Commit graph

1307 commits

Author SHA1 Message Date
Joseph Schorr
892cc82b6a Ensure that verbs cannot be performed on disabled namespaces or by disabled users 2018-06-21 14:41:27 -04:00
Joseph Schorr
2caaf84f31 Add caching support to catalog
We will now cache the results of the catalog for 60s and not hit the database at all if cached
2018-06-20 14:58:01 -04:00
Joseph Schorr
7604e9842b Change repo filtering for users to use a user ID reference, rather than the username
While this means we need an additional query for initial lookup, it makes the *filtering* query (which is the heavy part) require far fewer joins, thus making it more efficient.

Also adds a new unit test to verify that our filter filters to the correct set of repositories.
2018-06-19 10:51:30 -04:00
Joseph Schorr
3161b60522 Switch V2 pagination back to using IDs, which should be much faster and easier on the DB
Also adds a test for the tags endpoint
2018-06-18 16:11:26 -04:00
Brad Ison
0501e0b996
Fix failing full-db tests 2018-06-13 13:03:11 -04:00
Joseph Schorr
e22b0ce004
Merge pull request #3057 from quay/joseph.schorr/QUAY-893/blob-mount
Implement support for blob mounting via the `mount` parameter on blob uploads
2018-06-06 13:13:39 -04:00
Joseph Schorr
55eb04e622
Merge pull request #3101 from quay/parallel-testing
Enable parallel testing of all the Quay unit tests
2018-06-06 13:13:14 -04:00
Joseph Schorr
f6eaf7ce9d Add blob mounting tests to the new registry test suite 2018-06-06 11:31:28 -04:00
Joseph Schorr
06cb4bddaa Add a test to ensure we don't hit the database when accessing a private catalog with no auth 2018-06-05 19:42:16 -04:00
Joseph Schorr
0e2bff972f Convert storage replication tests to pytest format 2018-06-01 17:07:23 -04:00
Joseph Schorr
544c8f0adf Convert storageproxy tests to be pytest-able and use the new liveserver testcase pytest fixture 2018-06-01 17:07:15 -04:00
Joseph Schorr
65f08c25cf Make spec'ed tests stable across runs
This was preventing us from running tests in parallel, since the names were changing
2018-06-01 17:06:43 -04:00
Sam Chow
7f21d0da58
Merge pull request #3096 from quay/refactor/secscan-simple
Refactor validators to decouple app
2018-06-01 15:44:18 -04:00
Sam Chow
301cc6992a Remove jwt validation for jschorr to fix later
Refactor oauth validate method to take config over entire appconfig
2018-06-01 15:07:06 -04:00
Sam Chow
7df8ed4a60 Add a security scanner api config object for params
Change SecScanAPI to use a uri creation func instead of test context

Pass config provider through validator context

Remove app config dependency for validators
2018-06-01 15:06:50 -04:00
Sam Chow
554d4f47a8 Change validators to use the validator_context
Change InstanceKeys to take a namedtuple for context
2018-06-01 14:59:49 -04:00
Joseph Schorr
8ee98c1c48 Show starred public repositories in the starred repos list
We forgot to check if the repository was public in the filter

Fixes https://jira.coreos.com/browse/QUAY-857
2018-05-31 17:34:17 -04:00
Joseph Schorr
f86c087b3b Prevent registry operations against disabled namespaces
Allows admins to completely wall off a namespace by disabling it

Fixes https://jira.coreos.com/browse/QUAY-869
2018-05-22 18:36:04 -04:00
Joseph Schorr
6ffafe44d3
Merge pull request #3059 from quay/joseph.schorr/QUAY-906/reg-tests
Move registry integration tests to py.test
2018-05-22 17:09:11 -04:00
Joseph Schorr
5509dd350c Switch to use the new registry tests suite 2018-05-22 17:06:41 -04:00
Joseph Schorr
a007332d4c Temporarily change to storing logs in a new LogEntry2 table
This will prevent us from running out of auto-incrementing ID values until such time as we can upgrade to peewee 3 and change the field type to a BigInt

Fixes https://jira.coreos.com/browse/QUAY-943
2018-05-18 20:15:16 -04:00
Joseph Schorr
22a39c3007 Fix bug with missing & in authorization URL for OIDC
Also adds testing to ensure we don't break this again
2018-05-15 14:52:00 -04:00
Joseph Schorr
8c1b0e673c Implement the remaining registry tests in the new py.test format 2018-05-01 13:28:24 +03:00
Joseph Schorr
23c19bcbc1 Implement support for registry integration tests via py.test
This change implements support for registry integration tests using the new py.test-based live server test fixture. We can now parametrize the protocols we use (in prep for V2_2), and it makes the code *much* cleaner and less hacky.

Note that moving the vast majority of the tests over from the existing impl will come as a followup PR
2018-05-01 13:28:24 +03:00
Joseph Schorr
85496b8195 Translate LiveServerTestCase into a py.test-compatible liveserver fixture
This allow us to super-easily instantiate a live, running Flask server with the test app, as well as interact with it, without any of the crazy boilerplate we previously used
2018-05-01 13:28:24 +03:00
Sam Chow
1afedafcbb Configurable options for search, info when at max
includes the options for  maximum search results per page, and the
maximum number of pages available before help text is shown, and
the next page button is disabled
2018-04-25 11:12:09 -04:00
Brad Ison
e90da9f2c0
Fix API team membership test 2018-04-04 14:22:11 -04:00
Joseph Schorr
8146646761 Simplifying queries around images and placements
Only verbs needs to load placements for multiple images, so we can vastly simplify and optimize most queries by making it two-step, and having the rest of the image loads not worry about placements
2018-04-03 16:23:49 -04:00
josephschorr
323eb63747
Merge pull request #3032 from coreos-inc/joseph.schorr/QUAY-885/squashed-sym
Retarget broken hard links in squashed images
2018-03-26 17:59:52 -04:00
Joseph Schorr
110366f656 Retarget hard links pointing to deleted files by emitting the deleted file contents under the first hard link instance. This fixes a breakage in the squashed TAR where we were pointing hard links to missing data.
Fixes https://jira.coreos.com/browse/QUAY-885
2018-03-23 14:00:46 -04:00
josephschorr
6c43b7ff0d
Merge pull request #3024 from coreos-inc/manageable-robots
Manageable robots epic
2018-03-21 18:50:17 -04:00
Joseph Schorr
2ea13e86a0 Add last_accessed information to User and expose for robot accounts
Fixes https://jira.coreos.com/browse/QUAY-848
2018-03-21 15:28:34 -04:00
Joseph Schorr
3586955669 Remove license code in Quay
No longer needed under Red Hat rules \o/

Fixes https://jira.coreos.com/browse/QUAY-883
2018-03-20 17:03:35 -04:00
Joseph Schorr
ed84835d23 Changes for code review 2018-03-01 16:49:52 -05:00
Joseph Schorr
c35eec0615 Add ability for triggers to be disabled
Will be used in the followup commit to automatically disable broken triggers
2018-03-01 16:49:28 -05:00
Joseph Schorr
ab0172d2fd Switch Quay to using an in-container memcached for data model caching 2018-02-27 16:55:22 -05:00
Joseph Schorr
8bc55a5676 Make namespace deletion asynchronous
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.

