can not add policy including malware Error: Bundle failed validation
makihikoyamazaki opened this issue · 1 comments
Is this a request for help?:
Yes
Version of Anchore Engine and Anchore CLI if applicable:
anchore-cli, version 0.9.3
Name: anchore-engine
Version: 1.0.0
Summary: Anchore Engine
Home-page: http://www.anchore.com
Author: Anchore Inc.
Author-email: dev@anchore.com
License: Apache License 2.0
Location: /usr/local/lib/python3.8/site-packages
Requires: connexion, pathlib, prometheus-flask-exporter, python-swiftclient, yosai, urllib3, passlib, psutil, Flask, Click, ijson, jsonschema, six, treelib, zope.interface, zope.component, cpe, pg8000, boto3, prometheus-client, watchdog, retrying, PyYAML, Werkzeug, cryptography, SQLAlchemy, marshmallow, readerwriterlock, Authlib, prettytable, semantic-version, Twisted, requests, pytz, swagger-spec-validator, python-dateutil, python-keystoneclient
Required-by:
What happened:
Error: Bundle failed validation
HTTP Code: 400
[root@ip-172-31-45-151 ~]# anchore-cli --debug --u admin --p foobar policy add testbundle.json
DEBUG:anchorecli.clients.apiexternal:As Account = None
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:8228
DEBUG:urllib3.connectionpool:http://localhost:8228 "GET /v1 HTTP/1.1" 200 5
DEBUG:anchorecli.clients.apiexternal:As Account = None
DEBUG:anchorecli.clients.apiexternal:POST url=http://localhost:8228/v1/policies?detail=True
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:8228
DEBUG:urllib3.connectionpool:http://localhost:8228 "POST /v1/policies?detail=True HTTP/1.1" 400 278
DEBUG:anchorecli.cli.utils:fetched httpcode from response: 400
Error: Bundle failed validation
HTTP Code: 400
Detail: {'error_codes': [], 'validation_details': [{'details': "'NoneType' object is not iterable", 'problem_type': 'PolicyError', 'severity': 'error'}]}
What did you expect to happen:
I can add policy with gate of malware and then scan docker image.
What docker images are you using:
REPOSITORY TAG
postgres 9
anchore/anchore-engine v1.0.0
How to reproduce the issue:
Anything else we need to know:
I created the environment wit Amazon linux 2 instance.
I attached testbundle.json thane I modifed below section.
{
"action": "STOP",
"gate": "malware",
"id": "testest",
"trigger": "scans"
}
I can not find how to write the policy and examples.
So, I guess testbundle.json is not correct policy json.
testbundle.txt
Hi @makihikoyamazaki you can find the syntax documentation in our public docs for engine
https://engine.anchore.io/docs/general/concepts/policy/bundles/
This should help get you started.
{
"blacklisted_images": [],
"description": "",
"id": "5b997dab-07ae-41cc-8d69-a8afc21e9002",
"mappings": [
{
"id": "b5a4fc96-8f00-4654-a7a9-b0ad914afabf",
"image": {
"type": "tag",
"value": "*"
},
"name": "default",
"policy_ids": [
"dd78522f-9aa7-4297-ba41-338c67b67d04"
],
"registry": "*",
"repository": "*",
"whitelist_ids": [
"89bf4605-7fe8-4e5e-a198-8c3034f47166"
]
}
],
"name": "test for pg",
"policies": [
{
"comment": "",
"id": "dd78522f-9aa7-4297-ba41-338c67b67d04",
"name": "DefaultPolicy",
"rules": [
{
"action": "STOP",
"gate": "malware",
"id": "ecf79682-c15e-4019-8509-b42920e5eccf",
"params": [],
"trigger": "scans"
}
],
"version": "1_0"
}
],
"version": "1_0",
"whitelisted_images": [],
"whitelists": [
{
"comment": "",
"id": "89bf4605-7fe8-4e5e-a198-8c3034f47166",
"items": [],
"name": "DefaultAllowlist",
"version": "1_0"
}
]
}