Joseph Schorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								8d6946bd9e 
								
							 
						 
						
							
							
								
								Merge pull request  #3138  from quay/pytest-api-security  
							
							... 
							
							
							
							Fully migrate API security tests into the pytest test suite 
							
						 
						
							2018-07-10 22:40:57 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								bd54eacbad 
								
							 
						 
						
							
							
								
								Add app var for init scripts location to access certs install  
							
							
							
						 
						
							2018-07-10 11:43:34 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								01c23be9d6 
								
							 
						 
						
							
							
								
								Install certs locally in config app to validate  
							
							
							
						 
						
							2018-07-09 16:32:41 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								924dda296f 
								
							 
						 
						
							
							
								
								Fully migrate API security tests into the pytest test suite  
							
							... 
							
							
							
							Also adds an additional test that ensures that at least one security test exists for every (api endpoint, http method) pair. 
							
						 
						
							2018-07-08 18:33:21 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								2d6a6a1f6c 
								
							 
						 
						
							
							
								
								Add a timeout to various operations against etcd in the build manager when it cannot connect to etcd  
							
							... 
							
							
							
							This will ensure that the build managers don't simply sit there thrashing against a non-existing cluster, thus driving the CPU up on our production nodes, and thus taking them out of service
Addresses https://jira.coreos.com/browse/QUAY-990  
							
						 
						
							2018-07-08 12:25:33 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4f152fd7c7 
								
							 
						 
						
							
							
								
								Make API errors more informative  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QUAY-999  
							
						 
						
							2018-07-08 11:45:33 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								beebe6d5ed 
								
							 
						 
						
							
							
								
								Merge pull request  #3133  from quay/no-config-info  
							
							... 
							
							
							
							Change wording on error when no config volume 
							
						 
						
							2018-07-06 16:30:02 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								8c37eb50ea 
								
							 
						 
						
							
							
								
								Change wording on error when no config volume  
							
							
							
						 
						
							2018-07-05 17:12:07 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								6dc2cd3691 
								
							 
						 
						
							
							
								
								Merge pull request  #3132  from quay/project/cleanup  
							
							... 
							
							
							
							Add some step bars, other styles for config app 
							
						 
						
							2018-07-05 16:39:08 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								ab4bfee019 
								
							 
						 
						
							
							
								
								Add progress bar to other parts of the config app  
							
							... 
							
							
							
							Hardcode active classes to modal step bars 
							
						 
						
							2018-07-05 14:22:31 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								0eaff446e0 
								
							 
						 
						
							
							
								
								Merge pull request  #3131  from quay/joseph.schorr/QUAY-954/cloudfront  
							
							... 
							
							
							
							Return S3 URLs for security scanner 
							
						 
						
							2018-07-05 17:23:05 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								7426f9e93a 
								
							 
						 
						
							
							
								
								Change cloudfront storage to report non-cloudfront (i.e. S3) URLs for all requests missing IP information  
							
							... 
							
							
							
							This ensures the security scanner gets S3 URLs
Fixes https://jira.coreos.com/browse/QUAY-954  
							
						 
						
							2018-07-05 16:16:20 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								100d7eae81 
								
							 
						 
						
							
							
								
								Merge pull request  #3128  from quay/log-rotation-threshold  
							
							... 
							
							
							
							Add log rotation threshold configuration 
							
						 
						
							2018-07-02 10:27:43 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								84f604739f 
								
							 
						 
						
							
							
								
								Add log rotation threshold configuration  
							
							
							
						 
						
							2018-06-29 17:16:44 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								31e4c6d380 
								
							 
						 
						
							
							
								
								Merge pull request  #3127  from quay/project/download-tar  
							
							... 
							
							
							
							Q.E. Config User can update a config tarball pt 2 
							
						 
						
							2018-06-29 16:53:28 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								14fefea38f 
								
							 
						 
						
							
							
								
								Revert local validation context, extract another util  
							
							
							
						 
						
							2018-06-29 15:09:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								d7ffb54333 
								
							 
						 
						
							
							
								
								Move tar filter to file, add tests for it  
							
							
							
						 
						
							2018-06-28 17:02:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								db757edcd2 
								
							 
						 
						
							
							
								
								Create transient config provider, temp dir logic  
							
							... 
							
