This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
Problem with Policy Engine authentication #1377
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
{{ message }}
Is this a request for help?:
Yes
Is this a BUG REPORT or a FEATURE REQUEST? (choose one):
BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable:
anchore-cli, version 0.9.4
Name: anchore-engine
Version: 1.1.0
What happened:
I Installed anchore-engine on an openshift cluster. I used the Helm-Chart 1.18.0 . My cluster is behind a corporate proxy so i added proxy configuration and custom certificates to the container. If the policy engine tries to fetch "https://toolbox-data.anchore.io/grype/databases/listing.json" an "requests.exceptions.HTTPError: 403 Client Error: AuthorizedOnly for url: https://toolbox-data.anchore.io/grype/databases/listing.json" Error occurs. The certificates are mounted correctly and lay under /home/anchore/certs_override/python .
What did you expect to happen:
I expected that the policy engine can successfully fetch the data from toolbox-data.anchore.io
Any relevant log output from /var/log/anchore:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Exception in thread Thread-13:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Traceback (most recent call last):
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 211, in execute_request
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] r.raise_for_status()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/requests/models.py", line 953, in raise_for_status
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raise HTTPError(http_error_msg, response=self)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] requests.exceptions.HTTPError: 403 Client Error: AuthorizedOnly for url: https://toolbox-data.anchore.io/grype/databases/listing.json
[service:policy-engine] 2022-04-28 09:29:02+0000 [-]
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] During handling of the above exception, another exception occurred:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-]
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Traceback (most recent call last):
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/lib64/python3.8/threading.py", line 932, in _bootstrap_inner
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self.run()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/lib64/python3.8/threading.py", line 870, in run
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self._target(*self._args, **self._kwargs)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/tasks.py", line 186, in
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] target=lambda: result.append(task.execute()),
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/tasks.py", line 243, in execute
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] DataFeeds.sync(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 283, in sync
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] source_feeds = DataFeeds.get_feed_group_information(feed_client, to_sync)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 140, in get_feed_group_information
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] source_feeds = {
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 143, in
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] "groups": feed_client.list_feed_groups(x.name).groups,
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 532, in list_feed_groups
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raw_db_listing = self._list_feed_groups()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 509, in _list_feed_groups
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] listing_response = self.http_client.execute_request(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 226, in execute_request
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self._map_error_to_exception(e, username=self.user, url=url)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 129, in _map_error_to_exception
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raise InsufficientAccessTierError(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] anchore_engine.services.policy_engine.engine.feeds.client.InsufficientAccessTierError: Access denied due to insufficient permissions for user: None
What docker images are you using:
anchore/anchore-engine:v1.1.0
How to reproduce the issue:
Anything else we need to know:
Before i added the certificates i got an certificate signed by unknown authority error.
The text was updated successfully, but these errors were encountered: