Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								64421db0a3 
								
							 
						 
						
							
							
								
								MAINTAINERS: init owners to subpkgs  
							
							
							
						 
						
							2017-01-23 17:46:34 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								b4ace1dd29 
								
							 
						 
						
							
							
								
								registry auth tests: test more access types  
							
							
							
						 
						
							2016-11-28 14:02:08 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4b926ae189 
								
							 
						 
						
							
							
								
								Add new metrics as requested by some customers  
							
							... 
							
							
							
							Note that the `status` field on the pull and push metrics will eventually be set to False for failed pulls and pushes in a followup PR 
							
						 
						
							2016-11-03 15:28:40 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3439f814b6 
								
							 
						 
						
							
							
								
								Fix quoting of scopes in WWW-Authenticate header  
							
							... 
							
							
							
							Fixes part of #2002  
							
						 
						
							2016-10-17 14:32:43 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								684ace3b5a 
								
							 
						 
						
							
							
								
								Merge pull request  #1761  from coreos-inc/nginx-direct-download  
							
							... 
							
							
							
							Add feature flag to force all direct download URLs to be proxied 
							
						 
						
							2016-09-29 22:46:57 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								31b77cf232 
								
							 
						 
						
							
							
								
								rename auth.auth to auth.process  
							
							... 
							
							
							
							This fixes some ambiguity around imports. 
							
						 
						
							2016-09-29 15:24:57 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6ae3faf7fc 
								
							 
						 
						
							
							
								
								Add explicit config parameter to the JWT auth methods  
							
							
							
						 
						
							2016-09-29 11:15:20 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								dd2e086a20 
								
							 
						 
						
							
							
								
								Add feature flag to force all direct download URLs to be proxied  
							
							... 
							
							
							
							Fixes  #1667  
						
							2016-09-29 11:13:41 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								fc7301be0d 
								
							 
						 
						
							
							
								
								*: fix legacy imports  
							
							... 
							
							
							
							This change reorganizes imports and renames the legacy flask extensions. 
							
						 
						
							2016-09-28 20:17:14 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c4daf1cc3d 
								
							 
						 
						
							
							
								
								Change permissions model so that non-admins do not get org-wide read  
							
							... 
							
							
							
							Fixes  #1684  
						
							2016-08-04 16:47:28 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								8887f09ba8 
								
							 
						 
						
							
							
								
								Use the instance service key for registry JWT signing  
							
							
							
						 
						
							2016-06-07 11:58:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								7933aecf25 
								
							 
						 
						
							
							
								
								Add support for direct granting of OAuth tokens and add tests  
							
							... 
							
							
							
							This allows a client (when authorized in a whitelist) to send direct credentials via a Basic auth header and therefore bypass the OAuth approval UI for that user. 
							
						 
						
							2016-05-23 17:17:06 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a736407611 
								
							 
						 
						
							
							
								
								Fix user:admin scope handling and add test  
							
							
							
						 
						
							2016-05-09 11:16:01 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								9221a515de 
								
							 
						 
						
							
							
								
								Use the registry API for security scanning  
							
							... 
							
							
							
							when the storage engine doesn't support direct download url 
							
						 
						
							2016-05-04 18:04:06 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								eba75494d9 
								
							 
						 
						
							
							
								
								Use new error format for auth errors (factor exceptions into module)  
							
							
							
						 
						
							2016-04-11 16:22:26 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b5b2df2063 
								
							 
						 
						
							
							
								
								Make test more resilient to changes in IDs  
							
							
							
						 
						
							2016-03-30 16:19:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a3aa4592cf 
								
							 
						 
						
							
							
								
								Change permissions to only load required by default  
							
							... 
							
							
							
							Permissions now load just the namespace and/or repository permissions requested, with a fallback to a full permissions load if necessary. 
							
						 
						
							2016-03-28 16:33:32 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								ea2e17cc11 
								
							 
						 
						
							
							
								
								v2: send proper scopes for authorization failures  
							
							... 
							
							
							
							Fixes  #1278 . 
						
							2016-03-11 13:41:38 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								bb46cc933d 
								
							 
						 
						
							
							
								
								use kwargs for parse_repository_name  
							
							
							
						 
						
							2016-03-09 16:20:28 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e8faa9f843 
								
							 
						 
						
							
							
								
								Merge pull request  #939  from coreos-inc/user-admin  
							
							... 
							
							
							
							Add user admin scope 
							
						 
						
							2016-02-16 16:42:29 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								01a92a66ba 
								
							 
						 
						
							
							
								
								Refresh base image and python dependencies  
							
							
							
						 
						
							2016-01-27 11:36:40 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e4ffaff869 
								
							 
						 
						
							
							
								
								Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.  
							
							... 
							
							
							
							This support is placed behind a feature flag. 
							
						 
						
							2016-01-22 15:54:06 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4e942203cb 
								
							 
						 
						
							
							
								
								Fix handling of tokens in the new context block of the JWT  
							
							
							
						 
						
							2015-12-15 16:52:22 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								ca7d36bf14 
								
							 
						 
						
							
							
								
								Handle empty scopes and always send the WWW-Authenticate header, as per spec  
							
							... 
							
							
							
							Fixes  #1045  
						
							2015-12-15 14:59:47 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4a4eee5e05 
								
							 
						 
						
							
							
								
								Make our JWT subjects better and log using the info  
							
							... 
							
