vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/app.py

202 lines
6.6 KiB
Python
Raw Normal View History

Add some login machinery.
2013-09-23 16:37:40 +00:00
import logging
Use production config in production and dev config in dev.
2013-10-01 03:54:12 +00:00
import os
Add config override to allow for specialization using environment variables.
2014-06-23 15:24:54 +00:00
import json
Add some login machinery.
2013-09-23 16:37:40 +00:00
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
2015-09-01 19:03:46 +00:00
from functools import partial
Accidental refactor, split out legacy.py into separate sumodules and update all call sites.
2015-07-15 21:25:41 +00:00
from flask import Flask, request, Request, _request_ctx_stack
Integrate flask-principal in order to provide RBAC.
2013-09-20 22:38:17 +00:00
from flask.ext.principal import Principal
Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked
2015-01-17 03:41:54 +00:00
from flask.ext.login import LoginManager, UserMixin
Send a confirmation email when an account is created. Links don't do anything yet.
2013-09-27 23:29:01 +00:00
from flask.ext.mail import Mail
Start of a v2 API.
2015-06-22 21:37:13 +00:00
from werkzeug.routing import BaseConverter
Move Docker V2 key to be loaded from file or generated on server load Fixes #394
2015-09-28 19:43:20 +00:00
from jwkest.jwk import RSAKey
from Crypto.PublicKey import RSA
Add analytics on push and pull repo events in the backend.
2013-10-03 20:19:01 +00:00
Add a features modules that process the flask dict.
2014-04-03 22:47:17 +00:00
import features
Merge branch 'master' into v2
2015-02-05 20:37:14 +00:00
from avatars.avatars import Avatar
First attempt at making config loadable through string config overrides in an env variable.
2014-04-03 21:31:46 +00:00
from storage import Storage
Add an alembic migration for the full initial database with the data. Switch LDAP to using bind and creating a federated login entry. Add LDAP support to the registry and index endpoints. Add a username transliteration and suggestion mechanism. Switch the database and model to require a manual initialization call.
2014-05-13 16:17:26 +00:00
from data import model
from data import database
First attempt at making config loadable through string config overrides in an env variable.
2014-04-03 21:31:46 +00:00
from data.userfiles import Userfiles
First stab at LDAP integration.
2014-05-09 21:39:43 +00:00
from data.users import UserAuthentication
Fix the tests and implement a fake stripe.
2014-04-10 19:20:16 +00:00
from data.billing import Billing
Set up the build logs to use our fake build logs on test and local.
2014-05-09 22:45:11 +00:00
from data.buildlogs import BuildLogs
Archived logs commit 1. Squash me.
2014-09-08 20:43:17 +00:00
from data.archivedlogs import LogArchive
Split out the redis hostname for user events and build logs as a string config. Modularize the user events and fix all callers.
2014-05-30 18:25:29 +00:00
from data.userevent import UserEventsBuilderModule
Fix test_queue.py tests This restores the reporter class as was before the metrics changes.
2015-08-17 21:22:46 +00:00
from data.queue import WorkQueue, MetricQueueReporter
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
2015-09-01 19:03:46 +00:00
from util import get_app_url
Refactor the util directory to use subpackages.
2015-08-03 19:49:10 +00:00
from util.saas.analytics import Analytics
from util.saas.exceptionlog import Sentry
Move config handling into a provider class to make testing much easier
2015-01-09 21:23:31 +00:00
from util.names import urn_generator
Add support for Dex to Quay Fixes #306 - Adds support for Dex as an OAuth external login provider - Adds support for OIDC in general - Extract out external logins on the JS side into a service - Add a feature flag for disabling direct login - Add support for directing to the single external login service - Does *not* yet support the config in the superuser tool
2015-09-04 20:14:46 +00:00
from util.config.oauth import (GoogleOAuthConfig, GithubOAuthConfig, GitLabOAuthConfig,
DexOAuthConfig)
Refactor the util directory to use subpackages.
2015-08-03 19:49:10 +00:00
from util.security.signing import Signer
Don't enable the metric queue if there's no Cloudwatch
2015-08-12 19:14:09 +00:00
from util.saas.cloudwatch import start_cloudwatch_sender
Refactor metric collection This change adds a generic queue onto which metrics can be pushed. A separate module removes metrics from the queue and adds them to Cloudwatch. Since these are now separate ideas, we can easily change the consumer from Cloudwatch to anything else. This change maintains near feature parity (the only change is there is now just one queue instead of two - not a big deal).
2015-08-11 20:39:33 +00:00
from util.saas.metricqueue import MetricQueue
Extract the config provider into its own sub-module
2015-07-24 18:52:19 +00:00
from util.config.provider import get_config_provider
Move config handling into a provider class to make testing much easier
2015-01-09 21:23:31 +00:00
from util.config.configutil import generate_secret_key
Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not).
