233 lines
7.0 KiB
Go
233 lines
7.0 KiB
Go
// Copyright 2017 clair authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package v3
|
|
|
|
import (
|
|
"sync"
|
|
|
|
"golang.org/x/net/context"
|
|
"golang.org/x/sync/errgroup"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/status"
|
|
|
|
"github.com/coreos/clair"
|
|
pb "github.com/coreos/clair/api/v3/clairpb"
|
|
"github.com/coreos/clair/database"
|
|
"github.com/coreos/clair/ext/imagefmt"
|
|
"github.com/coreos/clair/pkg/pagination"
|
|
)
|
|
|
|
func newRPCErrorWithClairError(code codes.Code, err error) error {
|
|
return status.Errorf(code, "clair error reason: '%s'", err.Error())
|
|
}
|
|
|
|
// NotificationServer implements NotificationService interface for serving RPC.
|
|
type NotificationServer struct {
|
|
Store database.Datastore
|
|
}
|
|
|
|
// AncestryServer implements AncestryService interface for serving RPC.
|
|
type AncestryServer struct {
|
|
Store database.Datastore
|
|
}
|
|
|
|
// StatusServer implements StatusService interface for serving RPC.
|
|
type StatusServer struct {
|
|
Store database.Datastore
|
|
}
|
|
|
|
// GetStatus implements getting the current status of Clair via the Clair service.
|
|
func (s *StatusServer) GetStatus(ctx context.Context, req *pb.GetStatusRequest) (*pb.GetStatusResponse, error) {
|
|
clairStatus, err := GetClairStatus(s.Store)
|
|
if err != nil {
|
|
return nil, status.Error(codes.Internal, err.Error())
|
|
}
|
|
|
|
return &pb.GetStatusResponse{Status: clairStatus}, nil
|
|
}
|
|
|
|
// PostAncestry implements posting an ancestry via the Clair gRPC service.
|
|
func (s *AncestryServer) PostAncestry(ctx context.Context, req *pb.PostAncestryRequest) (*pb.PostAncestryResponse, error) {
|
|
blobFormat := req.GetFormat()
|
|
if !imagefmt.IsSupported(blobFormat) {
|
|
return nil, status.Error(codes.InvalidArgument, "image blob format is not supported")
|
|
}
|
|
|
|
clairStatus, err := GetClairStatus(s.Store)
|
|
if err != nil {
|
|
return nil, status.Error(codes.Internal, err.Error())
|
|
}
|
|
|
|
// check if the ancestry is already processed; if not we build the ancestry again.
|
|
layerHashes := make([]string, len(req.Layers))
|
|
for i, layer := range req.Layers {
|
|
layerHashes[i] = layer.GetHash()
|
|
}
|
|
|
|
found, err := clair.IsAncestryCached(s.Store, req.AncestryName, layerHashes)
|
|
if err != nil {
|
|
return nil, newRPCErrorWithClairError(codes.Internal, err)
|
|
}
|
|
|
|
if found {
|
|
return &pb.PostAncestryResponse{Status: clairStatus}, nil
|
|
}
|
|
|
|
builder := clair.NewAncestryBuilder(clair.EnabledDetectors())
|
|
layerMap := map[string]*database.Layer{}
|
|
layerMapLock := sync.RWMutex{}
|
|
g, analyzerCtx := errgroup.WithContext(ctx)
|
|
for i := range req.Layers {
|
|
layer := req.Layers[i]
|
|
if _, ok := layerMap[layer.Hash]; !ok {
|
|
layerMap[layer.Hash] = nil
|
|
if layer == nil {
|
|
err := status.Error(codes.InvalidArgument, "ancestry layer is invalid")
|
|
return nil, err
|
|
}
|
|
|
|
if layer.GetHash() == "" {
|
|
return nil, status.Error(codes.InvalidArgument, "ancestry layer hash should not be empty")
|
|
}
|
|
|
|
if layer.GetPath() == "" {
|
|
return nil, status.Error(codes.InvalidArgument, "ancestry layer path should not be empty")
|
|
}
|
|
|
|
g.Go(func() error {
|
|
clairLayer, err := clair.AnalyzeLayer(analyzerCtx, s.Store, layer.Hash, req.Format, layer.Path, layer.Headers)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
layerMapLock.Lock()
|
|
layerMap[layer.Hash] = clairLayer
|
|
layerMapLock.Unlock()
|
|
|
|
return nil
|
|
})
|
|
}
|
|
}
|
|
|
|
if err = g.Wait(); err != nil {
|
|
return nil, newRPCErrorWithClairError(codes.Internal, err)
|
|
}
|
|
|
|
for _, layer := range req.Layers {
|
|
builder.AddLeafLayer(layerMap[layer.Hash])
|
|
}
|
|
|
|
if err := clair.SaveAncestry(s.Store, builder.Ancestry(req.AncestryName)); err != nil {
|
|
return nil, newRPCErrorWithClairError(codes.Internal, err)
|
|
}
|
|
|
|
return &pb.PostAncestryResponse{Status: clairStatus}, nil
|
|
}
|
|
|
|
// GetAncestry implements retrieving an ancestry via the Clair gRPC service.
