Commit graph

660 commits

Author SHA1 Message Date
Joseph Schorr
75a91f0f92 Add login tests and fix scope security issue 2015-11-24 13:39:16 -05:00
Joseph Schorr
762cd56e64 Change derived storage to be based on image
Fixes #971
2015-11-24 12:44:07 -05:00
Joseph Schorr
8d05d40cf7 Add test for verb pulling when the tag has changed images 2015-11-24 11:18:56 -05:00
Joseph Schorr
e9b577104d Add squash testing code to registry tests
Fixes #896
2015-11-20 15:16:11 -05:00
Jake Moshenko
7b53797677 Fix garbage collection when manifests may reference tags 2015-11-19 16:01:36 -05:00
Quentin Machu
605ed1fc77 Refactor security worker 2015-11-18 14:38:32 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Joseph Schorr
da07823e20 Small test fix 2015-11-12 22:28:22 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00
Jake Moshenko
941d13ea3e Fix an off by one error in the common backfill code 2015-11-10 16:14:44 -05:00
Jake Moshenko
dc24e8b1a1 Backfill by allocating and selecting ids in random blocks
Fixes #826
2015-11-09 22:29:17 -05:00
Joseph Schorr
75173d5573 Base DB with notification 2015-11-09 12:51:05 -05:00
Joseph Schorr
136ab28f17 Base demo DB 2015-11-09 12:51:05 -05:00
Joseph Schorr
87c56d1caa Add vulnerabilities and packages API to Quay
Fixes #564
2015-11-09 12:49:19 -05:00
Quentin Machu
37118423a5 Add support for Quay's vulnerability tool 2015-11-09 12:49:19 -05:00
Jake Moshenko
7efa6265bf Merge branch 'newchanges' into python-registry-v2 2015-11-06 18:24:32 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00
Jake Moshenko
99e5429e86 Relax the digest specification to handle more formats 2015-11-06 17:47:28 -05:00
Jimmy Zelinskie
d5e7f6bea7 resolve migration branches and run initdb 2015-11-06 16:10:31 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0 Add vulnerabilities and packages API to Quay
Fixes #564
2015-11-06 15:22:18 -05:00
Quentin Machu
f59e35cc81 Add support for Quay's vulnerability tool 2015-11-06 15:22:18 -05:00
Matt Jibson
249269ad50 Merge pull request #715 from mjibson/localhost
Use local IP instead of deprecated docker IP
2015-11-04 13:49:42 -05:00
Matt Jibson
57ffb39651 Merge pull request #714 from mjibson/queue-locking
Refactor queue locking to not use select for update
2015-11-04 12:05:53 -05:00
Matt Jibson
a994b367da Refactor queue locking to not use select for update
The test suggests this works.

