Commit graph

258 commits

Author SHA1 Message Date
Joseph Schorr
20816804e5 Add ability for super users to take ownership of namespaces
Fixes #1395
2016-06-13 16:22:52 -04:00
Joseph Schorr
c3701cea7a Only send heavy log-based stats for repository where required 2016-06-09 14:52:15 -04:00
Jimmy Zelinskie
e5241c6d88 tests: simple test for BuildRequest w/ archive URL 2016-06-02 12:27:49 -04:00
Joseph Schorr
60bbca2185 Fix setup tool when binding to external auth
We now query the external auth provider for the external service's identifier before adding the linking row into the database. This fixes the case where the external service resolves a different identifier for the same username.

Fixes #1477
2016-05-23 17:11:36 -04:00
Joseph Schorr
a736407611 Fix user:admin scope handling and add test 2016-05-09 11:16:01 +02:00
Joseph Schorr
2cbdecb043 Implement setup tool support for Clair
Fixes #1387
2016-05-04 13:40:50 -04:00
Joseph Schorr
522cf68c5d Lots of smaller fixes:
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
2016-04-29 14:05:16 -04:00
Joseph Schorr
23a8a29654 More tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
fb1dca4e94 Add API usage tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
c604dbd0f6 Fix permissions when converting a user to an org
Fixes #1366
2016-04-14 17:39:45 -04:00
Evan Cordell
b5db41920f Address review comments 2016-04-11 16:34:40 -04:00
Evan Cordell
eba75494d9 Use new error format for auth errors (factor exceptions into module) 2016-04-11 16:22:26 -04:00
Evan Cordell
9c08717173 Return application/problem+json format errors and provide error endpoint
to dereference error codes.
2016-04-11 14:57:24 -04:00
josephschorr
edb157c5cb Merge pull request #1294 from coreos-inc/partialperms
Change permissions to only load required by default
2016-03-30 16:40:40 -04:00
Joseph Schorr
b5b2df2063 Make test more resilient to changes in IDs 2016-03-30 16:19:15 -04:00
Joseph Schorr
42e934d84f Make notification lookup faster and fix repo pagination on Postgres 2016-03-30 14:46:31 -04:00
Joseph Schorr
a3aa4592cf Change permissions to only load required by default
Permissions now load just the namespace and/or repository permissions requested, with a fallback to a full permissions load if necessary.
2016-03-28 16:33:32 -04:00
Jake Moshenko
fe2cd240bc Revert "Remove old search API which is no longer in use" 2016-03-07 10:07:41 -05:00
josephschorr
57430a18b4 Merge pull request #1224 from coreos-inc/removeoldsearch
Remove old search API which is no longer in use
2016-03-04 12:05:07 -05:00
Joseph Schorr
f498e92d58 Implement against new Clair paginated notification system 2016-02-25 15:58:42 -05:00
Joseph Schorr
c0374d71c9 Refactor the security worker and API calls and add a bunch of tests 2016-02-25 12:29:41 -05:00
josephschorr
6f9fc7fc08 Merge pull request #1225 from coreos-inc/setuptooltest
Add tests for superuser config API calls
2016-02-16 17:01:43 -05:00
Joseph Schorr
ecaa051791 Fix schema for invoice email updating
Fixes #1209
2016-02-16 11:52:57 -05:00
Joseph Schorr
03533db5a3 Add tests for superuser config API calls 2016-02-11 11:04:37 +02:00
Joseph Schorr
1887dc879c Remove old search API which is no longer in use 2016-02-10 15:02:27 +02:00
Joseph Schorr
534ec9cb2b Add pagination to the repository list API to make it better for public
Fixes #1166
2016-02-01 22:42:44 +02:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Jake Moshenko
fe2bdeb6cb Require some data from all models in initdb 2016-01-19 15:30:27 -05:00
Joseph Schorr
94ece129d4 Remove remaining recursive queries on repo delete and add test 2015-12-18 16:04:03 -05:00
Joseph Schorr
762cd56e64 Change derived storage to be based on image
Fixes #971
2015-11-24 12:44:07 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
josephschorr
3e7a95407b Merge pull request #598 from coreos-inc/limitbadquery
Prevent unlimited insane query from running and fix tests
2015-10-05 21:29:35 -04:00
Silas Sewell
c6da322ec1 Merge pull request #597 from coreos-inc/tag-validation
Update tag validation
2015-10-05 21:10:55 -04:00
Silas Sewell
dd3d939b31 Update tag validation
Fixes #536
2015-10-05 19:32:10 -04:00
Joseph Schorr
dd804816ba Prevent unlimited insane query from running and fix tests
Fixes #591
2015-10-05 17:11:49 -04:00
Joseph Schorr
8ca92d6828 Remove old search API and switch V1 search to use the new search system 2015-10-05 14:36:43 -04:00
Joseph Schorr
a283c8d8ec Add a check to ensure repository names are valid according to an extended set of rules.
Fixes #534
2015-09-24 11:55:08 -04:00
Joseph Schorr
49b575afb6 Start refactoring of the trigger system:
- Move each trigger handler into its own file
- Add dictionary helper classes for easier reading and writing of dict-based data
- Extract the web hook payload -> internal representation building for each trigger system
- Add tests for this transformation
- Remove support for Github archived-based building
2015-09-21 16:36:48 -04:00
josephschorr
c801965626 Merge pull request #492 from coreos-inc/nofreelunch
UI and API fixes for disallowing private repo count abuse
2015-09-16 17:53:11 -04:00
Joseph Schorr
30379a2dd8 Fix interleaved repo delete with RAC via a transaction
The RepositoryActionCount table can have entries added while a repository deletion is in progress. We now perform the repository deletion under a transaction and explicitly test for RAC entries in the deletion unit test (which doesn't test interleaving, but it was missing this check).

Fixes #494
2015-09-16 15:34:32 -04:00
Joseph Schorr
fbfe7fdb54 Make change repo visibility and create repo raise a 402 when applicable
We now check the user or org's subscription plan and raise a 402 if the user attempts to create/make a repo private over their limit
2015-09-15 14:33:35 -04:00
Jimmy Zelinskie
d55ab78fbe fix pagination of tags in API
Fixes #461.
2015-09-09 15:52:21 -04:00
Joseph Schorr
386fcfd50e Robot accounts allow underscores
Fixes #451
2015-09-08 10:10:00 -04:00
Joseph Schorr
51c507d02d Add back the ability to retrieve information for an org member directly
Fixes #427
2015-08-31 16:45:24 -04:00
Joseph Schorr
36a2beab98 Fix test by adding missing param 2015-08-21 15:07:26 -04:00
Jimmy Zelinskie
523dc912f7 Merge pull request #372 from coreos-inc/notifyui
Better notifications UI
2015-08-17 17:13:24 -04:00
Joseph Schorr
84276ee945 Better notifications UI
Fixes #369
2015-08-17 17:08:58 -04:00
Joseph Schorr
f092c00621 Allow builds to be started with an external archive URL
Fixes #114
2015-08-17 17:01:49 -04:00
Joseph Schorr
09bb98f161 Really fix the build trigger schema and add a test for it 2015-08-11 17:17:18 -04:00
Joseph Schorr
60ab3c339f Fix tests broken by the recent plan change 2015-08-11 14:09:02 -04:00
Joseph Schorr
7ea4c7d17e Add missing JSON schema for 'refs' and 'branch_name'
Fixes #325
2015-08-07 13:01:49 -04:00
Joseph Schorr
d34afde954 Fix logs view and API
- We needed to use an engine-agnostic way to extract the days
- Joining with the LogEntryKind table has *horrible* performance in MySQL, so do it ourselves
- Limit to 50 logs per page
2015-08-05 17:47:03 -04:00
Joseph Schorr
11c7994398 Fix 500 on logout 2015-07-28 15:47:04 -04:00
Joseph Schorr
687bab1c05 Support invite codes for verification of email
Also changes the system so we don't apply the invite until it is called explicitly from the frontend

Fixes #241
2015-07-22 13:41:27 -04:00
Joseph Schorr
a0c4e72f13 Clean up the repository list API and loads stars with it
We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified)
2015-07-22 13:05:02 -04:00
Joseph Schorr
7e4b23916a Small SQL query fix
Fixes #248
2015-07-20 14:17:26 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Joseph Schorr
5ae8c11638 Extra list repos test to mimic the conditions of a known issue with one customer 2015-07-16 01:25:19 +03:00
Jimmy Zelinskie
bde781c98b Merge pull request #205 from coreos-inc/delrobot
Fix deletion of robot accounts when attached to builds
2015-07-13 12:19:01 -04:00
Joseph Schorr
3a59c99b08 Add a secondary tab to Teams for managing org members
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click

Fixes #212
2015-07-02 17:06:36 +03:00
Joseph Schorr
b91b60e83d Add encrypted password output in the superuser API
When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along
2015-07-01 19:29:42 +03:00
Joseph Schorr
3ba321934f Fix deletion of robot accounts when attached to builds
Fixes #204
2015-06-30 22:56:44 +03:00
Joseph Schorr
d9ce8fdf52 Fix swagger test 2015-06-29 21:38:21 +03:00
Joseph Schorr