							
							
							Allows us to have a new config provider for each setup, with no overlap
of the directories used, and automatic cleanup of those directories. 
							
						 
						
							2018-06-28 13:58:57 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								2d0a599aab 
								
							 
						 
						
							
							
								
								Create download modal following setup completion  
							
							
							
						 
						
							2018-06-28 13:53:28 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								aa93d698b2 
								
							 
						 
						
							
							
								
								Tarball the config and give it to the front end  
							
							... 
							
							
							
							Download file as blob to avoid binary string encoding 
							
						 
						
							2018-06-28 13:53:17 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Brad Ison 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								06f3a7d20a 
								
							 
						 
						
							
							
								
								Merge pull request  #3124  from bison/update-user-schema  
							
							... 
							
							
							
							endpoints/api: Allow null fields in user metadata 
							
						 
						
							2018-06-27 17:02:57 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Brad Ison 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								73cb7f3228 
								
							 
						 
						
							
							
								
								endpoints/api: Allow null fields in user metadata  
							
							... 
							
							
							
							The user metadata fields are nullable in the database, but were not in
the json sechema.  This prevented users from updating some of their
information on the site if they hadn't set the metadata fields. 
							
						 
						
							2018-06-27 15:34:55 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								7619ab44e5 
								
							 
						 
						
							
							
								
								Revert inmemoryprov, skip local storage validation  
							
							
							
						 
						
							2018-06-25 15:23:30 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								f32bbf1fdc 
								
							 
						 
						
							
							
								
								Merge pull request  #3121  from quay/project/upload-tar  
							
							... 
							
							
							
							Q.E. User can upload a tarball config to modify 
							
						 
						
							2018-06-22 14:50:21 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								872be8605a 
								
							 
						 
						
							
							
								
								Fix error case in uploading tar, more comments  
							
							
							
						 
						
							2018-06-22 13:23:08 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								92aaa23669 
								
							 
						 
						
							
							
								
								Merge pull request  #3122  from quay/joseph.schorr/QUAY-975/disabled-routes  
							
							... 
							
							
							
							Audit which routes needed to be disabled for disabled users 
							
						 
						
							2018-06-22 11:34:22 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								d6d0bb640a 
								
							 
						 
						
							
							
								
								Modify config field to use base api endpoint  
							
							... 
							
							
							
							allow streaming from gzipped tarball config 
							
						 
						
							2018-06-22 10:57:35 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								aff1a08a83 
								
							 
						 
						
							
							
								
								Fix main app migration pathway  
							
							
							
						 
						
							2018-06-21 15:33:26 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								2b34ae74fe 
								
							 
						 
						
							
							
								
								Add test for trying to pull the tags of a repository under a disabled namespace  
							
							
							
						 
						
							2018-06-21 14:41:27 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								fdd0db7a7f 
								
							 
						 
						
							
							
								
								Add test for trying to pull the catalog under a disabled namespace  
							
							
							
						 
						
							2018-06-21 14:41:27 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								892cc82b6a 
								
							 
						 
						
							
							
								
								Ensure that verbs cannot be performed on disabled namespaces or by disabled users  
							
							
							
						 
						
							2018-06-21 14:41:27 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Brad Ison 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								db7e5f7cfa 
								
							 
						 
						
							
							
								
								Merge pull request  #3123  from bison/no-parallel-tests  
							
							... 
							
							
							
							Revert "Parallelize pytest runs in Makefile" 
							
						 
						
							2018-06-21 13:42:53 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Brad Ison 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								b68d3b399e 
								
							 
						 
						
							
							
								
								Revert "Parallelize pytest runs in Makefile"  
							
							... 
							
							
							
							This reverts commit 5ce15348ea 
							
						 
						
							2018-06-21 12:07:00 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								561522c6d3 
								
							 
						 
						
							
							
								
								Port cor-title and add file check endpoint  
							
							... 
							
							
							
							Fix some FA5 regressions
Fix uploading cert files
Add fix some icons 
							
						 
						
							2018-06-20 17:36:48 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								b5f630ba29 
								
							 
						 
						
							
							
								
								Fix alembic migrations importing app  
							
							... 
							
