Add support for Anchore Engine force and autosubscribe flags when sub…

…mitting images for analysis Signed-off-by: Swathi Gangisetty <swathi@anchore.com>
jenkinsci · May 21, 2019 · 3ab7360 · 3ab7360
1 parent db10df5
commit 3ab7360
Show file tree

Hide file tree

Showing 6 changed files with 80 additions and 6 deletions.
diff --git a/src/main/java/com/anchore/jenkins/plugins/anchore/AnchoreBuilder.java b/src/main/java/com/anchore/jenkins/plugins/anchore/AnchoreBuilder.java
@@ -75,6 +75,8 @@ public class AnchoreBuilder extends Builder implements SimpleBuildStep {
   private List<AnchoreQuery> inputQueries;
   private String policyBundleId = DescriptorImpl.DEFAULT_POLICY_BUNDLE_ID;
   private List<Annotation> annotations;
+  private boolean autoSubscribeTag = DescriptorImpl.DEFAULT_TAG_AUTOSUBSCRIBE;
+  private boolean force = DescriptorImpl.DEFAULT_USE_FORCE_FLAG;
 
   // Override global config. Supported for anchore-engine mode config only
   private String engineurl = DescriptorImpl.EMPTY_STRING;
@@ -152,6 +154,14 @@ public List<Annotation> getAnnotations() {
     return annotations;
   }
 
+  public boolean getAutoSubscribeTag() {
+    return autoSubscribeTag;
+  }
+
+  public boolean getForce() {
+    return force;
+  }
+
   public String getEngineurl() {
     return engineurl;
   }
@@ -245,6 +255,16 @@ public void setAnnotations(List<Annotation> annotations) {
     this.annotations = annotations;
   }
 
+  @DataBoundSetter
+  public void setAutoSubscribeTag(boolean autoSubscribeTag) {
+    this.autoSubscribeTag = autoSubscribeTag;
+  }
+
+  @DataBoundSetter
+  public void setForce(boolean force) {
+    this.force = force;
+  }
+
   @DataBoundSetter
   public void setEngineurl(String engineurl) {
     this.engineurl = engineurl;
@@ -311,7 +331,7 @@ public void perform(@Nonnull Run<?, ?> run, @Nonnull FilePath workspace, @Nonnul
       /* Instantiate config and a new build worker */
       config = new BuildConfig(name, policyName, globalWhiteList, anchoreioUser, anchoreioPass, userScripts, engineRetries, bailOnFail,
           bailOnWarn, bailOnPluginFail, doCleanup, useCachedBundle, policyEvalMethod, bundleFileOverride, inputQueries, policyBundleId,
-          annotations, globalConfig.getDebug(), globalConfig.getEnginemode(),
+          annotations, autoSubscribeTag, force, globalConfig.getDebug(), globalConfig.getEnginemode(),
           // messy build time overrides, ugh!
           !Strings.isNullOrEmpty(engineurl) ? engineurl : globalConfig.getEngineurl(),
           !Strings.isNullOrEmpty(engineuser) ? engineuser : globalConfig.getEngineuser(),
@@ -419,6 +439,8 @@ public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
             new AnchoreQuery("show-pkg-diffs base"));
     public static final String DEFAULT_POLICY_BUNDLE_ID = "";
     public static final String EMPTY_STRING = "";
+    public static final boolean DEFAULT_TAG_AUTOSUBSCRIBE = true;
+    public static final boolean DEFAULT_USE_FORCE_FLAG = false;
 
     // Global configuration
     private boolean debug;

diff --git a/src/main/java/com/anchore/jenkins/plugins/anchore/BuildConfig.java b/src/main/java/com/anchore/jenkins/plugins/anchore/BuildConfig.java
@@ -1,8 +1,8 @@
 package com.anchore.jenkins.plugins.anchore;
 
 
-import java.util.List;
 import com.google.common.base.Strings;
+import java.util.List;
 
 /**
  * Holder for all Anchore configuration - includes global and project level attributes. A convenience class for capturing a snapshot of
@@ -27,8 +27,9 @@ public class BuildConfig {
   private String bundleFileOverride;
   private List<AnchoreQuery> inputQueries;
   private String policyBundleId;
-
   private List<Annotation> annotations;
+  private boolean autoSubscribeTag;
+  private boolean force;
 
