Joseph Schorr
90b4f0a2ed
Fix default log archive location for ER
...
Before this change, the ER was using the default of 'local_us' from the base config, which is incorrect, and caused no logs to be archived.
2015-06-11 13:43:29 -04:00
Joseph Schorr
457ee7306e
Parenthesis fix on the JWT auth error message
2015-06-10 16:00:25 -04:00
Jake Moshenko
2a2414d6af
Merge pull request #60 from coreos-inc/jwtauthentication
...
Add support for an external JWT-based authentication system
2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e
Add support for an external JWT-based authentication system
...
This authentication system hits two HTTP endpoints to check and verify the existence of users:
Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
Returns 200 if the username/email exists, 4** otherwise
Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message
The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
Joseph Schorr
c0e995c1d4
Merge branch 'master' into nolurk
2015-06-02 13:55:16 -04:00
Joseph Schorr
dd28a845db
Fix NPE in cache control decorator
2015-05-28 13:22:42 -04:00
Joseph Schorr
ac239ec4ee
Make sure to only split into two parts max
2015-05-20 14:54:41 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
2379af71f8
Parse the client secret properly
2015-05-18 15:01:37 -04:00
Joseph Schorr
fb8e718c44
Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header
2015-05-18 12:38:39 -04:00
Joseph Schorr
4f2a1b3734
Add setup UI for the new trigger types (bitbucket and gitlab) and add validation
2015-05-03 11:50:26 -07:00
Joseph Schorr
d07f9f04e9
UI and code improvements to make working with the multiple SCMs easier
2015-05-03 10:38:11 -07:00
Jimmy Zelinskie
3ac884beb4
gitlab oauth
2015-05-02 17:54:48 -04:00
Joseph Schorr
c480fb2105
Work in progress: bitbucket support
2015-04-24 15:13:08 -04:00
Jimmy Zelinskie
ba2cb08904
Merge branch 'master' into git
2015-04-16 17:38:35 -04:00
Joseph Schorr
3cd11c8f45
GitHub login fixes:
...
- Allow for case insensitivity in the org name list
- Remove the check for verified email addresses when under Enterprise; it isn't supported there.
2015-04-16 12:17:39 -04:00
Joseph Schorr
036c8e56e0
Add proper error handling when the config volume is mounted in a read-only state.
2015-04-02 18:54:09 -04:00
Joseph Schorr
5cd500257d
Merge branch 'master' into orgview
2015-04-01 13:56:49 -04:00
Joseph Schorr
27a9b84587
Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists
2015-03-30 17:55:04 -04:00
Joseph Schorr
aaf1b23e98
Address CL concerns and switch to a real encryption system
2015-03-26 15:10:58 -04:00
Joseph Schorr
85d6500daa
Merge resistanceisfutile into master
2015-03-23 15:39:08 -04:00
Jimmy Zelinskie
f6f93e9079
consolidate everything into one GitHub trigger
2015-03-19 17:12:27 -04:00
Jimmy Zelinskie
5a29218c5c
Merge branch 'master' into git
2015-03-19 12:10:34 -04:00
Jimmy Zelinskie
288f847e9a
util.ssh: reorder return args
2015-03-18 17:32:59 -04:00
Joseph Schorr
b8d88c0f4e
Add aggregate size column and a migration to backfill it
2015-03-16 18:03:17 -04:00
Joseph Schorr
360aa69d92
Fix LDAP error and url handling to be more clear for the end user
2015-03-16 14:33:53 -04:00
Jimmy Zelinskie
c9d955e432
util.ssh: generate ssh key method
2015-03-16 13:37:27 -04:00
Jimmy Zelinskie
47675b88f5
analytics: fix misspelled class name
2015-03-06 12:02:13 -05:00
Joseph Schorr
2e840654d3
PR changes
2015-03-05 12:07:39 -05:00
Joseph Schorr
4f04ad2acd
Change ImageTree to only use a single loop over the images when building. This should be slightly faster on large image sets
2015-03-04 16:53:22 -05:00
Joseph Schorr
4ca5d9b04b
Add support for filtering github login by org
2015-03-03 19:58:42 -05:00
Joseph Schorr
2c662b7861
Make sure to specify a default mail sender when validating emails. Unfortunately for us, flask-mail by default uses the sender from the *global* app instance, rather than the one specified in the Mail(...) call. This was breaking validation.
2015-03-03 13:56:32 -05:00
Jake Moshenko
24ab0ae53a
Fix some problems with off by one in the id condition when deleteing temporary access tokens.
2015-02-20 16:23:36 -05:00
Jake Moshenko
f7b5221391
Merge branch 'master' of github.com:coreos-inc/quay
2015-02-20 16:07:34 -05:00
Jake Moshenko
3bbe064291
Add a script for deleting the old temporary access tokens in small batches.
2015-02-20 16:07:31 -05:00
Jimmy Zelinskie
9c6b029f87
cloudwatch: update docs
2015-02-20 16:07:02 -05:00
Jimmy Zelinskie
47f8cb77c4
Merge pull request #11 from coreos-inc/nimbus
...
CloudWatch for build job status
2015-02-18 17:17:28 -05:00
Jimmy Zelinskie
9ab3554226
buildreporter: does not execute in a coroutine!
2015-02-18 17:11:45 -05:00
Jimmy Zelinskie
0d38e0b00b
metrics: use config['name'] to get metric conf
2015-02-18 16:05:36 -05:00
Jimmy Zelinskie
f53dea46b7
buildman: address PR #11 comments
2015-02-18 14:13:36 -05:00
Joseph Schorr
c69aea1262
Fix invoice address
2015-02-18 11:57:13 -05:00
Jimmy Zelinskie
ef8d320c95
cloudwatch: global before reading queue
...
Technically, it isn't necessary to use the global keyword before reading
a global value, only modifying it. However, in this case it leaves a
pretty annoying log line.
2015-02-17 13:13:12 -05:00
Jimmy Zelinskie
6a1dd376c2
util: add cloudwatch package
...
This isolates the CloudWatch sending thread to it's own package where it
can be shared among any other packages that want to asynchronously send
metrics to CloudWatch.
2015-02-14 16:30:10 -05:00
Jake Moshenko
2ce6e76d9d
Add the required migration for time machine tag lifetimes.
2015-02-13 14:41:08 -05:00
Joseph Schorr
7a199f63eb
Various small fixes and add support for subjectAltName to the SSL cert check
2015-02-12 14:00:26 -05:00
Joseph Schorr
f107b50a46
Merge branch 'master' into ackbar
2015-02-12 12:04:45 -05:00
Joseph Schorr
893ae46dec
Add an ImageTree class and change to searching *all applicable* branches when looking for the best cache tag.
2015-02-10 21:46:58 -05:00
Joseph Schorr
045614c6c8
Merge branch 'master' into ackbar
2015-02-09 17:16:42 -05:00
Joseph Schorr
cf774e23df
Merge branch 'master' into v2
2015-02-05 15:37:14 -05:00
Joseph Schorr
555bd293ea
Fix tar layer format comment
2015-02-05 14:40:02 -05:00
Joseph Schorr
400ffa73e6
Add SSL cert and key validation
2015-02-05 13:06:56 -05:00
Joseph Schorr
bfb0784abc
Add signing to the ACI converter
2015-02-04 15:29:24 -05:00
Joseph Schorr
84e5c0644e
Address comments
2015-02-02 14:07:32 -05:00
Joseph Schorr
30b895b795
Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar
2015-01-23 17:26:14 -05:00
Joseph Schorr
c8229b9c8a
Implement new step-by-step setup
2015-01-23 17:19:15 -05:00
Joseph Schorr
28d319ad26
Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not).
2015-01-20 12:43:11 -05:00
Joseph Schorr
fa55169c35
- Fix bug in tarlayerformat when dealing with larger headers
...
- Fix bug around entry points and config in the ACI converter
2015-01-16 18:23:40 -05:00
Joseph Schorr
53e5fc6265
Have the config setup tool automatically prepare the S3 or GCS storage with CORS config
2015-01-16 16:10:40 -05:00
Jimmy Zelinskie
0da9c5826b
Update MixPanel and use BufferedConsumer
2015-01-16 16:04:13 -05:00
Jimmy Zelinskie
f5138792ad
Merge branch 'master' of github.com:coreos-inc/quay
2015-01-16 15:32:02 -05:00
Jimmy Zelinskie
fe9e19704b
Try/Catch creating connection to CloudWatch
2015-01-16 15:31:40 -05:00
Jimmy Zelinskie
33088f742a
Migrate queued metric from processes to threads
2015-01-16 15:30:58 -05:00
Joseph Schorr
1f9479a230
Merge branch 'boxer'
2015-01-16 14:57:22 -05:00
Joseph Schorr
e93544573f
Add missing action
2015-01-16 14:57:09 -05:00
Joseph Schorr
5e9d9eb6cd
Merge branch 'master' of https://github.com/coreos-inc/quay
2015-01-16 13:44:32 -05:00
Joseph Schorr
b89ba61286
Change to only run the cloud watch reporter in the gunicorn_web
2015-01-16 13:44:29 -05:00
Jimmy Zelinskie
07bb9be603
Some class docs added to queuemetrics classes
2015-01-16 12:14:57 -05:00
Jimmy Zelinskie
0122a6698f
Wrap call to CloudWatch in try/catch block.
2015-01-16 12:14:11 -05:00
Joseph Schorr
87a5b17d20
Add inbox actions. Note that this isn't enabled because of issues around DKIM in Gmail with SES.
