Commit graph

738 commits

Author SHA1 Message Date
Joseph Schorr
e7dbc4ee91 Move notification helper code into the root module 2017-07-25 17:00:07 -04:00
Joseph Schorr
ce56031846 Move notifications into its own package 2017-07-25 17:00:06 -04:00
Jake Moshenko
3b79955c8c Fix the relative path problem when running quay from non-root 2017-07-13 15:30:50 -04:00
Joseph Schorr
e00437c227 Add support for disabling an entire namespace, including its team members 2017-07-13 12:25:19 +03:00
Joseph Schorr
7910dc4b2a Fix reference error 2017-07-13 12:25:19 +03:00
Joseph Schorr
2814d2d5eb Add support for organizations to disableabuser 2017-07-13 12:25:19 +03:00
josephschorr
96d1fd128d Merge pull request #2757 from coreos-inc/joseph.schorr/QUAY-606/logarchive-georep
Add support for QE customers to enable log rotation
2017-07-12 00:30:04 +03:00
Evan Cordell
ac54dd6f5d fix(secscan): don't use slash_join, it discards the root 2017-07-11 14:12:57 -04:00
Evan Cordell
b9581e0baf fix(secscan): fix mitm cert path calculation 2017-07-11 13:26:19 -04:00
Joseph Schorr
a13235c032 Fix typo 2017-07-10 18:35:51 +03:00
Evan Cordell
939ddfd1d7 Merge v2.4.0-release into cherrypick-2.4.0 2017-07-10 10:25:18 -04:00
Joseph Schorr
176c26e3f7 Add config validation for action log archiving 2017-07-10 13:09:33 +03:00
EvB
ccca0c9655 refactor(util/tufmetadata/test): move app test to gc suite 2017-07-07 15:14:14 -04:00
Antoine Legrand
cdb3722c17 Use $QUAYPATH and $QUAYDIR in conf and init files 2017-07-05 16:23:54 +02:00
Evan Cordell
d64b8b1fcf Revert to old secret handling, fix license loading 2017-06-28 23:15:14 -04:00
Jimmy Zelinskie
1d2640e012 util.secscan.fake: add test for unexpected status 2017-06-28 13:40:04 -04:00
Evan Cordell
ef459a2d18 Update the expected response layout for kubernetes config 2017-06-28 07:28:57 -04:00
Jimmy Zelinskie
46087d5e64 util.secscan.api: more robust API failures cases
Addresses QUAY-672 by handling all status codes that are not 404 and 5xx
and moving response decoding inside the try/except block to ensure that
the response object is in scope.
2017-06-26 17:13:51 -04:00
Jimmy Zelinskie
e028e159c0 add app registry config to setup tool: default off 2017-06-16 15:44:00 -04:00
Jimmy Zelinskie
9df04a09d6 Merge pull request #2694 from jzelinskie/fix-torrent-config-validation
Fix torrent config validation
2017-06-09 13:39:01 -04:00
Jimmy Zelinskie
a16b469d9b util.registry.torrent: stash kid in JWT headers
Upstream, chihaya reads this header in order to find the kid in the list
of maintained keys. A long time ago, it used to just iterate, but now it
needs to know the kid.
2017-06-09 13:31:38 -04:00
Jimmy Zelinskie
7d07c2ed07 util.config.validators: fix torrent validation
This code was mistaken the info dict with the params passed in an
announce request. Rather, now we expose a function for creating a jwt
from infohashes directly.
2017-06-09 13:31:38 -04:00
Antoine Legrand
f0dd2e348b Merge pull request #2551 from coreos-inc/structured-logs
Add log formatter class
2017-06-07 08:22:18 -07:00
Antoine Legrand
3c99928a27 Add log JSON formatter 2017-06-07 00:02:52 +02:00
Kenny Lee Sin Cheong
1f76e9dc3b Merge pull request #2661 from kleesc/securityworker_cpu
Raise an APIRequestFailure exception when security scanner is unavail…
2017-06-03 12:15:45 -04:00
Joseph Schorr
0ba54ed4fc Simplify the caching of service keys to hopefully avoid the not found issue
Makes accesses simpler and reduces the number of dictionaries to one, in an effort to remove race conditions
2017-05-26 13:51:48 -04:00
josephschorr
2ec43483a8 Merge pull request #2662 from coreos-inc/direct-login
Enable toggling of the direct login feature in the superuser panel
2017-05-24 16:51:43 -04:00
Joseph Schorr
2b9873483a Enable toggling of the direct login feature in the superuser panel
Allows superusers to disable login to the UI via credentials if at least one OIDC provider is configured
2017-05-24 12:57:55 -04:00
Evan Cordell
c55c233f1f Merge pull request #2646 from ecordell/kubernetes-ca-fix
ConfigProviders abstract over path construction
2017-05-24 11:37:17 -04:00
josephschorr
8e8470890a Merge pull request #2653 from coreos-inc/new-signing-ui
Implement updated UI for displaying the signing status of a tag, now …
2017-05-24 11:31:52 -04:00
Kenny Lee Sin Cheong
203c0b76e0 Raise an APIRequestFailure exception when security scanner is unavailable
Put worker to sleep for the duration of the default indexing interval
when an APIRequestFailure occurs, when the API request fails due to a
connection error, timeout, or other ambiguous errors, from
analyze_layer or get_layer_data .
2017-05-24 11:04:44 -04:00
Evan Cordell
20da91d879 Add tests for providers and update install script 2017-05-23 15:43:21 -04:00
Evan Cordell
b3a5f0db1b Merge coreos/new-signing-ui into new-signing-ui 2017-05-23 13:07:18 -04:00
Evan Cordell
897da1df67 Fix tuf api calls 2017-05-23 12:36:49 -04:00
Evan Cordell
f877865e82 Fix tuf api calls 2017-05-23 10:47:59 -04:00
Evan Cordell
01b59e8d66 ConfigProviders abstract over path construction
Fixes issue where certs can't be uploaded in UI in k8s
2017-05-17 08:12:09 -04:00
Jimmy Zelinskie
702cdf59ff Merge pull request #2637 from jzelinskie/audit-apps
Audit Logs for Apps
2017-05-16 17:06:25 -04:00
Jimmy Zelinskie
4db789b656 add audit logging to app registry endpoints 2017-05-16 15:54:02 -04:00
Evan Cordell
e2be8481b0 Merge pull request #2643 from ecordell/all-delegations-tuf
Return all tags in all delegations in tuf api
2017-05-15 17:23:05 -04:00
Evan Cordell
3e3ed11634 Add api for getting all signed tags, separated by delegation 2017-05-15 16:18:30 -04:00
Jake Moshenko
21cb9f1aa1 Handle null executor cancellations separately from other exceptions 2017-05-15 13:45:44 -04:00
josephschorr
19f67bfa1b Merge pull request #2607 from coreos-inc/faster-security-notify
Batch the tag lookups in the security notification worker in an attempt to significant reduce load
2017-05-03 13:49:13 -04:00
Joseph Schorr
977bbc20a2 Add filtering onto the images query in get_matching_tags_for_images
Should make the query even faster in the security notification case
2017-05-02 18:29:14 -04:00
Joseph Schorr
4e09fff181 Remove test that breaks MySQL full DB tests 2017-05-02 16:04:46 -04:00
Joseph Schorr
98fcae753b Change the security notification system to use get_matching_tags_for_images
This should vastly reduce the number of database calls we make, as instead of making 2-3 calls per image, we'll make two calls per ~100 images
2017-05-02 15:39:27 -04:00
Evan Cordell
738f53f61a Merge pull request #2597 from ecordell/sni
TUF metadata api SNI support
2017-05-02 13:01:16 -04:00
Evan Cordell
b2569ffbb2 Support SNI in python requests, and only delete tuf metadata if it
exists
2017-05-02 09:32:12 -04:00
Joseph Schorr
ae0d1e831b Add prometheus metric for queued builds 2017-05-01 15:16:55 -04:00
josephschorr
8b148bf1d4 Merge pull request #2576 from coreos-inc/full-db-tests-tox
Reenable full database testing locally and in concourse
2017-04-27 18:09:15 -04:00
Joseph Schorr
4ea4ee3aa4 Fix time machine config validator on old-style config
Existing config won't have the keys defined, so make sure we skip in that case (and just use the defaults)
2017-04-27 14:24:47 -04:00