Fixes https://jira.coreos.com/browse/QUAY-838
2018-02-27 13:12:51 -05:00
Brad Ison
f89a16a64d Make byte_count on BlobUpload table not nullable
The byte_count field on the BlobUpload model is marked as not
nullable, but the migration to make the field a big integer removed
that restriction (#2388 :: 76de324) in the database.  It's still in
the model though, which means they are out of sync.  This adds a
migration to mark the field as not nullable in the database again.
2018-02-26 11:36:56 -05:00
Brad Ison
5bd826e7b5 Drop checksum from ImageStorage table
The checksum field was removed from the ImageStorage model in #815,
but was never dropped from the database.  This adds a migration to
drop the unused column.
2018-02-24 17:00:07 -05:00
Joseph Schorr
9a452ace11 Add configurable limits for number of builds allowed under a namespace
We also support that limit being increased automatically once a successful billing charge has gone through
2018-02-20 16:54:22 -05:00
Brad Ison
62971b7f20
Merge pull request #2999 from bison/user-location
Add user location metadata filed
2018-02-20 16:48:37 -05:00
Joseph Schorr
188ea98441 Add new decorator to prevent reflected text attacks
Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend.
2018-02-20 11:33:45 -05:00
Joseph Schorr
b342111edb Add registry tests for pushing and pulling previously bad repo names 2018-02-20 11:31:36 -05:00
Brad Ison
3de6b4a646 Add location metadata field for users 2018-02-06 16:06:17 -05:00
Joseph Schorr
bbdf9e074c Add metrics for tracking when instance key renewal succeeds and fails, as well as when instance key *lookup* fails 2018-02-02 11:14:42 -05:00
Joseph Schorr
ede3a81c68 Disallow dots in repository names to fix reflected text "attack"
Fixes https://jira.coreos.com/browse/QS-125
2018-01-18 13:19:37 -05:00
Joseph Schorr
c887aa543b Change superuser API errors to be more descriptive
Fixes https://jira.coreos.com/browse/QS-103
2018-01-05 17:09:26 -05:00
josephschorr
13b738c43c
Merge pull request #2954 from coreos-inc/joseph.schorr/QS-102/user-api-filter
Add ability to filter users list to enabled users
2018-01-05 15:40:50 -05:00
Joseph Schorr
5b4f5f9859 Regenerate test DB for token changes 2018-01-04 15:27:41 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
8e473b9779 Add filter for disabled users to superuser user list API
Fixes https://jira.coreos.com/browse/QS-102
2017-12-22 16:45:49 -05:00
Joseph Schorr
3ce9d68a3e Fix broken registry test
Flask now returns a 404 error, rather than redirecting like it used to do
2017-12-20 11:43:55 -05:00
Joseph Schorr
f9bd7ef42b Add validation of Docker V2_1 schemas and add a test for PUTing an invalid schema 2017-12-20 11:43:03 -05:00
Joseph Schorr
11e3724919 Return an http 415 (manifest version not supported) for OCI manifest content types
This was breaking skopeo, as it first tries to send the *OCI* manifest type, which we didn't say we didn't support, thus breaking the tool
2017-12-20 11:02:34 -05:00
josephschorr
024c183f67
Merge pull request #2944 from coreos-inc/joseph.schorr/QS-91/v2-caching
V2 registry blob caching
2017-12-18 14:42:02 -05:00
Joseph Schorr
097cbbeaae Add new Quay pricing plans 2017-12-18 13:12:16 -05:00
Joseph Schorr
b2485934ed Enable caching of blobs in V2 registry protocol, to avoid DB connections after the cache has been loaded
This should help for bursty pull traffic, as it will avoid DB connections on a huge % of requests
2017-12-14 13:38:24 -05:00
Joseph Schorr
a706d99849 Add additional logs and an additional test for verbs 2017-12-07 15:22:20 -05:00
Joseph Schorr
1d1c6f0606 Invalidate all session tokens when a user signs out
Fixes https://jira.coreos.com/browse/QS-85
2017-12-07 13:03:11 -05:00
Joseph Schorr
927d469db0 In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address) 2017-12-06 14:07:38 -05:00
Joseph Schorr
2677720577 Fix exception raised for certain non-JSON strings given to is_json
This is breaking pushes in production for certain manifests

Fixes https://jira.prod.coreos.systems/browse/QS-60
2017-11-14 13:46:06 -05:00
Joseph Schorr
9f804de23d Fix bug in deletion of repos with OCI-style linked tags
MySQL does not allow rows in the same table referencing other rows to be deleted in a single statement. We now do a two-pass deletion, and add a test to make sure.

Fixes https://jira.prod.coreos.systems/browse/QS-18
2017-10-18 17:03:27 -04:00
Joseph Schorr
010dda2c52 Add CloudFrontedS3Storage, which redirects to CloudFront for non-S3 ips 2017-09-28 14:40:58 -04:00
Joseph Schorr
c6aad5fef0 Add option to disable partial autocompletion of users 2017-09-12 15:55:37 -04:00
Joseph Schorr
464bccb5a0 Fix permissions on accessing archived logs 2017-08-18 13:45:36 -04:00
Jimmy Zelinskie
9e09612851 Revert "Merge pull request #2844 from coreos-inc/alegrand/use_latest_appr_server_code"
This reverts commit 646fafb2fd, reversing
changes made to 5c1b635439.
2017-08-09 20:45:46 -04:00
Joseph Schorr
854155fe82 Fix missing to_dict and import in robots model
Also adds a test to catch this issue
2017-08-09 20:33:14 -04:00
Antoine Legrand
646fafb2fd Merge pull request #2844 from coreos-inc/alegrand/use_latest_appr_server_code
Migrate from cnr -> appr
2017-08-09 00:01:25 +02:00
Antoine Legrand
6336a4a971 Migrate from cnr -> appr 2017-08-08 11:48:59 +02:00
Evan Cordell
66dc093639 Convert RepositoryUserTransitivePermission security tests to pytest 2017-08-01 11:34:31 -04:00
Evan Cordell
a68ec6966e Add data interface for api-permissions for v2-2 2017-07-31 15:46:13 -04:00
Jake Moshenko
0011ddda16 Release database connections after updating build statuses. 2017-07-26 12:29:51 -04:00
Joseph Schorr
5739e2ef4d Move notifications test into notifications package 2017-07-25 17:00:06 -04:00
Joseph Schorr
ce56031846 Move notifications into its own package 2017-07-25 17:00:06 -04:00
Charlton Austin
8f1200b00d style(data, endpoints, test): ran yapf against changed files
### Description of Changes

