
Fixes #141.
2016-04-19 12:17:13 -04:00
Jimmy Zelinskie
68250f392b api/v1: create namespace type
This change creates a struct type for namespaces rather than using a
string. This enables us to extend namespaces in the future to contain
metadata. This change also required renaming other field references of
namespaces to "NamespaceName".

Fixes #99
2016-03-16 15:28:59 -04:00
Quentin Machu
f14e4de4d8 api: fix anchor link in docs 2016-03-15 12:46:56 -04:00
liangchenye
1a863a06cf remove the useless pointer of NextPage field; check namespace notfound error
Signed-off-by: liangchenye <liangchenye@huawei.com>
2016-03-08 11:48:52 +08:00
liangchenye
27e5e42340 use tokenMarshal/unmarshal in page encoding
Signed-off-by: liangchenye <liangchenye@huawei.com>
2016-03-07 14:59:26 +08:00
liangchenye
48ffb2687a use encrypt page in listVuln api
Signed-off-by: liangchenye <liangchenye@huawei.com>
2016-03-07 14:07:07 +08:00
liangchenye
a541e964e0 New API: list vulnerabilities by namespace
Signed-off-by: liangchenye <liangchenye@huawei.com>
2016-03-07 14:07:07 +08:00
liangchenye
d47616a339 readme: make API description consistence
Signed-off-by: liangchenye <liangchenye@huawei.com>
2016-02-26 15:54:59 +08:00
Jimmy Zelinskie
af0ddceaa2 readme: s/notification/notifications 2016-02-25 15:52:21 -05:00
Jimmy Zelinskie
2140995a54 readme: clarify "marked as read" notifications 2016-02-25 13:49:24 -05:00
Jimmy Zelinskie
1557a27a8c Revert "v1: pagination now deterministic"
This reverts commit 24f329fea674e04c76f5e87c22eea1800e6bc413.

