Jake Moshenko
21cb9f1aa1
Handle null executor cancellations separately from other exceptions
2017-05-15 13:45:44 -04:00
josephschorr
19f67bfa1b
Merge pull request #2607 from coreos-inc/faster-security-notify
...
Batch the tag lookups in the security notification worker in an attempt to significant reduce load
2017-05-03 13:49:13 -04:00
Joseph Schorr
977bbc20a2
Add filtering onto the images query in get_matching_tags_for_images
...
Should make the query even faster in the security notification case
2017-05-02 18:29:14 -04:00
Joseph Schorr
4e09fff181
Remove test that breaks MySQL full DB tests
2017-05-02 16:04:46 -04:00
Joseph Schorr
98fcae753b
Change the security notification system to use get_matching_tags_for_images
...
This should vastly reduce the number of database calls we make, as instead of making 2-3 calls per image, we'll make two calls per ~100 images
2017-05-02 15:39:27 -04:00
Evan Cordell
738f53f61a
Merge pull request #2597 from ecordell/sni
...
TUF metadata api SNI support
2017-05-02 13:01:16 -04:00
Evan Cordell
b2569ffbb2
Support SNI in python requests, and only delete tuf metadata if it
...
exists
2017-05-02 09:32:12 -04:00
Joseph Schorr
ae0d1e831b
Add prometheus metric for queued builds
2017-05-01 15:16:55 -04:00
josephschorr
8b148bf1d4
Merge pull request #2576 from coreos-inc/full-db-tests-tox
...
Reenable full database testing locally and in concourse
2017-04-27 18:09:15 -04:00
Joseph Schorr
4ea4ee3aa4
Fix time machine config validator on old-style config
...
Existing config won't have the keys defined, so make sure we skip in that case (and just use the defaults)
2017-04-27 14:24:47 -04:00
Joseph Schorr
cb3695a629
Change config validator tests to use the shared fixtures
2017-04-24 16:45:14 -04:00
Joseph Schorr
f296599162
Add additional logging around secscan analyze
2017-04-21 16:52:47 -04:00
Jake Moshenko
3b26e819d3
Merge pull request #2558 from jakedt/betternooper
...
Make the nooper impl even smaller!
2017-04-21 14:29:52 -04:00
Joseph Schorr
3dcbe3c631
If enabled, allow users and orgs to set their time machine expiration
...
Fixes https://www.pivotaltracker.com/story/show/142881203
2017-04-21 11:32:45 -04:00
Jimmy Zelinskie
6bef1d1ff3
Merge pull request #2322 from jzelinskie/acifix
...
image/appc: fix volume conversion and add tests
2017-04-21 10:15:03 -04:00
Jake Moshenko
e97ef09bd3
Make the nooper impl even smaller!
2017-04-20 13:42:49 -04:00
josephschorr
b03771669b
Merge pull request #2554 from coreos-inc/no-secscan-delete
...
Fix deleting repos when sec scan or signing is disabled
2017-04-19 17:09:59 -04:00
Joseph Schorr
c5bb9abf11
Fix deleting repos when sec scan or signing is disabled
...
Make sure we don't invoke the APIs to non-existent endpoints
2017-04-19 16:57:36 -04:00
Joseph Schorr
08b9c4b0d4
Fill backfill script for recent changes
...
We forgot that we need to lookup by user *object* and we need to lookup locations on their own
2017-04-19 16:50:51 -04:00
Jake Moshenko
ba07270bb2
Turn off in-app sentry logging, only log 500s at the WSGI layer
2017-04-18 16:38:22 -04:00
Jake Moshenko
22f5934f34
Add error logging to Marketo calls
2017-04-17 10:19:52 -04:00
Evan Cordell
2661db7485
Add flag to enable trust per repo ( #2541 )
...
* Add flag to enable trust per repo
* Add api for enabling/disabling trust
* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api
* Add `set_trust` method to repository
* Expose new logkind to UI
* Fix registry tests
* Rebase migrations and regen test.db
* Raise downstreamissue if trust metadata can't be removed
* Refactor change_repo_trust
* Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00
Evan Cordell
ec63e495fc
Add repo purge callbacks and register TUF metadata deletion as one
2017-04-12 17:33:51 -04:00
Evan Cordell
883692345b
Add unit tests for gun calculation
2017-04-12 17:33:51 -04:00
Evan Cordell
70ae34357f
urljoin GUN together instead of manually concatenating
2017-04-12 17:33:51 -04:00
Evan Cordell
68128b938b
Add tests for tuf metadata delete
2017-04-12 17:33:51 -04:00
Evan Cordell
abe6f40bc5
Add support for deleting TUF metadata when repo is deleted
2017-04-12 17:33:51 -04:00
josephschorr
2bc619137a
Merge pull request #2512 from ecordell/tufmetadata
...