2015-01-20 17:43:11 +00:00
from util.config.superusermanager import SuperUserManager
rename secscan_endpoint and move db close to API
2015-11-10 20:01:33 +00:00
from util.secscan.api import SecurityScannerAPI
Fix support for multiple stack configurations and move most secrets into the quay-config project.
2014-04-07 20:59:22 +00:00
Add signing to the ACI converter
2015-02-04 20:29:24 +00:00
OVERRIDE_CONFIG_DIRECTORY = 'conf/stack/'
Add support for parsing YAML override config, in addition to Python config
2014-08-22 00:36:11 +00:00
OVERRIDE_CONFIG_YAML_FILENAME = 'conf/stack/config.yaml'
OVERRIDE_CONFIG_PY_FILENAME = 'conf/stack/config.py'
Add config override to allow for specialization using environment variables.
2014-06-23 15:24:54 +00:00
OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'
Fix support for multiple stack configurations and move most secrets into the quay-config project.
2014-04-07 20:59:22 +00:00
Move Docker V2 key to be loaded from file or generated on server load Fixes #394
2015-09-28 19:43:20 +00:00
DOCKER_V2_SIGNINGKEY_FILENAME = 'docker_v2.pem'
Index that kinda works and is backed by a database. Still lots to do.
2013-09-20 15:55:44 +00:00
app = Flask(__name__)
Add analytics on push and pull repo events in the backend.
2013-10-03 20:19:01 +00:00
logger = logging.getLogger(__name__)
Another huge batch of registry v2 changes Add patch support and resumeable sha Implement all actual registry methods Add a simple database generation option
2015-08-12 20:39:32 +00:00
Start of a v2 API.
2015-06-22 21:37:13 +00:00
class RegexConverter(BaseConverter):
def __init__(self, url_map, *items):
super(RegexConverter, self).__init__(url_map)
self.regex = items[0]
app.url_map.converters['regex'] = RegexConverter
Add Kubernetes configuration provider which writes config to a secret Fixes #145
2015-07-27 15:17:44 +00:00
# Instantiate the configuration.
Extract the config provider into its own sub-module
2015-07-24 18:52:19 +00:00
is_testing = 'TEST' in os.environ
Add Kubernetes configuration provider which writes config to a secret Fixes #145
2015-07-27 15:17:44 +00:00
is_kubernetes = 'KUBERNETES_SERVICE_HOST' in os.environ
Extract the config provider into its own sub-module
2015-07-24 18:52:19 +00:00
config_provider = get_config_provider(OVERRIDE_CONFIG_DIRECTORY, 'config.yaml', 'config.py',
Add Kubernetes configuration provider which writes config to a secret Fixes #145
2015-07-27 15:17:44 +00:00
testing=is_testing, kubernetes=is_kubernetes)
Move config handling into a provider class to make testing much easier
2015-01-09 21:23:31 +00:00
Extract the config provider into its own sub-module
2015-07-24 18:52:19 +00:00
if is_testing:
Fix support for multiple stack configurations and move most secrets into the quay-config project.
2014-04-07 20:59:22 +00:00
from test.testconfig import TestConfig
logger.debug('Loading test config.')
app.config.from_object(TestConfig())
else:
from config import DefaultConfig
logger.debug('Loading default config.')
app.config.from_object(DefaultConfig())
Move config handling into a provider class to make testing much easier
2015-01-09 21:23:31 +00:00
app.teardown_request(database.close_db_filter)
First attempt at making config loadable through string config overrides in an env variable.
2014-04-03 21:31:46 +00:00
Move config handling into a provider class to make testing much easier
2015-01-09 21:23:31 +00:00
# Load the override config via the provider.
Extract the config provider into its own sub-module
2015-07-24 18:52:19 +00:00
config_provider.update_app_config(app.config)
Send a confirmation email when an account is created. Links don't do anything yet.
2013-09-27 23:29:01 +00:00
Move config handling into a provider class to make testing much easier
2015-01-09 21:23:31 +00:00
# Update any configuration found in the override environment variable.
environ_config = json.loads(os.environ.get(OVERRIDE_CONFIG_KEY, '{}'))
app.config.update(environ_config)
Split the app into separate backends, which can use different worker types and different timeouts.
2014-10-14 17:58:08 +00:00
Enable storage preference
2015-11-06 18:34:49 +00:00
# Allow user to define a custom storage preference for the local instance.
_distributed_storage_preference = os.environ.get('QUAY_DISTRIBUTED_STORAGE_PREFERENCE', '').split()
if _distributed_storage_preference:
app.config['DISTRIBUTED_STORAGE_PREFERENCE'] = _distributed_storage_preference
Split the app into separate backends, which can use different worker types and different timeouts.
