Joseph Schorr
28a80ef6a9
Make sure to verify service names on key creation
2016-04-29 14:09:37 -04:00
Joseph Schorr
522cf68c5d
Lots of smaller fixes:
...
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
370ac3ecd0
service keys: add rotation_duration field
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
6577ac3e62
mv JWK-canonicalization util.security.fingerprint
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
4020ab9f55
service keys: delete notifications by prefix
2016-04-29 14:05:16 -04:00
Joseph Schorr
08017c5111
Further UI updates
2016-04-29 14:05:16 -04:00
Joseph Schorr
a4a01e76c0
Fix up the migration to include the additional changes needed
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d19eb16b45
keyserver: add generate key function
...
The superuser API, initdb, and tests will all need this functionality.
2016-04-29 14:05:16 -04:00
Joseph Schorr
fb1dca4e94
Add API usage tests
2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59
keys ui WIP
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
885a41e6f5
key server: misc fixes to make jwtproxy work
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
5cdc7812dc
migration.sh: update to reflect timing
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
50ad1bb6b1
key server: misc cleanup to get it working
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c79bb14049
service keys: fix stale query
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
86df0124c1
service keys: join with approvals
...
Also fixes a bug where we weren't reassigning the query after adding a
WHERE.
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
dff59b4a39
service key migration
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c6b8b3ce8c
service_keys: s/get_keys/list_keys
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
0ec54fc70e
clear notifications on delete/replace service_key
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
42b5196b21
add notification path and use for service keys
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
f406942984
converging on proper rotation
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
aaf9e83278
basically finish superuser key api
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
35ed73e195
rework superuser api
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
4079dba167
service keys: do all the right stuff
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
6ecff950ab
service keys: add txs and select4update
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
499bb16306
service key server wip
2016-04-29 13:38:25 -04:00
josephschorr
9e88b1413d
Merge pull request #1325 from coreos-inc/blobuncompressedsize
...
Fix uncompressed size for blob store and add test
2016-04-28 13:15:33 -04:00
Jimmy Zelinskie
7239c465bf
improve stale cutoff id perf ( #1392 )
2016-04-20 15:03:06 -04:00
josephschorr
b0cc55276f
Merge pull request #1373 from coreos-inc/orgconvert
...
Org conversion improvements
2016-04-19 16:16:35 -04:00
Jimmy Zelinskie
5585e16c90
Merge pull request #1356 from jzelinskie/actionlogarchive
...
logrotateworker: save to storage via userfiles
2016-04-15 13:57:11 -04:00
Jimmy Zelinskie
3d190b786f
userfiles: make handler optional
2016-04-15 13:56:07 -04:00
Joseph Schorr
c604dbd0f6
Fix permissions when converting a user to an org
...
Fixes #1366
2016-04-14 17:39:45 -04:00
Joseph Schorr
1009362d26
Have recovery auto-verify the user
...
Fixes #1355
2016-04-08 13:41:16 -04:00
Jake Moshenko
bd5b44cbd2
Move the sequence fixer to a separate tool which can be run
2016-04-01 13:46:13 -04:00
josephschorr
edb157c5cb
Merge pull request #1294 from coreos-inc/partialperms
...
Change permissions to only load required by default
2016-03-30 16:40:40 -04:00
Joseph Schorr
42e934d84f
Make notification lookup faster and fix repo pagination on Postgres
2016-03-30 14:46:31 -04:00
Joseph Schorr
0dffdb87c9
Fix uncompressed size for blob store and add test
2016-03-29 14:16:56 -04:00
Joseph Schorr
a3aa4592cf
Change permissions to only load required by default
...
Permissions now load just the namespace and/or repository permissions requested, with a fallback to a full permissions load if necessary.
2016-03-28 16:33:32 -04:00
Jake Moshenko
eed07722cb
Add even larger plans for enterprises on SaaS
2016-03-21 16:38:34 -04:00
Jake Moshenko
fe2cd240bc
Revert "Remove old search API which is no longer in use"
2016-03-07 10:07:41 -05:00
Jimmy Zelinskie
b5d904f373
Merge pull request #1218 from jzelinskie/logrotate5ever
...
vastly simplify log rotation
2016-03-04 13:48:21 -05:00
josephschorr
57430a18b4
Merge pull request #1224 from coreos-inc/removeoldsearch
...