Issue: https://coreosdev.atlassian.net/browse/QUAY-633

## Reviewer Checklist

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-07-24 11:05:15 -04:00
Charlton Austin
9e1106f164 refactor(endpoints/api/repository*): added in pre_oci_model abstraction
this is a part of getting ready for oci stuff

[TESTING->using new PR stack]

Issue: https://coreosdev.atlassian.net/browse/QUAY-633

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-07-24 11:03:03 -04:00
josephschorr
a6db05e8b5 Merge pull request #2718 from coreos-inc/tag-expiration
Formal tag expiration support
2017-07-19 17:48:11 -04:00
Joseph Schorr
7d4fed6892 Change error message when trying to pull a deleted or expired tag
Will let the users know they can recover the tag via time machine

Note: This was tested with the Docker protocol, but the new error code is *technically* out of spec; we should make sure its okay.
2017-07-19 17:13:48 -04:00
Joseph Schorr
c5d8b5f86b Add support for tag expiration based on a quay.expires-after label 2017-07-19 17:13:06 -04:00
josephschorr
460a9b7fe8 Merge pull request #2732 from coreos-inc/swift-etag
Make sure to etag check Swift uploads
2017-07-19 17:06:53 -04:00
Jimmy Zelinskie
9f4ffca736 Merge pull request #2751 from jzelinskie/registry-tests
test: convert registry auth test to pytest
2017-07-13 15:09:57 -04:00
Evan Cordell
4ec4b7c6e6 Merge pull request #2782 from ecordell/no-signing-whitelist
Revert "Only show signing UI when namespace is explicitly whitelisted"
2017-07-13 10:20:53 -04:00
Evan Cordell
45bf7efc84 Merge branch 'master' into no-signing-whitelist 2017-07-12 15:50:32 -04:00
Evan Cordell
75c1533aec Revert "Only show signing UI when namespace is explicitly whitelisted"
85d382cd84
2017-07-12 15:48:35 -04:00
Jimmy Zelinskie
7d1bbbfe19 test: convert registry auth test to pytest
This also moves them into the auth package.
2017-07-12 15:14:12 -04:00
Joseph Schorr
b6f1782642 Change notificationworker to use a data interface 2017-07-12 17:40:45 +03:00
Joseph Schorr
50c2f1fde8 Move notification worker test under its own package 2017-07-12 17:35:09 +03:00
Evan Cordell
939ddfd1d7 Merge v2.4.0-release into cherrypick-2.4.0 2017-07-10 10:25:18 -04:00
Evan Cordell
d4ef594c13 Mark fields as required on globalmessages API so that they are
properly checked when the request comes in
2017-07-05 18:16:55 -04:00
josephschorr
89ab94ffbb Merge pull request #2720 from coreos-inc/gc-opt
GC optimizations
2017-06-29 20:55:14 +03:00
josephschorr
0e702c72f2 Merge pull request #2739 from coreos-inc/joseph.schorr/QUAY-664/verbs-interface-refactor
Refactor Verbs model definitions to match new style
2017-06-29 10:07:36 +03:00
Jimmy Zelinskie
5a651544bc Merge pull request #2716 from jzelinskie/secscan-catch-all
util.secscan.api: add catch all for API failures
2017-06-28 13:42:33 -04:00
Jimmy Zelinskie
1d2640e012 util.secscan.fake: add test for unexpected status 2017-06-28 13:40:04 -04:00
Joseph Schorr
8ac20edfb2 Move verbs security tests into pytest style 2017-06-28 12:48:02 +03:00
Joseph Schorr
8dcea30d58 Fix build by pre-calling the caches
They were being called in a test-dependent order, which caused any tests which relied on query count to fail
2017-06-27 18:11:46 +03:00
Joseph Schorr
e9a95874ee Move GC tests into pytest 2017-06-27 17:33:58 +03:00
Joseph Schorr
6b272cf7e6 Move Swift tests to pytest 2017-06-27 16:05:32 +03:00
Charlton Austin
0841d2bfb9 Merge pull request #2715 from charltonaustin/fix_endpoint_error
fix(endpoints): added in proper error handling
2017-06-21 17:00:38 -04:00
Charlton Austin
5e6aa6648b fix(endpoints): added in proper error handling
before we would return a 400 without a message because the errors were not being caught

