Commit Graph

135 Commits

Author SHA1 Message Date
Jimmy Zelinskie
e7f72ef5ad utils: rm prometheus.go 2017-01-22 23:02:51 -05:00
Jimmy Zelinskie
343e24eb7e clair: remove types package
This removes the `types` package instead moving the contents to the
top-level clair package.
This change also renames the `Priority` type to `Severity` in order to
reduce confusion.
This change also removes the IsValid method and replaces it with a safe
constructor to avoid the creation of invalid values.
Many docstrings were tweaked in the making of this commit.
2017-01-22 23:02:51 -05:00
Jimmy Zelinskie
78cef02fda pkg: cerrors -> commonerr 2017-01-22 23:02:50 -05:00
Jimmy Zelinskie
03bac0f1b6 pkg: utils/tar.go -> pkg/tarutil 2017-01-22 23:02:50 -05:00
Jimmy Zelinskie
ebd0170f5b api/v1: fix JSON struct tag misnomer 2017-01-03 15:59:51 -05:00
Jimmy Zelinskie
033709eaea add registerable version formats
Since we only ever used dpkg, this change shims everything into using
dpkg.
2016-12-30 12:51:24 -05:00
Jimmy Zelinskie
d4522e9c6e api/v1: indexed layers for notifications
This change deprecates the old LayersIntroducingVulnerability for a new
one that orders output and contains an Index. This index is not
guaranteed to be consistent across multiple notifications, despite the
current Postgres implementation using the primary key of Layer table.
2016-12-06 19:23:33 -05:00
Jimmy Zelinskie
eb6117c372 Merge pull request #235 from jzelinskie/doc-move
docs: move to standard Documentation dir
2016-09-06 15:08:08 -04:00
Jimmy Zelinskie
b45b625fc8 improve v1 api docs header legibility
GitHub has changed fonts and as a result h6s are extremely small.
2016-07-11 14:35:35 -04:00
Tobias Sarnowski
ad11393a28 Updated API documentation to reflect changes to authentication scheme. (#180)
With #167, the API was changed to provide a more generic way of how Clair can retrieve the layers from a registry. This change reflects it in the documentation.
2016-05-19 10:09:43 -04:00
Jimmy Zelinskie
53e62577bc api/worker: s/Authorization/Headers (#167)
This allows clients to specify any HTTP headers that need to be used in
order to allow Clair to download a layer, rather than just the
Authorization header.
2016-05-05 13:48:10 -04:00
Jimmy Zelinskie
9b5afc79ca api/worker: introduce optional authorization
This allows clients to specify the contents of the HTTP Authorization
header so that Clair can access protected resources.
2016-05-04 15:47:14 -04:00
Jimmy Zelinskie
7aa88690af api: WriteHeader on health endpoint
Fixes #141.
2016-04-19 12:17:13 -04:00
Jimmy Zelinskie
68250f392b api/v1: create namespace type
This change creates a struct type for namespaces rather than using a
string. This enables us to extend namespaces in the future to contain
metadata. This change also required renaming other field references of
namespaces to "NamespaceName".

Fixes #99
2016-03-16 15:28:59 -04:00
Quentin Machu
f14e4de4d8 api: fix anchor link in docs 2016-03-15 12:46:56 -04:00
liangchenye
1a863a06cf remove the useless pointer of NextPage field; check namespace notfound error
Signed-off-by: liangchenye <liangchenye@huawei.com>
2016-03-08 11:48:52 +08:00
liangchenye
27e5e42340 use tokenMarshal/unmarshal in page encoding
Signed-off-by: liangchenye <liangchenye@huawei.com>
2016-03-07 14:59:26 +08:00
liangchenye
48ffb2687a use encrypt page in listVuln api
Signed-off-by: liangchenye <liangchenye@huawei.com>
2016-03-07 14:07:07 +08:00
liangchenye
a541e964e0 New API: list vulnerabilities by namespace
Signed-off-by: liangchenye <liangchenye@huawei.com>
2016-03-07 14:07:07 +08:00
liangchenye
d47616a339 readme: make API description consistence
Signed-off-by: liangchenye <liangchenye@huawei.com>
2016-02-26 15:54:59 +08:00
Jimmy Zelinskie
af0ddceaa2 readme: s/notification/notifications 2016-02-25 15:52:21 -05:00
Jimmy Zelinskie
2140995a54 readme: clarify "marked as read" notifications 2016-02-25 13:49:24 -05:00
Jimmy Zelinskie
1557a27a8c Revert "v1: pagination now deterministic"
This reverts commit 24f329fea674e04c76f5e87c22eea1800e6bc413.

