Commit graph

191 commits

Author SHA1 Message Date
Joseph Schorr
24b77bbc10 Fix serialization of blobs to/from the cache
Also makes sure the test checks that serialization
2018-03-02 14:22:55 -05:00
Joseph Schorr
e220b50543 Refactor auth code to be cleaner and more extensible
We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc).
2018-02-14 15:35:27 -05:00
Joseph Schorr
eae9175950 Allow size of pages in V2 api to be configurable 2018-02-02 13:54:41 -05:00
Joseph Schorr
9e16a989f5 Audit the number of SQL queries we make in writing manifests, and significantly reduce in the common case
Instead of 41 queries now for the simple manifest, we are down to 14.

The biggest changes:
  - Only synthesize the V1 image rows if we haven't already found them in the database
  - Thread the repository object through to the other model method calls, and use it instead of loading again and again
2018-01-25 11:10:43 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
c1cff32c1e Fix log levels in registry 2018-01-04 13:07:11 -05:00
Joseph Schorr
11e3724919 Return an http 415 (manifest version not supported) for OCI manifest content types
This was breaking skopeo, as it first tries to send the *OCI* manifest type, which we didn't say we didn't support, thus breaking the tool
2017-12-20 11:02:34 -05:00
Joseph Schorr
9e16596854 Add a bunch of logging to the data model caching mechanism
Should help us debug any potential issues
2017-12-18 14:18:37 -05:00
Joseph Schorr
b2485934ed Enable caching of blobs in V2 registry protocol, to avoid DB connections after the cache has been loaded
This should help for bursty pull traffic, as it will avoid DB connections on a huge % of requests
2017-12-14 13:38:24 -05:00
Joseph Schorr
db6007cb37 Change v2 registry auth code to not hit the database when we know we have permissions loaded
Avoids a DB call and, when used in conjunction with blob caching, will avoid a DB *connection*
2017-12-14 13:37:31 -05:00
Joseph Schorr
51e67ab7f5 Fix get_blob_path to not make any database calls and add a test
This will be supported by caching, hopefully removing the need to hit the database when the blob object is cached
2017-12-13 16:27:46 -05:00
Joseph Schorr
56fbbcf7cf Add request IP to get_direct_download_url method 2017-09-25 17:14:28 -04:00
Joseph Schorr
48c79003c6 yap 2017-07-25 17:18:06 -04:00
Joseph Schorr
e7dbc4ee91 Move notification helper code into the root module 2017-07-25 17:00:07 -04:00
Joseph Schorr
ce56031846 Move notifications into its own package 2017-07-25 17:00:06 -04:00
Joseph Schorr
98e2ccf74d Move parse_repository_name into decorators 2017-07-20 16:01:38 -04:00
Joseph Schorr
17f3de811e Move route_show_if into decorators
Also removes unused route_hide_if
2017-07-20 11:07:31 -04:00
Joseph Schorr
9679ec91ec Fix for hard merge 2017-07-19 17:13:49 -04:00
Joseph Schorr
7d4fed6892 Change error message when trying to pull a deleted or expired tag
Will let the users know they can recover the tag via time machine

Note: This was tested with the Docker protocol, but the new error code is *technically* out of spec; we should make sure its okay.
2017-07-19 17:13:48 -04:00
Joseph Schorr
c5d8b5f86b Add support for tag expiration based on a quay.expires-after label 2017-07-19 17:13:06 -04:00
Jimmy Zelinskie
7d1bbbfe19 test: convert registry auth test to pytest
This also moves them into the auth package.
2017-07-12 15:14:12 -04:00
Jimmy Zelinskie
b1434b0380 endpoints.v2: yapf format 2017-06-26 18:22:17 -04:00
Jimmy Zelinskie
0e26a03f7e endpoints.v2: new fs layout for data interface
Fixes QUAY-658
2017-06-26 18:21:35 -04:00
Joseph Schorr
555041876d Make public catalog only enabled via a feature flag 2017-06-02 15:30:51 -07:00
Joseph Schorr
f44df49236 Add support for last param in pagination to match catalog spec 2017-06-02 12:03:50 -07:00
Joseph Schorr
065e327190 Make sure catalog always returns public repositories 2017-05-19 16:24:08 -04:00
Jimmy Zelinskie
4db789b656 add audit logging to app registry endpoints 2017-05-16 15:54:02 -04:00
Evan Cordell
2661db7485 Add flag to enable trust per repo (#2541)
* Add flag to enable trust per repo