Issue: https://www.pivotaltracker.com/story/show/145459707

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-06-21 16:59:48 -04:00
Joseph Schorr
a20d758642 Add a zero chunk test to cloud storage 2017-06-16 13:38:38 -04:00
josephschorr
4fd2047e30 Merge pull request #2693 from coreos-inc/gc-query-opt
Optimize GC query join a bit by reducing the surface
2017-06-12 13:37:55 -04:00
Joseph Schorr
d68b65d90c Optimize GC query join a bit by reducing the surface
We remove the directly referenced images from the join across ancestors, as they will be covered by the first part of the union clause. For some large repositories, this will result in a significantly reduced set of images that have to be joined NxM.
2017-06-12 12:55:32 -04:00
josephschorr
51a952d50c Merge pull request #2680 from coreos-inc/catalog-fixes
Various small catalog fixes
2017-06-09 13:43:11 -04:00
Kenny Lee Sin Cheong
1f76e9dc3b Merge pull request #2661 from kleesc/securityworker_cpu
Raise an APIRequestFailure exception when security scanner is unavail…
2017-06-03 12:15:45 -04:00
alecmerdler
9da1487bbc improve cor-tabs architecture 2017-06-02 18:03:30 -07:00
Joseph Schorr
555041876d Make public catalog only enabled via a feature flag 2017-06-02 15:30:51 -07:00
Kenny Lee Sin Cheong
203c0b76e0 Raise an APIRequestFailure exception when security scanner is unavailable
Put worker to sleep for the duration of the default indexing interval
when an APIRequestFailure occurs, when the API request fails due to a
connection error, timeout, or other ambiguous errors, from
analyze_layer or get_layer_data .
2017-05-24 11:04:44 -04:00
Charlton Austin
a71f60a9c1 Merge pull request #2652 from charltonaustin/failing_repository_notifications_to_be_disabled_after_n_failures_in_a_row_144646649
Failing repository notifications to be disabled after n failures in a row 144646649
2017-05-22 09:30:53 -04:00
Charlton Austin
993f2a174c feat(full-stack): disable notifications after 3 failures
This stops notifications from firing over and over again if they are repeatedly failing.

[TESTING -> locally with docker compose, DATABASE MIGRATION -> there is a single migration]

Issue: https://www.pivotaltracker.com/story/show/b144646649n

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-05-19 16:58:46 -04:00
Joseph Schorr
065e327190 Make sure catalog always returns public repositories 2017-05-19 16:24:08 -04:00
Jimmy Zelinskie
e2c25ce9bc registry tests: assert audit log metadata 2017-05-16 17:05:31 -04:00
Evan Cordell
85d382cd84 Only show signing UI when namespace is explicitly whitelisted 2017-05-08 13:50:07 -04:00
Joseph Schorr
30a681343f Make sure to escape LDAP queries
Fixes an issue in team sync around group names that contain *s

Fixes https://www.pivotaltracker.com/story/show/144628235
2017-05-01 14:00:54 -04:00
Joseph Schorr
de6352ef73 Make sure we don't allow anonymous binding in LDAP auth
We already prevented it, but let's make sure we never allow it by adding some tests
2017-04-28 17:09:47 -04:00
josephschorr
8b148bf1d4 Merge pull request #2576 from coreos-inc/full-db-tests-tox
Reenable full database testing locally and in concourse
2017-04-27 18:09:15 -04:00
EvB
b216290e31 test(endpoints/web): test buildlogs endpoint 2017-04-26 18:16:26 -04:00
josephschorr
5c4f7d50c6 Merge pull request #2580 from coreos-inc/team-sync-email-fix
Fix handling of team sync when a user already exists with the email address
2017-04-26 14:19:23 -04:00
EvB
5e995fae20 refactor(archivedlogs): move archivelog handler to endpoints 2017-04-26 11:41:55 -04:00
Joseph Schorr
36f2272fe2 Fix handling of team sync when a user already exists with the email address 2017-04-25 17:42:35 -04:00
Joseph Schorr
d895b4d5ff Fix appr tests to use the shared test fixtures 2017-04-24 23:08:28 -04:00
Joseph Schorr
d7f3ef96ce Small fixes found by running full db tests 2017-04-24 16:45:15 -04:00
Joseph Schorr
a1a4b68306 Change fulldbtests to use py.test 2017-04-24 16:45:15 -04:00
Joseph Schorr
6ba7ed4cd6 Prep test fixtures for supporting non-SQLite database 2017-04-24 16:45:14 -04:00
Joseph Schorr
3dcbe3c631 If enabled, allow users and orgs to set their time machine expiration
Fixes https://www.pivotaltracker.com/story/show/142881203
2017-04-21 11:32:45 -04:00
Joseph Schorr
95e9cdaccc Disable tag and build operations in repos when trust is enabled 2017-04-17 14:34:43 -04:00
Evan Cordell
2661db7485 Add flag to enable trust per repo (#2541)
* Add flag to enable trust per repo