Remove old search API which is no longer in use
2016-03-04 12:05:07 -05:00
Joseph Schorr
f498e92d58
Implement against new Clair paginated notification system
2016-02-25 15:58:42 -05:00
Joseph Schorr
c0374d71c9
Refactor the security worker and API calls and add a bunch of tests
2016-02-25 12:29:41 -05:00
Quentin Machu
0183c519f7
Merge pull request #1253 from Quentin-M/clair2
...
Adapt securityworker, secscan API and Quay UI for Clair 1.0
2016-02-19 18:21:25 -05:00
Quentin Machu
e5da33578c
Adapt security worker for Clair v1.0 (except notifications)
2016-02-19 17:44:14 -05:00
Joseph Schorr
abd2e3c234
V1 Docker ID <-> V2 layer SHA mismatch fix
...
Fix handling of V1 Docker ID <-> V2 layer SHA mismatch by dynamically rewriting the manifest to use new synthesized IDs for all layers above the mismatch. Also adds a bunch of tests for this and other use cases, fixes a bug around manifest digest uniqueness and fixes the 5.5 migration for MySQL.
2016-02-12 17:39:27 +02:00
josephschorr
a9c64545fa
Merge pull request #1228 from coreos-inc/v2storagevalidation
...
Add a check that will fail if we try to mislink V1 layers
2016-02-11 22:49:33 +02:00
Joseph Schorr
27f1cc0a13
Add a check that will fail if we try to mislink V1 layers
...
Also logs some useful information
2016-02-11 22:40:00 +02:00
Jake Moshenko
59a6f5bc77
Replace incompatible MySQL 5.5 server_default
2016-02-11 15:07:16 -05:00
Joseph Schorr
1887dc879c
Remove old search API which is no longer in use
2016-02-10 15:02:27 +02:00
Jimmy Zelinskie
ee705fe7a9
vastly simplify log rotation
2016-02-09 18:20:14 -05:00
Joseph Schorr
4e771e667f
Change sec scan candidate query to match parents to the expected version only
2016-02-09 22:23:48 +02:00
Joseph Schorr
534ec9cb2b
Add pagination to the repository list API to make it better for public
...
Fixes #1166
2016-02-01 22:42:44 +02:00
Joseph Schorr
1536709c02
Small fixes
2016-01-29 20:01:17 +02:00
Joseph Schorr
a80ac8eabb
Fix import for alembic
2016-01-29 17:59:23 +02:00
Joseph Schorr
bd0a098282
Add ID-based pagination to logs using new decorators and an encrypted token
...
Fixes #599
2016-01-26 12:50:48 -05:00
Jimmy Zelinskie
e54b86c6eb
s/TORRENT/BITTORRENT
2016-01-22 15:52:28 -05:00
Jake Moshenko
fe2bdeb6cb
Require some data from all models in initdb
2016-01-19 15:30:27 -05:00
Jake Moshenko
1b392dcb9a
Remove dependent signatures before removing image storages
2016-01-19 14:56:02 -05:00
Jake Moshenko
7d0be20842
Formatting and syntax improvements
2016-01-19 14:56:02 -05:00
Joseph Schorr
e4da61a05d
Fix piece hash calculation
2016-01-12 17:44:19 -05:00
josephschorr
047c2c2c0f
Merge pull request #1129 from coreos-inc/backfill
...
Add checksum and torrent info backfill
2016-01-12 14:20:58 -05:00
Jake Moshenko
96c72e73df
Clean up torrents before removing referenced storages
2016-01-12 11:43:07 -05:00
Jake Moshenko
8ab6c8a22d
Fix torrent hash generation to work in mixed stacks
2016-01-11 16:43:46 -05:00
Joseph Schorr
c36a7c21c8
Order sadly matters with this check in peewee
2016-01-11 15:10:46 -05:00
Joseph Schorr
bd715c0c71
Add checksum and torrent info backfill
2016-01-08 17:32:30 -05:00
Jake Moshenko
1ae101c917
Address torrent feature review comments.
