vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
8456 commits 2 branches 62 tags 205 MiB
Commit graph

1146 commits

Author SHA1 Message Date
Joseph Schorr
06cb4bddaa Add a test to ensure we don't hit the database when accessing a private catalog with no auth 2018-06-05 19:42:16 -04:00
Sam Chow
7f21d0da58
Merge pull request #3096 from quay/refactor/secscan-simple 
Refactor validators to decouple app
 2018-06-01 15:44:18 -04:00
Sam Chow
301cc6992a Remove jwt validation for jschorr to fix later 
Refactor oauth validate method to take config over entire appconfig
 2018-06-01 15:07:06 -04:00
Sam Chow
7df8ed4a60 Add a security scanner api config object for params 
Change SecScanAPI to use a uri creation func instead of test context

Pass config provider through validator context

Remove app config dependency for validators
 2018-06-01 15:06:50 -04:00
Sam Chow
554d4f47a8 Change validators to use the validator_context 
Change InstanceKeys to take a namedtuple for context
 2018-06-01 14:59:49 -04:00
Joseph Schorr
8ee98c1c48 Show starred public repositories in the starred repos list 
We forgot to check if the repository was public in the filter

Fixes https://jira.coreos.com/browse/QUAY-857
 2018-05-31 17:34:17 -04:00
Joseph Schorr
f86c087b3b Prevent registry operations against disabled namespaces 
Allows admins to completely wall off a namespace by disabling it

Fixes https://jira.coreos.com/browse/QUAY-869
 2018-05-22 18:36:04 -04:00
Joseph Schorr
6ffafe44d3
Merge pull request #3059 from quay/joseph.schorr/QUAY-906/reg-tests 
Move registry integration tests to py.test
 2018-05-22 17:09:11 -04:00
Joseph Schorr
5509dd350c Switch to use the new registry tests suite 2018-05-22 17:06:41 -04:00
Joseph Schorr
a007332d4c Temporarily change to storing logs in a new LogEntry2 table 
This will prevent us from running out of auto-incrementing ID values until such time as we can upgrade to peewee 3 and change the field type to a BigInt

Fixes https://jira.coreos.com/browse/QUAY-943
 2018-05-18 20:15:16 -04:00
Joseph Schorr
22a39c3007 Fix bug with missing & in authorization URL for OIDC 
Also adds testing to ensure we don't break this again
 2018-05-15 14:52:00 -04:00
Joseph Schorr
8c1b0e673c Implement the remaining registry tests in the new py.test format 2018-05-01 13:28:24 +03:00
Joseph Schorr
23c19bcbc1 Implement support for registry integration tests via py.test 
This change implements support for registry integration tests using the new py.test-based live server test fixture. We can now parametrize the protocols we use (in prep for V2_2), and it makes the code *much* cleaner and less hacky.

Note that moving the vast majority of the tests over from the existing impl will come as a followup PR
 2018-05-01 13:28:24 +03:00
Joseph Schorr
85496b8195 Translate LiveServerTestCase into a py.test-compatible liveserver fixture 
This allow us to super-easily instantiate a live, running Flask server with the test app, as well as interact with it, without any of the crazy boilerplate we previously used
 2018-05-01 13:28:24 +03:00
Sam Chow
1afedafcbb Configurable options for search, info when at max 
includes the options for  maximum search results per page, and the
maximum number of pages available before help text is shown, and
the next page button is disabled
 2018-04-25 11:12:09 -04:00
Brad Ison
e90da9f2c0
Fix API team membership test 2018-04-04 14:22:11 -04:00
Joseph Schorr
8146646761 Simplifying queries around images and placements 
Only verbs needs to load placements for multiple images, so we can vastly simplify and optimize most queries by making it two-step, and having the rest of the image loads not worry about placements
 2018-04-03 16:23:49 -04:00
josephschorr
323eb63747
Merge pull request #3032 from coreos-inc/joseph.schorr/QUAY-885/squashed-sym 
Retarget broken hard links in squashed images
 2018-03-26 17:59:52 -04:00
Joseph Schorr
110366f656 Retarget hard links pointing to deleted files by emitting the deleted file contents under the first hard link instance. This fixes a breakage in the squashed TAR where we were pointing hard links to missing data. 
Fixes https://jira.coreos.com/browse/QUAY-885
 2018-03-23 14:00:46 -04:00
josephschorr
6c43b7ff0d
Merge pull request #3024 from coreos-inc/manageable-robots 
Manageable robots epic
 2018-03-21 18:50:17 -04:00
Joseph Schorr
2ea13e86a0 Add last_accessed information to User and expose for robot accounts 
Fixes https://jira.coreos.com/browse/QUAY-848
 2018-03-21 15:28:34 -04:00
Joseph Schorr
3586955669 Remove license code in Quay 
No longer needed under Red Hat rules \o/

Fixes https://jira.coreos.com/browse/QUAY-883
 2018-03-20 17:03:35 -04:00
Joseph Schorr
ed84835d23 Changes for code review 2018-03-01 16:49:52 -05:00
Joseph Schorr
c35eec0615 Add ability for triggers to be disabled 
Will be used in the followup commit to automatically disable broken triggers
 2018-03-01 16:49:28 -05:00
Joseph Schorr
ab0172d2fd Switch Quay to using an in-container memcached for data model caching 2018-02-27 16:55:22 -05:00
Joseph Schorr
8bc55a5676 Make namespace deletion asynchronous 
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.