* Add api for enabling/disabling trust

* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api

* Add `set_trust` method to repository

* Expose new logkind to UI

* Fix registry tests

* Rebase migrations and regen test.db

* Raise downstreamissue if trust metadata can't be removed

* Refactor change_repo_trust

* Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00
Alec Merdler
581d7c67a7 Fix Trigger Setup Robot Permissions for Private Base (#2543) 2017-04-14 12:10:00 -07:00
Joseph Schorr
ab2f044331 Switch get repo API to use a single list tags query
Should make things faster since the join occurs on the database side
2017-04-13 18:06:58 -04:00
josephschorr
928b9915ed Merge pull request #2441 from coreos-inc/repo-score-denormalization
Add a RepositorySearchScore table and calculation to the RAC worker
2017-04-10 16:31:09 -04:00
Joseph Schorr
df3f47c79a Add a RepositorySearchScore table and calculation to the RAC worker
This will be used in a followup PR to order search results instead of the RAC join. Currently, the join with the RAC table in search results in a lookup of ~600K rows, which causes searching to take ~6s. This PR denormalizes the data we need, as well as allowing us to score based on a wider band (6 months vs the current 1 week).
2017-04-10 14:29:02 -04:00
josephschorr
2bc619137a Merge pull request #2512 from ecordell/tufmetadata
Add tufmetadata endpoint
2017-04-07 17:16:11 -04:00
Jake Moshenko
a8ec7865a7 Merge pull request #2511 from jakedt/fixwarnings
Fixwarnings
2017-04-06 16:12:19 -04:00
Jake Moshenko
c7241911a5 Fix old-style flask imports to silence deprecation warnings. 2017-04-06 13:15:48 -04:00
Evan Cordell
1a78722521 Update tests 2017-04-05 13:57:16 -04:00
Joseph Schorr
f9e6110f73 Add basic user interface for application repos
Adds support for creating app repos, viewing app repos and seeing the list of app repos in the Quay UI.
2017-04-05 11:30:09 -04:00
Evan Cordell
9515f18fb6 Add tufmetadata endpoint 2017-04-05 10:03:27 -04:00
Joseph Schorr
b26bd3c9c5 Regenerate test.db after merge 2017-04-03 11:36:42 -04:00
Joseph Schorr
8c07f733eb Add pagination tests for LDAP 2017-04-03 11:36:41 -04:00
Joseph Schorr
d7825c6720 Add group iteration and syncing support to Keystone auth 2017-04-03 11:31:30 -04:00
Joseph Schorr
04225f2d25 Add feature flag for team syncing 2017-04-03 11:31:29 -04:00
Joseph Schorr
96b9d6b0cd Add end-to-end test for team sync 2017-04-03 11:31:29 -04:00
Joseph Schorr
b683088f87 Update tests for teams API 2017-04-03 11:31:29 -04:00
Joseph Schorr
a17b637032 Fix ordering in LDAP test 2017-04-03 11:31:28 -04:00
Joseph Schorr
bb20422260 Fix pagination disabling in LDAP with mockldap
Since mockldap doesn't support pagination, just disable it globally
2017-04-03 11:31:28 -04:00
Joseph Schorr
ecfac81721 Add check_group_lookup_args and service_metadata to auth providers 2017-04-03 11:31:28 -04:00
Joseph Schorr
f5a854c189 Add TeamSync database and API support
Teams can now have a TeamSync entry in the database, indicating how they are synced via an external group. If found, then the user membership of the team cannot be changed via the API.
2017-04-03 11:31:28 -04:00
Joseph Schorr
d718829f5d Initial LDAP group member iteration support
Add interface for group member iteration on internal auth providers and implement support in the LDAP interface.
2017-04-03 11:31:28 -04:00
Charlton Austin
ca99535774 Merge pull request #2449 from charltonaustin/phase_two_config
feat(build runner): added in context, dockerfile_location
2017-03-28 14:14:36 -04:00
Charlton Austin
e6d201e0b0 feat(build runner): added in context, dockerfile_location
this is a new feature meant to allow people to use any file as
  a dockerfile and any folder as a context directory
2017-03-28 13:55:31 -04:00
Jimmy Zelinskie
65a17dc155 Merge pull request #2473 from coreos-inc/certs-fixes
Fixes and improvements around custom certificate handling
2017-03-27 15:08:36 -04:00
Evan Cordell
4c94d2c760 Fix xAuth test 2017-03-27 11:37:17 -04:00
