vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
3520 commits 2 branches 62 tags 205 MiB
Commit graph

262 commits

Author SHA1 Message Date
Joseph Schorr
4333bb9e14 Implement stream_read_file for the Swift storage engine 
Note that Swift doesn't seem to have a file-like interface, so we need to wrap the generator we get back from it.

Fixes #210
 2015-07-02 17:52:43 +03:00
Jimmy Zelinskie
756d6784ca Merge pull request #192 from coreos-inc/sqlssl 
Allow SSL cert for the database to be configured
 2015-06-29 13:33:31 -04:00
Joseph Schorr
dc5af7496c Allow superusers to disable user accounts 2015-06-29 18:40:52 +03:00
Joseph Schorr
bb07d0965f Allow SSL cert for the database to be configured 
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
 2015-06-29 08:08:10 +03:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Joseph Schorr
331c300893 Refactor JWT auth to not import app locally 2015-06-17 15:53:21 -04:00
Joseph Schorr
e7fa560787 Add support for custom fields in billing invoices 
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.

Fixes #106
 2015-06-12 16:45:01 -04:00
Joseph Schorr
90b4f0a2ed Fix default log archive location for ER 
Before this change, the ER was using the default of 'local_us' from the base config, which is incorrect, and caused no logs to be archived.
 2015-06-11 13:43:29 -04:00
Joseph Schorr
457ee7306e Parenthesis fix on the JWT auth error message 2015-06-10 16:00:25 -04:00
Jake Moshenko
2a2414d6af Merge pull request #60 from coreos-inc/jwtauthentication 
Add support for an external JWT-based authentication system
 2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system 
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
 2015-06-05 13:20:10 -04:00
Joseph Schorr
c0e995c1d4 Merge branch 'master' into nolurk 2015-06-02 13:55:16 -04:00
Joseph Schorr
dd28a845db Fix NPE in cache control decorator 2015-05-28 13:22:42 -04:00
Joseph Schorr
ac239ec4ee Make sure to only split into two parts max 2015-05-20 14:54:41 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
2379af71f8 Parse the client secret properly 2015-05-18 15:01:37 -04:00
Joseph Schorr
fb8e718c44 Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header 2015-05-18 12:38:39 -04:00
Joseph Schorr
4f2a1b3734 Add setup UI for the new trigger types (bitbucket and gitlab) and add validation 2015-05-03 11:50:26 -07:00
Joseph Schorr
d07f9f04e9 UI and code improvements to make working with the multiple SCMs easier 2015-05-03 10:38:11 -07:00
Jimmy Zelinskie
3ac884beb4 gitlab oauth 2015-05-02 17:54:48 -04:00
Joseph Schorr
c480fb2105 Work in progress: bitbucket support 2015-04-24 15:13:08 -04:00
Jimmy Zelinskie
ba2cb08904 Merge branch 'master' into git 2015-04-16 17:38:35 -04:00
Joseph Schorr
3cd11c8f45 GitHub login fixes: 
- Allow for case insensitivity in the org name list
  - Remove the check for verified email addresses when under Enterprise; it isn't supported there.
 2015-04-16 12:17:39 -04:00
Joseph Schorr
036c8e56e0 Add proper error handling when the config volume is mounted in a read-only state. 2015-04-02 18:54:09 -04:00
Joseph Schorr
5cd500257d Merge branch 'master' into orgview 2015-04-01 13:56:49 -04:00
Joseph Schorr
27a9b84587 Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists 2015-03-30 17:55:04 -04:00
Joseph Schorr
aaf1b23e98 Address CL concerns and switch to a real encryption system 2015-03-26 15:10:58 -04:00
Joseph Schorr
85d6500daa Merge resistanceisfutile into master 2015-03-23 15:39:08 -04:00
Jimmy Zelinskie
f6f93e9079 consolidate everything into one GitHub trigger 2015-03-19 17:12:27 -04:00
Jimmy Zelinskie
5a29218c5c Merge branch 'master' into git 2015-03-19 12:10:34 -04:00
Jimmy Zelinskie
288f847e9a util.ssh: reorder return args 2015-03-18 17:32:59 -04:00
Joseph Schorr
b8d88c0f4e Add aggregate size column and a migration to backfill it 2015-03-16 18:03:17 -04:00
Joseph Schorr
360aa69d92 Fix LDAP error and url handling to be more clear for the end user 2015-03-16 14:33:53 -04:00
Jimmy Zelinskie
c9d955e432 util.ssh: generate ssh key method 2015-03-16 13:37:27 -04:00
Jimmy Zelinskie
47675b88f5 analytics: fix misspelled class name 2015-03-06 12:02:13 -05:00
Joseph Schorr
2e840654d3 PR changes 2015-03-05 12:07:39 -05:00
Joseph Schorr
4f04ad2acd Change ImageTree to only use a single loop over the images when building. This should be slightly faster on large image sets 2015-03-04 16:53:22 -05:00
Joseph Schorr
4ca5d9b04b Add support for filtering github login by org 2015-03-03 19:58:42 -05:00
Joseph Schorr
2c662b7861 Make sure to specify a default mail sender when validating emails. Unfortunately for us, flask-mail by default uses the sender from the *global* app instance, rather than the one specified in the Mail(...) call. This was breaking validation. 2015-03-03 13:56:32 -05:00
Jake Moshenko
24ab0ae53a Fix some problems with off by one in the id condition when deleteing temporary access tokens. 2015-02-20 16:23:36 -05:00
Jake Moshenko
f7b5221391 Merge branch 'master' of github.com:coreos-inc/quay 2015-02-20 16:07:34 -05:00
Jake Moshenko
3bbe064291 Add a script for deleting the old temporary access tokens in small batches. 2015-02-20 16:07:31 -05:00
Jimmy Zelinskie
9c6b029f87 cloudwatch: update docs 2015-02-20 16:07:02 -05:00
Jimmy Zelinskie
47f8cb77c4 Merge pull request #11 from coreos-inc/nimbus 
CloudWatch for build job status
 2015-02-18 17:17:28 -05:00
Jimmy Zelinskie
9ab3554226 buildreporter: does not execute in a coroutine! 2015-02-18 17:11:45 -05:00
Jimmy Zelinskie
0d38e0b00b metrics: use config['name'] to get metric conf 2015-02-18 16:05:36 -05:00
Jimmy Zelinskie
f53dea46b7 buildman: address PR #11 comments 2015-02-18 14:13:36 -05:00
Joseph Schorr
c69aea1262 Fix invoice address 2015-02-18 11:57:13 -05:00
Jimmy Zelinskie
ef8d320c95 cloudwatch: global before reading queue 
Technically, it isn't necessary to use the global keyword before reading
a global value, only modifying it. However, in this case it leaves a
pretty annoying log line.
 2015-02-17 13:13:12 -05:00
Jimmy Zelinskie
6a1dd376c2 util: add cloudwatch package 
This isolates the CloudWatch sending thread to it's own package where it
can be shared among any other packages that want to asynchronously send
metrics to CloudWatch.
 2015-02-14 16:30:10 -05:00