Joseph Schorr
2caaf84f31
Add caching support to catalog
...
We will now cache the results of the catalog for 60s and not hit the database at all if cached
2018-06-20 14:58:01 -04:00
Joseph Schorr
3161b60522
Switch V2 pagination back to using IDs, which should be much faster and easier on the DB
...
Also adds a test for the tags endpoint
2018-06-18 16:11:26 -04:00
Joseph Schorr
0fa1a1d5fd
Implement support for blob mounting via the mount
parameter on blob uploads
...
Fixes https://jira.coreos.com/browse/QUAY-893
2018-06-06 11:31:28 -04:00
Joseph Schorr
ef167ab7e3
Rate limit the catalog endpoint by auth token and IP address
2018-06-05 18:24:31 -04:00
Joseph Schorr
2e0edf8f6e
Have catalog endpoint return empty if the namespace is disabled
2018-06-05 17:31:00 -04:00
Joseph Schorr
f86c087b3b
Prevent registry operations against disabled namespaces
...
Allows admins to completely wall off a namespace by disabling it
Fixes https://jira.coreos.com/browse/QUAY-869
2018-05-22 18:36:04 -04:00
Joseph Schorr
a59c951aa3
Add support for multiple scope parameters on V2 auth requests
...
Fixes https://jira.coreos.com/browse/QUAY-892
2018-04-18 20:16:49 +03:00
Joseph Schorr
86aa93aab5
Add a new test suite for the v2auth generate_registry_jwt endpoint
2018-04-18 20:16:49 +03:00
Joseph Schorr
3586955669
Remove license code in Quay
...
No longer needed under Red Hat rules \o/
Fixes https://jira.coreos.com/browse/QUAY-883
2018-03-20 17:03:35 -04:00
Joseph Schorr
24b77bbc10
Fix serialization of blobs to/from the cache
...
Also makes sure the test checks that serialization
2018-03-02 14:22:55 -05:00
Joseph Schorr
e220b50543
Refactor auth code to be cleaner and more extensible
...
We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc).
2018-02-14 15:35:27 -05:00
Joseph Schorr
eae9175950
Allow size of pages in V2 api to be configurable
2018-02-02 13:54:41 -05:00
Joseph Schorr
9e16a989f5
Audit the number of SQL queries we make in writing manifests, and significantly reduce in the common case
...
Instead of 41 queries now for the simple manifest, we are down to 14.
The biggest changes:
- Only synthesize the V1 image rows if we haven't already found them in the database
- Thread the repository object through to the other model method calls, and use it instead of loading again and again
2018-01-25 11:10:43 -05:00
Joseph Schorr
524d77f527
Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password
2018-01-04 15:27:41 -05:00
Joseph Schorr
c1cff32c1e
Fix log levels in registry
2018-01-04 13:07:11 -05:00
Joseph Schorr
11e3724919
Return an http 415 (manifest version not supported) for OCI manifest content types
...
This was breaking skopeo, as it first tries to send the *OCI* manifest type, which we didn't say we didn't support, thus breaking the tool
2017-12-20 11:02:34 -05:00
Joseph Schorr
9e16596854
Add a bunch of logging to the data model caching mechanism
...
Should help us debug any potential issues
2017-12-18 14:18:37 -05:00
Joseph Schorr
b2485934ed
Enable caching of blobs in V2 registry protocol, to avoid DB connections after the cache has been loaded
...
This should help for bursty pull traffic, as it will avoid DB connections on a huge % of requests
2017-12-14 13:38:24 -05:00
Joseph Schorr
db6007cb37
Change v2 registry auth code to not hit the database when we know we have permissions loaded
...
Avoids a DB call and, when used in conjunction with blob caching, will avoid a DB *connection*
2017-12-14 13:37:31 -05:00
Joseph Schorr
51e67ab7f5
Fix get_blob_path to not make any database calls and add a test
...
This will be supported by caching, hopefully removing the need to hit the database when the blob object is cached
2017-12-13 16:27:46 -05:00
Joseph Schorr
56fbbcf7cf
Add request IP to get_direct_download_url method
2017-09-25 17:14:28 -04:00
Joseph Schorr
48c79003c6
yap
2017-07-25 17:18:06 -04:00
Joseph Schorr
e7dbc4ee91
Move notification helper code into the root module
2017-07-25 17:00:07 -04:00
Joseph Schorr
ce56031846
Move notifications into its own package
2017-07-25 17:00:06 -04:00
Joseph Schorr
98e2ccf74d
Move parse_repository_name into decorators
2017-07-20 16:01:38 -04:00
Joseph Schorr
17f3de811e
Move route_show_if into decorators
...