Evan Cordell
6ad107709c Change build_context_and_subject to take kwargs 2017-03-27 11:37:17 -04:00
Evan Cordell
43dd974dca Determine which TUF root to show based on actual access, not requested
access
2017-03-27 11:37:17 -04:00
Joseph Schorr
e509eb4cba Better custom cert handling in the superuser tool
We now only allow certificates ending in .crt to be uploaded and we automatically install the certificate once it has been validated
2017-03-24 17:15:26 -04:00
Joseph Schorr
651666b60b Refactor our auth handling code to be cleaner
Breaks out the validation code from the auth context modification calls, makes decorators easier to define and adds testing for each individual piece. Will be the basis of better error messaging in the following change.
2017-03-23 15:42:45 -04:00
Joseph Schorr
abf179eb09 Move fixtures under test, since they are shared globally 2017-03-23 15:42:45 -04:00
Joseph Schorr
e204f7784c Make app registry off by default 2017-03-23 12:01:59 -04:00
Joseph Schorr
bdda74d6df Make sure GC checks new Blob table as well before deleting CAS storage 2017-03-22 23:53:21 -04:00
Jimmy Zelinskie
3ccf3c5f33 Merge pull request #2447 from jzelinskie/cnr-step2
CNR Step 2
2017-03-22 18:45:51 -04:00
Joseph Schorr
df1e7f90e0 Add verb security tests and fix small issues 2017-03-22 18:29:53 -04:00
Joseph Schorr
dcb970b783 Add registry app repository failure test 2017-03-22 17:26:59 -04:00
Joseph Schorr
30b532254c Disallow non-apps-supported APIs for application repositories 2017-03-22 15:51:19 -04:00
Jimmy Zelinskie
dae2cc8c3a initdb: add beta class data 2017-03-22 13:58:50 -04:00
Joseph Schorr
a047257656 Transitive query checks need to be for updates, not just deletes
MySQL doesn't support transitive updates either, so we need to extend the testing to prevent the recent breakage from occurring again
2017-03-20 21:06:37 -04:00
Joseph Schorr
6476488221 Skip bitbucket pushes without any commits
Fixes https://sentry.io/coreos/backend-production/issues/178220183/
2017-03-20 18:23:21 -04:00
josephschorr
4bee4dbfff Merge pull request #2443 from coreos-inc/build-webhook-tests
Add tests for build web hooks endpoint
2017-03-20 16:26:57 -04:00
josephschorr
27aa12de7a Merge pull request #2439 from coreos-inc/remove_redis_log_expiration
Switch from expire to delete redis log_entries
2017-03-20 13:41:57 -04:00
Joseph Schorr
6f567e0850 Add tests for build web hooks endpoint 2017-03-20 13:22:59 -04:00
Jimmy Zelinskie
f94d5c7684 initdb: skip data checks for beta classes & regen 2017-03-17 11:35:16 -04:00
Antoine Legrand
ec847ce613 Switch from expire to delete redis log_entries 2017-03-17 15:35:47 +01:00
Alec Merdler
cd61482ff1 Merge pull request #2426 from alecmerdler/frontend-refactoring
More Front-end TypeScript Refactoring
2017-03-16 14:19:13 -07:00
Joseph Schorr
e90cab4d77 Change revert tag into restore tag and add manifest support 2017-03-14 11:34:42 -04:00
Joseph Schorr
af743b156b Show manifest digests in place of V1 ids in the tag view when possible 2017-03-14 11:34:41 -04:00
josephschorr
cbac673d58 Merge pull request #2404 from coreos-inc/cas-gc-fix
Fix GC handling around CAS paths
2017-03-10 17:34:21 -05:00
josephschorr
432b2d3fe8 Merge pull request #2392 from coreos-inc/search-optimization
Optimize repository search by changing our lookup strategy
2017-03-10 15:44:26 -05:00
Joseph Schorr
48db77b521 Fix bug in QSS notifications 2017-03-10 11:25:55 -05:00
Joseph Schorr
b5bb76cdea Optimize repository search by changing our lookup strategy
Previous to this change, repositories were looked up unfiltered in six different queries, and then filtered using the permissions model, which issued a query per repository found, making search incredibly slow. Instead, we now lookup a chunk of repositories unfiltered and then filter them via a single query to the database. By layering the filtering on top of the lookup, each as queries, we can minimize the number of queries necessary, without (at the same time) using a super expensive join.