   // Global configuration
   private boolean debug;
@@ -46,9 +47,9 @@ public class BuildConfig {
   public BuildConfig(String name, String policyName, String globalWhiteList, String anchoreioUser, String anchoreioPass,
       String userScripts, String engineRetries, boolean bailOnFail, boolean bailOnWarn, boolean bailOnPluginFail, boolean doCleanup,
       boolean useCachedBundle, String policyEvalMethod, String bundleFileOverride, List<AnchoreQuery> inputQueries,
-      String policyBundleId, List<Annotation> annotations, boolean debug, String enginemode, String engineurl, String engineuser,
-      String enginepass, boolean engineverify, String containerImageId, String containerId, String localVol, String modulesVol,
-      boolean useSudo) {
+      String policyBundleId, List<Annotation> annotations, boolean autoSubscribeTag, boolean force, boolean debug, String enginemode,
+      String engineurl, String engineuser, String enginepass, boolean engineverify, String containerImageId, String containerId,
+      String localVol, String modulesVol, boolean useSudo) {
     this.name = name;
     this.policyName = policyName;
     this.globalWhiteList = globalWhiteList;
@@ -66,6 +67,8 @@ public BuildConfig(String name, String policyName, String globalWhiteList, Strin
     this.inputQueries = inputQueries;
     this.policyBundleId = policyBundleId;
     this.annotations = annotations;
+    this.autoSubscribeTag = autoSubscribeTag;
+    this.force = force;
     this.debug = debug;
     this.enginemode = enginemode;
     this.engineurl = engineurl;
@@ -151,6 +154,14 @@ public List<Annotation> getAnnotations() {
     return annotations;
   }
 
+  public boolean getAutoSubscribeTag() {
+    return autoSubscribeTag;
+  }
+
+  public boolean getForce() {
+    return force;
+  }
+
   public boolean getDebug() {
     return debug;
   }

diff --git a/src/main/java/com/anchore/jenkins/plugins/anchore/BuildWorker.java b/src/main/java/com/anchore/jenkins/plugins/anchore/BuildWorker.java
@@ -3,6 +3,7 @@
 import com.anchore.jenkins.plugins.anchore.Util.GATE_ACTION;
 import com.anchore.jenkins.plugins.anchore.Util.GATE_SUMMARY_COLUMN;
 import com.google.common.base.Strings;
+import com.google.common.base.Joiner;
 import hudson.AbortException;
 import hudson.FilePath;
 import hudson.Launcher;
@@ -220,13 +221,33 @@ private void runAnalyzerEngine() throws AbortException {
       for (Map.Entry<String, String> entry : input_image_dfile.entrySet()) {
         String tag = entry.getKey();
         String dfile = entry.getValue();
+        List<String> queryList = new ArrayList<>();
+        String queryStr = null;
 
         console.logInfo("Submitting " + tag + " for analysis");
 
         try (CloseableHttpClient httpclient = makeHttpClient(sslverify)) {
           // Prep POST request
           String theurl = config.getEngineurl().replaceAll("/+$", "") + "/images";
 
+          // Disable autosubscribe if necessary
+          if (!config.getAutoSubscribeTag()){
+            queryList.add("autosubscribe=false");
+          }
+
+          // Enable force if necessary
+          if (config.getForce()) {
+            queryList.add("force=true");
+          }
+
+          if (!queryList.isEmpty()){
+            queryStr = Joiner.on('&').skipNulls().join(queryList);
+          }
+
+          if (!Strings.isNullOrEmpty(queryStr)) {
+            theurl += "?" + queryStr;
+          }
+
           // Prep request body
           JSONObject jsonBody = new JSONObject();
           jsonBody.put("tag", tag);

diff --git a/src/main/resources/com/anchore/jenkins/plugins/anchore/AnchoreBuilder/config.jelly b/src/main/resources/com/anchore/jenkins/plugins/anchore/AnchoreBuilder/config.jelly
@@ -35,6 +35,14 @@
           </f:repeatableProperty>
         </f:entry>
 
+        <f:entry title="Anchore Engine tag auto subscribe" field="autoSubscribeTag">
+          <f:checkbox name="autoSubscribeTag" checked="${instance.autoSubscribeTag}" default="${descriptor.DEFAULT_TAG_AUTOSUBSCRIBE}"/>
+        </f:entry>
+
+        <f:entry title="Anchore Engine force flag" field="force">
+          <f:checkbox name="force" checked="${instance.force}" default="${descriptor.DEFAULT_USE_FORCE_FLAG}"/>
+        </f:entry>
+
         <f:section title="Override Global Configuration">
           <f:entry title="Anchore Engine URL" field="engineurl" help="/plugin/anchore-container-scanner/help/help-OverrideAEURL.html">
             <f:textbox name="engineurl" default=""/>

diff --git a/...n/resources/com/anchore/jenkins/plugins/anchore/AnchoreBuilder/help-autoSubscribeTag.html b/...n/resources/com/anchore/jenkins/plugins/anchore/AnchoreBuilder/help-autoSubscribeTag.html
@@ -0,0 +1,6 @@
+<div>
+
+  If selected or set to 'true', the Anchore Container Image Scanner step will instruct Anchore Engine to automatically begin watching
+  the added tag for updates from registry. Default value: 'true'
+
+</div>
diff --git a/src/main/resources/com/anchore/jenkins/plugins/anchore/AnchoreBuilder/help-force.html b/src/main/resources/com/anchore/jenkins/plugins/anchore/AnchoreBuilder/help-force.html
@@ -0,0 +1,6 @@
+<div>
+
+  If selected or set to 'true', the Anchore Container Image Scanner step will send API requests to Anchore Engine with force flag enabled
+  (force=true query parameter). Default value: 'false'
+
+</div>