Joseph Schorr
parent
53ce4de6aa
commit
2cbdecb043
23 changed files with 584 additions and 116 deletions
|
|
@ -30,10 +30,20 @@ def add_enterprise_config_defaults(config_obj, current_secret_key, hostname):
|
|||
'signing-public.gpg')
|
||||
config_obj['SIGNING_ENGINE'] = config_obj.get('SIGNING_ENGINE', 'gpg2')
|
||||
|
||||
# Default security scanner config.
|
||||
config_obj['FEATURE_SECURITY_NOTIFICATIONS'] = config_obj.get(
|
||||
'FEATURE_SECURITY_NOTIFICATIONS', True)
|
||||
|
||||
config_obj['FEATURE_SECURITY_SCANNER'] = config_obj.get(
|
||||
'FEATURE_SECURITY_SCANNER', False)
|
||||
|
||||
config_obj['SECURITY_SCANNER_ISSUER_NAME'] = config_obj.get(
|
||||
'SECURITY_SCANNER_ISSUER_NAME', 'security_scanner')
|
||||
|
||||
# Default mail setings.
|
||||
config_obj['MAIL_USE_TLS'] = True
|
||||
config_obj['MAIL_PORT'] = 587
|
||||
config_obj['MAIL_DEFAULT_SENDER'] = 'support@quay.io'
|
||||
config_obj['MAIL_USE_TLS'] = config_obj.get('MAIL_USE_TLS', True)
|
||||
config_obj['MAIL_PORT'] = config_obj.get('MAIL_PORT', 587)
|
||||
config_obj['MAIL_DEFAULT_SENDER'] = config_obj.get('MAIL_DEFAULT_SENDER', 'support@quay.io')
|
||||
|
||||
# Default auth type.
|
||||
if not 'AUTHENTICATION_TYPE' in config_obj:
|
||||
|
|
@ -60,5 +70,5 @@ def add_enterprise_config_defaults(config_obj, current_secret_key, hostname):
|
|||
|
||||
# Misc configuration.
|
||||
config_obj['PREFERRED_URL_SCHEME'] = config_obj.get('PREFERRED_URL_SCHEME', 'http')
|
||||
config_obj['ENTERPRISE_LOGO_URL'] = config_obj.get('ENTERPRISE_LOGO_URL',
|
||||
'/static/img/quay-logo.png')
|
||||
config_obj['ENTERPRISE_LOGO_URL'] = config_obj.get(
|
||||
'ENTERPRISE_LOGO_URL', '/static/img/QuayEnterprise_horizontal_color.svg')
|
||||
|
|
|
|||
|
|
@ -1,10 +1,9 @@
|
|||
import redis
|
||||
import os
|
||||
import json
|
||||
import ldap
|
||||
import peewee
|
||||
import OpenSSL
|
||||
import logging
|
||||
import time
|
||||
|
||||
from StringIO import StringIO
|
||||
from fnmatch import fnmatch
|
||||
|
|
@ -14,12 +13,14 @@ from data.users.externalldap import LDAPConnection, LDAPUsers
|
|||
|
||||
from flask import Flask
|
||||
from flask.ext.mail import Mail, Message
|
||||
from data.database import validate_database_url, User
|
||||
from data.database import validate_database_url
|
||||
from storage import get_storage_driver
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from util.config.oauth import GoogleOAuthConfig, GithubOAuthConfig, GitLabOAuthConfig
|
||||
from bitbucket import BitBucket
|
||||
from util.security.signing import SIGNING_ENGINES
|
||||
from util.secscan.api import SecurityScannerAPI
|
||||
from boot import setup_jwt_proxy
|
||||
|
||||
from app import app, config_provider, get_app_url, OVERRIDE_CONFIG_DIRECTORY
|
||||
|
||||
|
|
@ -424,6 +425,23 @@ def _validate_signer(config, _):
|
|||
engine.detached_sign(StringIO('test string'))
|
||||
|
||||
|
||||
def _validate_security_scanner(config, _):
|
||||
""" Validates the configuration for talking to a Quay Security Scanner. """
|
||||
# Generate a temporary Quay key to use for signing the outgoing requests.
|
||||
setup_jwt_proxy()
|
||||
|
||||
# Wait a few seconds for the JWT proxy to startup.
|
||||
time.sleep(2)
|
||||
|
||||
# Make a ping request to the security service.
|
||||
client = app.config['HTTPCLIENT']
|
||||
api = SecurityScannerAPI(config, None, client=client, skip_validation=True)
|
||||
response = api.ping()
|
||||
if response.status_code != 200:
|
||||
message = 'Expected 200 status code, got %s: %s' % (response.status_code, response.text)
|
||||
raise Exception('Could not ping security scanner: %s' % message)
|
||||
|
||||
|
||||
_VALIDATORS = {
|
||||
'database': _validate_database,
|
||||
'redis': _validate_redis,
|
||||
|
|
@ -439,4 +457,5 @@ _VALIDATORS = {
|
|||
'jwt': _validate_jwt,
|
||||
'keystone': _validate_keystone,
|
||||
'signer': _validate_signer,
|
||||
'security-scanner': _validate_security_scanner,
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue