You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
Is this a BUG REPORT or a FEATURE REQUEST? (choose one):
BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable:
anchore-cli, version 0.9.4
Name: anchore-engine
Version: 1.1.0
What happened:
I Installed anchore-engine on an openshift cluster. I used the Helm-Chart 1.18.0 . My cluster is behind a corporate proxy so i added proxy configuration and custom certificates to the container. If the policy engine tries to fetch "https://toolbox-data.anchore.io/grype/databases/listing.json" an "requests.exceptions.HTTPError: 403 Client Error: AuthorizedOnly for url: https://toolbox-data.anchore.io/grype/databases/listing.json" Error occurs. The certificates are mounted correctly and lay under /home/anchore/certs_override/python .
What did you expect to happen:
I expected that the policy engine can successfully fetch the data from toolbox-data.anchore.io
Any relevant log output from /var/log/anchore:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Exception in thread Thread-13:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Traceback (most recent call last):
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 211, in execute_request
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] r.raise_for_status()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/requests/models.py", line 953, in raise_for_status
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raise HTTPError(http_error_msg, response=self)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] requests.exceptions.HTTPError: 403 Client Error: AuthorizedOnly for url: https://toolbox-data.anchore.io/grype/databases/listing.json
[service:policy-engine] 2022-04-28 09:29:02+0000 [-]
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] During handling of the above exception, another exception occurred:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-]
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Traceback (most recent call last):
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/lib64/python3.8/threading.py", line 932, in _bootstrap_inner
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self.run()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/lib64/python3.8/threading.py", line 870, in run
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self._target(*self._args, **self._kwargs)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/tasks.py", line 186, in
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] target=lambda: result.append(task.execute()),
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/tasks.py", line 243, in execute
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] DataFeeds.sync(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 283, in sync
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] source_feeds = DataFeeds.get_feed_group_information(feed_client, to_sync)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 140, in get_feed_group_information
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] source_feeds = {
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 143, in
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] "groups": feed_client.list_feed_groups(x.name).groups,
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 532, in list_feed_groups
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raw_db_listing = self._list_feed_groups()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 509, in _list_feed_groups
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] listing_response = self.http_client.execute_request(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 226, in execute_request
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self._map_error_to_exception(e, username=self.user, url=url)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 129, in _map_error_to_exception
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raise InsufficientAccessTierError(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] anchore_engine.services.policy_engine.engine.feeds.client.InsufficientAccessTierError: Access denied due to insufficient permissions for user: None
What docker images are you using:
anchore/anchore-engine:v1.1.0
How to reproduce the issue:
Anything else we need to know:
Before i added the certificates i got an certificate signed by unknown authority error.
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is this a request for help?:
Yes
Is this a BUG REPORT or a FEATURE REQUEST? (choose one):
BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable:
anchore-cli, version 0.9.4
Name: anchore-engine
Version: 1.1.0
What happened:
I Installed anchore-engine on an openshift cluster. I used the Helm-Chart 1.18.0 . My cluster is behind a corporate proxy so i added proxy configuration and custom certificates to the container. If the policy engine tries to fetch "https://toolbox-data.anchore.io/grype/databases/listing.json" an "requests.exceptions.HTTPError: 403 Client Error: AuthorizedOnly for url: https://toolbox-data.anchore.io/grype/databases/listing.json" Error occurs. The certificates are mounted correctly and lay under /home/anchore/certs_override/python .
What did you expect to happen:
I expected that the policy engine can successfully fetch the data from toolbox-data.anchore.io
Any relevant log output from /var/log/anchore:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Exception in thread Thread-13:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Traceback (most recent call last):
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 211, in execute_request
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] r.raise_for_status()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/requests/models.py", line 953, in raise_for_status
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raise HTTPError(http_error_msg, response=self)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] requests.exceptions.HTTPError: 403 Client Error: AuthorizedOnly for url: https://toolbox-data.anchore.io/grype/databases/listing.json
[service:policy-engine] 2022-04-28 09:29:02+0000 [-]
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] During handling of the above exception, another exception occurred:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-]
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Traceback (most recent call last):
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/lib64/python3.8/threading.py", line 932, in _bootstrap_inner
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self.run()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/lib64/python3.8/threading.py", line 870, in run
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self._target(*self._args, **self._kwargs)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/tasks.py", line 186, in
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] target=lambda: result.append(task.execute()),
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/tasks.py", line 243, in execute
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] DataFeeds.sync(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 283, in sync
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] source_feeds = DataFeeds.get_feed_group_information(feed_client, to_sync)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 140, in get_feed_group_information
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] source_feeds = {
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 143, in
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] "groups": feed_client.list_feed_groups(x.name).groups,
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 532, in list_feed_groups
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raw_db_listing = self._list_feed_groups()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 509, in _list_feed_groups
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] listing_response = self.http_client.execute_request(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 226, in execute_request
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self._map_error_to_exception(e, username=self.user, url=url)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 129, in _map_error_to_exception
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raise InsufficientAccessTierError(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] anchore_engine.services.policy_engine.engine.feeds.client.InsufficientAccessTierError: Access denied due to insufficient permissions for user: None
What docker images are you using:
anchore/anchore-engine:v1.1.0
How to reproduce the issue:
Anything else we need to know:
Before i added the certificates i got an certificate signed by unknown authority error.
The text was updated successfully, but these errors were encountered: