Joseph Schorr
405eca074c
Security scanner flow changes and auto-retry
...
Changes the security scanner code to raise exceptions now for non-successful operations. One of the new exceptions raised is MissingParentLayerException, which, when raised, will cause the security worker to perform a full rescan of all parent images for the current layer, before trying once more to scan the current layer. This should allow the system to be "self-healing" in the case where the security scanner engine somehow loses or corrupts a parent layer.
2016-12-16 15:38:09 -05:00
josephschorr
d4b7738a87
Merge pull request #2243 from coreos-inc/entity-autocomplete
...
Make sure robot accounts always show up first in entity search
2016-12-16 15:09:37 -05:00
Joseph Schorr
58b7481a63
Make sure robot accounts always show up first in entity search
...
Fixes https://www.pivotaltracker.com/story/show/136277321
Fixes #2241
2016-12-16 15:04:30 -05:00
josephschorr
f72185f527
Merge pull request #2240 from coreos-inc/wrong-email-invite-accept
...
Fix attempts to confirm team invite for mismatched email address
2016-12-16 14:30:37 -05:00
josephschorr
9fa16679f8
Merge pull request #2238 from coreos-inc/fake-clair
...
Add a fake security scanner class for easier testing
2016-12-15 20:51:24 -05:00
Joseph Schorr
785c74de52
Fix attempts to confirm team invite for mismatched email address
...
Currently, if a user tries to confirm an invite sent to them on an account with a mismatching email address, we simply redirect to the org (where they get a 403). This change ensures they get the proper error response message, and restyles the error page to be nicer.
Fixes #2227
Fixes https://www.pivotaltracker.com/story/show/136088507
2016-12-15 17:15:11 -05:00
Ian Minoso
1eff25f459
Merge pull request #2239 from iminoso/loading
...
Add throbber while waiting for builds to load
2016-12-15 13:27:48 -08:00
Ian Minoso
149dd46076
Add throbber while waiting for builds to load
2016-12-15 13:01:33 -08:00
Brad Ison
2730c26b2e
Merge pull request #2237 from coreos-inc/metrics-labels
...
Don't record size in chunk upload metrics
2016-12-15 14:20:34 -05:00
Brad Ison
df7366eace
Add chunk size metric
2016-12-15 13:20:16 -05:00
Ian Minoso
77215b7de4
Merge pull request #2232 from iminoso/services
...
Basic builds table for new repo view
2016-12-14 15:52:39 -08:00
Ian Minoso
f0be3013ac
clear setinterval after unmounting component
2016-12-14 15:04:56 -08:00
Erica
135f4dae0c
Merge pull request #2213 from coreos-inc/ISSUE-2026-204-response
...
fix(endpoints/api): return empty 204 resp
2016-12-14 17:13:57 -05:00
Joseph Schorr
15041ac5ed
Add a fake security scanner class for easier testing
...
The FakeSecurityScanner mocks out all calls that Quay is expected to make to the security scanner API, and returns faked data that can be adjusted by the calling test case
2016-12-14 17:11:45 -05:00
josephschorr
d0ec5afa9c
Merge pull request #2235 from coreos-inc/clair-load-error-message
...
Add error message if security scan not found
2016-12-14 16:32:57 -05:00
EvB
0a5d4990e6
test(endpoints/api): ensure empty 202 resp
2016-12-14 16:32:06 -05:00
EvB
43aed7c6f4
fix(endpoints/api): return empty 204 resp
...
Return an empty body on API requests with status code 204, which
means "No content". Incorrect 'Deleted' responses were being
returned after successful DELETE operations despite the "No Content"
definition of 204.
2016-12-14 16:22:39 -05:00
Brad Ison
8f59ac1251
Don't record size in chunk upload metrics
2016-12-14 12:16:02 -05:00
josephschorr
fde81c1b58
Merge pull request #2236 from coreos-inc/qss-notification
...
Send notifications for previously unscannable layers in QSS
2016-12-14 11:56:24 -05:00
Joseph Schorr
6871eb95b1
Send notifications for previously unscannable layers in QSS
...
Following this change, if an image was previously indexed unsuccessfully, then we will send notifications once successfully indexed
2016-12-14 11:25:45 -05:00
Joseph Schorr
b83784f1e1
Add error message if security scan not found
...
This change ensures that the user gets an error message (and not a blank tab) if the security scan information could not be successfully loaded
Fixes https://www.pivotaltracker.com/story/show/136072509
2016-12-14 00:50:06 -05:00
josephschorr
2a6632cff4
Merge pull request #2234 from coreos-inc/select-image-test
...
Add a test for selecting images to be scanned
2016-12-14 00:34:27 -05:00
Joseph Schorr
a9a75cd4cf
Add a test for selecting images to be scanned
2016-12-14 00:07:48 -05:00
josephschorr
3dea6f6c92
Merge pull request #2233 from coreos-inc/reindex-clair
...
Have security scanner analyze only send notifications for *new* layers
2016-12-13 23:45:48 -05:00
Joseph Schorr
624b2a8385
Have security scanner analyze only send notifications for *new* layers
...
Following this change, anytime a layer is indexed by the security scanner, we only send notifications out if the layer previously had a security_indexed_engine value of `-1`, thus ensuring it has *never* been indexed previously. This will allow us to change to version of the security scanner upwards, and have all the images be re-indexed, without firing off notifications in a spammy manner.
2016-12-13 23:17:11 -05:00
Ian Minoso
1ed3c1444d
Basic builds table for new repo view
2016-12-13 16:46:35 -08:00
Evan Cordell
5686c80af1
Revert "Add GC of layers in Clair"
...
This reverts 49872838ab
2016-12-13 18:40:58 -05:00
Evan Cordell
dd5f7cbe6c
Fix the ephemeral build metrics
2016-12-13 18:28:04 -05:00
Evan Cordell
808266574e
Update changelog for v2.0.3 ( #2226 )
...
* Update changelog for v2.0.3
2016-12-09 16:44:41 -05:00
josephschorr
648fed769b
Merge pull request #2224 from coreos-inc/oauth-state
...
Have Quay always use an OAuth-specific CSRF token
2016-12-09 15:16:01 -05:00
Joseph Schorr
fd364ccca3
Remove unneeded exception var
2016-12-09 14:52:49 -05:00
Joseph Schorr
1e5b97318a
Fix loading of public keys for OIDC under Linux
...
Python's crypto lib under Linux has issues with loading PEM-encoded keys, so we just load it as a DER here and give PyJWT the key *instance* to use directly.
2016-12-09 14:26:56 -05:00
Joseph Schorr
1302fd2fbd
Switch csrf token check to use compare_digest
to prevent timing attacks
...
Also adds some additional tests for CSRF tokens
2016-12-08 23:46:31 -05:00
Joseph Schorr
dbdcb802b1
Add end-to-end OAuth login and attach tests
2016-12-08 18:35:42 -05:00
Joseph Schorr
36324708db
Fix small pylint issues
2016-12-08 16:21:44 -05:00
Joseph Schorr
ff52fde8a5
Have Quay always use an OAuth-specific CSRF token
...
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.
Fixes https://www.pivotaltracker.com/story/show/135803615
2016-12-08 16:11:57 -05:00
Charlton Austin
ec6ecc02ed
Merge pull request #2223 from charltonaustin/removing_unused_imports
...
Removing an unused import.
2016-12-08 15:31:36 -05:00
Charlton Austin
0b8c2ef92f
Removing an unused import.
2016-12-08 13:53:52 -05:00
josephschorr
34f2ddce87
Merge pull request #2222 from coreos-inc/bust-apt-cache
...
Bust apt cache
2016-12-07 18:10:26 -05:00
Joseph Schorr
1fdca26632
Bust apt cache
2016-12-07 18:09:33 -05:00
josephschorr
410b9d74fc
Merge pull request #2214 from coreos-inc/clair-gc
...
Add GC of layers in Clair
2016-12-07 17:58:21 -05:00
josephschorr
543d86ae10
Merge pull request #2221 from coreos-inc/fix-error-pages
...
Have all error pages be rendered by Angular
2016-12-07 17:53:14 -05:00
josephschorr
111b7b0788
Merge pull request #2206 from coreos-inc/ldap-user-search-fix
...
Fix external auth returns for query_user calls
2016-12-07 17:53:04 -05:00
josephschorr
c5111d7930
Merge pull request #2144 from coreos-inc/buildlogs-improvements
...
Change the append build log method to execute the two calls via one pipelined connection
2016-12-07 17:52:22 -05:00
Joseph Schorr
c06bba38de
Have all error pages be rendered by Angular
...
Fixes #2198
Fixes https://www.pivotaltracker.com/story/show/135724483
2016-12-07 17:49:02 -05:00
Jimmy Zelinskie
00eafff747
Merge pull request #2204 from jzelinskie/429builds
...
add rate limiting to build queues
2016-12-07 15:03:31 -05:00
Joseph Schorr
3203fd6de1
Fix external auth returns for query_user calls
...
Adds the missing field on the query_user calls, updates the external auth tests to ensure it is returned properly, and adds new end-to-end tests which call the external auth engines via the *API*, to ensure this doesn't break again
2016-12-07 14:28:42 -05:00
Charlton Austin
9720efbdb6
Merge pull request #2218 from charltonaustin/fix_set_to_Set
...
Fixing api usage.
2016-12-07 13:28:01 -05:00
Jimmy Zelinskie
b671ee938a
Merge pull request #2174 from jzelinskie/pngcrush
...
dockerfile: optimize static images
2016-12-07 13:04:28 -05:00
Jimmy Zelinskie
ebbe58d311
replace prefix w/ canonical name list
2016-12-07 12:56:56 -05:00