Add tufmetadata endpoint
2017-04-07 17:16:11 -04:00
Evan Cordell
217b4a5ab2
Return hashes and expiration when fetching signed tags
2017-04-07 16:12:28 -04:00
Joseph Schorr
ed3da4697f
Add client ID and client secret to OIDC config validator
2017-04-07 11:33:02 -04:00
Jake Moshenko
c7241911a5
Fix old-style flask imports to silence deprecation warnings.
2017-04-06 13:15:48 -04:00
Jake Moshenko
a0817bfd59
Refresh dependencies and fix tests.
2017-04-06 13:15:48 -04:00
Evan Cordell
9515f18fb6
Add tufmetadata endpoint
2017-04-05 10:03:27 -04:00
Joseph Schorr
0b6c062e32
Add superuser panel config for team syncing
2017-04-03 11:31:30 -04:00
Joseph Schorr
a6486b7823
Gitlab validation must allow unspecified endpoint
...
Gitlab config validator currently requires the gitlab endpoint to be specified, even though we support leaving it unspecified for non-enterprise installs. Fix the validator to allow this case.
2017-03-30 12:57:41 -04:00
Joseph Schorr
45179216af
Have sec scan retries actually work
...
Until this change, if `ping` raised an exception, we wouldn't retry properly
2017-03-29 16:19:46 -04:00
Jimmy Zelinskie
65a17dc155
Merge pull request #2473 from coreos-inc/certs-fixes
...
Fixes and improvements around custom certificate handling
2017-03-27 15:08:36 -04:00
Evan Cordell
1016641f8d
refactor jwt context building
2017-03-27 11:37:17 -04:00
Evan Cordell
abd78bce56
Use constants for TUF roots
2017-03-27 11:37:17 -04:00
Evan Cordell
6ad107709c
Change build_context_and_subject to take kwargs
2017-03-27 11:37:17 -04:00
Evan Cordell
43dd974dca
Determine which TUF root to show based on actual access, not requested
...
access
2017-03-27 11:37:17 -04:00
Joseph Schorr
b017133cc6
Make QSS validation errors more descriptive
2017-03-24 17:28:16 -04:00
Jimmy Zelinskie
23759a1592
util.config.db: ensure blob locations sync on boot
2017-03-22 22:57:21 -04:00
Joseph Schorr
6ab5b8be45
Have storage replication backfill tool only backfill missing storages
...
Prevents overload of the queue
2017-03-22 11:30:49 -04:00
Joseph Schorr
6476488221
Skip bitbucket pushes without any commits
...
Fixes https://sentry.io/coreos/backend-production/issues/178220183/
2017-03-20 18:23:21 -04:00
josephschorr
432b2d3fe8
Merge pull request #2392 from coreos-inc/search-optimization
...
Optimize repository search by changing our lookup strategy
2017-03-10 15:44:26 -05:00
josephschorr
6d6be63ca6
Merge pull request #2393 from coreos-inc/oidc-ui
...
OIDC configuration support in superuser config panel
2017-03-10 12:13:48 -05:00
Joseph Schorr
b5bb76cdea
Optimize repository search by changing our lookup strategy
...
Previous to this change, repositories were looked up unfiltered in six different queries, and then filtered using the permissions model, which issued a query per repository found, making search incredibly slow. Instead, we now lookup a chunk of repositories unfiltered and then filter them via a single query to the database. By layering the filtering on top of the lookup, each as queries, we can minimize the number of queries necessary, without (at the same time) using a super expensive join.
Other changes:
- Remove the 5 page pre-lookup on V1 search and simply return that there is one more page available, until there isn't. While technically not correct, it is much more efficient, and no one should be using pagination with V1 search anyway.
- Remove the lookup for repos without entries in the RAC table. Instead, we now add a new RAC entry when the repository is created for *the day before*, with count 0, so that it is immediately searchable
- Remove lookup of results with a matching namespace; these aren't very relevant anyway, and it overly complicates sorting
2017-03-09 19:47:55 -05:00
Joseph Schorr
eff1827d9d
Batch QSS notifications after initial scan
2017-03-01 15:42:49 -05:00
Jimmy Zelinskie
cbb2fff0e2
util.secscan.api: raise exception for !200 status
2017-03-01 00:40:47 -05:00