2015-01-15 17:11:05 -05:00
Joseph Schorr
6ed28930b2
Work in progress: Docker -> ACI conversion
2015-01-13 17:46:11 -05:00
Joseph Schorr
0d2c42ad03
Fix tests
2015-01-09 17:11:51 -05:00
Joseph Schorr
6d604a656a
Move config handling into a provider class to make testing much easier
2015-01-09 16:23:31 -05:00
Joseph Schorr
bfd273d16f
- Make validation a bit nicer:
...
- Add timeout to the DB validation
- Make DB validation exception handling a bit nicer
- Move the DB validation error message
- Fix bug around RADOS config default for Is Secure
- Allow hiding of the validation box
2015-01-08 15:27:49 -05:00
Joseph Schorr
47fb10b79f
Merge branch 'master' into ackbar
2015-01-08 13:57:39 -05:00
Joseph Schorr
5ac2c4970a
Add Google auth validation and fix the case where no config is specified at all for Google auth or Github auth
2015-01-08 13:56:17 -05:00
Joseph Schorr
5e0ce4eea9
Add validation of github to the config tool
2015-01-08 13:26:24 -05:00
Joseph Schorr
63504c87fb
Get end-to-end configuration setup working, including verification (except for Github, which is in progress)
2015-01-07 16:20:51 -05:00
Jimmy Zelinskie
88a60d05b6
fix shadowed variable
...
'tag' was being used for both a string value and a boolean value
2015-01-05 14:51:00 -05:00
Joseph Schorr
219730c341
Better config defaults and remove some unneeded code
2015-01-05 13:01:32 -05:00
Joseph Schorr
40d2b1748f
Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py).
2015-01-05 12:31:02 -05:00
Joseph Schorr
1bf25f25c1
WIP
2015-01-04 14:38:41 -05:00
Joseph Schorr
4ca877c1d4
Add ability to download system logs
2014-12-23 14:01:00 -05:00
Jimmy Zelinskie
6968c148f7
Allow redirects to specific tags
2014-12-18 16:01:59 -05:00
Jimmy Zelinskie
eeeb2e620c
move slackwebhook migration from tools to util
...
tools isn't shipped inside of the container because it contains private
keys
2014-12-18 13:22:13 -05:00
Joseph Schorr
c8277b07d9
Merge branch 'master' of https://bitbucket.org/yackob03/quay
2014-12-01 16:19:24 -05:00
Joseph Schorr
1e993b04ef
Add a time.sleep(0) to the tight loop in gzipstream to make sure we never use 100% of a machine CPU
2014-12-01 16:19:13 -05:00
Jimmy Zelinskie
f3259c862b
Merge branch 'koh'
...
Conflicts:
auth/scopes.py
requirements-nover.txt
requirements.txt
static/css/quay.css
static/directives/namespace-selector.html
static/js/app.js
static/partials/manage-application.html
templates/oauthorize.html
2014-12-01 12:30:09 -08:00
Joseph Schorr
72d613614d
Merge branch 'bagger'
2014-12-01 12:48:59 -05:00
Joseph Schorr
c266f35648
Fix bug in the changes library
2014-11-29 19:00:48 -05:00
Joseph Schorr
9aa62bd92b
Fix dockerfile parsing for unicode
2014-11-28 15:03:04 -05:00
Joseph Schorr
b7a489813a
Fix build system to work with Github Enterprise
2014-11-26 12:37:20 -05:00
Joseph Schorr
3a935822fc
Fix PhantomJS by always using the local copy of CDN files, and making sure to specify TLS (instead of the default SSLv3, which is now deprecated)
2014-11-25 15:32:10 -05:00
Joseph Schorr
e9cac407df
Add a configurable avatar system and add an internal avatar system for enterprise
2014-11-24 19:25:13 -05:00
Jimmy Zelinskie
716d7a737b
Strip whitespace from ALL the things.
2014-11-24 16:07:38 -05:00
Jake Moshenko
e863b96166
Tweak the uuid backfill to leave the uuid column nullable.
2014-11-19 15:32:30 -05:00
Jimmy Zelinskie
606ad21bec
Apply reviewed changes.
...
Adds a length to the UUID field, renames QuayDeferredPermissionUser
parameter id->uuid, adds transactions to backfill script.
2014-11-19 13:28:16 -05:00
Jimmy Zelinskie
10b627c2ad
Add user uuid backfill
2014-11-19 13:28:16 -05:00
Jake Moshenko
17fc72d262
Switch postgres to a non-transactional DDL to allow us to use peewee to modify data in migrations: enterprise customers are running postgres migrations offline already. Move the image backfill script back to a migration since it will now work. Unify the interface to sending a DB URI to env.py for the migration script.
2014-11-18 14:07:33 -05:00
Joseph Schorr
3c990072fd
Only run the uncompressed size backfill for images that have a defined size > 0, but no uncompressed size
2014-11-10 19:41:58 -05:00
Joseph Schorr
611bc895e1
Handle invalid tar layers and add tests
2014-11-10 18:26:37 -05:00