vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
7567 commits 2 branches 62 tags 205 MiB
Commit graph

1350 commits

Author SHA1 Message Date
josephschorr
233b2be5c2 Merge pull request #2066 from coreos-inc/select-username 
Add support for temp usernames and an interstitial to confirm username
 2016-11-03 16:22:16 -04:00
Joseph Schorr
1e3b354201 Add support for temp usernames and an interstitial to confirm username 
When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username.

Addresses most of the user issues around #74
 2016-11-03 15:59:14 -04:00
Joseph Schorr
3fd92aef35 Fix entity search API to not IndexError 2016-11-02 16:22:35 -04:00
Joseph Schorr
d7f56350a4 Make email addresses optional in external auth if email feature is turned off 
Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
 2016-10-31 13:50:24 -04:00
josephschorr
934cdecbd6 Merge pull request #1905 from coreos-inc/external-auth-search 
Add support for entity search against external auth users not yet linked
 2016-10-27 16:06:42 -04:00
Joseph Schorr
b3d1d7227c Add support to Keystone Auth for external user linking 
Also adds Keystone V3 support
 2016-10-27 15:42:03 -04:00
Joseph Schorr
fbb524e34e Add support to ExternalJWT Auth for external user linking 2016-10-27 15:42:03 -04:00
Joseph Schorr
f9ee8d2bef Add support to LDAP for external user linking 2016-10-27 15:42:03 -04:00
Joseph Schorr
d145222812 Add support for linking to external users in entity search 2016-10-27 15:42:03 -04:00
Charlton Austin
2147005d2c Adding a method of cancelling a build based on etcd message. 2016-10-25 12:50:58 -04:00
Charlton Austin
dc35769396 Merge pull request #2022 from charltonaustin/refactor_for_cancel_anytime 
Making some refactors to make it easier to cancel the build at any time.
 2016-10-24 16:17:55 -04:00
Charlton Austin
1cde22e76c Making some refactors to make it easier to cancel the build at any time. 2016-10-24 15:59:33 -04:00
josephschorr
edc2bc8b93 Merge pull request #1698 from coreos-inc/delete-namespace 
Add support for deleting namespaces (users, organizations)
 2016-10-21 16:54:52 -04:00
Joseph Schorr
73eb66eac5 Add support for deleting namespaces (users, organizations) 
Fixes #102
Fixes #105
 2016-10-21 15:41:09 -04:00
josephschorr
4d89052bbf Merge pull request #1764 from coreos-inc/db-timeout 
Add a default database connect timeout
 2016-10-20 15:16:53 -04:00
Joseph Schorr
b7fc7999c3 Delete old "license" checking code arounds user counts 
This is legacy code that doesn't actually do anything of value
 2016-10-20 14:58:35 -04:00
Jimmy Zelinskie
20ef43d5fb workers.queuecleanup: remove direct peewee usage 2016-10-20 13:46:00 -04:00
Joseph Schorr
715fc27474 Add a default database connect timeout 
Fixes #1760
 2016-10-17 13:33:30 -04:00
Charlton Austin
97d644d95d Adding in the delete api and the delete and create UI. 2016-10-13 10:40:52 -04:00
charltonaustin
5a4b702888 Adding in security tests and docs. 2016-10-11 09:30:37 -04:00
josephschorr
7fc33a9a57 Merge pull request #1965 from coreos-inc/condense-slack-notifications 
Less verbose notifications for QSS
 2016-10-10 15:38:12 -04:00
Joseph Schorr
ebf4120326 Less verbose notifications for QSS 
Fixes #1914
 2016-10-10 15:18:49 -04:00
charltonaustin
14eb3005b6 Some fixes for code review. 2016-10-10 12:55:00 -04:00
charltonaustin
4ae6e6efa9 Fixing some database integration errors 2016-10-10 10:51:30 -04:00
charltonaustin
1e733ddffb Adding in a new message data model and the corresponding methods to in the API. 2016-10-07 15:56:58 -04:00
Joseph Schorr
0b7bb6d6c6 Fix issue in V1 registry code with accessing locations under HEAD 
Fixes #1922
 2016-10-03 17:09:12 +03:00
josephschorr
b4dd5ea4dd Merge pull request #1867 from coreos-inc/keystone-timeout 
Add configurable timeout and debug flags to Keystone users
 2016-09-29 23:01:02 +02:00
Joseph Schorr
02b8afe127 Add labeling of built manifests with their build IDs 
Also sends the digests to the notification

