Joseph Schorr
44f49a43dd
Fix creation of repositories when having a creator permission
...
This fixes the grants on a user's session when creating a repository with only the creator permission
Fixes #117
2015-06-10 16:12:42 -04:00
Joseph Schorr
f980b892d8
Remove debug flag from JWT tests
...
This can break unit tests running
2015-06-05 15:39:27 -04:00
Jake Moshenko
2a2414d6af
Merge pull request #60 from coreos-inc/jwtauthentication
...
Add support for an external JWT-based authentication system
2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e
Add support for an external JWT-based authentication system
...
This authentication system hits two HTTP endpoints to check and verify the existence of users:
Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
Returns 200 if the username/email exists, 4** otherwise
Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message
The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
josephschorr
63f289a8cb
Merge pull request #59 from jzelinskie/custom-git-fix
...
triggers: metadata.commit_sha -> metadata.commit
2015-06-02 16:10:26 -04:00
Joseph Schorr
477a3fdcdc
Add a test to verify that all important blueprints have all their methods decorated
...
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0
triggers: metadata.commit_sha -> metadata.commit
...
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031
Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository
...
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
2015-06-02 15:16:22 -04:00
Joseph Schorr
3602b59465
Add registry tests for anonymous access
2015-06-02 14:27:57 -04:00
Joseph Schorr
c0e995c1d4
Merge branch 'master' into nolurk
2015-06-02 13:55:16 -04:00
Jake Moshenko
7bc5f7a1ca
Merge pull request #53 from coreos-inc/v1test
...
Add tests for the registry that mimic Docker's calls
2015-06-02 12:24:42 -04:00
Joseph Schorr
9585e2a765
End-to-end registry tests
2015-06-01 16:35:30 -04:00
Joseph Schorr
1aff701bc7
Fix LDAP referral and multiple pair handling
...
Fixes two issues found with our LDAP handling code. First, we now follow referrals in both LDAP calls, as some LDAP systems will return a referral instead of the original record. Second, we now make sure to handle multiple search result pairs properly by further filtering based on the presence of the 'mail' attribute when we have multiple valid pairs. This CL also adds tests for all of the above cases.
2015-05-27 15:04:34 -04:00
Joseph Schorr
b0d763b5ff
Fix encrypted password generator to use the LDAP username, not the Quay username.
...
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-20 16:37:09 -04:00
Joseph Schorr
eb773e40a2
Add some more debug logging around bitbucket triggers and add some tests to verify we properly handle trigger branch filters
2015-05-20 14:18:12 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
efab02ae47
LDAP improvements:
...
- Better logging
- Better error messages
- Add unit tests
- Clean up the setup tool for LDAP
2015-05-11 21:23:18 -04:00
Joseph Schorr
3e1abba284
Add ability for super users to rename and delete organizations
2015-05-11 18:03:25 -04:00
Joseph Schorr
f858caf6cd
Only return the team and repo permissions when listing robots when we absolutely need them.
2015-05-08 16:43:07 -04:00
Joseph Schorr
469f25b64c
Start measuring the number of queries on critical API calls
2015-05-07 22:25:23 -04:00
Joseph Schorr
3627de103c
Minimize the queries used when retrieve builds. Previously, we'd call out to SQL extra times per build.
2015-05-07 21:11:15 -04:00
Joseph Schorr
7b35555776
Make sure to test for unicode usernames, since the collate on the username field is latin1
2015-05-07 18:13:45 -04:00
Joseph Schorr
d07f9f04e9
UI and code improvements to make working with the multiple SCMs easier
2015-05-03 10:38:11 -07:00
Joseph Schorr
e3aededcbc
Merge branch 'master' into gitlab
2015-05-03 12:13:09 -04:00
Jimmy Zelinskie
3ac884beb4
gitlab oauth
2015-05-02 17:54:48 -04:00
Joseph Schorr
b96e35b28c
Merge master into bitbucket
2015-04-30 15:52:08 -04:00
Joseph Schorr
b3675df667
Fix tests
2015-04-30 15:47:40 -04:00
Joseph Schorr
60036927c9
Really disallow usage of the same account for an org as the one being converted. Before, you could do so via email.
2015-04-29 20:30:37 -04:00
Joseph Schorr
5a8093bbea
Fix API tests
2015-04-29 17:30:24 -04:00
Joseph Schorr
31260d50f5
Rename the new images method to a slightly better name
2015-04-24 16:37:37 -04:00
Joseph Schorr
e70343d849
Faster cache lookup by removing a join with the ImagePlacementTable, removing the extra loop to add the locations and filtering the images looked up by the base image
2015-04-24 16:22:19 -04:00
Jimmy Zelinskie
c238626c56
tests: update to reflect trigger API changes
2015-04-23 18:16:14 -04:00
Jimmy Zelinskie
02498d72ba
almost all PR discussion fixes
2015-04-21 18:04:25 -04:00
Jimmy Zelinskie
93cd459460
Merge branch 'master' into git
2015-04-20 10:58:49 -04:00
Joseph Schorr
e56d5a9fe5
Rebuild test db
2015-04-19 15:48:34 -04:00
Joseph Schorr
d1e2d072ea
Add unit tests and a stronger restriction on the revert API call
2015-04-19 15:43:16 -04:00
Joseph Schorr
e16657ed0e
Add security tests for the new revert endpoint
2015-04-19 15:25:33 -04:00
Jimmy Zelinskie
ba2cb08904
Merge branch 'master' into git
2015-04-16 17:38:35 -04:00
Joseph Schorr
f8c80f7d11
Add a history view to the tags page. Next step will add the ability to revert back in time
2015-04-15 15:21:09 -04:00
Joseph Schorr
396cba64e6
Fix search to return better results by searching for robots and namespaces in different queries.
2015-04-09 12:57:20 -04:00
Joseph Schorr
3707feaf5d
Disable MySQL in the full db test because the table setup fails
2015-04-09 11:47:58 -04:00
Joseph Schorr
40a6892a49
Add search tests
2015-04-07 14:05:12 -04:00
Joseph Schorr
5cd500257d
Merge branch 'master' into orgview
2015-04-01 13:56:49 -04:00
Jimmy Zelinskie
f55c478a30
testdb: resync
2015-04-01 13:43:11 -04:00
Joseph Schorr
1f5e6df678
- Fix tests
...
- Add new endpoints for retrieving the repo permissions for a robot account
- Have the robots list return the number of repositories for which there are permissions
- Other UI fixes
2015-03-31 18:50:43 -04:00
Jimmy Zelinskie
c5272f3545
initdb: add custom trigger and refresh test.db
2015-03-27 11:23:49 -04:00
Joseph Schorr
e4b659f107
Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords
2015-03-25 18:43:12 -04:00
Jake Moshenko
201943ed1c
Fix deadlocks with tags and garbage collection.
2015-03-24 18:00:04 -04:00
Jimmy Zelinskie
9c55aca011
migration: make resource_key nullable
2015-03-23 15:46:35 -04:00
Jimmy Zelinskie
f6f93e9079
consolidate everything into one GitHub trigger
2015-03-19 17:12:27 -04:00
Jimmy Zelinskie
93a9e9d01a
migration: add private key to build triggers
2015-03-19 14:30:25 -04:00
Jimmy Zelinskie
5a29218c5c
Merge branch 'master' into git
2015-03-19 12:10:34 -04:00
Jimmy Zelinskie
2a02d08dc6
testdb: update with github-git trigger
2015-03-19 12:07:25 -04:00
Joseph Schorr
44ff85d044
Remove migration (temporarily), fix a broken test, and make the aggregate size calculation use the entire image ancestry (for now).
2015-03-17 12:13:01 -04:00
Joseph Schorr
7b5341c067
Update database
2015-03-16 17:35:57 -04:00
Joseph Schorr
afc8e95e19
Start on new tag view
2015-03-09 22:03:39 -07:00
Joseph Schorr
8423b5874f
Typo fixes
2015-03-06 14:29:56 -05:00
Joseph Schorr
6a625ba9e6
Fix build logs date/time
2015-03-06 14:22:19 -05:00
Joseph Schorr
12b458780b
Handle loading status better for each namespace displayed in the repo list and update the database we use for testing
2015-03-05 16:25:16 -05:00
Joseph Schorr
43ab838998
Merge branch 'newbuildview'
2015-03-05 16:17:29 -05:00
Joseph Schorr
86447c0a99
Merge branch 'master' into pagesnew
2015-03-05 14:22:10 -05:00
Joseph Schorr
ed46d37ea7
- Add copy button to the build logs
...
- Add support for timestamps in the build logs
- Other small UI improvements to the build view
2015-02-27 16:00:32 -05:00
Jimmy Zelinskie
fb0d3d69c2
changes to reflect PR comments (not finished)
2015-02-24 17:50:54 -05:00
Joseph Schorr
a7ddf46c2a
Fix default test DB
2015-02-24 15:00:40 -05:00
Jimmy Zelinskie
35a2414d85
tests: star security tests
2015-02-23 14:23:32 -05:00
Joseph Schorr
10e2eabb1c
Fix test
2015-02-23 13:47:21 -05:00
Joseph Schorr
5f605b7cc8
Fix queue handling to remove the dependency from repobuild, and have a cancel method
2015-02-23 13:38:01 -05:00
Jimmy Zelinskie
2914a5da96
tests: add test for star/unstar repo
2015-02-20 15:11:41 -05:00
Jimmy Zelinskie
46832676f7
testdb: re-run initdb
2015-02-19 17:46:44 -05:00
Jake Moshenko
41108a0856
Allow tags to be marked as hidden. Create a hidden tag on every image during a push to prevent them from getting GCed.
