vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
8807 commits 2 branches 62 tags 205 MiB
Commit graph

215 commits

Author SHA1 Message Date
Joseph Schorr
d45161b120 Add a worker to automatically GC expired app specific tokens 
Fixes https://jira.coreos.com/browse/QUAY-822
 2018-02-12 14:56:01 -05:00
Joseph Schorr
5490e64669 Fill out schema and schema whitelist 2018-02-06 15:27:01 -05:00
Joseph Schorr
7893ef6acc Add test to ensure that all config.py properties are defined in the config schema 2018-02-06 15:26:31 -05:00
josephschorr
9f7b08d0ff
Merge pull request #2993 from coreos-inc/joseph.schorr/QUAY-797/pagination-size 
Allow size of pages in V2 api to be configurable
 2018-02-02 15:21:15 -05:00
Joseph Schorr
eae9175950 Allow size of pages in V2 api to be configurable 2018-02-02 13:54:41 -05:00
josephschorr
6514bf229f
Merge pull request #2973 from coreos-inc/joseph.schorr/QS-116/cloudfront-storage 
Add support for configuring cloudfront storage
 2018-02-02 10:14:28 -05:00
Joseph Schorr
b0f656731c Add support for configuring CloudFront storage engine 
Fixes https://jira.coreos.com/browse/QS-116
 2018-01-31 11:22:14 -05:00
IvanCherepov
c228734978
Generates HTML documentation explaining all of configuration fields (#2952) 
* create HTML documentation explaining all of schema's configuration fields
 2018-01-24 14:09:29 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
72bfebdb60 Add license validation to the config validation check 
Should prevent a customer from accidentally saving a config that violates their license

Fixes https://jira.coreos.com/browse/QS-97
 2017-12-19 13:44:08 -05:00
IvanCherepov
c383ac1f9d
Add config validation on startup (#2903) 
* WIP