* Add api for enabling/disabling trust

* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api

* Add `set_trust` method to repository

* Expose new logkind to UI

* Fix registry tests

* Rebase migrations and regen test.db

* Raise downstreamissue if trust metadata can't be removed

* Refactor change_repo_trust

* Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00
Evan Cordell
9515f18fb6 Add tufmetadata endpoint 2017-04-05 10:03:27 -04:00
Joseph Schorr
cae9d69376 Better error messages for Docker errors 2017-03-31 17:15:14 -04:00
Evan Cordell
abd78bce56 Use constants for TUF roots 2017-03-27 11:37:17 -04:00
Evan Cordell
6ad107709c Change build_context_and_subject to take kwargs 2017-03-27 11:37:17 -04:00
Evan Cordell
21d969d309 Refactor tests, no g required 2017-03-27 11:37:17 -04:00
Evan Cordell
43dd974dca Determine which TUF root to show based on actual access, not requested
access
2017-03-27 11:37:17 -04:00
Joseph Schorr
95e1cf6673 Make V2 login errors more descriptive
If login fails, we now call validate again to get the reason for the failure, and then surface it to the user of the CLI. This allows for more actionable responses, such as:

$ docker login 10.0.2.2:5000
Username (devtable): devtable
Password:

Error response from daemon: Get http://10.0.2.2:5000/v2/: unauthorized: Client login with unencrypted passwords is disabled. Please generate an encrypted password in the user admin panel for use here.
2017-03-23 15:42:45 -04:00
Joseph Schorr
1bd4422da9 Move auth decorators into a decorators module
The non-decorators will be broken out in the followup change
2017-03-23 15:42:45 -04:00
Jimmy Zelinskie
3ccf3c5f33 Merge pull request #2447 from jzelinskie/cnr-step2
CNR Step 2
2017-03-22 18:45:51 -04:00
Jimmy Zelinskie
48ba59d615 endpoints.v2: only work on docker repositories 2017-03-22 17:26:59 -04:00
Joseph Schorr
ff7f78e990 Have blob uploads be checked against configurable max layer size 2017-03-21 13:16:55 -04:00
Joseph Schorr
239b6d7cf8 Make LayerTooLarge error more informative 2017-03-21 13:14:11 -04:00
Joseph Schorr
dd7f254f96 Have blob uploads be checked against configurable max layer size 2017-03-21 13:14:11 -04:00
Jimmy Zelinskie
850c32ebfb Merge pull request #2298 from jzelinskie/maintainers
MAINTAINERS: init owners to subpkgs
2017-03-09 17:30:38 -05:00
Charlton Austin
e87404c327 Adding in what metadata_root_name to JWT 2017-02-22 16:59:19 -05:00
Jimmy Zelinskie
64421db0a3 MAINTAINERS: init owners to subpkgs 2017-01-23 17:46:34 -05:00
Joseph Schorr
9413e25123 Change georeplication queuing to use new batch system 2016-12-21 17:44:30 -05:00
Joseph Schorr
481cebe46b Fix pytests and enable parallel registry tests 2016-12-20 15:42:04 -05:00
Evan Cordell
9e96e6870f Add support for * (admin) permission to registry auth v2 endpoint 2016-11-28 14:02:08 -05:00
Joseph Schorr
080802ed2d Add tracking of pulled tag/digest to logs
Fixes #2148
2016-11-21 12:29:59 -05:00
Joseph Schorr
4b926ae189 Add new metrics as requested by some customers
Note that the `status` field on the pull and push metrics will eventually be set to False for failed pulls and pushes in a followup PR
2016-11-03 15:28:40 -04:00
Jimmy Zelinskie
5fee4d6d19 *: misc formatting cleanup 2016-10-17 21:43:45 -04:00