81bb76d3df Fix spelling mistakes 2015-06-29 21:38:01 +03:00
Joseph Schorr
2b1bbcb579 Add a table view to the repos list page
Fixes #104
2015-06-29 21:12:53 +03:00
Joseph Schorr
b8c74bbb17 Remove container usage tab and replace with changlog view
Fixes #179
2015-06-29 11:07:46 +03:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
f858caf6cd Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 16:43:07 -04:00
Joseph Schorr
469f25b64c Start measuring the number of queries on critical API calls 2015-05-07 22:25:23 -04:00
Joseph Schorr
3627de103c Minimize the queries used when retrieve builds. Previously, we'd call out to SQL extra times per build. 2015-05-07 21:11:15 -04:00
Joseph Schorr
7b35555776 Make sure to test for unicode usernames, since the collate on the username field is latin1 2015-05-07 18:13:45 -04:00
Joseph Schorr
d07f9f04e9 UI and code improvements to make working with the multiple SCMs easier 2015-05-03 10:38:11 -07:00
Joseph Schorr
b96e35b28c Merge master into bitbucket 2015-04-30 15:52:08 -04:00
Joseph Schorr
b3675df667 Fix tests 2015-04-30 15:47:40 -04:00
Joseph Schorr
60036927c9 Really disallow usage of the same account for an org as the one being converted. Before, you could do so via email. 2015-04-29 20:30:37 -04:00
Joseph Schorr
5a8093bbea Fix API tests 2015-04-29 17:30:24 -04:00
Jimmy Zelinskie
c238626c56 tests: update to reflect trigger API changes 2015-04-23 18:16:14 -04:00
Joseph Schorr
d1e2d072ea Add unit tests and a stronger restriction on the revert API call 2015-04-19 15:43:16 -04:00
Joseph Schorr
396cba64e6 Fix search to return better results by searching for robots and namespaces in different queries. 2015-04-09 12:57:20 -04:00
Joseph Schorr
40a6892a49 Add search tests 2015-04-07 14:05:12 -04:00
Joseph Schorr
1f5e6df678 - Fix tests
- Add new endpoints for retrieving the repo permissions for a robot account
- Have the robots list return the number of repositories for which there are permissions
- Other UI fixes
2015-03-31 18:50:43 -04:00
Joseph Schorr
86447c0a99 Merge branch 'master' into pagesnew 2015-03-05 14:22:10 -05:00
Jimmy Zelinskie
fb0d3d69c2 changes to reflect PR comments (not finished) 2015-02-24 17:50:54 -05:00
Joseph Schorr
10e2eabb1c Fix test 2015-02-23 13:47:21 -05:00
Joseph Schorr
5f605b7cc8 Fix queue handling to remove the dependency from repobuild, and have a cancel method 2015-02-23 13:38:01 -05:00
Jimmy Zelinskie
2914a5da96 tests: add test for star/unstar repo 2015-02-20 15:11:41 -05:00
Joseph Schorr
7c81d90cda Start recording the commit sha and other metadata about github triggered builds. We'll eventually show this information in the UI 2015-02-18 14:12:59 -05:00
Joseph Schorr
81ce4c771e Add ability to cancel builds that are in the waiting state 2015-02-13 15:54:01 -05:00
Joseph Schorr
15a69ac872 Change robot deletions to set the performer to null, rather than attempting to delete the rows from the large log entries table 2015-01-14 12:56:06 -05:00
Jimmy Zelinskie
f3259c862b Merge branch 'koh'
Conflicts:
	auth/scopes.py
	requirements-nover.txt
	requirements.txt
	static/css/quay.css
	static/directives/namespace-selector.html
	static/js/app.js
	static/partials/manage-application.html
	templates/oauthorize.html
2014-12-01 12:30:09 -08:00
Joseph Schorr
e9cac407df Add a configurable avatar system and add an internal avatar system for enterprise 2014-11-24 19:25:13 -05:00
Jimmy Zelinskie
716d7a737b Strip whitespace from ALL the things. 2014-11-24 16:07:38 -05:00
Joseph Schorr
9b31b9805a Fix performance problem with looking up org members and add some tests 2014-11-20 11:33:42 -05:00
Jake Moshenko
aa62395777 Fix a test to use the new calling convention for get_build_trigger. 2014-11-19 15:43:28 -05:00
Joseph Schorr
d73747ce1d - Fix some other group_by clauses
- Fix garbage_collect for an empty list (fixes a test)
- Add a script which runs the full test suite against mysql and postgres (note: QueueTest's are broken for MySQL, but they obviously work in production, so they need to be fixed)