|
|
func (s *AncestryServer) GetAncestry(ctx context.Context, req *pb.GetAncestryRequest) (*pb.GetAncestryResponse, error) {
|
|
name := req.GetAncestryName()
|
|
if name == "" {
|
|
return nil, status.Errorf(codes.InvalidArgument, "ancestry name should not be empty")
|
|
}
|
|
|
|
ancestry, ok, err := database.FindAncestryAndRollback(s.Store, name)
|
|
if err != nil {
|
|
return nil, newRPCErrorWithClairError(codes.Internal, err)
|
|
}
|
|
|
|
if !ok {
|
|
return nil, status.Errorf(codes.NotFound, "requested ancestry '%s' is not found", req.GetAncestryName())
|
|
}
|
|
|
|
pbAncestry := &pb.GetAncestryResponse_Ancestry{
|
|
Name: ancestry.Name,
|
|
Detectors: pb.DetectorsFromDatabaseModel(ancestry.By),
|
|
}
|
|
|
|
for _, layer := range ancestry.Layers {
|
|
pbLayer, err := s.GetPbAncestryLayer(layer)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
pbAncestry.Layers = append(pbAncestry.Layers, pbLayer)
|
|
}
|
|
|
|
pbClairStatus, err := GetClairStatus(s.Store)
|
|
if err != nil {
|
|
return nil, status.Error(codes.Internal, err.Error())
|
|
}
|
|
|
|
return &pb.GetAncestryResponse{
|
|
Status: pbClairStatus,
|
|
Ancestry: pbAncestry,
|
|
}, nil
|
|
}
|
|
|
|
// GetNotification implements retrieving a notification via the Clair gRPC
|
|
// service.
|
|
func (s *NotificationServer) GetNotification(ctx context.Context, req *pb.GetNotificationRequest) (*pb.GetNotificationResponse, error) {
|
|
if req.GetName() == "" {
|
|
return nil, status.Error(codes.InvalidArgument, "notification name should not be empty")
|
|
}
|
|
|
|
if req.GetLimit() <= 0 {
|
|
return nil, status.Error(codes.InvalidArgument, "notification page limit should not be empty or less than 1")
|
|
}
|
|
|
|
dbNotification, ok, err := database.FindVulnerabilityNotificationAndRollback(
|
|
s.Store,
|
|
req.GetName(),
|
|
int(req.GetLimit()),
|
|
pagination.Token(req.GetOldVulnerabilityPage()),
|
|
pagination.Token(req.GetNewVulnerabilityPage()),
|
|
)
|
|
|
|
if err != nil {
|
|
return nil, newRPCErrorWithClairError(codes.Internal, err)
|
|
}
|
|
|
|
if !ok {
|
|
return nil, status.Errorf(codes.NotFound, "requested notification '%s' is not found", req.GetName())
|
|
}
|
|
|
|
notification, err := pb.NotificationFromDatabaseModel(dbNotification)
|
|
if err != nil {
|
|
return nil, status.Error(codes.Internal, err.Error())
|
|
}
|
|
|
|
return &pb.GetNotificationResponse{Notification: notification}, nil
|
|
}
|
|
|
|
// MarkNotificationAsRead implements deleting a notification via the Clair gRPC
|
|
// service.
|
|
func (s *NotificationServer) MarkNotificationAsRead(ctx context.Context, req *pb.MarkNotificationAsReadRequest) (*pb.MarkNotificationAsReadResponse, error) {
|
|
if req.GetName() == "" {
|
|
return nil, status.Error(codes.InvalidArgument, "notification name should not be empty")
|
|
}
|
|
|
|
found, err := database.MarkNotificationAsReadAndCommit(s.Store, req.GetName())
|
|
if err != nil {
|
|
return nil, newRPCErrorWithClairError(codes.Internal, err)
|
|
}
|
|
|
|
if !found {
|
|
return nil, status.Errorf(codes.NotFound, "requested notification '%s' is not found", req.GetName())
|
|
}
|
|
|
|
return &pb.MarkNotificationAsReadResponse{}, nil
|
|
}
|