2016-01-08 16:38:21 -05:00
Jake Moshenko
073b68cf0d
Fix torrent migration and update backfill to compute torrent pieces
2016-01-08 11:15:34 -05:00
Jake Moshenko
77aa58996a
Fix the db definition for torrentinfo and add migration
2016-01-06 14:04:03 -05:00
Jake Moshenko
fd1e5f2407
Remove an unnecessary outer join
2016-01-05 14:43:40 -05:00
Jake Moshenko
8f80d7064b
Hash v1 uploads for torrent chunks
2016-01-05 14:43:40 -05:00
Jake Moshenko
8d5f4466d6
Cleanup some indentation and imports
2016-01-05 12:12:57 -05:00
Jimmy Zelinskie
9b0a84c02f
implement get_torrent_info
2016-01-04 16:17:51 -05:00
Jake Moshenko
a9b7ac6b48
Rotate robot user uuid when the credentials change
2016-01-04 16:17:51 -05:00
Jake Moshenko
ce8fcbeaae
Update the pieces to use base64 encoded binary
2016-01-04 16:17:51 -05:00
Jake Moshenko
5c6e033d21
Fix indentation
2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796
Hash and track layer file chunks for torrenting
2016-01-04 16:17:51 -05:00
josephschorr
f748d4348d
Merge pull request #1106 from coreos-inc/billingemail
...
Add support for custom billing invoice email address
2016-01-04 14:34:30 -05:00
Joseph Schorr
31a8a0fba4
Better UX when recovering organization emails
...
Fixes #291
2015-12-28 15:25:31 -05:00
Joseph Schorr
10efa96009
Add support for custom billing invoice email address
...
Fixes #782
2015-12-28 13:59:50 -05:00
Joseph Schorr
01723d5546
Catch other cases where the queue item has been removed
...
Fixes #1096
2015-12-22 15:58:51 -05:00
Jake Moshenko
9c1a2e7e1b
Improve performance by removing unnecessary group by fields
2015-12-22 11:35:49 -05:00
josephschorr
5ac7369bf5
Merge pull request #1068 from coreos-inc/slowqueryfix
...
Remove check for derived image storages on image storage
2015-12-18 16:32:22 -05:00
Joseph Schorr
94ece129d4
Remove remaining recursive queries on repo delete and add test
2015-12-18 16:04:03 -05:00
josephschorr
16f814b7d9
Merge pull request #1075 from coreos-inc/userdeletefix
...
Fix user deletion under MySQL
2015-12-17 15:09:18 -05:00
Joseph Schorr
2e7835c372
Fix user deletion under MySQL
...
Fixes #973
2015-12-17 15:05:15 -05:00
Jimmy Zelinskie
e1f955a3f6
add a log rotation worker
...
Fixes #609 .
2015-12-16 17:22:28 -05:00
Joseph Schorr
f59f4e51e8
Remove check for derived image storages on image storage
...
Derived image storages are now 1-to-1 with image storages, so we know they have already been removed at this point
Fixes #1067
2015-12-16 13:41:25 -05:00
Joseph Schorr
73531d08b5
Add server default for the chunk_count column
2015-12-15 15:44:33 -05:00
Joseph Schorr
141f664bf7
Fix subquery delete which messes up MySQL
...
Fixes #1061
2015-12-15 13:15:10 -05:00
Joseph Schorr
9698d6f6a0
Add created column to blob upload
...
Fixes first half of #1054
2015-12-14 15:27:48 -05:00
Joseph Schorr
54095eb5cb
Handle the common case of one chunk when calculating the uncompressed size
...
Reference #992
2015-12-14 15:27:48 -05:00
josephschorr
94effb5aaa
Merge pull request #1023 from coreos-inc/getblobopt
...
Optimize blob lookup
2015-12-04 16:11:28 -05:00
Jake Moshenko
38cb63d195
Fix indentation on build model operations
2015-12-04 15:46:07 -05:00
Joseph Schorr
f07b940bc5
Optimize blob lookup
...
Fixes #1013
2015-12-04 14:47:09 -05:00
Joseph Schorr
c324ebd7f6
Only write exceptions for manifest gen when a tag exists
...
