Jimmy Zelinskie
442cbed087
Merge pull request #186 from coreos-inc/changelog
...
Remove container usage tab and replace with changlog view
2015-06-29 10:06:07 -04:00
Joseph Schorr
b8c74bbb17
Remove container usage tab and replace with changlog view
...
Fixes #179
2015-06-29 11:07:46 +03:00
Joseph Schorr
cd5cb4b767
NPE fix
2015-06-28 10:44:58 +03:00
Joseph Schorr
07439328a4
Remove user_exists
endpoint from all auth systems
2015-06-23 17:33:51 -04:00
Jake Moshenko
ccebba8f51
Clean up headers and whitespace.
2015-06-23 17:10:03 -04:00
Joseph Schorr
9887c9c163
Remove ability to create Quay users from the Docker CLI
2015-06-22 17:12:05 -04:00
Jimmy Zelinskie
66450d4810
Merge pull request #152 from coreos-inc/branchtag
...
Allow manual triggering of both branches and tags
2015-06-22 15:37:03 -04:00
Joseph Schorr
ce6474c6b5
Robots API for users should not be internal-only
2015-06-22 15:14:10 -04:00
Joseph Schorr
143036be9c
Allow manual triggering of both branches and tags
...
Fixes #100
2015-06-19 14:38:26 -04:00
Joseph Schorr
2c46665415
Optimize the generate_headers check to skip the permissions load when we don't need it
2015-06-19 14:02:51 -04:00
Joseph Schorr
ec22bc0662
Raise a proper deactivation exception on bad credentials
2015-06-19 13:05:42 -04:00
Jimmy Zelinskie
82287926ab
Merge pull request #140 from coreos-inc/eventinfo
...
Add more build information to the events and have better messaging
2015-06-17 16:49:59 -04:00
Jake Moshenko
34c06b0932
Merge pull request #133 from coreos-inc/alembichealth
...
Add health check endpoint to verify that the locally running DB revis…
2015-06-17 15:04:19 -04:00
Joseph Schorr
fe70139daa
Allow GitHub triggers to be removed if OAuth token is invalid
2015-06-17 13:25:01 -04:00
Joseph Schorr
9b974f6b80
Add more build information to the events and have better messaging
...
Fixes #79
2015-06-16 23:16:36 -04:00
Joseph Schorr
7b94e37c95
Clarify why we use features.BILLING as the feature flag on the route
2015-06-16 17:43:02 -04:00
Joseph Schorr
48ee4671a7
Some additional fixes when testing this branch
2015-06-16 15:46:58 -04:00
Joseph Schorr
91c829bd14
Merge branch 'master' into gitfix
2015-06-16 15:18:24 -04:00
Joseph Schorr
6e0dc1df08
Add health check endpoint to verify that the locally running DB revision matches that of the database
...
Fixes #132
2015-06-15 15:55:30 -04:00
Jake Moshenko
860c7faf61
Merge pull request #127 from coreos-inc/vatotax
...
Add support for custom fields in billing invoices
2015-06-12 16:51:46 -04:00
Joseph Schorr
e7fa560787
Add support for custom fields in billing invoices
...
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.
Fixes #106
2015-06-12 16:45:01 -04:00
Joseph Schorr
da120a1ef2
Handle the case where GH auth fails on a trigger request
...
Fixes #124
2015-06-12 16:34:13 -04:00
Joseph Schorr
88aa5a0830
Switch BitBucket code to always use the latest commit
...
Before this change, we'd use the first commit, which could be incorrect if there are multiple commits in a single push
Fixes #99
2015-06-11 14:12:01 -04:00
Joseph Schorr
44f49a43dd
Fix creation of repositories when having a creator permission
...
This fixes the grants on a user's session when creating a repository with only the creator permission
Fixes #117
2015-06-10 16:12:42 -04:00
Jake Moshenko
e09d84b3c8
Merge pull request #55 from coreos-inc/oauthdeny
...
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-05 14:00:16 -04:00
Jake Moshenko
2a2414d6af
Merge pull request #60 from coreos-inc/jwtauthentication
...
Add support for an external JWT-based authentication system
2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e
Add support for an external JWT-based authentication system
...
This authentication system hits two HTTP endpoints to check and verify the existence of users:
Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
Returns 200 if the username/email exists, 4** otherwise
Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message
The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
josephschorr
63f289a8cb
Merge pull request #59 from jzelinskie/custom-git-fix
...
triggers: metadata.commit_sha -> metadata.commit
2015-06-02 16:10:26 -04:00
Joseph Schorr
477a3fdcdc
Add a test to verify that all important blueprints have all their methods decorated
...
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0
triggers: metadata.commit_sha -> metadata.commit
...
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031
Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository
...
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
2015-06-02 15:16:22 -04:00
Joseph Schorr
c0e995c1d4
Merge branch 'master' into nolurk
2015-06-02 13:55:16 -04:00
Jake Moshenko
42da017d69
Merge pull request #48 from coreos-inc/nobots
...
Change API calls that expect non-robots to explicitly filter
2015-06-02 12:31:19 -04:00
Joseph Schorr
5516911de9
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-02 12:25:59 -04:00
Joseph Schorr
25ee46f5a2
Fix bitbucket triggers when the branch tag filter removes all branches
2015-06-01 15:35:59 -04:00
Joseph Schorr
fdd43e2490
Change API calls that expect non-robots to explicitly filter
...
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
2015-05-26 17:47:33 -04:00
Joseph Schorr
b3ea4ecaa2
Remove unneeded mime type set; jsonify does this for us
2015-05-26 17:30:10 -04:00
Joseph Schorr
9888c3ad9b
Add an endpoint for downloading the logs of a build.
2015-05-26 17:24:18 -04:00
Joseph Schorr
ecabf086ea
Add missing newline at end of decorators.py
2015-05-26 16:48:59 -04:00
Joseph Schorr
374d1d7e89
Fix case where the auth token was not written properly for BitBucket
2015-05-26 13:40:21 -04:00
Joseph Schorr
855f3a3e4d
Have the verifyUser endpoint use the same confirm_existing_user method
...
This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP
2015-05-22 16:26:26 -04:00
Joseph Schorr
b0d763b5ff
Fix encrypted password generator to use the LDAP username, not the Quay username.
...
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-20 16:37:09 -04:00
Jimmy Zelinskie
7bed404302
Merge pull request #33 from coreos-inc/branchregex
...
Add some more debug logging around bitbucket triggers and add some te…
2015-05-20 14:22:33 -04:00
Joseph Schorr
eb773e40a2
Add some more debug logging around bitbucket triggers and add some tests to verify we properly handle trigger branch filters
2015-05-20 14:18:12 -04:00
Jimmy Zelinskie
fe3f0dc10b
custom-git: accept commit SHAs 7+ chars in length
2015-05-20 12:53:43 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
2379af71f8
Parse the client secret properly
2015-05-18 15:01:37 -04:00
Joseph Schorr
fb8e718c44
Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header
2015-05-18 12:38:39 -04:00
Joseph Schorr
28bd9af4ff
Fix tutorial
2015-05-13 14:55:39 -04:00
Joseph Schorr
0e86fc80ca
Fix bitbucket trigger to use the specified branch name before the default branch
2015-05-13 13:55:44 -04:00