Fixes #593
 2016-09-29 10:58:45 +02:00
Jimmy Zelinskie
44eca10c05 update interfaces to use ABC 2016-09-26 14:50:24 -04:00
Jimmy Zelinskie
a1a930b833 database: fix indices post-rebase 2016-09-26 14:49:58 -04:00
Jimmy Zelinskie
ca883e5662 port label support to refactored v2 registry 2016-09-26 14:49:58 -04:00
Joseph Schorr
3c8b87e086 Fix verbs in manifestlist 
All registry_tests now pass
 2016-09-26 14:49:58 -04:00
Jimmy Zelinskie
783c9e7a73 stop exporting experimental database models 2016-09-26 14:49:23 -04:00
Jimmy Zelinskie
c35413d4f6 add boilerplate for verbs data interface 2016-09-26 14:49:23 -04:00
Jimmy Zelinskie
2e5a94bc0b create key server data interface 2016-09-26 14:49:23 -04:00
Jimmy Zelinskie
c06d395f96 create interfaces for v1 and v2 data model 2016-09-26 14:49:23 -04:00
Joseph Schorr
b775458d4b lifetimes on Tags should now be in milliseconds 
Fixes #1779
 2016-09-26 14:49:04 -04:00
Joseph Schorr
db60df827d Implement V2 interfaces and remaining V1 interfaces 
Also adds some tests to registry tests for V1 stuff.
Note: All *registry* tests currently pass, but as verbs are not yet converted, the verb tests in registry_tests.py currently fail.
 2016-09-26 14:49:04 -04:00
Jimmy Zelinskie
d67991987b v1: refactor index 2016-09-26 14:48:42 -04:00
Jimmy Zelinskie
b68e1b5efc add "get_" prefix to all db read funcs 2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
32a6c22b43 mv data/types image 
This change also merges formats into the new image module.
 2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
a516c08deb v2: refactor auth to use data.types 2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
3de6000428 v2: refactor blob.py to use data.types 2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
e6c99bb471 re-ordered BlobUploading fields 2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
3f722f880e v2: add pagination decorator 2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
5b630ebdb0 v2/manifest: refactor to use types 2016-09-26 14:48:05 -04:00
Joseph Schorr
ea18790dfe Get V1 registry code working with new model methods 2016-09-26 14:47:06 -04:00
Joseph Schorr
94d71f2166 Fix model to actually initialize 2016-09-26 14:47:06 -04:00
Jimmy Zelinskie
8435c254c3 finish v1 registry refactor 2016-09-26 14:47:06 -04:00
Jimmy Zelinskie
c14437e54a initial v1 refactor to use model methods 2016-09-26 14:47:06 -04:00
Jimmy Zelinskie
9cfd6ec452 database: initial manifestlist schema changes 2016-09-26 14:47:06 -04:00
Jimmy Zelinskie
e3a39d7bd6 fix indentation 2016-09-26 14:47:06 -04:00
josephschorr
ad4efba802 Merge pull request #1830 from coreos-inc/superuser-dashboard 
Add prometheus stats to enable better dashboarding
 2016-09-26 17:19:22 +02:00
Joseph Schorr
fd770422bb Add configurable timeout and debug flags to Keystone users 
Fixes #1855
 2016-09-22 18:25:02 -04:00
Joseph Schorr
30af8aef1a Add a worker for reporting global stats to Prometheus 
Fixes #1789
 2016-09-12 16:19:19 -04:00
Jake Moshenko
91963c17a0 Remove a join to slightly optimize the gc query. 2016-09-09 15:40:40 -04:00
Joseph Schorr
3d542b5e93 Handle KeyError nicer in _get_parent_image 
Fixes #1810
 2016-09-09 13:34:56 -04:00
Jake Moshenko
cf83c9a16a Improve the garbage collection tests. 2016-09-07 13:25:19 -04:00
Jake Moshenko
584a5a7ddd Reduce database bandwidth by tracking gc candidate images. 2016-09-07 13:25:19 -04:00
Jake Moshenko
0815f6b6c4 Fix indentation for DB queries. 2016-09-07 10:48:58 -04:00
Jake Moshenko
1d8b72235a Add a helper method to Image to parse ancestor string. 2016-09-07 10:48:58 -04:00
josephschorr
cd8b45e25b Merge pull request #1754 from coreos-inc/team-add-perms 
Better UI and permissions handling for robots and teams
 2016-09-06 17:21:19 -04:00
Joseph Schorr
b4939a3cd0 Fix filtering of repos only visible to org admins 2016-08-31 13:51:53 -04:00
Joseph Schorr
357005e33f Raise a 409 if we try to insert a tag twice at the same time 
Also fixes handling of labels for existing manifests

Fixes #1775
 2016-08-29 16:03:35 -04:00
Joseph Schorr
1a2666be07 Fix deletion of labels and add tests 2016-08-26 16:07:49 -04:00
Joseph Schorr
608ffd9663 Basic labels support 
Adds basic labels support to the registry code (V2), and the API. Note that this does not yet add any UI related support.
 2016-08-26 15:24:26 -04:00
Joseph Schorr
391d70d9ec Add repo permissions dialog for existing teams and robots 
Fixes #1686
 2016-08-22 14:43:12 -04:00
Joseph Schorr
6ebb417923 Redesign the teams page to use a table 
Allows for faster loading and easier viewing of important information about teams
 2016-08-22 14:42:54 -04:00
Jake Moshenko
d6a396be34 Fix all foreign key constraints to use naming convention. 2016-08-18 14:29:53 -04:00
Joseph Schorr
aeddc6af06 Handle GC constraint failures in a nicer way 
Fixes #1739
 2016-08-17 16:13:27 -04:00
josephschorr
2caa82d091 Merge pull request #1713 from coreos-inc/enable-iam 
Enable IAM support for S3 storage
 2016-08-16 16:13:29 -04:00
Joseph Schorr
7f5b536ddb Fix pagination of repositories 
Fixes #1725
 2016-08-15 16:48:04 -04:00
Joseph Schorr
0f46230493 Add an index for lookup by account to log entries 
Also fixes the query to require one less join
 2016-08-12 17:39:31 -04:00
Joseph Schorr
855cc36057 Remove unneeded imports 2016-08-11 17:16:31 -04:00
Joseph Schorr
34d49e2d44 Fix duplicate derived storage cache creation issue 
Fixes #1699
 2016-08-10 16:18:52 -04:00
Joseph Schorr
4a2acac5dc Fix pagination of public repos, make more efficient and add test 2016-08-10 15:08:06 -04:00
Joseph Schorr
bf8f621278 Temporarily remove the migration which drops the foreign keys on LogEntry, as it is invalid 2016-08-08 17:47:04 -04:00
josephschorr
1a137ee7b3 Merge pull request #1643 from coreos-inc/db-retry 
Enable automatic retry for the database
 2016-08-08 15:04:25 -04:00
Joseph Schorr
700e7b74e4 Enable automatic retry for the database 2016-08-08 15:02:42 -04:00
Jimmy Zelinskie
22a25ac2d3 Revert "Merge pull request #1678 from coreos-inc/delete-repo-fix" 
This reverts commit df64caf133, reversing
changes made to 0d1e453566.
 2016-08-08 12:38:15 -04:00
Jimmy Zelinskie
ce14b9dddf modify log_action to internally resolve IDs 2016-08-08 12:38:15 -04:00
Jimmy Zelinskie
052c31752b MIGRATION: drop foreign keys on logentry table 
This migration generates the following for MySQL:

BEGIN;

-- Running upgrade 1093d8b212bb -> 6243159408b5

ALTER TABLE logentry DROP FOREIGN KEY fk_logentry_account_id_user;

ALTER TABLE logentry DROP FOREIGN KEY
fk_logentry_repository_id_repository;

ALTER TABLE logentry DROP FOREIGN KEY fk_logentry_performer_id_user;

UPDATE alembic_version SET version_num='6243159408b5' WHERE
alembic_version.version_num = '1093d8b212bb';

COMMIT;
 2016-08-08 12:38:15 -04:00
Jimmy Zelinskie
e05bc8bf7d migration.sh: default DOCKER_IP to localhost 2016-08-08 12:36:01 -04:00
josephschorr
6716a2562b Merge pull request #1680 from coreos-inc/add-missing-index 
Add various missing indexes
 2016-08-08 12:34:58 -04:00
Joseph Schorr
80a37fd295 Add various missing indexes 
Indexes added:

Image::repository - Needed for model.image.get_repository_images_without_placements
RepositoryTag::image - Needed for model.tag.get_tags_for_image
RepositoryTag::repository - Needed for repository deletion
RepositoryBuild::phase - Needed for model.build.list_repository_builds sorting
RepositoryBuild::started - Needed for model.build.list_repository_builds sorting
RepositoryBuild::repository+started+phase - Needed for model.build.list_repository_builds
RepositoryBuild::started+logs_archived+phase - Needed for model.build.get_archivable_build lookup
 2016-08-08 12:34:45 -04:00
josephschorr
df64caf133 Merge pull request #1678 from coreos-inc/delete-repo-fix 
Have repo deletion not lock all the things
 2016-08-04 16:48:03 -04:00
Joseph Schorr
0b5cd95693 Have repo deletion not lock all the things 2016-08-04 16:45:59 -04:00
Joseph Schorr
b1b0da7afd Fix off-by-one error in repo tags pagination 
Fixes #1665
 2016-08-02 14:17:33 -04:00
Jake Moshenko
05e2773fa7 Get rid of remaining slow query for garbage collection. 2016-08-01 18:22:38 -04:00
josephschorr
46a28617e8 Merge pull request #1651 from coreos-inc/fix-branches 
Fix handling of multi-part branches in the build triggers
 2016-07-26 16:00:21 -07:00
Joseph Schorr
9e4f8cac03 Optimize GC query for looking up deletable storages 2016-07-26 13:47:15 -07:00
Joseph Schorr
06d52f2c83 Fix handling of multi-part branches in the build triggers 
Fixes #1360
 2016-07-26 13:41:13 -07:00
Joseph Schorr
5de1e98d3c Fix LDAP DN building for empty RDN list 2016-07-22 14:40:53 -04:00
Joseph Schorr
4d6f96cd6c Add missing pass keyword 2016-07-19 22:24:27 -04:00
Joseph Schorr
b8d2570725 Don't raise an error on duplicate placements 
This can happen if two pushes are racing on the same storage.
 2016-07-19 16:44:05 -04:00
Joseph Schorr
b0b7b63be9 Fix queue tests for MySQL 
MySQL's date time's appear to have a 1 second threshold, so we need to make sure the queue items added for the tests are available as soon as they are added. Before this change, the available_after was set to `datetime.utcnow()`, and, if the `get` was called within 1 second, then its check would fail.
 2016-07-15 13:27:50 -04:00
Joseph Schorr
4e1259b58a Fix the Repository ID in pagination problem once and for all 
But.... ONCE AND FOR ALL!

Note: Tested on SQLite, Postgres and MySQL
 2016-07-14 17:09:52 -04:00
Jimmy Zelinskie
64d0c5b675 data.queue: fix race condition 
It's possible that multiple consumers will acquire a queue item if they
race on an expired item. To mitigate this, we check that the
processing_expires time hasn't been changed since we last read.
 2016-07-14 15:34:22 -04:00
Jimmy Zelinskie
609f4fccd8 data.queue: simplify put method 2016-07-14 15:34:22 -04:00
Joseph Schorr
c1e4bf79b7 Fix delete team error message for admin teams 2016-07-11 15:47:05 -04:00
Joseph Schorr
241ebaa084 Fix typo 2016-07-07 15:06:29 -04:00
Joseph Schorr
adaeeba5d0 Allow for multiple user RDNs in LDAP 
Fixes #1600
 2016-07-07 14:46:38 -04:00
Joseph Schorr
e252ee07cb Fix popularity metrics on list repos API 2016-07-06 16:15:54 -04:00
Joseph Schorr
713ba3abaf Further updates to the Prometheus client code 2016-07-01 14:16:51 -04:00
Jake Moshenko
668a8edc50 Refactor prometheus integration 
Move prometheus to SaaS and make it a plugin
Move static callers to use metrics_queue plugin
Change local-docker to support different quay clone dirnames
Change prom_aggregator to use logrus
 2016-07-01 14:16:50 -04:00
Matt Jibson
3d9acf2fff Use prometheus as a metric backend 
This entails writing a metric aggregation program since each worker has its
own memory, and thus own metrics because of python gunicorn. The python
client is a simple wrapper that makes web requests to it.
 2016-07-01 14:16:50 -04:00
Joseph Schorr
117ccda1cf Fix postgres error in SQL query 2016-07-01 13:04:20 -04:00
Joseph Schorr
1eec6f53b2 Fix SQL error with pagination around Repositories 
Fixes #1591
 2016-06-30 17:31:35 -04:00
Joseph Schorr
310ecd11cc Handle user events Redis not working in tutorial 
Also does some basic restyling