Fixes #1019
Currently, we just raise an exception to the logs regardless, which can make it appear as if there is an issue (when there isn't).
2015-12-03 16:04:17 -05:00
Silas Sewell
502e4c04d0
Fix seq migration down_revision
2015-11-30 17:59:04 -05:00
Silas Sewell
3833fb6530
Merge pull request #888 from coreos-inc/remove-hardcoded-ids
...
Fix seq generators for enum tables in postgres
2015-11-30 17:54:13 -05:00
Joseph Schorr
0f7c8105b0
Remove DerivedImageStorage table
2015-11-25 11:46:59 -05:00
Joseph Schorr
762cd56e64
Change derived storage to be based on image
...
Fixes #971
2015-11-24 12:44:07 -05:00
Jake Moshenko
3a29dfc535
Reducing in a tree to avoid recursion depth limits
2015-11-23 15:57:13 -05:00
Joseph Schorr
f4266d08d2
Fix handling of aggregate size in V2
...
Fixes #931
2015-11-20 11:44:03 -05:00
Joseph Schorr
4981ccbc4e
Fix issue with query when manifest count is 0
2015-11-19 17:44:16 -05:00
Jake Moshenko
c352050b07
For the last time, you can't delete with a subquery on the same table!
2015-11-19 16:44:27 -05:00
Jake Moshenko
7b53797677
Fix garbage collection when manifests may reference tags
2015-11-19 16:01:36 -05:00
Jake Moshenko
7ae94f414c
Alias our subqueries to appease the MySQL beast
2015-11-19 12:58:06 -05:00
Silas Sewell
1162814734
securityworker: mark children we can't analyze
...
This allows us to differentiate between images that are queued and those we
can't analyze in constant time.
2015-11-19 11:22:15 -05:00
Jake Moshenko
e6bd5488c9
Ensure that manifest tags are still alive
2015-11-19 11:01:47 -05:00
Jake Moshenko
b564492ea7
Improve the performance of fetching manifest blobs by checksum.
2015-11-19 11:01:47 -05:00
Quentin Machu
f2d874386b
Fix security worker (ok last time before I give up on engineering)
2015-11-18 21:21:00 -05:00
Quentin Machu
04f2688944
Merge pull request #917 from Quentin-M/fix_secwor
...
Fix security worker (again?)
2015-11-18 19:45:36 -05:00
Quentin Machu
88e85cded0
Fix security worker (again?)
2015-11-18 19:45:09 -05:00
Quentin Machu
6d89f259f5
Merge pull request #894 from Quentin-M/fix_secwor
...
Refactor security worker
2015-11-18 14:40:34 -05:00
Quentin Machu
605ed1fc77
Refactor security worker
2015-11-18 14:38:32 -05:00
Jake Moshenko
18b14001b4
Add indices for the security worker fields on Image
...
Fixes #906
2015-11-18 13:29:51 -05:00
Jake Moshenko
206e18d160
Image parents do not have to be nulled transitively on repo delete
2015-11-17 16:48:26 -05:00
Jake Moshenko
e252397292
Switch parent back to a ForeignKeyField without a constraint
2015-11-17 16:09:33 -05:00
Jake Moshenko
3374e8c812
Do not constrain deferred fields in SQLAlchemy bridge
2015-11-17 15:55:18 -05:00
Jake Moshenko
ae61ebeac9
The translate placements query was renamed in v2
2015-11-17 12:24:05 -05:00
Jake Moshenko
7205bf5e7f
Merge pull request #885 from jakedt/python-registry-v2
...
Python registry v2 mega merge
2015-11-16 16:15:40 -05:00
Silas Sewell
30b0101584
Fix seq generators for enum tables in postgres
...
This attempts to insert a temporary entry into each enum table until it
succeeds. It re-synchronizes the postgres sequence generators with the max id
of the table.