fixes #622
2015-11-03 11:32:28 -05:00
Joseph Schorr
387b50bcac Add a unicode test to make sure we don't break 2015-10-27 17:54:02 -04:00
Jimmy Zelinskie
432c33209d use different ports for jwt tests 2015-10-27 17:32:46 -04:00
Jimmy Zelinskie
ca65df68ba skip flaky buildman test 2015-10-27 17:02:15 -04:00
Jake Moshenko
2c10d28afc Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-10-26 14:44:16 -04:00
Jake Moshenko
9da64f3aba Stop writing to deprecated columns for image data. 2015-10-24 14:45:15 -04:00
Matt Jibson
a711ad0e90 Use local IP instead of deprecated docker IP 2015-10-23 17:22:47 -04:00
Joseph Schorr
e0d715024c Fix typo in test 2015-10-23 16:39:40 -04:00
Jake Moshenko
e7a6176594 Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2 2015-10-22 16:59:28 -04:00
Jake Moshenko
ce94931540 Stop writing to deprecated columns for image data. 2015-10-22 12:14:39 -04:00
josephschorr
ad53bf5671 Merge pull request #644 from coreos-inc/namechoose
Docker changed their namespace regex, so we need to adjust
2015-10-22 12:07:52 -04:00
Joseph Schorr
a8aa6d1939 Docker changed their namespace regex, so we need to adjust
Fixes #617
2015-10-22 12:07:31 -04:00
Joseph Schorr
c9daf7d8a9 Add additional tests for repo visibility and further simplify the query for perf 2015-10-15 12:12:57 -04:00
Joseph Schorr
e8cb359d96 Unionize the mega query - It needed more performance-based benefits 2015-10-09 14:45:05 -07:00
josephschorr
3e7a95407b Merge pull request #598 from coreos-inc/limitbadquery
Prevent unlimited insane query from running and fix tests
2015-10-05 21:29:35 -04:00
Silas Sewell
c6da322ec1 Merge pull request #597 from coreos-inc/tag-validation
Update tag validation
2015-10-05 21:10:55 -04:00
Silas Sewell
dd3d939b31 Update tag validation
Fixes #536
2015-10-05 19:32:10 -04:00
Joseph Schorr
dd804816ba Prevent unlimited insane query from running and fix tests
Fixes #591
2015-10-05 17:11:49 -04:00
Joseph Schorr
7ffb28cafa Small test fixes 2015-10-05 15:26:45 -04:00
Joseph Schorr
8ca92d6828 Remove old search API and switch V1 search to use the new search system 2015-10-05 14:36:43 -04:00
Joseph Schorr
f393236c9f Add repo name check to V2
Fixes #592
2015-10-05 14:19:52 -04:00
Joseph Schorr
b0ed930627 Make sure registry pull tests verify the images expected 2015-10-02 14:33:38 -04:00
Joseph Schorr
d0dc8fe45d Add endpoint security tests for the V2 endpoints
Fixes #581
2015-10-02 14:01:12 -04:00
josephschorr
1cf930eb9c Merge pull request #580 from coreos-inc/python-registry-v2-testfix
Fix test specs for recent change in tags endpoint in V1
2015-10-01 12:50:50 -04:00
josephschorr
5b552b0129 Merge pull request #567 from coreos-inc/python-registry-v2-optimize
Load images and storage references in bulk during V1 synthesize
2015-10-01 12:50:36 -04:00
Joseph Schorr
53b096e2f5 Fix test specs for recent change in tags endpoint in V1 2015-10-01 12:48:59 -04:00
Jimmy Zelinskie
ffeb99d4ee BaseStreamFileLike: handle reads that return None
Fixes #555.
2015-09-30 17:46:59 -04:00
Joseph Schorr
a3ebb9028d Add full unit tests for the file-like objects and fix them
Fixes #568
2015-09-30 14:19:25 -04:00
Joseph Schorr
35c35d9913 Load images and storage references in bulk during V1 synthesize
Currently, we perform multiple queries for each layer, making it much slower (especially cross-region)

Fixes #413
2015-09-29 17:53:39 -04:00
Joseph Schorr
decdaa4c79 New tests and small fixes while comparing against the V2 spec
Fixes #391
2015-09-29 15:18:48 -04:00
Joseph Schorr
eaf81959f5 Handle the case where we have lookup_user but no username 2015-09-28 17:12:56 -04:00
Joseph Schorr
d45975051d Fix registry V1 push test 2015-09-28 15:44:18 -04:00
Joseph Schorr
09f8ad695b Fix resumable upload support and add another test 2015-09-28 12:17:17 -04:00
Joseph Schorr
18cfe676ee Fix GH schema for missing usernames and add test 2015-09-25 15:12:24 -04:00
Joseph Schorr
1bba472c14 Refactor test_prepare_trigger to make it easier to add tests 2015-09-25 15:09:47 -04:00
Joseph Schorr
85ed745433 Fix bitbucket trigger validation for commits without authors 2015-09-25 12:03:21 -04:00
Joseph Schorr
4dc30d6321 Remove yaml and switch to JSON because yaml is so slow 2015-09-24 16:17:42 -04:00
Joseph Schorr
051f669a93 Add PATCH tests for resumable upload
Fixes #510
2015-09-24 12:00:27 -04:00
josephschorr
6e94f63a51 Merge pull request #535 from coreos-inc/reponameregex
Add a check to ensure repository names are valid according to an exte…
2015-09-24 11:55:20 -04:00
Joseph Schorr
a283c8d8ec Add a check to ensure repository names are valid according to an extended set of rules.
Fixes #534
2015-09-24 11:55:08 -04:00
josephschorr
28c4f00280 Merge pull request #526 from coreos-inc/preparetriggertest
Add a test for missing optional fields in prepare trigger
2015-09-22 15:05:42 -04:00
Joseph Schorr
05c9a5f7b8 Fix the skip branch logic 2015-09-22 14:44:49 -04:00
Joseph Schorr
97a478e05b Add a test for missing optional fields in prepare trigger 2015-09-22 14:27:29 -04:00
Joseph Schorr
49b575afb6 Start refactoring of the trigger system:
- Move each trigger handler into its own file
- Add dictionary helper classes for easier reading and writing of dict-based data
- Extract the web hook payload -> internal representation building for each trigger system
- Add tests for this transformation
- Remove support for Github archived-based building
2015-09-21 16:36:48 -04:00
Joseph Schorr
88bc93d607 Better test performance for registry tests 2015-09-17 16:48:08 -04:00
Joseph Schorr
dd61f56e89 Fix registry tests 2015-09-17 16:27:05 -04:00
Jake Moshenko
26cea9a07c Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-17 16:16:27 -04:00
josephschorr
c801965626 Merge pull request #492 from coreos-inc/nofreelunch
UI and API fixes for disallowing private repo count abuse
2015-09-16 17:53:11 -04:00
Joseph Schorr
30379a2dd8 Fix interleaved repo delete with RAC via a transaction
The RepositoryActionCount table can have entries added while a repository deletion is in progress. We now perform the repository deletion under a transaction and explicitly test for RAC entries in the deletion unit test (which doesn't test interleaving, but it was missing this check).