Fixes #1586
 2016-06-28 17:04:31 -04:00
Joseph Schorr
853cca35f3 Change repo stats to use the RAC table and a nice UI 2016-06-22 15:06:53 -04:00
josephschorr
7173d53030 Merge pull request #1549 from coreos-inc/certs 
Switch to install custom LDAP cert by name
 2016-06-21 15:13:44 -04:00
Joseph Schorr
66ec1d81ce Switch to install custom LDAP cert by name 2016-06-21 15:10:26 -04:00
josephschorr
9e6a264f5f Merge pull request #1523 from coreos-inc/verb-tag-cache-fix 
Add a uniqueness hash to derived image storage to break caching over …
 2016-06-20 16:38:25 -04:00
Joseph Schorr
a43b741f1b Add a uniqueness hash to derived image storage to break caching over tags 
This allows converted ACIs and squashed images to be unique based on the specified tag.

Fixes #92
 2016-06-20 16:34:52 -04:00
Joseph Schorr
3b994431eb Auto expire the build status and logs in redis 2016-06-20 13:53:13 -04:00
Joseph Schorr
986d20bcad Switch to generic RedisError 
Fixes #1558
 2016-06-20 11:20:17 -04:00
Jake Moshenko
a1cf12e460 Add a sitemap.txt for popular public repos 
and reference it from the robots.txt
 2016-06-17 14:34:20 -04:00
josephschorr
614b9124ae Merge pull request #1512 from coreos-inc/optimize-queries 
Optimize various queries
 2016-06-16 14:22:59 -04:00
josephschorr
58bef472d9 Merge pull request #1526 from coreos-inc/superuser-grant 
Add ability for super users to take ownership of namespaces
 2016-06-13 16:23:10 -04:00
Joseph Schorr
20816804e5 Add ability for super users to take ownership of namespaces 
Fixes #1395
 2016-06-13 16:22:52 -04:00
josephschorr
bda5d7ae29 Merge pull request #1511 from coreos-inc/location-cache 
Use a cache for ImageStorageLocation
 2016-06-09 14:03:07 -04:00
Joseph Schorr
7aa6b812e2 Use a cache for ImageStorageLocation 
No need to reload it from the DB or join as it is a static set only changed during migration
 2016-06-09 14:02:42 -04:00
Joseph Schorr
8887f09ba8 Use the instance service key for registry JWT signing 2016-06-07 11:58:10 -04:00
Joseph Schorr
894b5fed6f Remove TODO since we always need storage 2016-06-03 13:45:13 -04:00
Joseph Schorr
03fd2ea15a Remove Image from _load_tag_manifests query 
Doesn't appear used or necessary
 2016-06-03 13:44:01 -04:00
Joseph Schorr
9a747ca6a0 Have get_parent_images not join on placements 
The only case that needs the placements is in verbs, for which we use a new method
 2016-06-03 13:33:15 -04:00
Joseph Schorr
8064419715 Remove Image join from get_active_tag 
It isn't used anywhere in the query and appears to be completely unnecessary
 2016-06-03 13:06:57 -04:00
Joseph Schorr
53538f9001 Optimize get_tag_image query 
No caller uses the image placements or locations, so no need to load them.
 2016-06-02 16:36:38 -04:00
josephschorr
cad8746f9d Merge pull request #1502 from coreos-inc/image-replication 
Enable storage replication for V2 and add backfill tool
 2016-06-02 15:02:53 -04:00
Joseph Schorr
12924784ce Enable storage replication for V2 and add backfill tool 
Fixes #1501
 2016-06-02 14:36:08 -04:00
josephschorr
a85c3ebff7 Merge pull request #1457 from coreos-inc/xauth 
Add support for direct granting of OAuth tokens and add tests
 2016-06-01 12:07:12 -04:00
josephschorr
1ddc73416c Merge pull request #1500 from coreos-inc/better-errors 
Better errors
 2016-05-31 15:54:41 -04:00
Jimmy Zelinskie
1f488acf12 data.queue: move name matching clause 2016-05-31 15:44:11 -04:00
Joseph Schorr
04df2410ec Add better errors if Redis is down 
Fixes #1497
 2016-05-31 15:24:36 -04:00
Jimmy Zelinskie
26300d3c8e data.queue: lint 2016-05-27 14:51:19 -04:00
Jimmy Zelinskie
8a5aa65d74 data.queue: limiting before order by rand 2016-05-27 14:44:30 -04:00
Jimmy Zelinskie
44b56ae2cf queue: explicitly declare ordering requirement 
This change defaults the ordering requirement of queue items to be off
and only enables it for the build manager. This should make the queries
for getting queueitems significantly faster for every other use case.
 2016-05-27 14:44:30 -04:00
Joseph Schorr
7933aecf25 Add support for direct granting of OAuth tokens and add tests 
This allows a client (when authorized in a whitelist) to send direct credentials via a Basic auth header and therefore bypass the OAuth approval UI for that user.
 2016-05-23 17:17:06 -04:00
Joseph Schorr
60bbca2185 Fix setup tool when binding to external auth 
We now query the external auth provider for the external service's identifier before adding the linking row into the database. This fixes the case where the external service resolves a different identifier for the same username.

