vbatts/quay - Git - Batts Cloud

Archived

Author	SHA1	Message	Date
Joseph Schorr	c7beea2032	Fix handling of custom LDAP cert This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs Fixes #1846	2016-09-19 17:55:08 -04:00
Joseph Schorr	770ac0016e	Change validate method to work for all storages	2016-08-02 15:01:37 -04:00
Joseph Schorr	66ec1d81ce	Switch to install custom LDAP cert by name	2016-06-21 15:10:26 -04:00
Jake Moshenko	9221a515de	Use the registry API for security scanning when the storage engine doesn't support direct download url	2016-05-04 18:04:06 -04:00
josephschorr	f55fd2049f	Merge pull request #1433 from coreos-inc/ldapoptions Add additional options for LDAP	2016-05-04 14:06:29 -04:00
Joseph Schorr	42515ed9ec	Add additional options for LDAP Fixes #1420	2016-05-04 13:59:20 -04:00
Joseph Schorr	2cbdecb043	Implement setup tool support for Clair Fixes #1387	2016-05-04 13:40:50 -04:00
Joseph Schorr	1940fd9939	Add UI to the setup tool for enabling ACI conversion Fixes #1211	2016-02-17 12:05:48 -05:00
Joseph Schorr	1536709c02	Small fixes	2016-01-29 20:01:17 +02:00
Silas Sewell	5000b1621c	superuser: add storage replication config	2015-11-09 17:34:22 -05:00
Joseph Schorr	6f2271d0ae	Add support for direct download in Swift storage engine Fixes #483	2015-09-14 18:00:03 -04:00
Joseph Schorr	88a04441de	Extract the config provider into its own sub-module	2015-09-10 12:19:59 -04:00
Jake Moshenko	18100be481	Refactor the util directory to use subpackages.	2015-08-03 16:04:19 -04:00
Joseph Schorr	26ae629189	Prevent local storage setup on non-mounted paths Fixes #269	2015-07-27 14:32:02 -04:00
Joseph Schorr	38a6b3621c	Automatically link the superuser account to federated service for auth When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.	2015-07-22 13:37:23 -04:00
Joseph Schorr	33b54218cc	Refactor the users class into their own files, add a common base class for federated users and add a `verify_credentials` method which only does the verification, without the linking. We use this in the superuser verification pass	2015-07-20 11:39:59 -04:00
Joseph Schorr	066637f496	Basic Keystone Auth support Note: This has been verified as working by the end customer	2015-07-20 10:55:21 -04:00
Jake Moshenko	bc29561f8f	Fix and templatize the logic for external JWT AuthN and registry v2 Auth. Make it explicit that the registry-v2 stuff is not ready for prime time.	2015-07-17 11:56:15 -04:00
Joseph Schorr	4726559322	The database SSL name needs to be in its own list FIxes #243	2015-07-16 00:49:07 +03:00
Joseph Schorr	bb07d0965f	Allow SSL cert for the database to be configured This change adds a field for the SSL cert for the database in the setup tool. Fixes #89	2015-06-29 08:08:10 +03:00
Joseph Schorr	07439328a4	Remove `user_exists` endpoint from all auth systems	2015-06-23 17:33:51 -04:00
Joseph Schorr	331c300893	Refactor JWT auth to not import app locally	2015-06-17 15:53:21 -04:00
Joseph Schorr	457ee7306e	Parenthesis fix on the JWT auth error message	2015-06-10 16:00:25 -04:00
Joseph Schorr	8aac3fd86e	Add support for an external JWT-based authentication system This authentication system hits two HTTP endpoints to check and verify the existence of users: Existance endpoint: GET http://endpoint/ with Authorization: Basic (username:) => Returns 200 if the username/email exists, 4 otherwise Verification endpoint: GET http://endpoint/ with Authorization: Basic (username:password) => Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4 otherwise with the body containing an optional error message The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.	2015-06-05 13:20:10 -04:00
Joseph Schorr	4f2a1b3734	Add setup UI for the new trigger types (bitbucket and gitlab) and add validation	2015-05-03 11:50:26 -07:00
Joseph Schorr	85d6500daa	Merge resistanceisfutile into master	2015-03-23 15:39:08 -04:00
Joseph Schorr	360aa69d92	Fix LDAP error and url handling to be more clear for the end user	2015-03-16 14:33:53 -04:00
Joseph Schorr	4ca5d9b04b	Add support for filtering github login by org	2015-03-03 19:58:42 -05:00
Joseph Schorr	2c662b7861	Make sure to specify a default mail sender when validating emails. Unfortunately for us, flask-mail by default uses the sender from the global app instance, rather than the one specified in the Mail(...) call. This was breaking validation.	2015-03-03 13:56:32 -05:00
Joseph Schorr	7a199f63eb	Various small fixes and add support for subjectAltName to the SSL cert check	2015-02-12 14:00:26 -05:00
Joseph Schorr	400ffa73e6	Add SSL cert and key validation	2015-02-05 13:06:56 -05:00
Joseph Schorr	53e5fc6265	Have the config setup tool automatically prepare the S3 or GCS storage with CORS config	2015-01-16 16:10:40 -05:00
Joseph Schorr	6d604a656a	Move config handling into a provider class to make testing much easier	2015-01-09 16:23:31 -05:00
Joseph Schorr	bfd273d16f	- Make validation a bit nicer: - Add timeout to the DB validation - Make DB validation exception handling a bit nicer - Move the DB validation error message - Fix bug around RADOS config default for Is Secure - Allow hiding of the validation box	2015-01-08 15:27:49 -05:00
Joseph Schorr	5ac2c4970a	Add Google auth validation and fix the case where no config is specified at all for Google auth or Github auth	2015-01-08 13:56:17 -05:00
Joseph Schorr	5e0ce4eea9	Add validation of github to the config tool	2015-01-08 13:26:24 -05:00
Joseph Schorr	63504c87fb	Get end-to-end configuration setup working, including verification (except for Github, which is in progress)	2015-01-07 16:20:51 -05:00

37 commits