Jimmy Zelinskie
0e26a03f7e
endpoints.v2: new fs layout for data interface
...
Fixes QUAY-658
2017-06-26 18:21:35 -04:00
Evan Cordell
2661db7485
Add flag to enable trust per repo ( #2541 )
...
* Add flag to enable trust per repo
* Add api for enabling/disabling trust
* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api
* Add `set_trust` method to repository
* Expose new logkind to UI
* Fix registry tests
* Rebase migrations and regen test.db
* Raise downstreamissue if trust metadata can't be removed
* Refactor change_repo_trust
* Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00
Evan Cordell
9515f18fb6
Add tufmetadata endpoint
2017-04-05 10:03:27 -04:00
Joseph Schorr
cae9d69376
Better error messages for Docker errors
2017-03-31 17:15:14 -04:00
Evan Cordell
abd78bce56
Use constants for TUF roots
2017-03-27 11:37:17 -04:00
Evan Cordell
6ad107709c
Change build_context_and_subject to take kwargs
2017-03-27 11:37:17 -04:00
Evan Cordell
43dd974dca
Determine which TUF root to show based on actual access, not requested
...
access
2017-03-27 11:37:17 -04:00
Joseph Schorr
95e1cf6673
Make V2 login errors more descriptive
...
If login fails, we now call validate again to get the reason for the failure, and then surface it to the user of the CLI. This allows for more actionable responses, such as:
$ docker login 10.0.2.2:5000
Username (devtable): devtable
Password:
Error response from daemon: Get http://10.0.2.2:5000/v2/ : unauthorized: Client login with unencrypted passwords is disabled. Please generate an encrypted password in the user admin panel for use here.
2017-03-23 15:42:45 -04:00
Joseph Schorr
1bd4422da9
Move auth decorators into a decorators module
...
The non-decorators will be broken out in the followup change
2017-03-23 15:42:45 -04:00
Jimmy Zelinskie
48ba59d615
endpoints.v2: only work on docker repositories
2017-03-22 17:26:59 -04:00
Charlton Austin
e87404c327
Adding in what metadata_root_name to JWT
2017-02-22 16:59:19 -05:00
Evan Cordell
9e96e6870f
Add support for * (admin) permission to registry auth v2 endpoint
2016-11-28 14:02:08 -05:00
Jimmy Zelinskie
31b77cf232
rename auth.auth to auth.process
...
This fixes some ambiguity around imports.
2016-09-29 15:24:57 -04:00
Jimmy Zelinskie
44eca10c05
update interfaces to use ABC
2016-09-26 14:50:24 -04:00
Jimmy Zelinskie
c06d395f96
create interfaces for v1 and v2 data model
2016-09-26 14:49:23 -04:00
Joseph Schorr
db60df827d
Implement V2 interfaces and remaining V1 interfaces
...
Also adds some tests to registry tests for V1 stuff.
Note: All *registry* tests currently pass, but as verbs are not yet converted, the verb tests in registry_tests.py currently fail.
2016-09-26 14:49:04 -04:00
Jimmy Zelinskie
a516c08deb
v2: refactor auth to use data.types
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
3f722f880e
v2: add pagination decorator
2016-09-26 14:48:05 -04:00
Joseph Schorr
8887f09ba8
Use the instance service key for registry JWT signing
2016-06-07 11:58:10 -04:00
Jake Moshenko
8323c51e6e
Extend registry auth to support notary JWTs.
2016-05-24 13:42:28 -04:00
Jake Moshenko
9221a515de
Use the registry API for security scanning
...
when the storage engine doesn't support direct download url
2016-05-04 18:04:06 -04:00
Joseph Schorr
8cd38569d6
Fix issue with Docker 1.8.3 and pulling public repos with no creds
...
We now return the valid subset of auth scopes requested.
Adds a test for this case and adds testing of all returned JWTs in the V2 login tests
2016-01-25 15:54:17 -05:00
josephschorr
566a91f003
Merge pull request #1160 from coreos-inc/dockerv2authsucks
...
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
2016-01-22 16:00:30 -05:00
Joseph Schorr
e4ffaff869
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
...
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
josephschorr
d00db518df
Merge pull request #1153 from coreos-inc/fixtutorial
...
Fix tutorial by properly publishing user events for V2 API
2016-01-22 12:51:47 -05:00
Joseph Schorr
068301ef1f
Add more debugging statements to V2 auth
...
Also fixes a spurious return
2016-01-20 18:06:46 -05:00
Joseph Schorr
22b8a562be
Fix tutorial by properly publishing user events for V2 API
...
Fixes #1123
2016-01-20 13:42:30 -05:00
Joseph Schorr
ca7d36bf14
Handle empty scopes and always send the WWW-Authenticate header, as per spec
...
Fixes #1045
2015-12-15 14:59:47 -05:00
Joseph Schorr
4a4eee5e05
Make our JWT subjects better and log using the info
...
Fixes #1039
2015-12-14 14:00:33 -05:00
Joseph Schorr
75a91f0f92
Add login tests and fix scope security issue
2015-11-24 13:39:16 -05:00
Jake Moshenko
0c44949017
Return a 401 when doing a login with bad credentials
2015-11-20 18:37:52 -05:00
Jake Moshenko
39d799b1aa
Fix anonymous repository pulls
2015-11-18 20:11:06 -05:00
Jake Moshenko
c27f91f7cf
Fix token pushes for v2 auth, tokens have no user
2015-11-18 19:18:12 -05:00
Jake Moshenko
4cc619f4ca
Clean up v2 branch to no longer warn about readiness
2015-11-16 14:42:43 -05:00
Joseph Schorr
f393236c9f
Add repo name check to V2
...
Fixes #592
2015-10-05 14:19:52 -04:00
Jake Moshenko
9c3ddf846f
Some fixes and tests for v2 auth
...
Fixes #395
2015-09-10 15:38:57 -04:00
Joseph Schorr
42dba8655c
Fix auth and add V2 tests!
2015-09-03 12:21:21 -04:00
Joseph Schorr
31fdb94436
Enable rate limiting of V2 requests
2015-08-25 14:18:34 -04:00
Jake Moshenko
bc29561f8f
Fix and templatize the logic for external JWT AuthN and registry v2 Auth.
...
Make it explicit that the registry-v2 stuff is not ready for prime time.
2015-07-17 11:56:15 -04:00
Jake Moshenko
3efaa255e8
Accidental refactor, split out legacy.py into separate sumodules and update all call sites.
2015-07-17 11:56:15 -04:00
Jake Moshenko
acbcc2e206
Start of a v2 API.
2015-07-17 11:50:41 -04:00