Fixes #1477
 2016-05-23 17:11:36 -04:00
Joseph Schorr
043699cfb3 Always use log entry kind cache 
Fixes #1445
 2016-05-13 15:20:55 -04:00
Jimmy Zelinskie
972e4be811 log: cutoff at the max id past the cutoff_date 
Previously we were using the min, which is always going to be equivalant
to the min id in the table.
 2016-05-10 20:13:10 -07:00
Joseph Schorr
a736407611 Fix user:admin scope handling and add test 2016-05-09 11:16:01 +02:00
josephschorr
f55fd2049f Merge pull request #1433 from coreos-inc/ldapoptions 
Add additional options for LDAP
 2016-05-04 14:06:29 -04:00
Joseph Schorr
42515ed9ec Add additional options for LDAP 
Fixes #1420
 2016-05-04 13:59:20 -04:00
Joseph Schorr
6e2df3b339 Fix key server to not list expired keys 
Fixes the key server to not list expire keys and by default not return expired or unapproved keys unless explicitly requested.

Fixes #1430
 2016-05-03 17:58:47 -04:00
Jimmy Zelinskie
2aa88dcb80 only send notifications when superusers enabled 2016-04-29 15:42:25 -04:00
Jimmy Zelinskie
29e2d7c9d4 data.model.log: remove unused method 2016-04-29 14:22:53 -04:00
Jimmy Zelinskie
e47b29a974 migration: add missing delete from down migration 
This also reorganizes the file a bit.
 2016-04-29 14:10:33 -04:00
Jimmy Zelinskie
4a521f5844 database: revert logentry foreign key proxy 2016-04-29 14:10:33 -04:00
Evan Cordell
489752a0b7 Only refresh current instance service key 2016-04-29 14:10:33 -04:00
Evan Cordell
a6f6a114c2 service key worker to refresh automatic keys 2016-04-29 14:10:33 -04:00
Evan Cordell
2242c6773d Add 'Automatic' ServiceKeyApprovalType 2016-04-29 14:10:33 -04:00
Joseph Schorr
6091db983b Hide expired keys outside of their staleness window 2016-04-29 14:10:33 -04:00
Joseph Schorr
4f63a50a17 Change account-less logs to use a user and not null 
This allows us to skip the migration
 2016-04-29 14:09:37 -04:00
Jimmy Zelinskie
5cb6ba4d12 keyserver migration: fix constraint name 2016-04-29 14:09:37 -04:00
Joseph Schorr
28a80ef6a9 Make sure to verify service names on key creation 2016-04-29 14:09:37 -04:00
Joseph Schorr
522cf68c5d Lots of smaller fixes: 
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
370ac3ecd0 service keys: add rotation_duration field 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
6577ac3e62 mv JWK-canonicalization util.security.fingerprint 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
4020ab9f55 service keys: delete notifications by prefix 2016-04-29 14:05:16 -04:00
Joseph Schorr
08017c5111 Further UI updates 2016-04-29 14:05:16 -04:00
Joseph Schorr
a4a01e76c0 Fix up the migration to include the additional changes needed 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d19eb16b45 keyserver: add generate key function 
The superuser API, initdb, and tests will all need this functionality.
 2016-04-29 14:05:16 -04:00
Joseph Schorr
fb1dca4e94 Add API usage tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59 keys ui WIP 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
885a41e6f5 key server: misc fixes to make jwtproxy work 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
5cdc7812dc migration.sh: update to reflect timing 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
50ad1bb6b1 key server: misc cleanup to get it working 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c79bb14049 service keys: fix stale query 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
86df0124c1 service keys: join with approvals 
Also fixes a bug where we weren't reassigning the query after adding a
WHERE.
 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
dff59b4a39 service key migration 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c6b8b3ce8c service_keys: s/get_keys/list_keys 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
0ec54fc70e clear notifications on delete/replace service_key 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
42b5196b21 add notification path and use for service keys 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
f406942984 converging on proper rotation 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
aaf9e83278 basically finish superuser key api 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
35ed73e195 rework superuser api 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
4079dba167 service keys: do all the right stuff 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
6ecff950ab service keys: add txs and select4update 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
499bb16306 service key server wip 2016-04-29 13:38:25 -04:00
josephschorr
9e88b1413d Merge pull request #1325 from coreos-inc/blobuncompressedsize 
Fix uncompressed size for blob store and add test
 2016-04-28 13:15:33 -04:00
Jimmy Zelinskie
7239c465bf improve stale cutoff id perf (#1392) 2016-04-20 15:03:06 -04:00
josephschorr
b0cc55276f Merge pull request #1373 from coreos-inc/orgconvert 
Org conversion improvements
 2016-04-19 16:16:35 -04:00
Jimmy Zelinskie
5585e16c90 Merge pull request #1356 from jzelinskie/actionlogarchive 
logrotateworker: save to storage via userfiles
 2016-04-15 13:57:11 -04:00
Jimmy Zelinskie
3d190b786f userfiles: make handler optional 2016-04-15 13:56:07 -04:00
Joseph Schorr
c604dbd0f6 Fix permissions when converting a user to an org 
Fixes #1366
 2016-04-14 17:39:45 -04:00
Joseph Schorr
1009362d26 Have recovery auto-verify the user 
Fixes #1355
 2016-04-08 13:41:16 -04:00
Jake Moshenko
bd5b44cbd2 Move the sequence fixer to a separate tool which can be run 2016-04-01 13:46:13 -04:00
josephschorr
edb157c5cb Merge pull request #1294 from coreos-inc/partialperms 
Change permissions to only load required by default
 2016-03-30 16:40:40 -04:00
Joseph Schorr
42e934d84f Make notification lookup faster and fix repo pagination on Postgres 2016-03-30 14:46:31 -04:00
Joseph Schorr
0dffdb87c9 Fix uncompressed size for blob store and add test 2016-03-29 14:16:56 -04:00
Joseph Schorr
a3aa4592cf Change permissions to only load required by default 
Permissions now load just the namespace and/or repository permissions requested, with a fallback to a full permissions load if necessary.
