vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
5718 commits 2 branches 62 tags 205 MiB
Commit graph

473 commits

Author SHA1 Message Date
Joseph Schorr
6e2df3b339 Fix key server to not list expired keys 
Fixes the key server to not list expire keys and by default not return expired or unapproved keys unless explicitly requested.

Fixes #1430
 2016-05-03 17:58:47 -04:00
Jimmy Zelinskie
2aa88dcb80 only send notifications when superusers enabled 2016-04-29 15:42:25 -04:00
Jimmy Zelinskie
29e2d7c9d4 data.model.log: remove unused method 2016-04-29 14:22:53 -04:00
Evan Cordell
489752a0b7 Only refresh current instance service key 2016-04-29 14:10:33 -04:00
Evan Cordell
a6f6a114c2 service key worker to refresh automatic keys 2016-04-29 14:10:33 -04:00
Joseph Schorr
6091db983b Hide expired keys outside of their staleness window 2016-04-29 14:10:33 -04:00
Joseph Schorr
4f63a50a17 Change account-less logs to use a user and not null 
This allows us to skip the migration
 2016-04-29 14:09:37 -04:00
Joseph Schorr
28a80ef6a9 Make sure to verify service names on key creation 2016-04-29 14:09:37 -04:00
Joseph Schorr
522cf68c5d Lots of smaller fixes: 
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
370ac3ecd0 service keys: add rotation_duration field 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
6577ac3e62 mv JWK-canonicalization util.security.fingerprint 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
4020ab9f55 service keys: delete notifications by prefix 2016-04-29 14:05:16 -04:00
Joseph Schorr
08017c5111 Further UI updates 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d19eb16b45 keyserver: add generate key function 
The superuser API, initdb, and tests will all need this functionality.
 2016-04-29 14:05:16 -04:00
Joseph Schorr
fb1dca4e94 Add API usage tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59 keys ui WIP 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
885a41e6f5 key server: misc fixes to make jwtproxy work 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
50ad1bb6b1 key server: misc cleanup to get it working 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c79bb14049 service keys: fix stale query 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
86df0124c1 service keys: join with approvals 
Also fixes a bug where we weren't reassigning the query after adding a
WHERE.
 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c6b8b3ce8c service_keys: s/get_keys/list_keys 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
0ec54fc70e clear notifications on delete/replace service_key 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
42b5196b21 add notification path and use for service keys 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
f406942984 converging on proper rotation 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
aaf9e83278 basically finish superuser key api 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
35ed73e195 rework superuser api 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
4079dba167 service keys: do all the right stuff 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
6ecff950ab service keys: add txs and select4update 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
499bb16306 service key server wip 2016-04-29 13:38:25 -04:00
josephschorr
9e88b1413d Merge pull request #1325 from coreos-inc/blobuncompressedsize 
Fix uncompressed size for blob store and add test
 2016-04-28 13:15:33 -04:00
Jimmy Zelinskie
7239c465bf improve stale cutoff id perf (#1392) 2016-04-20 15:03:06 -04:00
Joseph Schorr
c604dbd0f6 Fix permissions when converting a user to an org 
Fixes #1366
 2016-04-14 17:39:45 -04:00
Joseph Schorr
1009362d26 Have recovery auto-verify the user 
Fixes #1355
 2016-04-08 13:41:16 -04:00
josephschorr
edb157c5cb Merge pull request #1294 from coreos-inc/partialperms 
Change permissions to only load required by default
 2016-03-30 16:40:40 -04:00
Joseph Schorr
42e934d84f Make notification lookup faster and fix repo pagination on Postgres 2016-03-30 14:46:31 -04:00
Joseph Schorr
0dffdb87c9 Fix uncompressed size for blob store and add test 2016-03-29 14:16:56 -04:00
Joseph Schorr
a3aa4592cf Change permissions to only load required by default 