This was unnecessary.
2016-02-24 16:40:40 -05:00
Quentin Machu
3563cf9061 api: fix pagination token that's returned to match what has been passed 2016-02-24 16:40:40 -05:00
Jimmy Zelinskie
4fd4049fee v1: update documented error codes 2016-02-24 16:40:40 -05:00
Quentin Machu
e78d076d02 api/worker: adjust error codes in postLayer 2016-02-24 16:40:40 -05:00
Jimmy Zelinskie
452c32d7d7 v1: pagination now deterministic
The standard JSON encoding has no guarantee of the order of keys, thus
token values could differ, but still be equivalent.
2016-02-24 16:40:40 -05:00
Jimmy Zelinskie
dc431c22f3 v1: add readme 2016-02-24 16:40:40 -05:00
Jimmy Zelinskie
771e35def0 v1: return object on PUT/POST
This change also improves error handling around InsertVulnerability.
2016-02-24 16:40:40 -05:00
Jimmy Zelinskie
c06df1affd v1: 200 on PUT 2016-02-24 16:40:40 -05:00
Quentin Machu
274a1620a5 api: log instead of panic when a response could not be marshaled
In order to avoid killing Clair when there is simply a broken pipe..
2016-02-24 16:40:40 -05:00
Quentin Machu
8d76700506 api: add call duration in logs 2016-02-24 16:40:40 -05:00
Quentin Machu
418ab08c4b api: adjust postLayer error codes
- return 422 when layer could not be analyzed (extraction failed or layer unsupported)
- return 404 if the parent is not found or the download path leads to a 404 page
2016-02-24 16:40:40 -05:00
Quentin Machu
f40f6a5ab6 api: add missing link field in vulnerability in getLayer 2016-02-24 16:39:25 -05:00
Quentin Machu
6d2eedf121 api/database: add the layer name that add each feature in getLayer 2016-02-24 16:39:25 -05:00
Quentin Machu
0e9a7e1740 api: close gzip writer to flush it 2016-02-24 16:36:45 -05:00
Quentin Machu
db974ae722 api: fix postLayer response headers 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
6f02119c56 api: add bad requests to insert layer 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
ca2b0ccfcb api: support gzip responses 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
c7aa7c4db4 api: reorder constants and add comments 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
4516d6fd73 api: make postLayer returns a Layer 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
d19a4348df api: implement fernet encryption of pagination tokens 2016-02-24 16:36:45 -05:00
Quentin Machu
b8c534cd0d api: fix putVulnerability (fill missing Namespace.Name and Name fields) 2016-02-24 16:36:45 -05:00
Quentin Machu
c2061dc69e api: fix negative timestamps in notifications 2016-02-24 16:36:45 -05:00
Quentin Machu
f68012de00 api: fix 404->500 and NPE issues 2016-02-24 16:36:45 -05:00
Quentin Machu
7c11e4eb5d updater/database: do not create notifications during the initial update 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
c504d2ed0e api: add FeatureFromDatabaseModel
This also handles replacing the DB identifier for a maximum version with
the string "None".
2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
83b19b6179 api/prometheus: add prometheus metrics to API routes 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
f351d6304e api: add "Content-Type" and "Server" headers 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
2d8d9ca401 api: finish initial work on v1 API 2016-02-24 16:36:45 -05:00
Quentin Machu
94ece7bf2b database: fix notification design and add vulnerability history 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
b9a6da4a57 api: implement delete notification 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
96e96d948d api: handle last page for notifications 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
3eaae478f9 api: implement get notification 2016-02-24 16:36:45 -05:00
Quentin Machu
116ce1a806 api: fix log message when stopping the API server 2016-02-24 16:36:45 -05:00
Quentin Machu
5fdd9d1a07 *: add metadata support along with NVD CVSS 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
c05848e32d api: implement put vulnerability 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
8209922c0c api: implement delete vulnerability 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
dc99d45f47 api: refactor endpoints and implement get vulnerability 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
6ac9b5e645 api: fix graceful stop 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
9a8d4aa591 api: implement post vulnerability 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
38aeed4f2c api: implement get namespaces route 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
b916fba4c6 api: implement delete layer route 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
04c7351911 api: use pointers in models to get proper omitempty semantics 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
1a5aa88b18 api: use only one layer envelope 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
fa45d516df api: add JSON tags to API models 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
d130d2fab4 api: implement getLayer 2016-02-24 16:36:45 -05:00
Quentin Machu
6b3f95dc03 api: fix /v1 router and some status codes 2016-02-24 16:34:54 -05:00
Jimmy Zelinskie
be9423b489 api: add request / response types and rename some fields 2016-02-24 16:34:54 -05:00
Jimmy Zelinskie
822ac7ab4c api: add initial work on the new API 2016-02-24 16:34:54 -05:00
Quentin Machu
b8b7be3f81 *: remove health checker 2016-02-24 16:34:54 -05:00
Quentin Machu
726bd3c0c6 database/api: add layer deletion support 2016-02-24 16:34:54 -05:00
Quentin Machu
6e20993bac api: simplify getLayer route and JSON output 2016-02-24 16:34:54 -05:00
Quentin Machu
77387af2ac updater: port updater and its fetchers 2016-02-24 16:34:54 -05:00
Quentin Machu
2c150b015e *: refactor & do initial work towards PostgreSQL implementation 2016-02-24 16:32:21 -05:00
Quentin Machu
e834301941 Merge pull request #49 from liangchenye/master
Add DataDetector to support ACI and other layout format
2016-01-07 10:44:40 -05:00
Quentin Machu
8c1d3c9a86 *: Fix authentification typo 2015-12-16 12:01:51 -05:00
Jimmy Zelinskie
34870a2a2b move LoadTLSClientConfigForServer into API package
This isn't reused any where just yet, so we're best off leaving it local
to the place that needs it.
2015-12-15 12:09:46 -05:00
liangchenye
d402ae818e use imageFormat in params for consistence
Signed-off-by: liangchenye <liangchenye@huawei.com>
2015-12-11 19:41:32 +08:00
liangchenye
b1775ed3dc add data detector to support ACI and other format in the future
Signed-off-by: liangchenye <liangchenye@huawei.com>
2015-12-11 19:37:25 +08:00
Quentin Machu
eb7e5d5c74 main: Use configuration file instead of flags and simplify app extension.
Clair will now use a YAML configuration file instead of command line
arguments as the number of parameters grows.

Also, Clair now exposes a Boot() func that allows everyone to easily
create their own project and load dynamically their own fetchers/updaters.
2015-12-08 11:50:52 -05:00
Quentin Machu
9946382223 api: Extracted client cert & HTTP JSON Render to utils. 2015-12-04 16:56:20 -05:00
Quentin Machu
e444e93c97 api/database: Add the ability to delete layers 2015-12-04 14:42:21 -05:00
Quentin Machu
9db0e63401 api: Specify what packages cause the layer to have vulnerabilities. 2015-12-01 17:02:49 -05:00
Quentin Machu
3ec262dd51 Initial commit 2015-11-13 14:11:28 -05:00