2014-11-13 12:51:37 -05:00
Joseph Schorr
eddcc02ea6 Make repository deletes much faster by adding custom deletion code and have additional tests to verify the deletion code paths 2014-11-10 23:05:20 -05:00
Joseph Schorr
158acd4f41 - Turn on foreign key constraint checking in the tests
- Change all ForeignKeyField's that refer to users to use our custom class, and mark those that allow robots
- Change robot delete to only execute the subset of queries necessary to actually delete robots
2014-11-07 12:05:21 -05:00
Joseph Schorr
4eedd54b66 - Make usage language more accurate by stating "repositories"
- Have usage counter be based on a 4 weeks TTL
- Add a simple usage counter breakage test
2014-10-30 13:26:02 -04:00
Joseph Schorr
b234019a02 Fix tests 2014-10-14 16:23:01 -04:00
Joseph Schorr
e0993b26af Make query params only read from query params, not JSON as well 2014-10-03 15:05:34 -04:00
Joseph Schorr
039d53ea6c - Fix initdb
- Add ability to specific custom fields for manual running of build triggers and add a "branch name" selector for running github builds
2014-09-30 16:29:32 -04:00
Joseph Schorr
f6d3238611 Fix API tests for the recent change 2014-09-23 11:33:52 -04:00
Jake Moshenko
79b6a9f4e0 Apparently the version of python in the baseimage requires the encoding comment. 2014-09-23 11:19:31 -04:00
Joseph Schorr
8dd2330ce7 Switch to using straight docker IDs instead of a hashing scheme 2014-09-23 11:01:50 -04:00
Joseph Schorr
9621566d31 Instead of sending DB IDs, send "internal IDs" which are DB IDs hashed. This way, we can still calculate the ancestors without hitting the DB further, but without leaking the size of the images table 2014-09-23 11:01:50 -04:00
Jake Moshenko
74c1662f54 Unicode strings have to be declared as such for python to be happy. 2014-09-22 18:49:52 -04:00
Joseph Schorr
6b05b55225 Add unicode password support 2014-09-18 17:36:26 -04:00
Joseph Schorr
10faa7de84 Only allow users matching the team invite to accept, if the invite was specified for a user (rather than an email) 2014-09-12 14:29:01 -04:00
Jake Moshenko
c5ca46a14b Merge remote-tracking branch 'origin/master' into comewithmeifyouwanttowork
Conflicts:
	data/model/legacy.py
	static/js/app.js
2014-09-12 11:03:30 -04:00
Joseph Schorr
8d3ce44682 Address comments on code review 2014-09-11 15:45:41 -04:00
Joseph Schorr
7c45aca405 Code review changes 2014-09-08 17:20:01 -04:00
Joseph Schorr
e783df31e0 Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again. 2014-09-04 14:24:20 -04:00
Joseph Schorr
1e7e012b92 Add a requirement for the current password to change the user's password or email address 2014-09-03 15:41:25 -04:00
Joseph Schorr
3b72b26836 Merge branch 'master' into comewithmeifyouwanttowork 2014-08-28 20:50:13 -04:00
Joseph Schorr
a129aac94b Add ability to regenerate robot account credentials 2014-08-25 17:19:23 -04:00
Joseph Schorr
d2880807b2 - Further fixes for license stuff
- Small fixes to ensure Quay works for Postgres
2014-08-21 19:21:20 -04:00
Joseph Schorr
43b6695f9c Get team invite confirmation working and fully tested 2014-08-18 17:24:00 -04:00
Joseph Schorr
32b2ecdfa6 Add ability to dismiss notifications 2014-07-28 18:23:46 -04:00
Joseph Schorr
34fc279092 Add e-mail authorization to the repository notification flow. Also validates the creation of the other notification methods. 2014-07-28 14:58:12 -04:00
Joseph Schorr
56fec63fcd Add test for API change to entity search 2014-07-22 13:47:35 -04:00
Joseph Schorr
8d7493cb86 Convert over to notifications system. Note this is incomplete 2014-07-17 22:51:58 -04:00
Joseph Schorr
5841c1237e Add an "insane" test repo 2014-07-15 15:13:58 -04:00
Joseph Schorr
b0c4f5b2f5 - Fix tests to not hit remote Redis endpoint
- Fix convert organization to allow admin email address, in addition to username
- Add test for the above
2014-07-08 18:19:13 -04:00
Jake Moshenko
f6726bd0a4 Merge branch 'ldapper'
Conflicts:
	Dockerfile
	app.py
	data/database.py
	endpoints/index.py
	test/data/test.db
2014-05-22 12:13:41 -04:00