2015-02-18 17:05:16 -05:00
Joseph Schorr
7c81d90cda
Start recording the commit sha and other metadata about github triggered builds. We'll eventually show this information in the UI
2015-02-18 14:12:59 -05:00
Jake Moshenko
2dd03f1bed
Merge remote-tracking branch 'origin/master' into rockyhorror
...
Conflicts:
test/data/test.db
2015-02-18 10:56:01 -05:00
Jake Moshenko
2cd5bdb563
Address concerns from pull request.
2015-02-18 10:43:08 -05:00
Joseph Schorr
83e05d2342
Add tracking of the kind of temporary access tokens, so we can display if a pull/push by token is for a build worker
2015-02-17 12:35:16 -05:00
Joseph Schorr
81ce4c771e
Add ability to cancel builds that are in the waiting state
2015-02-13 15:54:01 -05:00
Jake Moshenko
2ce6e76d9d
Add the required migration for time machine tag lifetimes.
2015-02-13 14:41:08 -05:00
Jake Moshenko
5aedd1fabc
Merge remote-tracking branch 'origin/master' into rockyhorror
...
Conflicts:
test/data/test.db
2015-02-13 13:17:10 -05:00
Joseph Schorr
cae460b11b
Fix test db
2015-02-12 16:27:26 -05:00
Jake Moshenko
d306e37e9d
Add some simple tests to sanity check the time machine gc.
2015-02-12 16:05:45 -05:00
Jake Moshenko
b154e7acef
Merge remote-tracking branch 'origin/master' into rockyhorror
2015-02-12 15:27:28 -05:00
Jake Moshenko
740bc31058
Fix the gc test.
2015-02-12 14:44:01 -05:00
Jake Moshenko
872539bdbf
Switch to a per-namespace configurable expiration policy for time machine, and switch the tag gc to respect it.
2015-02-12 14:11:56 -05:00
Joseph Schorr
f107b50a46
Merge branch 'master' into ackbar
2015-02-12 12:04:45 -05:00
Jake Moshenko
f32bd748e4
Use a consistent concept of tag liveness everywhere. Fix the tests.
2015-02-11 15:02:50 -05:00
Jake Moshenko
90c0a9c1e0
First stab at time machine using fixed two week expiration policy.
2015-02-11 14:15:40 -05:00
Joseph Schorr
f8a917ec26
Fix test
2015-02-10 22:02:39 -05:00
Joseph Schorr
893ae46dec
Add an ImageTree class and change to searching *all applicable* branches when looking for the best cache tag.
2015-02-10 21:46:58 -05:00
Joseph Schorr
045614c6c8
Merge branch 'master' into ackbar
2015-02-09 17:16:42 -05:00
Joseph Schorr
c081b1fa86
Fix DB test and upgrade to peewee 2.4.7, which has the delete instance fix
2015-02-09 11:10:26 -05:00
Joseph Schorr
cf774e23df
Merge branch 'master' into v2
2015-02-05 15:37:14 -05:00
Joseph Schorr
9dfe523615
Merge master changes
2015-02-05 13:11:16 -05:00
Joseph Schorr
84e5c0644e
Address comments
2015-02-02 14:07:32 -05:00
Jake Moshenko
adce277d49
Fix the tests to use the default realm and building config.
2015-02-02 12:05:36 -05:00
Jake Moshenko
35ba2a6c1f
Use a file for sqlite in tests, in-memory seems to be seg-faulting
2015-01-30 16:32:37 -05:00
Joseph Schorr
3872d29de9
Add a transaction around the extend_processing call
2015-01-29 18:40:41 -05:00
Joseph Schorr
15397d270a
Add tests for path prefixing and super long filenames
2015-01-29 14:57:42 -05:00
Joseph Schorr
30b895b795
Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar
2015-01-23 17:26:14 -05:00
Joseph Schorr
c8229b9c8a
Implement new step-by-step setup
2015-01-23 17:19:15 -05:00
Jake Moshenko
44f7ab53a2
Merge remote-tracking branch 'origin/master' into ephemeral
2015-01-21 13:39:27 -05:00
Joseph Schorr
15a69ac872
Change robot deletions to set the performer to null, rather than attempting to delete the rows from the large log entries table
2015-01-14 12:56:06 -05:00