* Finish schema

Add three sections: security scanning, bittorrent support and feature flags.
 2017-12-01 10:46:39 -05:00
Joseph Schorr
74f99ba94a Ensure encrypted passwords are not enabled with OIDC auth 
Fixes https://jira.prod.coreos.systems/browse/QS-49
 2017-10-31 16:03:28 -04:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth 
OIDC internal auth support
 2017-10-02 16:51:17 -04:00
Joseph Schorr
f51a863158 Remove access_token from user_info 2017-10-02 16:51:09 -04:00
Joseph Schorr
010dda2c52 Add CloudFrontedS3Storage, which redirects to CloudFront for non-S3 ips 2017-09-28 14:40:58 -04:00
Joseph Schorr
c105123ad4 Add superuser config for prefix autocomplete setting 2017-09-12 15:57:57 -04:00
Joseph Schorr
bc82edb2d1 Add ability to configure OIDC internal auth engine via superuser panel 2017-09-12 12:23:52 -04:00
Joseph Schorr
783799c227 Make team sync timeout config actually configurable 2017-09-06 14:08:30 -04:00
Joseph Schorr
751598056e Enable support in OIDC for endpoints without user info support 
The user info endpoint is apparently optional.
 2017-08-01 13:24:27 -04:00
Antoine Legrand
2d60ad71b6 Print only first line of s3 error message 2017-07-27 18:05:06 +02:00
josephschorr
96d1fd128d Merge pull request #2757 from coreos-inc/joseph.schorr/QUAY-606/logarchive-georep 
Add support for QE customers to enable log rotation
 2017-07-12 00:30:04 +03:00
Joseph Schorr
a13235c032 Fix typo 2017-07-10 18:35:51 +03:00
Evan Cordell
939ddfd1d7 Merge v2.4.0-release into cherrypick-2.4.0 2017-07-10 10:25:18 -04:00
Joseph Schorr
176c26e3f7 Add config validation for action log archiving 2017-07-10 13:09:33 +03:00
Antoine Legrand
cdb3722c17 Use $QUAYPATH and $QUAYDIR in conf and init files 2017-07-05 16:23:54 +02:00
Evan Cordell
d64b8b1fcf Revert to old secret handling, fix license loading 2017-06-28 23:15:14 -04:00
Evan Cordell
ef459a2d18 Update the expected response layout for kubernetes config 2017-06-28 07:28:57 -04:00
Jimmy Zelinskie
e028e159c0 add app registry config to setup tool: default off 2017-06-16 15:44:00 -04:00
Jimmy Zelinskie
7d07c2ed07 util.config.validators: fix torrent validation 
This code was mistaken the info dict with the params passed in an
announce request. Rather, now we expose a function for creating a jwt
from infohashes directly.
 2017-06-09 13:31:38 -04:00
josephschorr
2ec43483a8 Merge pull request #2662 from coreos-inc/direct-login 
Enable toggling of the direct login feature in the superuser panel
 2017-05-24 16:51:43 -04:00
Joseph Schorr
2b9873483a Enable toggling of the direct login feature in the superuser panel 
Allows superusers to disable login to the UI via credentials if at least one OIDC provider is configured
 2017-05-24 12:57:55 -04:00
Evan Cordell
20da91d879 Add tests for providers and update install script 2017-05-23 15:43:21 -04:00
Evan Cordell
01b59e8d66 ConfigProviders abstract over path construction 
Fixes issue where certs can't be uploaded in UI in k8s
 2017-05-17 08:12:09 -04:00
Joseph Schorr
4e09fff181 Remove test that breaks MySQL full DB tests 2017-05-02 16:04:46 -04:00
josephschorr
8b148bf1d4 Merge pull request #2576 from coreos-inc/full-db-tests-tox 
Reenable full database testing locally and in concourse
 2017-04-27 18:09:15 -04:00
Joseph Schorr
4ea4ee3aa4 Fix time machine config validator on old-style config 
Existing config won't have the keys defined, so make sure we skip in that case (and just use the defaults)
 2017-04-27 14:24:47 -04:00
Joseph Schorr
cb3695a629 Change config validator tests to use the shared fixtures 2017-04-24 16:45:14 -04:00
Joseph Schorr
3dcbe3c631 If enabled, allow users and orgs to set their time machine expiration 
Fixes https://www.pivotaltracker.com/story/show/142881203
 2017-04-21 11:32:45 -04:00
Joseph Schorr
ed3da4697f Add client ID and client secret to OIDC config validator 2017-04-07 11:33:02 -04:00
Jake Moshenko
c7241911a5 Fix old-style flask imports to silence deprecation warnings. 2017-04-06 13:15:48 -04:00