 2016-03-28 16:33:32 -04:00
Jake Moshenko
eed07722cb Add even larger plans for enterprises on SaaS 2016-03-21 16:38:34 -04:00
Jake Moshenko
fe2cd240bc Revert "Remove old search API which is no longer in use" 2016-03-07 10:07:41 -05:00
Jimmy Zelinskie
b5d904f373 Merge pull request #1218 from jzelinskie/logrotate5ever 
vastly simplify log rotation
 2016-03-04 13:48:21 -05:00
josephschorr
57430a18b4 Merge pull request #1224 from coreos-inc/removeoldsearch 
Remove old search API which is no longer in use
 2016-03-04 12:05:07 -05:00
Joseph Schorr
f498e92d58 Implement against new Clair paginated notification system 2016-02-25 15:58:42 -05:00
Joseph Schorr
c0374d71c9 Refactor the security worker and API calls and add a bunch of tests 2016-02-25 12:29:41 -05:00
Quentin Machu
0183c519f7 Merge pull request #1253 from Quentin-M/clair2 
Adapt securityworker, secscan API and Quay UI for Clair 1.0
 2016-02-19 18:21:25 -05:00
Quentin Machu
e5da33578c Adapt security worker for Clair v1.0 (except notifications) 2016-02-19 17:44:14 -05:00
Joseph Schorr
abd2e3c234 V1 Docker ID <-> V2 layer SHA mismatch fix 
Fix handling of V1 Docker ID <-> V2 layer SHA mismatch by dynamically rewriting the manifest to use new synthesized IDs for all layers above the mismatch. Also adds a bunch of tests for this and other use cases, fixes a bug around manifest digest uniqueness and fixes the 5.5 migration for MySQL.
 2016-02-12 17:39:27 +02:00
josephschorr
a9c64545fa Merge pull request #1228 from coreos-inc/v2storagevalidation 
Add a check that will fail if we try to mislink V1 layers
 2016-02-11 22:49:33 +02:00
Joseph Schorr
27f1cc0a13 Add a check that will fail if we try to mislink V1 layers 
Also logs some useful information
 2016-02-11 22:40:00 +02:00
Jake Moshenko
59a6f5bc77 Replace incompatible MySQL 5.5 server_default 2016-02-11 15:07:16 -05:00
Joseph Schorr
1887dc879c Remove old search API which is no longer in use 2016-02-10 15:02:27 +02:00
Jimmy Zelinskie
ee705fe7a9 vastly simplify log rotation 2016-02-09 18:20:14 -05:00
Joseph Schorr
4e771e667f Change sec scan candidate query to match parents to the expected version only 2016-02-09 22:23:48 +02:00
Joseph Schorr
534ec9cb2b Add pagination to the repository list API to make it better for public 
Fixes #1166
 2016-02-01 22:42:44 +02:00
Joseph Schorr
1536709c02 Small fixes 2016-01-29 20:01:17 +02:00
Joseph Schorr
a80ac8eabb Fix import for alembic 2016-01-29 17:59:23 +02:00
Joseph Schorr
bd0a098282 Add ID-based pagination to logs using new decorators and an encrypted token 
Fixes #599
 2016-01-26 12:50:48 -05:00
Jimmy Zelinskie
e54b86c6eb s/TORRENT/BITTORRENT 2016-01-22 15:52:28 -05:00
Jake Moshenko
fe2bdeb6cb Require some data from all models in initdb 2016-01-19 15:30:27 -05:00
Jake Moshenko
1b392dcb9a Remove dependent signatures before removing image storages 2016-01-19 14:56:02 -05:00
Jake Moshenko
7d0be20842 Formatting and syntax improvements 2016-01-19 14:56:02 -05:00
Joseph Schorr
e4da61a05d Fix piece hash calculation 2016-01-12 17:44:19 -05:00
josephschorr
047c2c2c0f Merge pull request #1129 from coreos-inc/backfill 
Add checksum and torrent info backfill
 2016-01-12 14:20:58 -05:00
Jake Moshenko
96c72e73df Clean up torrents before removing referenced storages 2016-01-12 11:43:07 -05:00
Jake Moshenko
8ab6c8a22d Fix torrent hash generation to work in mixed stacks 2016-01-11 16:43:46 -05:00
Joseph Schorr
c36a7c21c8 Order sadly matters with this check in peewee 2016-01-11 15:10:46 -05:00
Joseph Schorr
bd715c0c71 Add checksum and torrent info backfill 2016-01-08 17:32:30 -05:00
Jake Moshenko
1ae101c917 Address torrent feature review comments. 2016-01-08 16:38:21 -05:00
Jake Moshenko
073b68cf0d Fix torrent migration and update backfill to compute torrent pieces 2016-01-08 11:15:34 -05:00
Jake Moshenko
77aa58996a Fix the db definition for torrentinfo and add migration 2016-01-06 14:04:03 -05:00
Jake Moshenko
fd1e5f2407 Remove an unnecessary outer join 2016-01-05 14:43:40 -05:00
Jake Moshenko
8f80d7064b Hash v1 uploads for torrent chunks 2016-01-05 14:43:40 -05:00
Jake Moshenko
8d5f4466d6 Cleanup some indentation and imports 2016-01-05 12:12:57 -05:00
Jimmy Zelinskie
9b0a84c02f implement get_torrent_info 2016-01-04 16:17:51 -05:00
Jake Moshenko
a9b7ac6b48 Rotate robot user uuid when the credentials change 2016-01-04 16:17:51 -05:00
Jake Moshenko
ce8fcbeaae Update the pieces to use base64 encoded binary 2016-01-04 16:17:51 -05:00
Jake Moshenko
5c6e033d21 Fix indentation 2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796 Hash and track layer file chunks for torrenting 2016-01-04 16:17:51 -05:00
josephschorr
f748d4348d Merge pull request #1106 from coreos-inc/billingemail 
Add support for custom billing invoice email address
 2016-01-04 14:34:30 -05:00
Joseph Schorr
31a8a0fba4 Better UX when recovering organization emails 
Fixes #291
 2015-12-28 15:25:31 -05:00
Joseph Schorr
10efa96009 Add support for custom billing invoice email address 
Fixes #782
 2015-12-28 13:59:50 -05:00
Joseph Schorr
01723d5546 Catch other cases where the queue item has been removed 
Fixes #1096
 2015-12-22 15:58:51 -05:00
Jake Moshenko
9c1a2e7e1b Improve performance by removing unnecessary group by fields 2015-12-22 11:35:49 -05:00
josephschorr
5ac7369bf5 Merge pull request #1068 from coreos-inc/slowqueryfix 
Remove check for derived image storages on image storage
 2015-12-18 16:32:22 -05:00
Joseph Schorr
94ece129d4 Remove remaining recursive queries on repo delete and add test 2015-12-18 16:04:03 -05:00
josephschorr
16f814b7d9 Merge pull request #1075 from coreos-inc/userdeletefix 
Fix user deletion under MySQL
 2015-12-17 15:09:18 -05:00
Joseph Schorr
2e7835c372 Fix user deletion under MySQL 
Fixes #973
 2015-12-17 15:05:15 -05:00
Jimmy Zelinskie
e1f955a3f6 add a log rotation worker 
Fixes #609.
 2015-12-16 17:22:28 -05:00
Joseph Schorr
f59f4e51e8 Remove check for derived image storages on image storage 
Derived image storages are now 1-to-1 with image storages, so we know they have already been removed at this point