Fixes #494
2015-09-16 15:34:32 -04:00
Joseph Schorr
fbfe7fdb54 Make change repo visibility and create repo raise a 402 when applicable
We now check the user or org's subscription plan and raise a 402 if the user attempts to create/make a repo private over their limit
2015-09-15 14:33:35 -04:00
Jake Moshenko
b56de3355c Migrate data back to Image in preparation for v2 2015-09-15 11:53:31 -04:00
Jake Moshenko
9c3ddf846f Some fixes and tests for v2 auth
Fixes #395
2015-09-10 15:38:57 -04:00
Jake Moshenko
0e30d14bb4 Merge remote-tracking branch 'upstream/python-registry-v2' into mergemaster 2015-09-10 13:37:47 -04:00
Joseph Schorr
fd3a21fba9 Add Kubernetes configuration provider which writes config to a secret
Fixes #145
2015-09-10 12:19:59 -04:00
Joseph Schorr
88a04441de Extract the config provider into its own sub-module 2015-09-10 12:19:59 -04:00
Joseph Schorr
474fffd01f Select the full RepositoryBuild record
If we just return the ID, then peewee just fills in the other fields with defaults (such as UUID).
2015-09-09 21:43:48 -04:00
Jimmy Zelinskie
ece08f6e88 Merge pull request #463 from jzelinskie/fixpagination
fix pagination of tags in API
2015-09-09 15:53:55 -04:00
Jimmy Zelinskie
d55ab78fbe fix pagination of tags in API
Fixes #461.
2015-09-09 15:52:21 -04:00
Joseph Schorr
3ee4147117 Switch the build logs archiver to a more performant query
Fixes #459
2015-09-09 13:59:45 -04:00
Joseph Schorr
104bdef339 DEBUG flag is still broken on older version of Flask-Testing 2015-09-08 12:51:23 -04:00
Joseph Schorr
8b4d99adcf Have registry tests use a copy of the database
This makes the test suite much faster
2015-09-08 12:35:03 -04:00
Joseph Schorr
47eec8fa06 Add V1->V2 and V2->V1 tests
Fixes #401
2015-09-08 11:58:21 -04:00
Joseph Schorr
d0e22e5afb Use a different port number for each live server test case in the registry tests 2015-09-08 10:40:10 -04:00
josephschorr
b73c4135db Merge pull request #453 from coreos-inc/robotregex
Robot accounts allow underscores
2015-09-08 10:13:06 -04:00
Joseph Schorr
386fcfd50e Robot accounts allow underscores
Fixes #451
2015-09-08 10:10:00 -04:00
Joseph Schorr
48cf33a8c1 Add missing superuser aggregate logs endpoint
Reference: d47d28ea4e/Screen-Shot-2015-09-04-at-11-04-41.png
2015-09-04 16:48:32 -04:00
Jake Moshenko
2c9d85a55a Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-04 16:34:51 -04:00
Jake Moshenko
210ed7cf02 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-04 16:32:01 -04:00
Joseph Schorr
039768f17b Fix JWT auth test 2015-09-04 16:31:37 -04:00
Jake Moshenko
193436f945 Fix the registry tests to run without debug. 2015-09-03 16:26:07 -04:00
Joseph Schorr
42dba8655c Fix auth and add V2 tests! 2015-09-03 12:21:21 -04:00
josephschorr
62ea4a6cf4 Merge pull request #191 from coreos-inc/carmen
Add automatic storage replication
2015-09-01 15:04:36 -04:00
Joseph Schorr
724b1607d7 Add automatic storage replication
Adds a worker to automatically replicate data between storages and update the database accordingly
2015-09-01 14:53:32 -04:00
Joseph Schorr
51c507d02d Add back the ability to retrieve information for an org member directly
Fixes #427
2015-08-31 16:45:24 -04:00
Joseph Schorr
fb86b4bf2c Fix Dockerfile parsing for unicode and add testing
Fixes #423
2015-08-31 14:32:26 -04:00
Joseph Schorr
43e77a7a14 Add missing tell() method to GeneratorFile and add tests 2015-08-28 12:10:03 -04:00
Jake Moshenko
398202e6fc Implement some new methods on the storage engines. 2015-08-27 11:29:19 -04:00
Jake Moshenko
3bfec1d7a9 Style fixes. 2015-08-24 11:59:46 -04:00
Jake Moshenko
b998eca8e5 Fix the tests for registry v2 changes. 2015-08-24 11:59:12 -04:00
Joseph Schorr
36a2beab98 Fix test by adding missing param 2015-08-21 15:07:26 -04:00
Joseph Schorr
0854d20cbd SECURITY FIX FOR LDAP
It appears the recent migration of the LDAP code and add of a check for the admin username/password being invalid *broke the LDAP password check*, allowing any password to succeed for login. This fixes the problem, add unit tests to verify the fix and add some tests to our other external auth test suite.