Joseph Schorr
0b6c062e32 Add superuser panel config for team syncing 2017-04-03 11:31:30 -04:00
Joseph Schorr
a6486b7823 Gitlab validation must allow unspecified endpoint 
Gitlab config validator currently requires the gitlab endpoint to be specified, even though we support leaving it unspecified for non-enterprise installs. Fix the validator to allow this case.
 2017-03-30 12:57:41 -04:00
Joseph Schorr
45179216af Have sec scan retries actually work 
Until this change, if `ping` raised an exception, we wouldn't retry properly
 2017-03-29 16:19:46 -04:00
Joseph Schorr
b017133cc6 Make QSS validation errors more descriptive 2017-03-24 17:28:16 -04:00
Jimmy Zelinskie
23759a1592 util.config.db: ensure blob locations sync on boot 2017-03-22 22:57:21 -04:00
Joseph Schorr
157640e696 Add config validator for OIDC logins 2017-02-28 16:18:19 -05:00
Joseph Schorr
88b808f468 Fix typo 2017-02-24 12:23:18 -05:00
Joseph Schorr
d4eb4f7f3c Pull out github trigger and login validation into validator class 2017-02-24 12:23:18 -05:00
Joseph Schorr
a31f2267e8 Pull out gitlab trigger validation into validator class 2017-02-24 12:23:18 -05:00
Joseph Schorr
7a260d81d3 Pull out bitbucket trigger validation into validator class 2017-02-24 12:23:17 -05:00
Joseph Schorr
49638b081b Pull out google login validation into validator class 2017-02-24 12:23:17 -05:00
Joseph Schorr
620e377faf Pull out ssl validation into validator class 2017-02-24 12:23:17 -05:00
Joseph Schorr
e76b95f0e6 Add S3 storage test to validator tests 2017-02-24 12:23:17 -05:00
Joseph Schorr
09b3cfd549 Pull out torrent validation into validator class 2017-02-24 12:23:17 -05:00
Joseph Schorr
2944a4e13d Pull out signing validation into validator class 2017-02-24 12:23:17 -05:00
Joseph Schorr
8844ecbb7c Fix imports 2017-02-24 12:23:16 -05:00
Joseph Schorr
dcabb36ac7 Add TODO 2017-02-24 12:23:16 -05:00
Joseph Schorr
3db4c15459 Pull out security scanner validation into validator class 2017-02-24 12:23:16 -05:00
Joseph Schorr
c0f7530b29 Pull out JWT auth validation into validator class 
Also fixes a small bug in validation (yay tests!)
 2017-02-24 12:23:16 -05:00
Joseph Schorr
678f868bc4 Pull out keystone validation into validator class 2017-02-24 12:23:15 -05:00
Joseph Schorr
c55ddf7341 Pull out ldap validation into validator class 2017-02-24 12:23:15 -05:00
Joseph Schorr
2d64cf3000 Rename config validation source files 2017-02-24 12:23:15 -05:00
Joseph Schorr
00eceb7ed5 Pull out email validation into validator class 2017-02-24 12:23:15 -05:00
Joseph Schorr
ee4f5ed5d6 Move registry storage validator to new location 2017-02-24 12:23:15 -05:00
Joseph Schorr
b2afe68632 Pull out redis validation into validator class 2017-02-24 12:23:15 -05:00
Joseph Schorr
f933b3e295 Pull out database validation into validator class 2017-02-24 12:23:14 -05:00
Joseph Schorr
484977f728 Refactor security scanner validation from single sleep to polling 2017-02-24 12:23:14 -05:00
josephschorr
01ec22b362 Merge pull request #2300 from coreos-inc/openid-connect 
OpenID Connect support and OAuth login refactoring
 2017-01-31 18:14:44 -05:00
Joseph Schorr
f5dbc350f8 Fix missed tests and revert conftest change (breaks docker build) 2017-01-30 17:28:25 -05:00
Joseph Schorr
d9003d1375 Make sure the parent dir of a file path exists before writing the file 
Fixes when the `extra_ca_certs` directory doesn't exist when using the new custom certs tool
 2017-01-26 15:15:40 -05:00
Joseph Schorr
4755d08677 Refactor and rename the standard OAuth services 2017-01-19 15:23:15 -05:00
Joseph Schorr
bee2551dc2 Temporarily remove Dex login support 
This will be added back in later in this PR as part of proper generic OIDC support
 2017-01-19 14:51:12 -05:00
Joseph Schorr
7e0fbeb625 Custom SSL certificates config panel 
Adds a new panel to the superuser config tool, for managing custom SSL certificates in the config bundle

