Skip to content
This repository has been archived by the owner on Feb 28, 2023. It is now read-only.

CircleCI orb is not loading policy bundle #26

Open
gubbin opened this issue Dec 27, 2019 · 2 comments
Open

CircleCI orb is not loading policy bundle #26

gubbin opened this issue Dec 27, 2019 · 2 comments
Assignees
@Btodhunter

Comments

@gubbin
Copy link

gubbin commented Dec 27, 2019

The problem

When I specify a path to a policy bundle using the policy_bundle_file_path param, I get "Failed to activate policy bundle" even though the policy bundle file is there.

Environment

CircleCI, anchore/[email protected] CircleCI Orb.

Details

I'm going to guess it's because of the missing Docker image name in this line:

ci-tools/circleci-orbs/anchore-engine/src/commands/policy_evaluation.yml

Line 30 in e595ab4

(docker exec -e BUNDLE_PATH="$BUNDLE_PATH" -i anchore-engine bash -lc 'anchore-cli --json policy add /anchore-engine/$(basename "$BUNDLE_PATH")' | jq '.policyId' | xargs docker exec -i bash -lc 'anchore-engine anchore-cli policy activate') || \

The surrounding output also implies that:

fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
(1/2) Installing oniguruma (6.9.4-r0)
�7  0%                                             �8(2/2) Installing jq (1.6-r0)
�7 49% #####################                       �8�7 73% ################################            �8�7100% ############################################�8Executing busybox-1.31.1-r8.trigger
OK: 34 MiB in 28 packages
Error: No such container: bash

Failed to activate policy bundle /root/project/.anchore/anchore_default_bundle.json - using default policy.
^@Image Digest: sha256:47...
Full Tag: ****************************************************************:commit-61...
Image ID: 24...
Status: fail

Actual Behaviour

Anchore engine does not load the specified policy

Expected Behaviour

Anchore engine loads the specified policy

How do you reproduce the error?

Specify a policy
@gubbin gubbin mentioned this issue Dec 27, 2019
Open
@Btodhunter
Copy link
Member

@gubbin I've verified that the inline_scan is having issues with the -b option. Can you include a copy of the policy bundle you're trying to activate? I'm also curious about this error Error: No such container: bash, is this orb job running with the default executor?

@gubbin
Copy link
Author

gubbin commented Jan 28, 2020

I was using the default policy bundle and the default executor. And look at the xargs docker to the right - there's no container image being specified here.

@Btodhunter Btodhunter self-assigned this Feb 5, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Btodhunter Btodhunter

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Btodhunter @gubbin