-
Bug
-
Resolution: Done
-
Major
-
quay-v3.6.0
-
None
-
False
-
False
-
On a default operator installation when using the 3.6 default pre-release install, the following error is preventing clair scanning results from being returned after pushing new images to the deployment:
Security scanner response failed OpenAPI validation gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/secscan/v4/api.py", line 340, in is_valid_response gunicorn-web stdout | validate(resp.json(), schema, resolver=resolver) gunicorn-web stdout | File "/usr/local/lib/python3.8/site-packages/requests/models.py", line 897, in json gunicorn-web stdout | return complexjson.loads(self.text, kwargs) gunicorn-web stdout | File "/usr/lib64/python3.8/json/init.py", line 357, in loads gunicorn-web stdout | return _default_decoder.decode(s) gunicorn-web stdout | File "/usr/lib64/python3.8/json/decoder.py", line 337, in decode gunicorn-web stdout | obj, end = self.raw_decode(s, idx=_w(s, 0).end()) gunicorn-web stdout | File "/usr/lib64/python3.8/json/decoder.py", line 355, in raw_decode gunicorn-web stdout | raise JSONDecodeError("Expecting value", s, err.value) from None gunicorn-web stdout | json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) gunicorn-web stdout | 2021-10-18 18:35:17,993 [244] [DEBUG] [peewee] ('DELETE FROM "manifestsecuritystatus" WHERE ("manifestsecuritystatus"."id" = %s)', [43]) gunicorn-web stdout | 2021-10-18 18:35:18,000 [244] [ERROR] [app] Exception on /api/v1/repository/j1vw/grafana/manifest/sha256:bbc8e0564ef5c7f08c1253314d91f2f5c3782b2e58eb1871fc6597609635fc3a/security [GET] gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1949, in full_dispatch_request gunicorn-web stdout | rv = self.dispatch_request() gunicorn-web stdout | File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1935, in dispatch_request gunicorn-web stdout | return self.view_functions[rule.endpoint](req.view_args) gunicorn-web stdout | File "/quay-registry/endpoints/decorators.py", line 212, in wrapper gunicorn-web stdout | return func(args, *kwargs) gunicorn-web stdout | File "/quay-registry/auth/decorators.py", line 65, in wrapper gunicorn-web stdout | return func(args, *kwargs) gunicorn-web stdout | File "/usr/local/lib/python3.8/site-packages/flask_restful/utils/cors.py", line 35, in wrapped_function gunicorn-web stdout | resp = make_response(f(args, *kwargs)) gunicorn-web stdout | File "/quay-registry/endpoints/csrf.py", line 73, in wrapper gunicorn-web stdout | resp = func(args, *kwargs) gunicorn-web stdout | File "/usr/local/lib/python3.8/site-packages/flask_restful/init.py", line 458, in wrapper gunicorn-web stdout | resp = resource(args, *kwargs) gunicorn-web stdout | File "/usr/local/lib/python3.8/site-packages/flask/views.py", line 89, in view gunicorn-web stdout | return self.dispatch_request(args, *kwargs) gunicorn-web stdout | File "/usr/local/lib/python3.8/site-packages/flask_restful/init.py", line 573, in dispatch_request gunicorn-web stdout | resp = meth(args, *kwargs) gunicorn-web stdout | File "/quay-registry/endpoints/decorators.py", line 141, in wrapper gunicorn-web stdout | return func(args, *kwargs) gunicorn-web stdout | File "/quay-registry/endpoints/api/init.py", line 241, in wrapper gunicorn-web stdout | return func(namespace, repository, args, *kwargs) gunicorn-web stdout | File "/quay-registry/endpoints/decorators.py", line 120, in wrapper gunicorn-web stdout | return func(args, *kwargs) gunicorn-web stdout | File "/quay-registry/auth/decorators.py", line 65, in wrapper gunicorn-web stdout | return func(args, *kwargs) gunicorn-web stdout | File "/quay-registry/endpoints/api/init.py", line 295, in wrapped gunicorn-web stdout | return func(self, namespace, repository, args, *kwargs) gunicorn-web stdout | File "/quay-registry/endpoints/api/init.py", line 266, in wrapped gunicorn-web stdout | return func(self, namespace_name, repository_name, args, *kwargs) gunicorn-web stdout | File "/quay-registry/endpoints/api/init.py", line 228, in wrapper gunicorn-web stdout | return func(self, args, *kwargs) gunicorn-web stdout | File "/quay-registry/endpoints/api/secscan.py", line 141, in get gunicorn-web stdout | return _security_info(manifest, parsed_args.vulnerabilities) gunicorn-web stdout | File "/quay-registry/endpoints/api/secscan.py", line 67, in _security_info gunicorn-web stdout | raise DownstreamIssue(result.scanner_request_error) gunicorn-web stdout | endpoints.exception.DownstreamIssue: 520 Unknown Error: Received incompatible response from security scanner gunicorn-web stdout | 2021-10-18 18:35:18,004 [244] [DEBUG] [app] Ending request: urn:request:b3f36aaf-40c7-41c7-9bd2-79744c741ea7 (/api/v1/repository/j1vw/grafana/manifest/sha256:bbc8e0564ef5c7f08c1253314d91f2f5c3782b2e58eb1871fc6597609635fc3a/security) gunicorn-web stdout | 2021-10-18 18:35:18,005 [244] [DEBUG] [data.database] Disconnecting from database.
Looks like we are hitting the following line of code where this is failing and in the web ui it is returning "could not load security information".
I will attach the quay and clair logs to the case but let me know if you need anything else from me or the customer.