[Delivers #135586525]
 2017-01-13 14:34:35 -05:00
Joseph Schorr
3a24871422 Add SSL certificate utility and tests 2017-01-10 17:06:13 -05:00
Joseph Schorr
f1c9965edf Add more volume file operations and cleanup k8s provider code 2017-01-10 17:06:13 -05:00
Joseph Schorr
29d6abddb5 Linter fixes 2017-01-10 17:06:13 -05:00
Joseph Schorr
1e5b97318a Fix loading of public keys for OIDC under Linux 
Python's crypto lib under Linux has issues with loading PEM-encoded keys, so we just load it as a DER here and give PyJWT the key *instance* to use directly.
 2016-12-09 14:26:56 -05:00
Joseph Schorr
dbdcb802b1 Add end-to-end OAuth login and attach tests 2016-12-08 18:35:42 -05:00
Joseph Schorr
236655adb4 Fix config validator for storage and add a test suite 
Note that the test suite doesn't fully verify that each validation succeeds; rather, it ensures that the proper system (storage, security scanning, etc) is called with the configuration and returns at all (usually with an expected error). This should prevent us from forgetting to update these code paths when we change config-based systems. Longer term, we might want to have these tests stand up fake/mock versions of the endpoint services as well, for end-to-end testing.
 2016-11-30 11:58:41 -05:00
josephschorr
74e54bdbbb Merge pull request #1872 from coreos-inc/qe-torrent 
Add QE setup tool support for BitTorrent downloads
 2016-11-11 13:56:22 -05:00
Joseph Schorr
681f975df5 Add QE setup tool support for BitTorrent downloads 
Fixes #1871
 2016-11-02 17:32:12 -04:00
Joseph Schorr
d7f56350a4 Make email addresses optional in external auth if email feature is turned off 
Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
 2016-10-31 13:50:24 -04:00
Joseph Schorr
b3d1d7227c Add support to Keystone Auth for external user linking 
Also adds Keystone V3 support
 2016-10-27 15:42:03 -04:00
Joseph Schorr
fbb524e34e Add support to ExternalJWT Auth for external user linking 2016-10-27 15:42:03 -04:00
Joseph Schorr
2eabf1a291 Fix tests and test provider for real license format 2016-10-18 23:44:08 -04:00
Jake Moshenko
9f1c12e413 Refactor our license code to be entitlement centric. 2016-10-18 22:33:28 -04:00
Joseph Schorr
67f828279d Switch the license validator to use config_provider and have a test license 
Fixes the broken tests currently which try (and fail) to read the license file
 2016-10-18 11:44:13 -04:00
Joseph Schorr
ee96693252 Add superuser config section for updating license 2016-10-17 21:44:25 -04:00
Jimmy Zelinskie
5fee4d6d19 *: misc formatting cleanup 2016-10-17 21:43:45 -04:00
Jimmy Zelinskie
6eb26d7998 configproviders: pass filemode when opening volume 2016-10-17 21:43:45 -04:00
Jimmy Zelinskie
0c5400b7d1 enforce license across registry blueprints 2016-10-17 21:43:45 -04:00
Joseph Schorr
8fe29c5b89 Add license upload step to the setup flow 
Fixes #853
 2016-10-17 21:43:15 -04:00
Joseph Schorr
5211c407ff Add license checking to Quay 
Based off of mjibson's changes

Fixes #499
 2016-10-17 21:43:15 -04:00
Joseph Schorr
5a8200f17a Add option to properly handle external TLS 
Fixes #1984
 2016-10-13 14:49:29 -04:00
Jimmy Zelinskie
fc7301be0d *: fix legacy imports 
This change reorganizes imports and renames the legacy flask extensions.
 2016-09-28 20:17:14 -04:00
Jimmy Zelinskie
ae16d24fd1 license: validate via key instance rather than PEM 2016-09-28 15:44:28 -04:00
josephschorr
e1771abe58 Merge pull request #739 from coreos-inc/license 
Add license checking to Quay
 2016-09-27 16:52:08 +02:00
Joseph Schorr
476576bb70 Add license checking to Quay 
Based off of mjibson's changes

Fixes #499
 2016-09-27 10:31:34 +02:00
Joseph Schorr
25ed99f9ef Add feature flag to turn off requirement for team invitations 
Fixes #1804
 2016-09-20 16:45:00 -04:00
Joseph Schorr
c7beea2032 Fix handling of custom LDAP cert 
This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs

Fixes #1846
 2016-09-19 17:55:08 -04:00