Fixes #1067
 2015-12-16 13:41:25 -05:00
Joseph Schorr
73531d08b5 Add server default for the chunk_count column 2015-12-15 15:44:33 -05:00
Joseph Schorr
141f664bf7 Fix subquery delete which messes up MySQL 
Fixes #1061
 2015-12-15 13:15:10 -05:00
Joseph Schorr
9698d6f6a0 Add created column to blob upload 
Fixes first half of #1054
 2015-12-14 15:27:48 -05:00
Joseph Schorr
54095eb5cb Handle the common case of one chunk when calculating the uncompressed size 
Reference #992
 2015-12-14 15:27:48 -05:00
josephschorr
94effb5aaa Merge pull request #1023 from coreos-inc/getblobopt 
Optimize blob lookup
 2015-12-04 16:11:28 -05:00
Jake Moshenko
38cb63d195 Fix indentation on build model operations 2015-12-04 15:46:07 -05:00
Joseph Schorr
f07b940bc5 Optimize blob lookup 
Fixes #1013
 2015-12-04 14:47:09 -05:00
Joseph Schorr
c324ebd7f6 Only write exceptions for manifest gen when a tag exists 
Fixes #1019

Currently, we just raise an exception to the logs regardless, which can make it appear as if there is an issue (when there isn't).
 2015-12-03 16:04:17 -05:00
Silas Sewell
502e4c04d0 Fix seq migration down_revision 2015-11-30 17:59:04 -05:00
Silas Sewell
3833fb6530 Merge pull request #888 from coreos-inc/remove-hardcoded-ids 
Fix seq generators for enum tables in postgres
 2015-11-30 17:54:13 -05:00
Joseph Schorr
0f7c8105b0 Remove DerivedImageStorage table 2015-11-25 11:46:59 -05:00
Joseph Schorr
762cd56e64 Change derived storage to be based on image 
Fixes #971
 2015-11-24 12:44:07 -05:00
Jake Moshenko
3a29dfc535 Reducing in a tree to avoid recursion depth limits 2015-11-23 15:57:13 -05:00
Joseph Schorr
f4266d08d2 Fix handling of aggregate size in V2 
Fixes #931
 2015-11-20 11:44:03 -05:00
Joseph Schorr
4981ccbc4e Fix issue with query when manifest count is 0 2015-11-19 17:44:16 -05:00
Jake Moshenko
c352050b07 For the last time, you can't delete with a subquery on the same table! 2015-11-19 16:44:27 -05:00
Jake Moshenko
7b53797677 Fix garbage collection when manifests may reference tags 2015-11-19 16:01:36 -05:00
Jake Moshenko
7ae94f414c Alias our subqueries to appease the MySQL beast 2015-11-19 12:58:06 -05:00
Silas Sewell
1162814734 securityworker: mark children we can't analyze 
This allows us to differentiate between images that are queued and those we
can't analyze in constant time.
 2015-11-19 11:22:15 -05:00
Jake Moshenko
e6bd5488c9 Ensure that manifest tags are still alive 2015-11-19 11:01:47 -05:00
Jake Moshenko
b564492ea7 Improve the performance of fetching manifest blobs by checksum. 2015-11-19 11:01:47 -05:00
Quentin Machu
f2d874386b Fix security worker (ok last time before I give up on engineering) 2015-11-18 21:21:00 -05:00
Quentin Machu
04f2688944 Merge pull request #917 from Quentin-M/fix_secwor 
Fix security worker (again?)
 2015-11-18 19:45:36 -05:00
Quentin Machu
88e85cded0 Fix security worker (again?) 2015-11-18 19:45:09 -05:00
Quentin Machu
6d89f259f5 Merge pull request #894 from Quentin-M/fix_secwor 
Refactor security worker
 2015-11-18 14:40:34 -05:00
Quentin Machu
605ed1fc77 Refactor security worker 2015-11-18 14:38:32 -05:00
Jake Moshenko
18b14001b4 Add indices for the security worker fields on Image 
Fixes #906
 2015-11-18 13:29:51 -05:00
Jake Moshenko
206e18d160 Image parents do not have to be nulled transitively on repo delete 2015-11-17 16:48:26 -05:00
Jake Moshenko
e252397292 Switch parent back to a ForeignKeyField without a constraint 2015-11-17 16:09:33 -05:00
Jake Moshenko
