Add UC communication folders

sifis-home · Aug 23, 2023 · e122be3 · e122be3
1 parent 1996c95
commit e122be3
Show file tree

Hide file tree

Showing 4 changed files with 208 additions and 16 deletions.
diff --git a/application_manager/catch_topic.py b/application_manager/catch_topic.py
@@ -1,12 +1,15 @@
 import json
 
 import app_dht
+import security_by_contract
 import websocket
 
 
 def handle_pull_image(ws, topic_name, topic_uuid):
     try:
         image_name = topic_name["image_name"]
+        security_by_contract.get_labels(image_name)
+
         requestor_id = topic_name["requestor_id"]
         request_id = topic_name["request_id"]
         result = app_dht.pull_image(
@@ -84,22 +87,26 @@ def on_message(ws, message):
                 topic_value = json_message["value"]
                 request_id = topic_value["request_id"]
                 requestor_id = topic_value["requestor_id"]
-                if "operation" in topic_value:
-                    operation = topic_value["operation"]
-                    if operation == "pull_image":
-                        handle_pull_image(ws, topic_value, topic_uuid)
-                    elif operation == "remove_image":
-                        handle_remove_image(topic_value, topic_uuid)
-                    elif operation == "start_container":
-                        handle_start_container(topic_value)
-                    elif operation == "stop_container":
-                        handle_stop_container(topic_value, topic_uuid)
-                    elif operation == "remove_container":
-                        handle_remove_container(topic_value)
-                    elif operation == "list_containers":
-                        handle_list_containers(
-                            topic_uuid, requestor_id, request_id
-                        )
+                handle_message(
+                    ws, topic_uuid, topic_value, request_id, requestor_id
+                )
+
+
+def handle_message(ws, topic_uuid, topic_value, request_id, requestor_id):
+    if "operation" in topic_value:
+        operation = topic_value["operation"]
+        if operation == "pull_image":
+            handle_pull_image(ws, topic_value, topic_uuid)
+        elif operation == "remove_image":
+            handle_remove_image(topic_value, topic_uuid)
+        elif operation == "start_container":
+            handle_start_container(topic_value)
+        elif operation == "stop_container":
+            handle_stop_container(topic_value, topic_uuid)
+        elif operation == "remove_container":
+            handle_remove_container(topic_value)
+        elif operation == "list_containers":
+            handle_list_containers(topic_uuid, requestor_id, request_id)
 
 
 def on_error(ws, error):

diff --git a/application_manager/get-labels.sh b/application_manager/get-labels.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+set -o errexit
+
+main() {
+  check_args "$@"
+
+  local image=$1
+  local tag=$2
+
+  local token=$(get_token $image)
+
+  local digest=$(get_digest $image $tag $token)
+
+  local blob=$(get_blob $image $token $digest)
+
+  # Extract manifest
+  echo "Label: manifest"
+  jq '.config.Labels.manifest | fromjson' <<< "$blob"
+  echo ""
+
+  # Extract software quality
+  echo "Label: sofware.quality"
+  jq '.config.Labels."software.quality"' <<< "$blob"
+  echo ""
+}
+
+# Obtain a token
+get_token() {
+  local image=$1
+
+  echo "Retrieving ghcr token.
+    IMAGE: $image
+  " >&2
+
+  curl \
+    --silent \
+    "https://ghcr.io/token?scope=repository:$image:pull" \
+    | jq -r '.token'
+}
+
+
+# Retrieve the manifests, now specifying in the header
+# that we have a token
+get_digest() {
+  local image=$1
+  local tag=$2
+  local token=$3
+
+  echo "Retrieving image manifests.
+    IMAGE:  $image
+    TAG:    $tag
+    TOKEN:  $token
+  " >&2
+
+  curl \
+    --silent \
+    --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+    --header "Authorization: Bearer $token" \
+    "https://ghcr.io/v2/$image/manifests/$tag" \
+    | jq -r '.config.digest'
+}
+
+get_blob() {
+  local image=$1
+  local token=$2
+  local digest=$3
+
+  echo "Retrieving blob.
+    IMAGE:  $image
+    TOKEN:  $token
+    DIGEST: $digest
+  " >&2
+
+  curl \
+    --silent \
+    --location "https://ghcr.io/v2/$image/blobs/$digest" \
+    --header "Authorization: Bearer $token" \
+    | jq -r '.'
+}
+
+check_args() {
+  if (($# != 2)); then
+    echo "Error:
+    Two arguments must be provided - $# provided.
+  
+    Usage:
+      ./get-labels.sh <image> <tag>
+      
+Aborting."
+    exit 1
+  fi
+}
+
+main "$@"
diff --git a/application_manager/security_by_contract.py b/application_manager/security_by_contract.py
@@ -0,0 +1,89 @@
+import json
+import os
+import subprocess
+
+
+def extract_manifest_json(output):
+    start_index = output.find("Label: manifest\n") + len("Label: manifest\n")
+    end_index = output.find("Label:", start_index)
+    manifest_json = output[start_index:end_index].strip()
+    return manifest_json
+
+
+def save_manifest_to_file(data, filename):
+    with open(filename, "w") as json_file:
+        json.dump(data, json_file, indent=2)
+
+
+def create_third_party_folder(source_path, json_filename):
+    folder_path = "./" + json_filename.replace(".json", "")
+    try:
+        os.makedirs(source_path + "/" + folder_path, exist_ok=True)
+        print(f"Folder '{folder_path}' created.")
+    except OSError as e:
+        print("Error creating folder:", e)
+
+
+def run_cargo_command(json_filename):
+    folder_path = "sifis-xacml"
+    create_third_party_folder(folder_path, json_filename)
+    command = [
+        "cargo",
+        "run",
+        "--",
+        "-a",
+        "data/" + json_filename,
+        "-o",
+        "./" + json_filename.replace(".json", ""),
+    ]
+    try:
+        result = subprocess.run(
+            command,
+            capture_output=True,
+            text=True,
+            check=True,
+            cwd=folder_path,
+        )
+        print("Command output:", result.stdout)
+    except subprocess.CalledProcessError as e:
+        print("Error:", e)
+        print("Command output (stderr):", e.stderr)
+
+
+def get_labels(image_name):
+    # Name of the file to execute
+    script_file = "application_manager/get-labels.sh"
+    sifis_prefix = "gchr.io/sifis-home/"
+    version = "latest"
+
+    try:
+        # Execute the shell command with the given image name as an argument
+        completed_process = subprocess.run(
+            ["bash", script_file, sifis_prefix + image_name, version],
+            stdout=subprocess.PIPE,
+            text=True,
+            check=True,
+        )
+
+        # Get the output of the execution
+        output = completed_process.stdout
+
+        # Extract the JSON under the "manifest" label
+        manifest_json = extract_manifest_json(output)
+
+        # Parse the extracted JSON
+        manifest_data = json.loads(manifest_json)
+
+        # Print or process the extracted JSON data
+        print("Extracted Manifest JSON:")
+        print(json.dumps(manifest_data, indent=2))
+        json_filename = "manifest_" + image_name + ".json"
+        path = "sifis-xacml/data/"
+        save_manifest_to_file(manifest_data, path + json_filename)
+        run_cargo_command(json_filename)
+        return manifest_data
+    except subprocess.CalledProcessError as e:
+        print("Error during script execution:", e)
+
+
+get_labels("3pa-lamp-amd64")
diff --git a/sifis-xacml b/sifis-xacml