Fixes #883 and #880
2015-11-16 15:29:51 -05:00
Matt Jibson
13aa6cfcfc
No PUT for logarchive
...
fixes #862
2015-11-16 15:01:12 -05:00
Jake Moshenko
0459c3bc54
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-16 14:22:54 -05:00
Jake Moshenko
52125bbfed
Fix gc by using the v1/v2 storage location helper everywhere
2015-11-16 14:13:37 -05:00
Joseph Schorr
819d461ed6
Remove migration re-added by merge accidentally
2015-11-12 22:02:26 -05:00
Joseph Schorr
030c69d7d2
Further merge fixes
2015-11-12 22:00:28 -05:00
Joseph Schorr
7816b0c657
Merge master into vulnerability-tool
2015-11-12 21:52:47 -05:00
Joseph Schorr
25b8b7590f
Fix all the things!
2015-11-12 20:55:41 -05:00
Jake Moshenko
44d06b0c2e
Fix v1 backward compatibility
2015-11-12 16:22:19 -05:00
Jake Moshenko
cf1ec68046
Correlate a specific blob storage with its placements
2015-11-12 16:20:59 -05:00
Jake Moshenko
ab340e20ea
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-11 16:41:40 -05:00
Jake Moshenko
1d7be74a1f
Revert "Drop the v1 checksum column from imagestorage"
...
This reverts commit d292a34343
.
2015-11-11 16:39:46 -05:00
Jake Moshenko
a1ccd860e7
Merge pull request #823 from coreos-inc/phase3-11-07-2015
...
Phase3 11 07 2015
2015-11-11 14:22:19 -05:00
Jake Moshenko
1c6919dd93
We must fill in the parent_id on linking
2015-11-10 14:31:46 -05:00
Silas Sewell
e826b14ca4
Merge pull request #725 from coreos-inc/setup-tool-georeplication
...
superuser: add storage replication config
2015-11-09 17:43:38 -05:00
Silas Sewell
5000b1621c
superuser: add storage replication config
2015-11-09 17:34:22 -05:00
Joseph Schorr
a69c9e12fd
Update quay sec code to fix problems identified in previous review
...
- Change get_repository_images_recursive to operate over a single docker image and storage uuid
- Move endpoints/sec to endpoints/secscan
- Change notification system to work with new Quay-sec format
Fixes #768
2015-11-09 17:14:35 -05:00
Silas Sewell
c739c453da
Merge pull request #807 from coreos-inc/storage-preference
...
Enable storage preference
2015-11-09 16:30:47 -05:00
josephschorr
eb2e42dce9
Merge pull request #830 from coreos-inc/fix_parent_id
...
Fix deleting repos and images under MySQL
2015-11-09 14:43:01 -05:00
Joseph Schorr
2d2662f53f
Fix deleting repos and images under MySQL
...
MySQL doesn't handle constraints at the end of transactions, so deleting images currently fails. This removes the constraint and just leaves parent_id as an int
2015-11-09 14:42:05 -05:00
Matt Jibson
e5282a216f
Merge pull request #818 from mjibson/redis-socket-timeout
...
Set timeout for redis commands
2015-11-09 14:39:00 -05:00
Joseph Schorr
b408cfd2cc
Ready for demo
2015-11-09 12:51:05 -05:00
Joseph Schorr
407eaae137
WIP: Towards sec demo
2015-11-09 12:50:39 -05:00
Joseph Schorr
d7ace69fe3
Add a vulnerability_found event for notice when we detect a vuln
...
Fixes #637
Note: This PR does *not* actually raise the event; it merely adds support for it
2015-11-09 12:49:19 -05:00
Quentin Machu
37118423a5
Add support for Quay's vulnerability tool
2015-11-09 12:49:19 -05:00
Quentin Machu
ade664036c
Fix migration 57dad559ff2d's header
...
Fixes #825
2015-11-08 15:22:15 -05:00
Jake Moshenko
b526e2a3cd
Merge pull request #822 from coreos-inc/phase2-11-07-2015
...
Phase2 11 07 2015
2015-11-08 13:21:59 -05:00
Joseph Schorr
8463514a09
Fix delete_user call to remove all user data
2015-11-08 13:10:01 -05:00
Matt Jibson
afa119d82e
Set timeout for redis commands
...
fixes #779
2015-11-06 18:48:47 -05:00
Jake Moshenko
7efa6265bf
Merge branch 'newchanges' into python-registry-v2
2015-11-06 18:24:32 -05:00