Joseph Schorr
45179216af
Have sec scan retries actually work
...
Until this change, if `ping` raised an exception, we wouldn't retry properly
2017-03-29 16:19:46 -04:00
Jimmy Zelinskie
65a17dc155
Merge pull request #2473 from coreos-inc/certs-fixes
...
Fixes and improvements around custom certificate handling
2017-03-27 15:08:36 -04:00
Evan Cordell
1016641f8d
refactor jwt context building
2017-03-27 11:37:17 -04:00
Evan Cordell
abd78bce56
Use constants for TUF roots
2017-03-27 11:37:17 -04:00
Evan Cordell
6ad107709c
Change build_context_and_subject to take kwargs
2017-03-27 11:37:17 -04:00
Evan Cordell
43dd974dca
Determine which TUF root to show based on actual access, not requested
...
access
2017-03-27 11:37:17 -04:00
Joseph Schorr
b017133cc6
Make QSS validation errors more descriptive
2017-03-24 17:28:16 -04:00
Jimmy Zelinskie
23759a1592
util.config.db: ensure blob locations sync on boot
2017-03-22 22:57:21 -04:00
Joseph Schorr
6ab5b8be45
Have storage replication backfill tool only backfill missing storages
...
Prevents overload of the queue
2017-03-22 11:30:49 -04:00
Joseph Schorr
6476488221
Skip bitbucket pushes without any commits
...
Fixes https://sentry.io/coreos/backend-production/issues/178220183/
2017-03-20 18:23:21 -04:00
josephschorr
432b2d3fe8
Merge pull request #2392 from coreos-inc/search-optimization
...
Optimize repository search by changing our lookup strategy
2017-03-10 15:44:26 -05:00
josephschorr
6d6be63ca6
Merge pull request #2393 from coreos-inc/oidc-ui
...
OIDC configuration support in superuser config panel
2017-03-10 12:13:48 -05:00
Joseph Schorr
b5bb76cdea
Optimize repository search by changing our lookup strategy
...
Previous to this change, repositories were looked up unfiltered in six different queries, and then filtered using the permissions model, which issued a query per repository found, making search incredibly slow. Instead, we now lookup a chunk of repositories unfiltered and then filter them via a single query to the database. By layering the filtering on top of the lookup, each as queries, we can minimize the number of queries necessary, without (at the same time) using a super expensive join.
Other changes:
- Remove the 5 page pre-lookup on V1 search and simply return that there is one more page available, until there isn't. While technically not correct, it is much more efficient, and no one should be using pagination with V1 search anyway.
- Remove the lookup for repos without entries in the RAC table. Instead, we now add a new RAC entry when the repository is created for *the day before*, with count 0, so that it is immediately searchable
- Remove lookup of results with a matching namespace; these aren't very relevant anyway, and it overly complicates sorting
2017-03-09 19:47:55 -05:00
Joseph Schorr
eff1827d9d
Batch QSS notifications after initial scan
2017-03-01 15:42:49 -05:00
Jimmy Zelinskie
cbb2fff0e2
util.secscan.api: raise exception for !200 status
2017-03-01 00:40:47 -05:00
Jimmy Zelinskie
cba7816caf
util.failover: re-raise exceptions on failure
2017-03-01 00:40:47 -05:00
Joseph Schorr
157640e696
Add config validator for OIDC logins
2017-02-28 16:18:19 -05:00
Joseph Schorr
88b808f468
Fix typo
2017-02-24 12:23:18 -05:00
Joseph Schorr
d4eb4f7f3c
Pull out github trigger and login validation into validator class
2017-02-24 12:23:18 -05:00
Joseph Schorr
a31f2267e8
Pull out gitlab trigger validation into validator class
2017-02-24 12:23:18 -05:00
Joseph Schorr
7a260d81d3
Pull out bitbucket trigger validation into validator class
2017-02-24 12:23:17 -05:00
Joseph Schorr
49638b081b
Pull out google login validation into validator class
2017-02-24 12:23:17 -05:00
Joseph Schorr
620e377faf
Pull out ssl validation into validator class
2017-02-24 12:23:17 -05:00
Joseph Schorr
e76b95f0e6
Add S3 storage test to validator tests
2017-02-24 12:23:17 -05:00
Joseph Schorr
09b3cfd549
Pull out torrent validation into validator class
2017-02-24 12:23:17 -05:00
Joseph Schorr
2944a4e13d
Pull out signing validation into validator class
2017-02-24 12:23:17 -05:00
Joseph Schorr
8844ecbb7c
Fix imports
2017-02-24 12:23:16 -05:00
Joseph Schorr
dcabb36ac7
Add TODO
2017-02-24 12:23:16 -05:00
Joseph Schorr
3db4c15459
Pull out security scanner validation into validator class
2017-02-24 12:23:16 -05:00
Joseph Schorr
c0f7530b29
Pull out JWT auth validation into validator class
...