3374e8c812 Do not constrain deferred fields in SQLAlchemy bridge 2015-11-17 15:55:18 -05:00
Jake Moshenko
ae61ebeac9 The translate placements query was renamed in v2 2015-11-17 12:24:05 -05:00
Jake Moshenko
7205bf5e7f Merge pull request #885 from jakedt/python-registry-v2 
Python registry v2 mega merge
 2015-11-16 16:15:40 -05:00
Silas Sewell
30b0101584 Fix seq generators for enum tables in postgres 
This attempts to insert a temporary entry into each enum table until it
succeeds. It re-synchronizes the postgres sequence generators with the max id
of the table.

Fixes #883 and #880
 2015-11-16 15:29:51 -05:00
Matt Jibson
13aa6cfcfc No PUT for logarchive 
fixes #862
 2015-11-16 15:01:12 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Jake Moshenko
52125bbfed Fix gc by using the v1/v2 storage location helper everywhere 2015-11-16 14:13:37 -05:00
Joseph Schorr
819d461ed6 Remove migration re-added by merge accidentally 2015-11-12 22:02:26 -05:00
Joseph Schorr
030c69d7d2 Further merge fixes 2015-11-12 22:00:28 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Joseph Schorr
25b8b7590f Fix all the things! 2015-11-12 20:55:41 -05:00
Jake Moshenko
44d06b0c2e Fix v1 backward compatibility 2015-11-12 16:22:19 -05:00
Jake Moshenko
cf1ec68046 Correlate a specific blob storage with its placements 2015-11-12 16:20:59 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00
Jake Moshenko
1d7be74a1f Revert "Drop the v1 checksum column from imagestorage" 
This reverts commit d292a34343.
 2015-11-11 16:39:46 -05:00
Jake Moshenko
a1ccd860e7 Merge pull request #823 from coreos-inc/phase3-11-07-2015 
Phase3 11 07 2015
 2015-11-11 14:22:19 -05:00
Jake Moshenko
1c6919dd93 We must fill in the parent_id on linking 2015-11-10 14:31:46 -05:00
Silas Sewell
e826b14ca4 Merge pull request #725 from coreos-inc/setup-tool-georeplication 
superuser: add storage replication config
 2015-11-09 17:43:38 -05:00
Silas Sewell
5000b1621c superuser: add storage replication config 2015-11-09 17:34:22 -05:00
Joseph Schorr
a69c9e12fd Update quay sec code to fix problems identified in previous review 
- Change get_repository_images_recursive to operate over a single docker image and storage uuid
- Move endpoints/sec to endpoints/secscan
- Change notification system to work with new Quay-sec format

Fixes #768
 2015-11-09 17:14:35 -05:00
Silas Sewell
c739c453da Merge pull request #807 from coreos-inc/storage-preference 
Enable storage preference
 2015-11-09 16:30:47 -05:00
josephschorr
eb2e42dce9 Merge pull request #830 from coreos-inc/fix_parent_id 
Fix deleting repos and images under MySQL
 2015-11-09 14:43:01 -05:00
Joseph Schorr
2d2662f53f Fix deleting repos and images under MySQL 
MySQL doesn't handle constraints at the end of transactions, so deleting images currently fails. This removes the constraint and just leaves parent_id as an int
 2015-11-09 14:42:05 -05:00
Matt Jibson
e5282a216f Merge pull request #818 from mjibson/redis-socket-timeout 
Set timeout for redis commands
 2015-11-09 14:39:00 -05:00
Joseph Schorr
b408cfd2cc Ready for demo 2015-11-09 12:51:05 -05:00
Joseph Schorr
407eaae137 WIP: Towards sec demo 2015-11-09 12:50:39 -05:00
Joseph Schorr
d7ace69fe3 Add a vulnerability_found event for notice when we detect a vuln 
Fixes #637

Note: This PR does *not* actually raise the event; it merely adds support for it
 2015-11-09 12:49:19 -05:00
Quentin Machu
37118423a5 Add support for Quay's vulnerability tool 2015-11-09 12:49:19 -05:00