This was unnecessary.
2016-02-24 16:40:40 -05:00
Quentin Machu
3563cf9061 api: fix pagination token that's returned to match what has been passed 2016-02-24 16:40:40 -05:00
Jimmy Zelinskie
4fd4049fee v1: update documented error codes 2016-02-24 16:40:40 -05:00
Quentin Machu
e78d076d02 api/worker: adjust error codes in postLayer 2016-02-24 16:40:40 -05:00
Jimmy Zelinskie
452c32d7d7 v1: pagination now deterministic
The standard JSON encoding has no guarantee of the order of keys, thus
token values could differ, but still be equivalent.
2016-02-24 16:40:40 -05:00
Jimmy Zelinskie
dc431c22f3 v1: add readme 2016-02-24 16:40:40 -05:00
Jimmy Zelinskie
771e35def0 v1: return object on PUT/POST
This change also improves error handling around InsertVulnerability.
2016-02-24 16:40:40 -05:00
Jimmy Zelinskie
c06df1affd v1: 200 on PUT 2016-02-24 16:40:40 -05:00
Quentin Machu
274a1620a5 api: log instead of panic when a response could not be marshaled
In order to avoid killing Clair when there is simply a broken pipe..
2016-02-24 16:40:40 -05:00
Quentin Machu
8d76700506 api: add call duration in logs 2016-02-24 16:40:40 -05:00
Quentin Machu
418ab08c4b api: adjust postLayer error codes
- return 422 when layer could not be analyzed (extraction failed or layer unsupported)
- return 404 if the parent is not found or the download path leads to a 404 page
2016-02-24 16:40:40 -05:00
Quentin Machu
f40f6a5ab6 api: add missing link field in vulnerability in getLayer 2016-02-24 16:39:25 -05:00
Quentin Machu
6d2eedf121 api/database: add the layer name that add each feature in getLayer 2016-02-24 16:39:25 -05:00
Quentin Machu
0e9a7e1740 api: close gzip writer to flush it 2016-02-24 16:36:45 -05:00
Quentin Machu
db974ae722 api: fix postLayer response headers 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
6f02119c56 api: add bad requests to insert layer 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
ca2b0ccfcb api: support gzip responses 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
c7aa7c4db4 api: reorder constants and add comments 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
4516d6fd73 api: make postLayer returns a Layer 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
d19a4348df api: implement fernet encryption of pagination tokens 2016-02-24 16:36:45 -05:00
Quentin Machu
b8c534cd0d api: fix putVulnerability (fill missing Namespace.Name and Name fields) 2016-02-24 16:36:45 -05:00
Quentin Machu
c2061dc69e api: fix negative timestamps in notifications 2016-02-24 16:36:45 -05:00
Quentin Machu
f68012de00 api: fix 404->500 and NPE issues 2016-02-24 16:36:45 -05:00
Quentin Machu
7c11e4eb5d updater/database: do not create notifications during the initial update 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
c504d2ed0e api: add FeatureFromDatabaseModel
This also handles replacing the DB identifier for a maximum version with
the string "None".
2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
83b19b6179 api/prometheus: add prometheus metrics to API routes 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
f351d6304e api: add "Content-Type" and "Server" headers 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
2d8d9ca401 api: finish initial work on v1 API 2016-02-24 16:36:45 -05:00
Quentin Machu
94ece7bf2b database: fix notification design and add vulnerability history 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
b9a6da4a57 api: implement delete notification 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
96e96d948d api: handle last page for notifications 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
3eaae478f9 api: implement get notification 2016-02-24 16:36:45 -05:00