Other changes:
- Remove the 5 page pre-lookup on V1 search and simply return that there is one more page available, until there isn't. While technically not correct, it is much more efficient, and no one should be using pagination with V1 search anyway.
- Remove the lookup for repos without entries in the RAC table. Instead, we now add a new RAC entry when the repository is created for *the day before*, with count 0, so that it is immediately searchable
- Remove lookup of results with a matching namespace; these aren't very relevant anyway, and it overly complicates sorting
2017-03-09 19:47:55 -05:00
alecmerdler
4e913f106d refactored DockerfileServiceImpl to return promise instead of callbacks 2017-03-09 01:26:19 -08:00
Joseph Schorr
0ab6388e30 Add support for null ref, as that can be the value if a default branch is not chosen 2017-03-07 20:39:42 -05:00
alecmerdler
80b3666eb7 refactoring DockerfileService 2017-03-07 11:25:18 -08:00
Joseph Schorr
69e550d125 Fix GC handling around CAS paths
Adds code to ensure we never GC CAS paths that are shared amongst multiple ImageStorage rows, as well as an associated pair of tests to catch the positive and negative cases.
2017-03-07 13:48:07 -05:00
Jimmy Zelinskie
b9ac2b7b3b workers.securityworker: simplify min id 2017-03-03 14:51:18 -05:00
Jimmy Zelinskie
4ed0cdda14 securityscanner: add a min image id option
This will enable us to force some instances of the securityworker to
scan only new images.
2017-03-03 13:55:25 -05:00
josephschorr
aa2f88d321 Merge pull request #2337 from coreos-inc/new-trigger-ux
Implement new create and manager trigger UI
2017-03-02 18:15:32 -05:00
Joseph Schorr
9e6c368f7a Make QSS multiple notification messaging nicer 2017-03-01 16:11:11 -05:00
Joseph Schorr
eff1827d9d Batch QSS notifications after initial scan 2017-03-01 15:42:49 -05:00
alecmerdler
8fcd76c0be removed old templates 2017-02-28 16:51:44 -05:00
alecmerdler
ea9d47ba75 ignore invalid linear workflow sections that are after the current section 2017-02-28 16:51:44 -05:00
alecmerdler
ff07533d80 added tests for linear workflow components 2017-02-28 16:51:44 -05:00
alecmerdler
e59d394491 refactoring linear workflow directives 2017-02-28 16:51:43 -05:00
alecmerdler
b1516193a5 converted ManageTriggerGithostComponent to TypeScript 2017-02-28 16:51:43 -05:00
alecmerdler
14222be9fe working on ManageTriggerGithostComponent 2017-02-28 16:51:43 -05:00
alecmerdler
00b1f0e3cc starting ManageTriggerCustomGitComponent 2017-02-28 16:51:43 -05:00
alecmerdler
389a4cb1c4 fixed tests 2017-02-28 16:51:42 -05:00
Joseph Schorr
8e863b8cf5 Implement new create and manager trigger UI
Implements the new trigger setup user interface, which is now a linear workflow found on its own page, rather than a tiny modal dialog

Fixes #1187
2017-02-28 16:51:42 -05:00
Joseph Schorr
f8d74305e1 Remove old validator tests 2017-02-24 12:23:18 -05:00
Joseph Schorr
c0f7530b29 Pull out JWT auth validation into validator class
Also fixes a small bug in validation (yay tests!)
2017-02-24 12:23:16 -05:00
Joseph Schorr
b2afe68632 Pull out redis validation into validator class 2017-02-24 12:23:15 -05:00
Joseph Schorr
f933b3e295 Pull out database validation into validator class 2017-02-24 12:23:14 -05:00
Joseph Schorr
94be8731f3 Change Docker Version tests to pytest 2017-02-22 15:45:06 -05:00