Fixes https://jira.coreos.com/browse/QUAY-838
 2018-02-27 13:12:51 -05:00
Brad Ison
f89a16a64d Make byte_count on BlobUpload table not nullable 
The byte_count field on the BlobUpload model is marked as not
nullable, but the migration to make the field a big integer removed
that restriction (#2388 :: 76de324) in the database.  It's still in
the model though, which means they are out of sync.  This adds a
migration to mark the field as not nullable in the database again.
 2018-02-26 11:36:56 -05:00
Brad Ison
5bd826e7b5 Drop checksum from ImageStorage table 
The checksum field was removed from the ImageStorage model in #815,
but was never dropped from the database.  This adds a migration to
drop the unused column.
 2018-02-24 17:00:07 -05:00
Joseph Schorr
9a452ace11 Add configurable limits for number of builds allowed under a namespace 
We also support that limit being increased automatically once a successful billing charge has gone through
 2018-02-20 16:54:22 -05:00
Brad Ison
62971b7f20
Merge pull request #2999 from bison/user-location 
Add user location metadata filed
 2018-02-20 16:48:37 -05:00
Joseph Schorr
188ea98441 Add new decorator to prevent reflected text attacks 
Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend.
 2018-02-20 11:33:45 -05:00
Joseph Schorr
b342111edb Add registry tests for pushing and pulling previously bad repo names 2018-02-20 11:31:36 -05:00
Brad Ison
3de6b4a646 Add location metadata field for users 2018-02-06 16:06:17 -05:00
Joseph Schorr
bbdf9e074c Add metrics for tracking when instance key renewal succeeds and fails, as well as when instance key *lookup* fails 2018-02-02 11:14:42 -05:00
Joseph Schorr
ede3a81c68 Disallow dots in repository names to fix reflected text "attack" 
Fixes https://jira.coreos.com/browse/QS-125
 2018-01-18 13:19:37 -05:00
Joseph Schorr
c887aa543b Change superuser API errors to be more descriptive 
Fixes https://jira.coreos.com/browse/QS-103
 2018-01-05 17:09:26 -05:00
josephschorr
13b738c43c
Merge pull request #2954 from coreos-inc/joseph.schorr/QS-102/user-api-filter 
Add ability to filter users list to enabled users
 2018-01-05 15:40:50 -05:00
Joseph Schorr
5b4f5f9859 Regenerate test DB for token changes 2018-01-04 15:27:41 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
8e473b9779 Add filter for disabled users to superuser user list API 
Fixes https://jira.coreos.com/browse/QS-102
 2017-12-22 16:45:49 -05:00
Joseph Schorr
3ce9d68a3e Fix broken registry test 
Flask now returns a 404 error, rather than redirecting like it used to do
 2017-12-20 11:43:55 -05:00
Joseph Schorr
f9bd7ef42b Add validation of Docker V2_1 schemas and add a test for PUTing an invalid schema 2017-12-20 11:43:03 -05:00
Joseph Schorr
11e3724919 Return an http 415 (manifest version not supported) for OCI manifest content types 
This was breaking skopeo, as it first tries to send the *OCI* manifest type, which we didn't say we didn't support, thus breaking the tool
 2017-12-20 11:02:34 -05:00
josephschorr
024c183f67
Merge pull request #2944 from coreos-inc/joseph.schorr/QS-91/v2-caching 
V2 registry blob caching
 2017-12-18 14:42:02 -05:00
Joseph Schorr
097cbbeaae Add new Quay pricing plans 2017-12-18 13:12:16 -05:00
Joseph Schorr
b2485934ed Enable caching of blobs in V2 registry protocol, to avoid DB connections after the cache has been loaded 
This should help for bursty pull traffic, as it will avoid DB connections on a huge % of requests
 2017-12-14 13:38:24 -05:00
Joseph Schorr
a706d99849 Add additional logs and an additional test for verbs 2017-12-07 15:22:20 -05:00
Joseph Schorr
1d1c6f0606 Invalidate all session tokens when a user signs out 
Fixes https://jira.coreos.com/browse/QS-85
 2017-12-07 13:03:11 -05:00
Joseph Schorr
927d469db0 In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address) 2017-12-06 14:07:38 -05:00
Joseph Schorr
2677720577 Fix exception raised for certain non-JSON strings given to is_json 
This is breaking pushes in production for certain manifests

Fixes https://jira.prod.coreos.systems/browse/QS-60
 2017-11-14 13:46:06 -05:00