Permissions now load just the namespace and/or repository permissions requested, with a fallback to a full permissions load if necessary.
 2016-03-28 16:33:32 -04:00
Jake Moshenko
fe2cd240bc Revert "Remove old search API which is no longer in use" 2016-03-07 10:07:41 -05:00
Jimmy Zelinskie
b5d904f373 Merge pull request #1218 from jzelinskie/logrotate5ever 
vastly simplify log rotation
 2016-03-04 13:48:21 -05:00
josephschorr
57430a18b4 Merge pull request #1224 from coreos-inc/removeoldsearch 
Remove old search API which is no longer in use
 2016-03-04 12:05:07 -05:00
Quentin Machu
0183c519f7 Merge pull request #1253 from Quentin-M/clair2 
Adapt securityworker, secscan API and Quay UI for Clair 1.0
 2016-02-19 18:21:25 -05:00
Quentin Machu
e5da33578c Adapt security worker for Clair v1.0 (except notifications) 2016-02-19 17:44:14 -05:00
Joseph Schorr
abd2e3c234 V1 Docker ID <-> V2 layer SHA mismatch fix 
Fix handling of V1 Docker ID <-> V2 layer SHA mismatch by dynamically rewriting the manifest to use new synthesized IDs for all layers above the mismatch. Also adds a bunch of tests for this and other use cases, fixes a bug around manifest digest uniqueness and fixes the 5.5 migration for MySQL.
 2016-02-12 17:39:27 +02:00
Joseph Schorr
27f1cc0a13 Add a check that will fail if we try to mislink V1 layers 
Also logs some useful information
 2016-02-11 22:40:00 +02:00
Joseph Schorr
1887dc879c Remove old search API which is no longer in use 2016-02-10 15:02:27 +02:00
Jimmy Zelinskie
ee705fe7a9 vastly simplify log rotation 2016-02-09 18:20:14 -05:00
Joseph Schorr
4e771e667f Change sec scan candidate query to match parents to the expected version only 2016-02-09 22:23:48 +02:00
Joseph Schorr
534ec9cb2b Add pagination to the repository list API to make it better for public 
Fixes #1166
 2016-02-01 22:42:44 +02:00
Joseph Schorr
1536709c02 Small fixes 2016-01-29 20:01:17 +02:00
Joseph Schorr
bd0a098282 Add ID-based pagination to logs using new decorators and an encrypted token 
Fixes #599
 2016-01-26 12:50:48 -05:00
Jake Moshenko
fe2bdeb6cb Require some data from all models in initdb 2016-01-19 15:30:27 -05:00
Jake Moshenko
1b392dcb9a Remove dependent signatures before removing image storages 2016-01-19 14:56:02 -05:00
Jake Moshenko
7d0be20842 Formatting and syntax improvements 2016-01-19 14:56:02 -05:00
Joseph Schorr
e4da61a05d Fix piece hash calculation 2016-01-12 17:44:19 -05:00
Jake Moshenko
96c72e73df Clean up torrents before removing referenced storages 2016-01-12 11:43:07 -05:00
Joseph Schorr
c36a7c21c8 Order sadly matters with this check in peewee 2016-01-11 15:10:46 -05:00
Jake Moshenko
1ae101c917 Address torrent feature review comments. 2016-01-08 16:38:21 -05:00
Jake Moshenko
fd1e5f2407 Remove an unnecessary outer join 2016-01-05 14:43:40 -05:00
Jake Moshenko
8f80d7064b Hash v1 uploads for torrent chunks 2016-01-05 14:43:40 -05:00
Jake Moshenko
8d5f4466d6 Cleanup some indentation and imports 2016-01-05 12:12:57 -05:00
Jimmy Zelinskie
9b0a84c02f implement get_torrent_info 2016-01-04 16:17:51 -05:00
Jake Moshenko
a9b7ac6b48 Rotate robot user uuid when the credentials change 2016-01-04 16:17:51 -05:00
Jake Moshenko
5c6e033d21 Fix indentation 2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796 Hash and track layer file chunks for torrenting 2016-01-04 16:17:51 -05:00
josephschorr
f748d4348d Merge pull request #1106 from coreos-inc/billingemail 
Add support for custom billing invoice email address
 2016-01-04 14:34:30 -05:00
Joseph Schorr
31a8a0fba4 Better UX when recovering organization emails 
Fixes #291
 2015-12-28 15:25:31 -05:00
Joseph Schorr
10efa96009 Add support for custom billing invoice email address 
Fixes #782
 2015-12-28 13:59:50 -05:00
Jake Moshenko
9c1a2e7e1b Improve performance by removing unnecessary group by fields 2015-12-22 11:35:49 -05:00
josephschorr
5ac7369bf5 Merge pull request #1068 from coreos-inc/slowqueryfix 
Remove check for derived image storages on image storage
 2015-12-18 16:32:22 -05:00
Jimmy Zelinskie
e1f955a3f6 add a log rotation worker 
Fixes #609.
 2015-12-16 17:22:28 -05:00
Joseph Schorr
f59f4e51e8 Remove check for derived image storages on image storage 
Derived image storages are now 1-to-1 with image storages, so we know they have already been removed at this point

