Is this a BUG REPORT or a FEATURE REQUEST? (choose one):
BUG REPORT
**Version of Anchore Engine and Anchore CLI if applicable**:
anchore-cli, version 0.9.4
Name: anchore-engine
Version: 1.1.0
**What happened**:
I Installed anchore-engine on an openshift cluster. I used the Helm-Chart 1.18.0 . My cluster is behind a corporate proxy so i added proxy configuration and custom certificates to the container. If the policy engine tries to fetch "https://toolbox-data.anchore.io/grype/databases/listing.json" an "requests.exceptions.HTTPError: 403 Client Error: AuthorizedOnly for url: https://toolbox-data.anchore.io/grype/databases/listing.json" Error occurs. The certificates are mounted correctly and lay under /home/anchore/certs_override/python .
**What did you expect to happen**:
I expected that the policy engine can successfully fetch the data from toolbox-data.anchore.io
Any relevant log output from /var/log/anchore:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Exception in thread Thread-13:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Traceback (most recent call last):
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 211, in execute_request
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] r.raise_for_status()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/requests/models.py", line 953, in raise_for_status
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raise HTTPError(http_error_msg, response=self)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] requests.exceptions.HTTPError: 403 Client Error: AuthorizedOnly for url: https://toolbox-data.anchore.io/grype/databases/listing.json
[service:policy-engine] 2022-04-28 09:29:02+0000 [-]
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] During handling of the above exception, another exception occurred:
[service:policy-engine] 2022-04-28 09:29:02+0000 [-]
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] Traceback (most recent call last):
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/lib64/python3.8/threading.py", line 932, in _bootstrap_inner
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self.run()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/lib64/python3.8/threading.py", line 870, in run
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self._target(*self._args, **self._kwargs)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/tasks.py", line 186, in
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] target=lambda: result.append(task.execute()),
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/tasks.py", line 243, in execute
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] DataFeeds.sync(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 283, in sync
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] source_feeds = DataFeeds.get_feed_group_information(feed_client, to_sync)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 140, in get_feed_group_information
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] source_feeds = {
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 143, in
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] "groups": feed_client.list_feed_groups(x.name).groups,
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 532, in list_feed_groups
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raw_db_listing = self._list_feed_groups()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 509, in _list_feed_groups
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] listing_response = self.http_client.execute_request(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 226, in execute_request
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self._map_error_to_exception(e, username=self.user, url=url)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 129, in _map_error_to_exception
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raise InsufficientAccessTierError(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] anchore_engine.services.policy_engine.engine.feeds.client.InsufficientAccessTierError: Access denied due to insufficient permissions for user: None
What docker images are you using:
anchore/anchore-engine:v1.1.0
How to reproduce the issue:
Anything else we need to know:
Before i added the certificates i got an certificate signed by unknown authority error.
Is this a request for help?: Yes
Is this a BUG REPORT or a FEATURE REQUEST? (choose one):
BUG REPORT
**Version of Anchore Engine and Anchore CLI if applicable**: anchore-cli, version 0.9.4 Name: anchore-engine Version: 1.1.0 **What happened**: I Installed anchore-engine on an openshift cluster. I used the Helm-Chart 1.18.0 . My cluster is behind a corporate proxy so i added proxy configuration and custom certificates to the container. If the policy engine tries to fetch "https://toolbox-data.anchore.io/grype/databases/listing.json" an "requests.exceptions.HTTPError: 403 Client Error: AuthorizedOnly for url: https://toolbox-data.anchore.io/grype/databases/listing.json" Error occurs. The certificates are mounted correctly and lay under /home/anchore/certs_override/python . **What did you expect to happen**: I expected that the policy engine can successfully fetch the data from toolbox-data.anchore.ioAny relevant log output from /var/log/anchore: [service:policy-engine] 2022-04-28 09:29:02+0000 [-] Exception in thread Thread-13: [service:policy-engine] 2022-04-28 09:29:02+0000 [-] Traceback (most recent call last): [service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 211, in execute_request [service:policy-engine] 2022-04-28 09:29:02+0000 [-] r.raise_for_status() [service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/requests/models.py", line 953, in raise_for_status [service:policy-engine] 2022-04-28 09:29:02+0000 [-] raise HTTPError(http_error_msg, response=self) [service:policy-engine] 2022-04-28 09:29:02+0000 [-] requests.exceptions.HTTPError: 403 Client Error: AuthorizedOnly for url: https://toolbox-data.anchore.io/grype/databases/listing.json [service:policy-engine] 2022-04-28 09:29:02+0000 [-] [service:policy-engine] 2022-04-28 09:29:02+0000 [-] During handling of the above exception, another exception occurred: [service:policy-engine] 2022-04-28 09:29:02+0000 [-] [service:policy-engine] 2022-04-28 09:29:02+0000 [-] Traceback (most recent call last): [service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/lib64/python3.8/threading.py", line 932, in _bootstrap_inner [service:policy-engine] 2022-04-28 09:29:02+0000 [-] self.run() [service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/lib64/python3.8/threading.py", line 870, in run [service:policy-engine] 2022-04-28 09:29:02+0000 [-] self._target(*self._args, **self._kwargs) [service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/tasks.py", line 186, in
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] target=lambda: result.append(task.execute()),
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/tasks.py", line 243, in execute
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] DataFeeds.sync(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 283, in sync
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] source_feeds = DataFeeds.get_feed_group_information(feed_client, to_sync)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 140, in get_feed_group_information
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] source_feeds = {
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/sync.py", line 143, in
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] "groups": feed_client.list_feed_groups(x.name).groups,
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 532, in list_feed_groups
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raw_db_listing = self._list_feed_groups()
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 509, in _list_feed_groups
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] listing_response = self.http_client.execute_request(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 226, in execute_request
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] self._map_error_to_exception(e, username=self.user, url=url)
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/feeds/client.py", line 129, in _map_error_to_exception
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] raise InsufficientAccessTierError(
[service:policy-engine] 2022-04-28 09:29:02+0000 [-] anchore_engine.services.policy_engine.engine.feeds.client.InsufficientAccessTierError: Access denied due to insufficient permissions for user: None
What docker images are you using: anchore/anchore-engine:v1.1.0
How to reproduce the issue:
Anything else we need to know: Before i added the certificates i got an certificate signed by unknown authority error.