							
							
							Fixes  #1039  
						
							2015-12-14 14:00:33 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Matt Jibson 
								
							 
						 
						
							
							
							
							
								
							
							
								f02bb3caee 
								
							 
						 
						
							
							
								
								Add user admin scope  
							
							... 
							
							
							
							Also remove unused scope decorator.
fixes  #890  
							
						 
						
							2015-11-18 12:01:40 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								9c3ddf846f 
								
							 
						 
						
							
							
								
								Some fixes and tests for v2 auth  
							
							... 
							
							
							
							Fixes  #395  
						
							2015-09-10 15:38:57 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								82efc746b3 
								
							 
						 
						
							
							
								
								Make our JWT checking more strict.  
							
							
							
						 
						
							2015-09-04 15:18:57 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								b2844fb8c7 
								
							 
						 
						
							
							
								
								Switch the base case for when a scope string contains an invalid scope.  
							
							
							
						 
						
							2015-08-05 17:35:02 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								354f4109d0 
								
							 
						 
						
							
							
								
								Switch to returning an empty set when there are invalid auth scopes  
							
							
							
						 
						
							2015-07-31 12:49:42 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								804be4d4be 
								
							 
						 
						
							
							
								
								OAuth scopes are space separated, not comma  
							
							
							
						 
						
							2015-07-31 12:37:02 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								5d86fa80e7 
								
							 
						 
						
							
							
								
								Merge pull request  #197  from coreos-inc/keystone  
							
							... 
							
							
							
							Add Keystone Auth 
							
						 
						
							2015-07-22 13:38:47 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								679044574a 
								
							 
						 
						
							
							
								
								Merge pull request  #231  from coreos-inc/smallfix  
							
							... 
							
							
							
							Small API fixes 
							
						 
						
							2015-07-20 13:45:24 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								33b54218cc 
								
							 
						 
						
							
							
								
								Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass  
							
							
							
						 
						
							2015-07-20 11:39:59 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								bc29561f8f 
								
							 
						 
						
							
							
								
								Fix and templatize the logic for external JWT AuthN and registry v2 Auth.  
							
							... 
							
							
							
							Make it explicit that the registry-v2 stuff is not ready for prime time. 
							
						 
						
							2015-07-17 11:56:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								3efaa255e8 
								
							 
						 
						
							
							
								
								Accidental refactor, split out legacy.py into separate sumodules and update all call sites.  
							
							
							
						 
						
							2015-07-17 11:56:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								bea8b9ac53 
								
							 
						 
						
							
							
								
								More changes for registry-v2 in python.  
							
							... 
							
							
							
							Implement the minimal changes to the local filesystem storage driver and feed them through the distributed storage driver.
Create a digest package which contains digest_tools and checksums.
Fix the tests to use the new v1 endpoint locations.
Fix repository.delete_instance to properly filter the generated queries to avoid most subquery deletes, but still generate them when not explicitly filtered. 
							
						 
						
							2015-07-17 11:50:41 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								acbcc2e206 
								
							 
						 
						
							
							
								
								Start of a v2 API.  
							
							
							
						 
						
							2015-07-17 11:50:41 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								f5ee7a6697 
								
							 
						 
						
							
							
								
								Make the scopes dynamic based on app config.  
							
							
							
						 
						
							2015-07-15 18:13:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1c5300e439 
								
							 
						 
						
							
							
								
								We still need to process the function if the auth header is invalid  
							
							... 
							
							
							
							Otherwise, the user gets a 500 
							
						 
						
							2015-07-14 11:35:04 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								7b470237a1 
								
							 
						 
						
							
							
								
								The superuser capability does not require the idea of ordinality since it is a binary permission.  
							
							
							
						 
						
							2015-06-30 11:02:13 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								87efcb9e3d 
								
							 
						 
						
							
							
								
								Delegated superuser API access  
							
							... 
							
							
							
							Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users. 
							
						 
						
							2015-06-30 11:08:26 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								dc5af7496c 
								
							 
						 
						
							
							
								
								Allow superusers to disable user accounts  
							
							
							
						 
						
							2015-06-29 18:40:52 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								03e1636ff2 
								
							 
						 
						
							
							
								
								Clean up log format to use lazy string substitution.  
							
							
							
						 
						
							2015-06-23 17:10:03 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								76bef38d71 
								
							 
						 
						
							
							
								
								Remove extra call to the DB for a user we already have  
							
							
							
						 
						
							2015-05-07 17:17:05 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								8eb9c376cd 
								
							 
						 
						
							
							
								
								Add constructors for the QuayDeferredPermissionUser so that we can avoid extraneous DB lookups of the user whenever we already have the object  
							
							
							
						 
						
							2015-05-07 15:04:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e4b659f107 
								
							 
						 
						
							
							
								
								Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords  
							
							
							
						 
						
							2015-03-25 18:43:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								68e1495e54 
								
							 
						 
						
							
							
								
								Remove support for the old style push temporary tokens.  
							
							
							
						 
						
							2015-02-24 14:31:19 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c58c19db8a 
								
							 
						 
						
							
							
								
								Add support for the deprecated token method. We need this as a live migration strategy and we can remove it about an hour after we deploy the new version to prod.  
							
							
							
						 
						
							2015-02-23 22:02:38 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								450b112f2c 
								
							 
						 
						
							
							
								
								Propagate the grant user context to the signed grant to fix image sharing.  
							
							
							
						 
						
							2015-02-23 15:07:38 -05:00