Fixes #1067
 2015-12-16 13:41:25 -05:00
Joseph Schorr
141f664bf7 Fix subquery delete which messes up MySQL 
Fixes #1061
 2015-12-15 13:15:10 -05:00
Joseph Schorr
54095eb5cb Handle the common case of one chunk when calculating the uncompressed size 
Reference #992
 2015-12-14 15:27:48 -05:00
josephschorr
94effb5aaa Merge pull request #1023 from coreos-inc/getblobopt 
Optimize blob lookup
 2015-12-04 16:11:28 -05:00
Jake Moshenko
38cb63d195 Fix indentation on build model operations 2015-12-04 15:46:07 -05:00
Joseph Schorr
f07b940bc5 Optimize blob lookup 
Fixes #1013
 2015-12-04 14:47:09 -05:00
Joseph Schorr
c324ebd7f6 Only write exceptions for manifest gen when a tag exists 
Fixes #1019

Currently, we just raise an exception to the logs regardless, which can make it appear as if there is an issue (when there isn't).
 2015-12-03 16:04:17 -05:00
Joseph Schorr
762cd56e64 Change derived storage to be based on image 
Fixes #971
 2015-11-24 12:44:07 -05:00
Jake Moshenko
3a29dfc535 Reducing in a tree to avoid recursion depth limits 2015-11-23 15:57:13 -05:00
Joseph Schorr
f4266d08d2 Fix handling of aggregate size in V2 
Fixes #931
 2015-11-20 11:44:03 -05:00
Joseph Schorr
4981ccbc4e Fix issue with query when manifest count is 0 2015-11-19 17:44:16 -05:00
Jake Moshenko
c352050b07 For the last time, you can't delete with a subquery on the same table! 2015-11-19 16:44:27 -05:00
Jake Moshenko
7b53797677 Fix garbage collection when manifests may reference tags 2015-11-19 16:01:36 -05:00
Jake Moshenko
7ae94f414c Alias our subqueries to appease the MySQL beast 2015-11-19 12:58:06 -05:00
Silas Sewell
1162814734 securityworker: mark children we can't analyze 
This allows us to differentiate between images that are queued and those we
can't analyze in constant time.
 2015-11-19 11:22:15 -05:00
Jake Moshenko
e6bd5488c9 Ensure that manifest tags are still alive 2015-11-19 11:01:47 -05:00
Jake Moshenko
b564492ea7 Improve the performance of fetching manifest blobs by checksum. 2015-11-19 11:01:47 -05:00
Quentin Machu
f2d874386b Fix security worker (ok last time before I give up on engineering) 2015-11-18 21:21:00 -05:00
Quentin Machu
88e85cded0 Fix security worker (again?) 2015-11-18 19:45:09 -05:00
Quentin Machu
605ed1fc77 Refactor security worker 2015-11-18 14:38:32 -05:00
Jake Moshenko
e252397292 Switch parent back to a ForeignKeyField without a constraint 2015-11-17 16:09:33 -05:00
Jake Moshenko
3374e8c812 Do not constrain deferred fields in SQLAlchemy bridge 2015-11-17 15:55:18 -05:00
Jake Moshenko
ae61ebeac9 The translate placements query was renamed in v2 2015-11-17 12:24:05 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Jake Moshenko
52125bbfed Fix gc by using the v1/v2 storage location helper everywhere 2015-11-16 14:13:37 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Joseph Schorr
25b8b7590f Fix all the things! 2015-11-12 20:55:41 -05:00
Jake Moshenko
44d06b0c2e Fix v1 backward compatibility 2015-11-12 16:22:19 -05:00
Jake Moshenko
cf1ec68046 Correlate a specific blob storage with its placements 2015-11-12 16:20:59 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00