vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
8890 commits 2 branches 62 tags 205 MiB
Commit graph

46 commits

Author SHA1 Message Date
Joseph Schorr
f86c087b3b Prevent registry operations against disabled namespaces 
Allows admins to completely wall off a namespace by disabling it

Fixes https://jira.coreos.com/browse/QUAY-869
 2018-05-22 18:36:04 -04:00
Joseph Schorr
a59c951aa3 Add support for multiple scope parameters on V2 auth requests 
Fixes https://jira.coreos.com/browse/QUAY-892
 2018-04-18 20:16:49 +03:00
Joseph Schorr
e220b50543 Refactor auth code to be cleaner and more extensible 
We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc).
 2018-02-14 15:35:27 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Jimmy Zelinskie
b1434b0380 endpoints.v2: yapf format 2017-06-26 18:22:17 -04:00
Jimmy Zelinskie
0e26a03f7e endpoints.v2: new fs layout for data interface 
Fixes QUAY-658
 2017-06-26 18:21:35 -04:00
Evan Cordell
2661db7485 Add flag to enable trust per repo (#2541) 
* Add flag to enable trust per repo

* Add api for enabling/disabling trust

* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api

* Add `set_trust` method to repository

* Expose new logkind to UI

* Fix registry tests

* Rebase migrations and regen test.db

* Raise downstreamissue if trust metadata can't be removed

* Refactor change_repo_trust

* Add show_if to change_repo_trust endpoint
 2017-04-15 08:26:33 -04:00
Evan Cordell
9515f18fb6 Add tufmetadata endpoint 2017-04-05 10:03:27 -04:00
Joseph Schorr
cae9d69376 Better error messages for Docker errors 2017-03-31 17:15:14 -04:00
Evan Cordell
abd78bce56 Use constants for TUF roots 2017-03-27 11:37:17 -04:00
Evan Cordell
6ad107709c Change build_context_and_subject to take kwargs 2017-03-27 11:37:17 -04:00
Evan Cordell
43dd974dca Determine which TUF root to show based on actual access, not requested 
access
 2017-03-27 11:37:17 -04:00
Joseph Schorr
95e1cf6673 Make V2 login errors more descriptive 
If login fails, we now call validate again to get the reason for the failure, and then surface it to the user of the CLI. This allows for more actionable responses, such as:

$ docker login 10.0.2.2:5000
Username (devtable): devtable
Password:

Error response from daemon: Get http://10.0.2.2:5000/v2/: unauthorized: Client login with unencrypted passwords is disabled. Please generate an encrypted password in the user admin panel for use here.
 2017-03-23 15:42:45 -04:00
Joseph Schorr
1bd4422da9 Move auth decorators into a decorators module 
The non-decorators will be broken out in the followup change
 2017-03-23 15:42:45 -04:00
Jimmy Zelinskie
48ba59d615 endpoints.v2: only work on docker repositories 2017-03-22 17:26:59 -04:00
Charlton Austin
e87404c327 Adding in what metadata_root_name to JWT 2017-02-22 16:59:19 -05:00
Evan Cordell
9e96e6870f Add support for * (admin) permission to registry auth v2 endpoint 2016-11-28 14:02:08 -05:00
Jimmy Zelinskie
31b77cf232 rename auth.auth to auth.process 
This fixes some ambiguity around imports.
 2016-09-29 15:24:57 -04:00
Jimmy Zelinskie
44eca10c05 update interfaces to use ABC 2016-09-26 14:50:24 -04:00
Jimmy Zelinskie
c06d395f96 create interfaces for v1 and v2 data model 2016-09-26 14:49:23 -04:00
Joseph Schorr
db60df827d Implement V2 interfaces and remaining V1 interfaces 
Also adds some tests to registry tests for V1 stuff.
Note: All *registry* tests currently pass, but as verbs are not yet converted, the verb tests in registry_tests.py currently fail.
 2016-09-26 14:49:04 -04:00
Jimmy Zelinskie
a516c08deb v2: refactor auth to use data.types 2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
3f722f880e v2: add pagination decorator 2016-09-26 14:48:05 -04:00
Joseph Schorr
8887f09ba8 Use the instance service key for registry JWT signing 2016-06-07 11:58:10 -04:00
Jake Moshenko
8323c51e6e Extend registry auth to support notary JWTs. 2016-05-24 13:42:28 -04:00
Jake Moshenko
9221a515de Use the registry API for security scanning 
when the storage engine doesn't support direct download url
 2016-05-04 18:04:06 -04:00
Joseph Schorr
8cd38569d6 Fix issue with Docker 1.8.3 and pulling public repos with no creds 
We now return the valid subset of auth scopes requested.

Adds a test for this case and adds testing of all returned JWTs in the V2 login tests
 2016-01-25 15:54:17 -05:00
josephschorr
566a91f003 Merge pull request #1160 from coreos-inc/dockerv2authsucks 
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
 2016-01-22 16:00:30 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. 
This support is placed behind a feature flag.
 2016-01-22 15:54:06 -05:00
josephschorr
d00db518df Merge pull request #1153 from coreos-inc/fixtutorial 
Fix tutorial by properly publishing user events for V2 API
 2016-01-22 12:51:47 -05:00
Joseph Schorr
068301ef1f Add more debugging statements to V2 auth 
Also fixes a spurious return
 2016-01-20 18:06:46 -05:00
Joseph Schorr
22b8a562be Fix tutorial by properly publishing user events for V2 API 
Fixes #1123
 2016-01-20 13:42:30 -05:00
Joseph Schorr
ca7d36bf14 Handle empty scopes and always send the WWW-Authenticate header, as per spec 
Fixes #1045
 2015-12-15 14:59:47 -05:00
Joseph Schorr
4a4eee5e05 Make our JWT subjects better and log using the info 
Fixes #1039
 2015-12-14 14:00:33 -05:00
Joseph Schorr
75a91f0f92 Add login tests and fix scope security issue 2015-11-24 13:39:16 -05:00
Jake Moshenko
0c44949017 Return a 401 when doing a login with bad credentials 2015-11-20 18:37:52 -05:00
Jake Moshenko
39d799b1aa Fix anonymous repository pulls 2015-11-18 20:11:06 -05:00
Jake Moshenko
c27f91f7cf Fix token pushes for v2 auth, tokens have no user 2015-11-18 19:18:12 -05:00
Jake Moshenko
4cc619f4ca Clean up v2 branch to no longer warn about readiness 2015-11-16 14:42:43 -05:00
Joseph Schorr
f393236c9f Add repo name check to V2 
Fixes #592
 2015-10-05 14:19:52 -04:00
Jake Moshenko
9c3ddf846f Some fixes and tests for v2 auth 
Fixes #395
 2015-09-10 15:38:57 -04:00
Joseph Schorr
42dba8655c Fix auth and add V2 tests! 2015-09-03 12:21:21 -04:00
Joseph Schorr
31fdb94436 Enable rate limiting of V2 requests 2015-08-25 14:18:34 -04:00
Jake Moshenko
bc29561f8f Fix and templatize the logic for external JWT AuthN and registry v2 Auth. 
Make it explicit that the registry-v2 stuff is not ready for prime time.
 2015-07-17 11:56:15 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Jake Moshenko
acbcc2e206 Start of a v2 API. 2015-07-17 11:50:41 -04:00