Jake Moshenko
c953447ae0 Fix the tests to use a fake build that is not a moving target. 2014-05-20 18:53:00 -04:00
Jake Moshenko
ccc720fd39 Allow diffs to get very large for test cases. 2014-05-20 18:26:29 -04:00
Joseph Schorr
0fd114df84 Add API usage tests for the superuser API 2014-05-12 15:22:58 -04:00
jakedt
3f42d15335 Merge remote-tracking branch 'origin/master' into tagyourit
Conflicts:
	static/css/quay.css
	static/js/graphing.js
	static/partials/view-repo.html
	test/data/test.db
2014-04-15 15:58:30 -04:00
jakedt
52fdd60779 Merge remote-tracking branch 'origin/detective'
Conflicts:
	static/partials/repo-admin.html
2014-04-14 16:15:32 -04:00
Joseph Schorr
0e54b0501c Return the reason a username validation failed and add tests to verify we are sending the reason to client 2014-04-07 20:37:02 -04:00
Joseph Schorr
7c466dab7d - Add an analyze method on triggers that, when given trigger config, will attempt to analyze the trigger's Dockerfile and determine what pull credentials, if any, are needed and available
- Move the build trigger setup UI into its own directive (makes things cleaner)
- Fix a bug in the entitySearch directive around setting the current entity
- Change the build trigger setup UI to use the new analyze method and flow better
2014-04-02 23:33:58 -04:00
Joseph Schorr
9a79d1562a Change to store the pull robot on the repository build and only add the credentials to the queue item. This prevents the credentials from being exposed to the end user. Also fixes the restart build option 2014-04-01 21:49:06 -04:00
Joseph Schorr
2006917e03 Add support for pull credentials on builds and build triggers 2014-03-27 18:33:13 -04:00
jakedt
302bfb27ae Merge remote-tracking branch 'origin/master' into tagyourit
Conflicts:
	endpoints/api.py
	static/js/app.js
	static/partials/view-repo.html
	test/data/test.db
	test/specs.py
	test/test_api_usage.py
2014-03-26 19:42:29 -04:00
Joseph Schorr
7befc04809 Fix API usage tests to send the proper CSRF token and add a "invalid CSRF token" test 2014-03-25 15:17:02 -04:00
Joseph Schorr
c82d1ffe98 Add ability for users to see their authorized applications and revoke the access 2014-03-24 20:57:02 -04:00
Joseph Schorr
f7c27f250b Add full application management API, UI and test cases 2014-03-20 15:46:13 -04:00
jakedt
0992c8a47e Fix some permissions problems still around due to some usage of scopes as strings. 2014-03-19 18:21:58 -04:00
jakedt
c93c62600d Merge remote-tracking branch 'origin/master' into swaggerlikeus
Conflicts:
	data/database.py
	endpoints/api.py
	endpoints/common.py
	templates/base.html
	test/data/test.db
	test/specs.py
2014-03-19 15:39:44 -04:00
jakedt
6fc369bed2 Change non logged in 403s to 401s. 2014-03-19 13:57:36 -04:00
Joseph Schorr
807fa68fe4 Fix the remainder of the API usage tests. Note that this still fails when the blueprint is registered again, so each subset of tests has to be run on its own 2014-03-18 20:32:37 -04:00
jakedt
5e7ffd95ca Update the api usage test to use the new url_for resources. 2014-03-18 19:34:26 -04:00
Joseph Schorr
c5fa12329c Update path matching regex to support dots 2014-03-11 14:42:53 -04:00
Joseph Schorr
e4d40e3289 Add test for bad repo names currently breaking quay 2014-03-11 13:38:44 -04:00
Joseph Schorr
dbb234c76c Better upwell messaging for everyone and show the upsell for organization admins 2014-03-06 18:36:52 -05:00
Joseph Schorr
20ad666308 Add ability to tag images from the UI, including moving existing tags to different images 2014-02-28 00:12:09 -05:00
Joseph Schorr
3f54022344 Add unit tests for all the new API methods 2014-02-26 15:19:07 -05:00
jakedt
c13f7cd9df Add the resource_key back to the repository build. 2014-02-25 18:22:02 -05:00
jakedt
f4642be11a Merge remote-tracking branch 'origin/allyourbaseimage'
Conflicts:
	test/data/test.db
	test/test_api_usage.py
2014-02-18 19:15:14 -05:00
Joseph Schorr
bc0d51656a Add ability to see a build's build pack, including browsing and downloading of the contents if it is a zip 2014-02-17 17:28:20 -05:00