Commit graph

2077 commits

Author SHA1 Message Date
Joseph Schorr
93d79e777e Automatically disable build triggers with successive failures or internal errors
We allow users to reenable them manually once disabled
2018-03-01 16:49:51 -05:00
Joseph Schorr
c35eec0615 Add ability for triggers to be disabled
Will be used in the followup commit to automatically disable broken triggers
2018-03-01 16:49:28 -05:00
Joseph Schorr
4be3594ec8 Remove internal_only from superuser APIs for users and orgs 2018-03-01 15:14:39 -05:00
Joseph Schorr
8bc55a5676 Make namespace deletion asynchronous
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.

Fixes https://jira.coreos.com/browse/QUAY-838
2018-02-27 13:12:51 -05:00
josephschorr
6220df4f88
Merge pull request #3012 from coreos-inc/access-control-header
Add X-Requested-With header to allowed CORS headers
2018-02-21 14:27:36 -05:00
Joseph Schorr
bcd9b680fa Add X-Requested-With header to allowed CORS headers
Will fix the API explorer
2018-02-21 14:21:27 -05:00
Joseph Schorr
e446eb5757 Switch build queue limiter query to use total number of alive jobs
This is slightly more accurate and, not being based on time, will work better under MySQL
2018-02-21 14:04:40 -05:00
Joseph Schorr
9a452ace11 Add configurable limits for number of builds allowed under a namespace
We also support that limit being increased automatically once a successful billing charge has gone through
2018-02-20 16:54:22 -05:00
Brad Ison
62971b7f20
Merge pull request #2999 from bison/user-location
Add user location metadata filed
2018-02-20 16:48:37 -05:00
Joseph Schorr
188ea98441 Add new decorator to prevent reflected text attacks
Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend.
2018-02-20 11:33:45 -05:00
josephschorr
ac328da383
Merge pull request #3006 from coreos-inc/joseph.schorr/QUAY-827/noop-team-name
Add messaging when trying to create a team that already exists
2018-02-15 16:41:51 -05:00
Joseph Schorr
72ca758c88 Add messaging when trying to create a team that already exists
Fixes https://jira.coreos.com/browse/QUAY-827
2018-02-15 16:03:09 -05:00
Joseph Schorr
e220b50543 Refactor auth code to be cleaner and more extensible
We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc).
2018-02-14 15:35:27 -05:00
Brad Ison
5965929187 Include location in user analytics 2018-02-06 16:06:17 -05:00
Brad Ison
3de6b4a646 Add location metadata field for users 2018-02-06 16:06:17 -05:00
josephschorr
9f7b08d0ff
Merge pull request #2993 from coreos-inc/joseph.schorr/QUAY-797/pagination-size
Allow size of pages in V2 api to be configurable
2018-02-02 15:21:15 -05:00
Joseph Schorr
eae9175950 Allow size of pages in V2 api to be configurable 2018-02-02 13:54:41 -05:00
josephschorr
6514bf229f
Merge pull request #2973 from coreos-inc/joseph.schorr/QS-116/cloudfront-storage
Add support for configuring cloudfront storage
2018-02-02 10:14:28 -05:00
Joseph Schorr
b0f656731c Add support for configuring CloudFront storage engine
Fixes https://jira.coreos.com/browse/QS-116
2018-01-31 11:22:14 -05:00
josephschorr
fd1237cff9
Merge pull request #2974 from coreos-inc/joseph.schorr/QS-118/manifest-write-query
Audit the number of SQL queries we make in writing manifests, and significantly reduce in the common case
2018-01-31 11:08:33 -05:00
Joseph Schorr
9e16a989f5 Audit the number of SQL queries we make in writing manifests, and significantly reduce in the common case
Instead of 41 queries now for the simple manifest, we are down to 14.