Quentin Machu
116ce1a806 api: fix log message when stopping the API server 2016-02-24 16:36:45 -05:00
Quentin Machu
5fdd9d1a07 *: add metadata support along with NVD CVSS 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
c05848e32d api: implement put vulnerability 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
8209922c0c api: implement delete vulnerability 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
dc99d45f47 api: refactor endpoints and implement get vulnerability 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
6ac9b5e645 api: fix graceful stop 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
9a8d4aa591 api: implement post vulnerability 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
38aeed4f2c api: implement get namespaces route 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
b916fba4c6 api: implement delete layer route 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
04c7351911 api: use pointers in models to get proper omitempty semantics 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
1a5aa88b18 api: use only one layer envelope 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
fa45d516df api: add JSON tags to API models 2016-02-24 16:36:45 -05:00
Jimmy Zelinskie
d130d2fab4 api: implement getLayer 2016-02-24 16:36:45 -05:00
Quentin Machu
6b3f95dc03 api: fix /v1 router and some status codes 2016-02-24 16:34:54 -05:00
Jimmy Zelinskie
be9423b489 api: add request / response types and rename some fields 2016-02-24 16:34:54 -05:00
Jimmy Zelinskie
822ac7ab4c api: add initial work on the new API 2016-02-24 16:34:54 -05:00
Quentin Machu
b8b7be3f81 *: remove health checker 2016-02-24 16:34:54 -05:00
Quentin Machu
726bd3c0c6 database/api: add layer deletion support 2016-02-24 16:34:54 -05:00
Quentin Machu
6e20993bac api: simplify getLayer route and JSON output 2016-02-24 16:34:54 -05:00
Quentin Machu
77387af2ac updater: port updater and its fetchers 2016-02-24 16:34:54 -05:00
Quentin Machu
2c150b015e *: refactor & do initial work towards PostgreSQL implementation 2016-02-24 16:32:21 -05:00
Quentin Machu
e834301941 Merge pull request #49 from liangchenye/master
Add DataDetector to support ACI and other layout format
2016-01-07 10:44:40 -05:00
Quentin Machu
8c1d3c9a86 *: Fix authentification typo 2015-12-16 12:01:51 -05:00
Jimmy Zelinskie
34870a2a2b move LoadTLSClientConfigForServer into API package
This isn't reused any where just yet, so we're best off leaving it local
to the place that needs it.
2015-12-15 12:09:46 -05:00
liangchenye
d402ae818e use imageFormat in params for consistence
Signed-off-by: liangchenye <liangchenye@huawei.com>
2015-12-11 19:41:32 +08:00
liangchenye
b1775ed3dc add data detector to support ACI and other format in the future
Signed-off-by: liangchenye <liangchenye@huawei.com>
2015-12-11 19:37:25 +08:00
Quentin Machu
eb7e5d5c74 main: Use configuration file instead of flags and simplify app extension.
Clair will now use a YAML configuration file instead of command line
arguments as the number of parameters grows.

Also, Clair now exposes a Boot() func that allows everyone to easily
create their own project and load dynamically their own fetchers/updaters.
2015-12-08 11:50:52 -05:00
Quentin Machu
9946382223 api: Extracted client cert & HTTP JSON Render to utils. 2015-12-04 16:56:20 -05:00
Quentin Machu
e444e93c97 api/database: Add the ability to delete layers 2015-12-04 14:42:21 -05:00
Quentin Machu
9db0e63401 api: Specify what packages cause the layer to have vulnerabilities. 2015-12-01 17:02:49 -05:00
Quentin Machu
3ec262dd51 Initial commit 2015-11-13 14:11:28 -05:00