Also removes unused route_hide_if
2017-07-20 11:07:31 -04:00
Joseph Schorr
9679ec91ec
Fix for hard merge
2017-07-19 17:13:49 -04:00
Joseph Schorr
7d4fed6892
Change error message when trying to pull a deleted or expired tag
...
Will let the users know they can recover the tag via time machine
Note: This was tested with the Docker protocol, but the new error code is *technically* out of spec; we should make sure its okay.
2017-07-19 17:13:48 -04:00
Joseph Schorr
c5d8b5f86b
Add support for tag expiration based on a quay.expires-after
label
2017-07-19 17:13:06 -04:00
Jimmy Zelinskie
7d1bbbfe19
test: convert registry auth test to pytest
...
This also moves them into the auth package.
2017-07-12 15:14:12 -04:00
Jimmy Zelinskie
b1434b0380
endpoints.v2: yapf format
2017-06-26 18:22:17 -04:00
Jimmy Zelinskie
0e26a03f7e
endpoints.v2: new fs layout for data interface
...
Fixes QUAY-658
2017-06-26 18:21:35 -04:00
Joseph Schorr
555041876d
Make public catalog only enabled via a feature flag
2017-06-02 15:30:51 -07:00
Joseph Schorr
f44df49236
Add support for last
param in pagination to match catalog spec
2017-06-02 12:03:50 -07:00
Joseph Schorr
065e327190
Make sure catalog always returns public repositories
2017-05-19 16:24:08 -04:00
Jimmy Zelinskie
4db789b656
add audit logging to app registry endpoints
2017-05-16 15:54:02 -04:00
Evan Cordell
2661db7485
Add flag to enable trust per repo ( #2541 )
...
* Add flag to enable trust per repo
* Add api for enabling/disabling trust
* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api
* Add `set_trust` method to repository
* Expose new logkind to UI
* Fix registry tests
* Rebase migrations and regen test.db
* Raise downstreamissue if trust metadata can't be removed
* Refactor change_repo_trust
* Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00
Evan Cordell
9515f18fb6
Add tufmetadata endpoint
2017-04-05 10:03:27 -04:00
Joseph Schorr
cae9d69376
Better error messages for Docker errors
2017-03-31 17:15:14 -04:00
Evan Cordell
abd78bce56
Use constants for TUF roots
2017-03-27 11:37:17 -04:00
Evan Cordell
6ad107709c
Change build_context_and_subject to take kwargs
2017-03-27 11:37:17 -04:00
Evan Cordell
21d969d309
Refactor tests, no g required
2017-03-27 11:37:17 -04:00
Evan Cordell
43dd974dca
Determine which TUF root to show based on actual access, not requested
...
access
2017-03-27 11:37:17 -04:00
Joseph Schorr
95e1cf6673
Make V2 login errors more descriptive
...
If login fails, we now call validate again to get the reason for the failure, and then surface it to the user of the CLI. This allows for more actionable responses, such as:
$ docker login 10.0.2.2:5000
Username (devtable): devtable
Password:
Error response from daemon: Get http://10.0.2.2:5000/v2/ : unauthorized: Client login with unencrypted passwords is disabled. Please generate an encrypted password in the user admin panel for use here.
2017-03-23 15:42:45 -04:00
Joseph Schorr
1bd4422da9
Move auth decorators into a decorators module
...
The non-decorators will be broken out in the followup change
2017-03-23 15:42:45 -04:00
Jimmy Zelinskie
3ccf3c5f33
Merge pull request #2447 from jzelinskie/cnr-step2
...
CNR Step 2
2017-03-22 18:45:51 -04:00
Jimmy Zelinskie
48ba59d615
endpoints.v2: only work on docker repositories
2017-03-22 17:26:59 -04:00
Joseph Schorr
ff7f78e990
Have blob uploads be checked against configurable max layer size
2017-03-21 13:16:55 -04:00
Joseph Schorr
239b6d7cf8
Make LayerTooLarge error more informative
2017-03-21 13:14:11 -04:00
Joseph Schorr
dd7f254f96
Have blob uploads be checked against configurable max layer size
2017-03-21 13:14:11 -04:00