A release will be needed immediately along with an announcement
2015-08-18 12:32:19 -04:00
Jimmy Zelinskie
523dc912f7 Merge pull request #372 from coreos-inc/notifyui
Better notifications UI
2015-08-17 17:13:24 -04:00
Jimmy Zelinskie
239f76d39f Merge pull request #368 from coreos-inc/buildarchive
Allow builds to be started with an external archive URL
2015-08-17 17:09:14 -04:00
Joseph Schorr
84276ee945 Better notifications UI
Fixes #369
2015-08-17 17:08:58 -04:00
Joseph Schorr
f092c00621 Allow builds to be started with an external archive URL
Fixes #114
2015-08-17 17:01:49 -04:00
Joseph Schorr
4625ecf273 Fix tests in response to breakage in #351 2015-08-17 16:26:20 -04:00
Jake Moshenko
e1b3e9e6ae Another huge batch of registry v2 changes
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
2015-08-12 16:41:12 -04:00
Joseph Schorr
09bb98f161 Really fix the build trigger schema and add a test for it 2015-08-11 17:17:18 -04:00
Joseph Schorr
60ab3c339f Fix tests broken by the recent plan change 2015-08-11 14:09:02 -04:00
Jimmy Zelinskie
7d6c6ba8e8 Merge pull request #316 from jzelinskie/read-tags
tag history requires READ instead of WRITE
2015-08-07 13:26:04 -04:00
Jimmy Zelinskie
3804c50338 Merge pull request #330 from coreos-inc/additionalprop
Add missing JSON schema for 'refs' and 'branch_name'
2015-08-07 13:05:46 -04:00
Joseph Schorr
7ea4c7d17e Add missing JSON schema for 'refs' and 'branch_name'
Fixes #325
2015-08-07 13:01:49 -04:00
Jake Moshenko
74d838697f Fix tarfile to support non-unicode pax fields 2015-08-07 11:56:38 -04:00
Jimmy Zelinskie
5c213df835 Merge pull request #318 from coreos-inc/reallyfixlogs
Fix logs view and API
2015-08-05 17:48:42 -04:00
Joseph Schorr
d34afde954 Fix logs view and API
- We needed to use an engine-agnostic way to extract the days
- Joining with the LogEntryKind table has *horrible* performance in MySQL, so do it ourselves
- Limit to 50 logs per page
2015-08-05 17:47:03 -04:00
Jake Moshenko
b2844fb8c7 Switch the base case for when a scope string contains an invalid scope. 2015-08-05 17:35:02 -04:00
Jimmy Zelinskie
411d4e7abb tag history requires READ instead of WRITE
Fixes #315.
2015-08-05 17:09:34 -04:00
Jake Moshenko
795a8097ff Merge pull request #283 from coreos-inc/fixoauthscopes
OAuth scopes are space separated, not comma
2015-08-04 10:24:17 -04:00
Jake Moshenko
18100be481 Refactor the util directory to use subpackages. 2015-08-03 16:04:19 -04:00
Joseph Schorr
d6ee14e219 Add one more parsing test for scopes 2015-08-03 14:13:38 -04:00
Joseph Schorr
354f4109d0 Switch to returning an empty set when there are invalid auth scopes 2015-07-31 12:49:42 -04:00
Jake Moshenko
dbd9a32c85 Merge pull request #155 from coreos-inc/asyncgc
Garbage Collection Optimizations And Async
2015-07-28 16:16:59 -04:00
Joseph Schorr
11c7994398 Fix 500 on logout 2015-07-28 15:47:04 -04:00
Joseph Schorr
70de107268 Make GC of repositories fully async for whitelisted namespaces
This change adds a worker to conduct GC on repositories with garbage every 10s.