							
							
							Ensure we connect to loaded config db 
							
						 
						
							2018-06-20 17:17:35 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								bb2b28cd11 
								
							 
						 
						
							
							
								
								Read tarball into in-memory config provider  
							
							
							
						 
						
							2018-06-20 17:15:43 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								8aa18a29a8 
								
							 
						 
						
							
							
								
								Add writing config to file, modal for validation  
							
							
							
						 
						
							2018-06-20 17:15:43 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								c7513199df 
								
							 
						 
						
							
							
								
								link config comp to upload files to endpoint  
							
							
							
						 
						
							2018-06-20 17:15:43 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Sam Chow 
								
							 
						 
						
							
							
							
							
								
							
							
								b631b0f271 
								
							 
						 
						
							
							
								
								Add missing files changed directive to upload  
							
							
							
						 
						
							2018-06-20 17:15:43 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								68f8eb5a8f 
								
							 
						 
						
							
							
								
								Merge pull request  #3120  from quay/joseph.schorr/QUAY-989/ip-api-key  
							
							... 
							
							
							
							Fix the IP data lookup to take in an API key 
							
						 
						
							2018-06-20 16:58:09 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								371f6f8946 
								
							 
						 
						
							
							
								
								Merge pull request  #3118  from quay/joseph.schorr/QUAY-977/catalog-efficiency  
							
							... 
							
							
							
							Catalog efficiency improvements 
							
						 
						
							2018-06-20 16:40:37 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								ebb5d17641 
								
							 
						 
						
							
							
								
								Merge pull request  #3119  from quay/joseph.schorr/QUAY-976/rate-limit-audit  
							
							... 
							
							
							
							Audit out endpoints and ensure everything has a defined rate limit (even if quite large) 
							
						 
						
							2018-06-20 15:50:48 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								d4882f0077 
								
							 
						 
						
							
							
								
								Fix the IP data lookup to take in an API key  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QUAY-989  
							
						 
						
							2018-06-20 15:44:40 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								2caaf84f31 
								
							 
						 
						
							
							
								
								Add caching support to catalog  
							
							... 
							
							
							
							We will now cache the results of the catalog for 60s and not hit the database at all if cached 
							
						 
						
							2018-06-20 14:58:01 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								33a8099f35 
								
							 
						 
						
							
							
								
								Temporarily double the request limit. We'll start ratcheting it down over time.  
							
							
							
						 
						
							2018-06-20 14:31:51 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1d94e4d605 
								
							 
						 
						
							
							
								
								Audit out endpoints and ensure everything has a defined rate limit (even if quite large)  
							
							... 
							
							
							
							For registry operations, these were the numbers found at time the PR was written:
download_blob 108 per second across fleet
v2_auth 180 per second across fleet
catalog 1 per second across fleet
fetch_manifest 205 per second across fleet
list_all_tags 150 per second across fleet
With an average fleet size of 25. As a result, we went with a registry limit of 10r/s (10 * 25 = 250 requests) to bound even the most prolific puller.
Fixes https://jira.coreos.com/browse/QUAY-976  
							
						 
						
							2018-06-20 13:36:24 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a1c06042c6 
								
							 
						 
						
							
							
								
								Add a unique_key fields to the auth context type for tracking different instances  
							
							... 
							
							
							
							This will allow us to lookup a cache for the catalog without needing to make a database call 
							
						 
						
							2018-06-19 11:09:58 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								7604e9842b 
								
							 
						 
						
							
							
								
								Change repo filtering for users to use a user ID reference, rather than the username  
							
							... 
							
							
							
							While this means we need an additional query for initial lookup, it makes the *filtering* query (which is the heavy part) require far fewer joins, thus making it more efficient.
Also adds a new unit test to verify that our filter filters to the correct set of repositories. 
							
						 
						
							2018-06-19 10:51:30 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f2b9aa4527 
								
							 
						 
						
							
							
								
								Add pytest cache files to gitignore  
							
							
							
						 
						
							2018-06-19 10:50:23 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								a3554a73d8 
								
							 
						 
						
							
							
								
								Merge pull request  #3069  from quay/joseph.schorr/QUAY-913/db-test-data  
							
							... 
							
							
							
							Add support for populating test data during migration testing 
							
						 
						
							2018-06-19 10:40:28 -04:00