The biggest changes:
  - Only synthesize the V1 image rows if we haven't already found them in the database
  - Thread the repository object through to the other model method calls, and use it instead of loading again and again
2018-01-25 11:10:43 -05:00
Joseph Schorr
208dc38d25 Allow expired app specific tokens to be deleted 2018-01-23 11:40:51 -05:00
josephschorr
b29e8202e5
Merge pull request #2977 from coreos-inc/joseph.schorr/QS-121/gunicorn-health
Add instance health checks for all gunicorn workers
2018-01-16 11:31:22 -05:00
Joseph Schorr
e91b83e1be Add instance health checks for all gunicorn workers
Fixes https://jira.coreos.com/browse/QS-121
2018-01-16 11:29:40 -05:00
Joseph Schorr
a32edb646d Fix 500 exception when sending a non-string release name to appr
Fixes https://jira.coreos.com/browse/QS-120
2018-01-12 17:14:05 -05:00
Joseph Schorr
c887aa543b Change superuser API errors to be more descriptive
Fixes https://jira.coreos.com/browse/QS-103
2018-01-05 17:09:26 -05:00
josephschorr
13b738c43c
Merge pull request #2954 from coreos-inc/joseph.schorr/QS-102/user-api-filter
Add ability to filter users list to enabled users
2018-01-05 15:40:50 -05:00
josephschorr
5286fd63b0
Merge pull request #2953 from coreos-inc/joseph.schorr/QS-101/discovery-anon
Allow anonymous access to the discovery endpoint
2018-01-05 15:40:39 -05:00
josephschorr
d8fde005d8
Merge pull request #2961 from coreos-inc/joseph.schorr/QS-107/create-repo-opt
Small optimizations around create repository code
2018-01-05 15:40:30 -05:00
Joseph Schorr
888b564a9b Add a banner to the Quay UI when an app specific token is about to expire 2018-01-04 15:27:42 -05:00
Joseph Schorr
2214a2c7ad Disable fresh login check in auth engines that won't support it 2018-01-04 15:27:41 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
1e1bec0afe Remove extra update call on create repo 2018-01-04 13:42:05 -05:00
Joseph Schorr
c1cff32c1e Fix log levels in registry 2018-01-04 13:07:11 -05:00
Joseph Schorr
f05982dc7c Fix app registry logging 2018-01-04 13:05:50 -05:00
Joseph Schorr
8e473b9779 Add filter for disabled users to superuser user list API
Fixes https://jira.coreos.com/browse/QS-102
2017-12-22 16:45:49 -05:00
Joseph Schorr
1d3a93efcb Linter fixes for superuser API file 2017-12-22 16:18:58 -05:00
Joseph Schorr
6b42e3e4ca Allow anonymous access to the discovery endpoint
Fixes https://jira.coreos.com/browse/QS-101
2017-12-22 16:13:23 -05:00
Joseph Schorr
11e3724919 Return an http 415 (manifest version not supported) for OCI manifest content types
This was breaking skopeo, as it first tries to send the *OCI* manifest type, which we didn't say we didn't support, thus breaking the tool
2017-12-20 11:02:34 -05:00
Joseph Schorr
9e16596854 Add a bunch of logging to the data model caching mechanism
Should help us debug any potential issues
2017-12-18 14:18:37 -05:00
Joseph Schorr
b2485934ed Enable caching of blobs in V2 registry protocol, to avoid DB connections after the cache has been loaded
This should help for bursty pull traffic, as it will avoid DB connections on a huge % of requests
2017-12-14 13:38:24 -05:00
Joseph Schorr
db6007cb37 Change v2 registry auth code to not hit the database when we know we have permissions loaded
Avoids a DB call and, when used in conjunction with blob caching, will avoid a DB *connection*
2017-12-14 13:37:31 -05:00
Joseph Schorr
51e67ab7f5 Fix get_blob_path to not make any database calls and add a test
This will be supported by caching, hopefully removing the need to hit the database when the blob object is cached
2017-12-13 16:27:46 -05:00
Joseph Schorr
a706d99849 Add additional logs and an additional test for verbs 2017-12-07 15:22:20 -05:00
josephschorr
6db2ecc19f
Merge pull request #2928 from coreos-inc/joseph.schorr/QS-74/fix-restart
Have Quay lookup the sbin/my_init PID to kill
2017-12-07 13:25:16 -05:00
Joseph Schorr
1d1c6f0606 Invalidate all session tokens when a user signs out
Fixes https://jira.coreos.com/browse/QS-85
2017-12-07 13:03:11 -05:00
josephschorr
d405f6f158
Merge pull request #2899 from coreos-inc/joseph.schorr/QS-36/appr-auth-improvement
Allow app registry to use robots and tokens to login
2017-12-06 15:04:22 -05:00
josephschorr
b9ad8bbb5d
Merge pull request #2934 from coreos-inc/joseph.schorr/QS-78/email-recovery
Security fixes for password recovery
2017-12-06 14:53:02 -05:00
Joseph Schorr
a204dc20fb Require CAPTCHA for password recovery
https://jira.coreos.com/browse/QS-79
2017-12-06 14:25:34 -05:00
josephschorr
8d7381336a
Merge pull request #2910 from coreos-inc/joseph.schorr/QS-58/oidc-auth-bug
Don't add a "password required" notification for non-database auth via OIDC
2017-12-06 14:19:49 -05:00