2014-10-14 17:58:08 +00:00
class RequestWithId(Request):
request_gen = staticmethod(urn_generator(['request']))
def __init__(self, *args, **kwargs):
super(RequestWithId, self).__init__(*args, **kwargs)
self.request_id = self.request_gen()
@app.before_request
def _request_start():
Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger.
2015-02-11 19:15:18 +00:00
logger.debug('Starting request: %s', request.path)
Split the app into separate backends, which can use different worker types and different timeouts.
2014-10-14 17:58:08 +00:00
@app.after_request
def _request_end(r):
Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger.
2015-02-11 19:15:18 +00:00
logger.debug('Ending request: %s', request.path)
Split the app into separate backends, which can use different worker types and different timeouts.
2014-10-14 17:58:08 +00:00
return r
class InjectingFilter(logging.Filter):
def filter(self, record):
Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger.
2015-02-11 19:15:18 +00:00
if _request_ctx_stack.top is not None:
record.msg = '[%s] %s' % (request.request_id, record.msg)
Split the app into separate backends, which can use different worker types and different timeouts.
2014-10-14 17:58:08 +00:00
return True
Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger.
2015-02-11 19:15:18 +00:00
# Add the request id filter to all handlers of the root logger
for handler in logging.getLogger().handlers:
handler.addFilter(InjectingFilter())
Split the app into separate backends, which can use different worker types and different timeouts.
2014-10-14 17:58:08 +00:00
app.request_class = RequestWithId
Move secret key generation before we load users of config, as they may reference it
2015-08-24 20:09:01 +00:00
# Generate a secret key if none was specified.
if app.config['SECRET_KEY'] is None:
logger.debug('Generating in-memory secret key')
app.config['SECRET_KEY'] = generate_secret_key()
Add a features modules that process the flask dict.
2014-04-03 22:47:17 +00:00
features.import_features(app.config)
Fix cookie auth to work with oauth token auth. Make sure user loading is truly deferred to save DB connections.
2014-03-17 16:01:13 +00:00
Principal(app, use_sessions=False)
Integrate flask-principal in order to provide RBAC.
2013-09-20 22:38:17 +00:00
Add a configurable avatar system and add an internal avatar system for enterprise
2014-11-25 00:25:13 +00:00
avatar = Avatar(app)
Add the olark feature flag to the default config and fix the usage of flask modules.
2014-04-09 03:05:45 +00:00
login_manager = LoginManager(app)
mail = Mail(app)
storage = Storage(app)
Add a new RadosGW storage engine. Allow engines to distinguish not only between those that can support direct uploads and downloads, but those that support doing it through the browser. Rename resumeable->resumable.
2014-09-09 19:54:03 +00:00
userfiles = Userfiles(app, storage)
Merge remote-tracking branch 'origin/master' into waltermitty Conflicts: app.py data/userfiles.py
2014-09-11 15:18:28 +00:00
log_archive = LogArchive(app, storage)
Add the olark feature flag to the default config and fix the usage of flask modules.
2014-04-09 03:05:45 +00:00
analytics = Analytics(app)
Fix the tests and implement a fake stripe.
2014-04-10 19:20:16 +00:00
billing = Billing(app)
Add sentry exception monitoring.
2014-04-28 22:59:22 +00:00
sentry = Sentry(app)
Set up the build logs to use our fake build logs on test and local.
2014-05-09 22:45:11 +00:00
build_logs = BuildLogs(app)
Refactor JWT auth to not import app locally
2015-06-12 21:58:19 +00:00
authentication = UserAuthentication(app, OVERRIDE_CONFIG_DIRECTORY)
Split out the redis hostname for user events and build logs as a string config. Modularize the user events and fix all callers.
2014-05-30 18:25:29 +00:00
userevents = UserEventsBuilderModule(app)
Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not).
2015-01-20 17:43:11 +00:00
superusers = SuperUserManager(app)
Add signing to the ACI converter
2015-02-04 20:29:24 +00:00
signer = Signer(app, OVERRIDE_CONFIG_DIRECTORY)
Refactor metric collection This change adds a generic queue onto which metrics can be pushed. A separate module removes metrics from the queue and adds them to Cloudwatch. Since these are now separate ideas, we can easily change the consumer from Cloudwatch to anything else. This change maintains near feature parity (the only change is there is now just one queue instead of two - not a big deal).
2015-08-11 20:39:33 +00:00
metric_queue = MetricQueue()
Code review
2015-08-12 20:31:01 +00:00
start_cloudwatch_sender(metric_queue, app)
Change to only run the cloud watch reporter in the gunicorn_web
2015-01-16 18:44:29 +00:00
tf = app.config['DB_TRANSACTION_FACTORY']
Add a queue capacity reporter plugin to the queue. Move the queue definitions to app. Add a cloudwatch reporter to the dockerfile build queue.