Fixes #144
2015-07-28 15:30:04 -04:00
Joseph Schorr
687bab1c05 Support invite codes for verification of email
Also changes the system so we don't apply the invite until it is called explicitly from the frontend

Fixes #241
2015-07-22 13:41:27 -04:00
Jake Moshenko
5d86fa80e7 Merge pull request #197 from coreos-inc/keystone
Add Keystone Auth
2015-07-22 13:38:47 -04:00
Joseph Schorr
a0c4e72f13 Clean up the repository list API and loads stars with it
We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified)
2015-07-22 13:05:02 -04:00
Joseph Schorr
7e4b23916a Small SQL query fix
Fixes #248
2015-07-20 14:17:26 -04:00
Joseph Schorr
33b54218cc Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass 2015-07-20 11:39:59 -04:00
Jake Moshenko
bc29561f8f Fix and templatize the logic for external JWT AuthN and registry v2 Auth.
Make it explicit that the registry-v2 stuff is not ready for prime time.
2015-07-17 11:56:15 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Jake Moshenko
bea8b9ac53 More changes for registry-v2 in python.
Implement the minimal changes to the local filesystem storage driver and feed them through the distributed storage driver.
Create a digest package which contains digest_tools and checksums.
Fix the tests to use the new v1 endpoint locations.
Fix repository.delete_instance to properly filter the generated queries to avoid most subquery deletes, but still generate them when not explicitly filtered.
2015-07-17 11:50:41 -04:00
Jake Moshenko
acbcc2e206 Start of a v2 API. 2015-07-17 11:50:41 -04:00
Joseph Schorr
5ae8c11638 Extra list repos test to mimic the conditions of a known issue with one customer 2015-07-16 01:25:19 +03:00
Jake Moshenko
cb95a800e3 Oops, added logging.basicConfig to a test. 2015-07-14 17:56:34 -04:00
Jake Moshenko
ebecb1dc89 Regenerate the test db and supporting files. 2015-07-14 16:57:04 -04:00
Jimmy Zelinskie
bde781c98b Merge pull request #205 from coreos-inc/delrobot
Fix deletion of robot accounts when attached to builds
2015-07-13 12:19:01 -04:00
Jimmy Zelinskie
cf4800c06c Merge pull request #213 from coreos-inc/orgmember
Add a secondary tab to Teams for managing org members
2015-07-06 11:48:40 -04:00
Joseph Schorr
4333bb9e14 Implement stream_read_file for the Swift storage engine
Note that Swift doesn't seem to have a file-like interface, so we need to wrap the generator we get back from it.

Fixes #210
2015-07-02 17:52:43 +03:00
Joseph Schorr
3a59c99b08 Add a secondary tab to Teams for managing org members
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click

Fixes #212
2015-07-02 17:06:36 +03:00
josephschorr
cb238f8764 Merge pull request #207 from coreos-inc/squashperm
Have the fetch tag dialog show a warning for robot accounts without access
2015-07-02 10:23:14 +03:00
Joseph Schorr
b535e222b8 Have the fetch tag dialog show a warning for robot accounts without access
Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.
2015-07-01 19:37:52 +03:00
Joseph Schorr
b91b60e83d Add encrypted password output in the superuser API
When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along
2015-07-01 19:29:42 +03:00
Joseph Schorr
3ba321934f Fix deletion of robot accounts when attached to builds
Fixes #204
2015-06-30 22:56:44 +03:00
Jake Moshenko
7b470237a1 The superuser capability does not require the idea of ordinality since it is a binary permission. 2015-06-30 11:02:13 -04:00