Also fixes a small bug in validation (yay tests!)
2017-02-24 12:23:16 -05:00
Joseph Schorr
678f868bc4
Pull out keystone validation into validator class
2017-02-24 12:23:15 -05:00
Joseph Schorr
c55ddf7341
Pull out ldap validation into validator class
2017-02-24 12:23:15 -05:00
Joseph Schorr
2d64cf3000
Rename config validation source files
2017-02-24 12:23:15 -05:00
Joseph Schorr
00eceb7ed5
Pull out email validation into validator class
2017-02-24 12:23:15 -05:00
Joseph Schorr
ee4f5ed5d6
Move registry storage validator to new location
2017-02-24 12:23:15 -05:00
Joseph Schorr
b2afe68632
Pull out redis validation into validator class
2017-02-24 12:23:15 -05:00
Joseph Schorr
f933b3e295
Pull out database validation into validator class
2017-02-24 12:23:14 -05:00
Joseph Schorr
484977f728
Refactor security scanner validation from single sleep to polling
2017-02-24 12:23:14 -05:00
Jimmy Zelinskie
c8034deab4
util.secscan.api: failover connection failures
2017-02-23 15:01:32 -05:00
Joseph Schorr
67c0bf6263
Fix docker versioning library to support new versioning scheme
...
Fixes: https://sentry.io/coreos/backend-production/issues/222349174/
Reference: https://github.com/docker/docker/pull/31075
2017-02-22 16:08:17 -05:00
Joseph Schorr
94be8731f3
Change Docker Version tests to pytest
2017-02-22 15:45:06 -05:00
josephschorr
f7a7d30ec2
Merge pull request #2366 from coreos-inc/alert-spam-fixes
...
Small fixes for alert spam
2017-02-22 14:18:18 -05:00
Joseph Schorr
7cc7e54945
Remove unicode before sending it to path parser
...
Fixes https://sentry.io/coreos/backend-production/issues/175929456/
2017-02-22 13:21:12 -05:00
Jake Moshenko
b03e03c389
Read the number of unscanned clair images from the block allocator
2017-02-21 19:13:51 -05:00
josephschorr
8f01cb959a
Merge pull request #2354 from coreos-inc/license-sorting
...
Change entitlement sorting to sort *valid* entitlements by reverse expiration time
2017-02-15 16:24:51 -05:00
Joseph Schorr
d506279892
Change entitlement sorting to sort *valid* entitlements by reverse expiration time
...
With this change, if all entitlements are valid, we sort to show the entitlement that will expire the farthest in the future, as that defines the point at which the user must act before the license becomes invalid.
2017-02-15 14:31:24 -05:00
Charlton Austin
3fd8c8a60d
feature(app.py): adding queue_metrics to queues
...
publishing queue metrics for SRE
[none]
2017-02-14 16:01:28 -05:00
Jimmy Zelinskie
1d6339e644
test.test_api_usage: fix secscan tests
2017-02-14 15:21:18 -05:00
Jimmy Zelinskie
3286566478
util.secscan.api: reorg try/catch
2017-02-14 15:21:17 -05:00
Jimmy Zelinskie
d2909c0e4d
failover: store result in FailoverException
2017-02-14 14:36:36 -05:00