2014-05-21 23:50:37 +00:00
Get end-to-end configuration setup working, including verification (except for Github, which is in progress)
2015-01-07 21:20:51 +00:00
github_login = GithubOAuthConfig(app.config, 'GITHUB_LOGIN_CONFIG')
github_trigger = GithubOAuthConfig(app.config, 'GITHUB_TRIGGER_CONFIG')
gitlab oauth
2015-05-02 21:54:48 +00:00
gitlab_trigger = GitLabOAuthConfig(app.config, 'GITLAB_TRIGGER_CONFIG')
Get end-to-end configuration setup working, including verification (except for Github, which is in progress)
2015-01-07 21:20:51 +00:00
google_login = GoogleOAuthConfig(app.config, 'GOOGLE_LOGIN_CONFIG')
Add support for Dex to Quay Fixes #306 - Adds support for Dex as an OAuth external login provider - Adds support for OIDC in general - Extract out external logins on the JS side into a service - Add a feature flag for disabling direct login - Add support for directing to the single external login service - Does *not* yet support the config in the superuser tool
2015-09-04 20:14:46 +00:00
dex_login = DexOAuthConfig(app.config, 'DEX_LOGIN_CONFIG')
oauth_apps = [github_login, github_trigger, gitlab_trigger, google_login, dex_login]
- Make the OAuth config system centralized - Add support for Github Enterprise login
2014-11-05 21:43:37 +00:00
disable queue metrics The lock contention on the queue table is murdering performance. yep
2015-10-06 21:07:27 +00:00
image_replication_queue = WorkQueue(app.config['REPLICATION_QUEUE_NAME'], tf)
Merge branch 'ldapper' Conflicts: Dockerfile app.py data/database.py endpoints/index.py test/data/test.db
2014-05-22 16:13:41 +00:00
dockerfile_build_queue = WorkQueue(app.config['DOCKERFILE_BUILD_QUEUE_NAME'], tf,
Fix test_queue.py tests This restores the reporter class as was before the metrics changes.
2015-08-17 21:22:46 +00:00
reporter=MetricQueueReporter(metric_queue))
disable queue metrics The lock contention on the queue table is murdering performance. yep
2015-10-06 21:07:27 +00:00
notification_queue = WorkQueue(app.config['NOTIFICATION_QUEUE_NAME'], tf)
add secscan notification queue
2015-11-09 23:30:14 +00:00
secscan_notification_queue = WorkQueue(app.config['SECSCAN_NOTIFICATION_QUEUE_NAME'], tf)
rename secscan_endpoint and move db close to API
2015-11-10 20:01:33 +00:00
secscan_api = SecurityScannerAPI(app, config_provider)
Merge branch 'ldapper' Conflicts: Dockerfile app.py data/database.py endpoints/index.py test/data/test.db
2014-05-22 16:13:41 +00:00
Move Docker V2 key to be loaded from file or generated on server load Fixes #394
2015-09-28 19:43:20 +00:00
# Check for a key in config. If none found, generate a new signing key for Docker V2 manifests.
_v2_key_path = os.path.join(OVERRIDE_CONFIG_DIRECTORY, DOCKER_V2_SIGNINGKEY_FILENAME)
if os.path.exists(_v2_key_path):
docker_v2_signing_key = RSAKey().load(_v2_key_path)
else:
docker_v2_signing_key = RSAKey(key=RSA.generate(2048))
Add an alembic migration for the full initial database with the data. Switch LDAP to using bind and creating a federated login entry. Add LDAP support to the registry and index endpoints. Add a username transliteration and suggestion mechanism. Switch the database and model to require a manual initialization call.
2014-05-13 16:17:26 +00:00
database.configure(app.config)
model.config.app_config = app.config
model.config.store = storage
Make sure all user emails that can be sent in enterprise properly adjust to the app's URL
2014-07-29 17:47:54 +00:00
Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked
2015-01-17 03:41:54 +00:00
@login_manager.user_loader
def load_user(user_uuid):
logger.debug('User loader loading deferred user with uuid: %s' % user_uuid)
return LoginWrappedDBUser(user_uuid)
class LoginWrappedDBUser(UserMixin):
def __init__(self, user_uuid, db_user=None):
self._uuid = user_uuid
self._db_user = db_user
def db_user(self):
if not self._db_user:
Accidental refactor, split out legacy.py into separate sumodules and update all call sites.
2015-07-15 21:25:41 +00:00
self._db_user = model.user.get_user_by_uuid(self._uuid)
Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked
2015-01-17 03:41:54 +00:00
return self._db_user
def is_authenticated(self):
return self.db_user() is not None
def is_active(self):
return self.db_user().verified
def get_id(self):
return unicode(self._uuid)
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
2015-09-01 19:03:46 +00:00
get_app_url = partial(get_app_url, app.config)
Reference in a new issue Copy permalink