Quentin Machu
f59e35cc81
Add support for Quay's vulnerability tool
2015-11-06 15:22:18 -05:00
Joseph Schorr
bbf4a1fac4
Remove the used_legacy_github column
2015-11-06 15:17:55 -05:00
Joseph Schorr
6bc5c78241
Later migration changed one of the tables, so make local copies
2015-11-03 11:18:42 -05:00
josephschorr
45bfe7dafc
Merge pull request #747 from coreos-inc/rebrand
...
Rebrand Quay
2015-11-02 15:46:59 -05:00
Jimmy Zelinskie
c78c450211
UTF-8 v1_json_metadata, comment, manifest
...
This will allow us to store unicode JSON blobs in the column on MySQL.
2015-11-02 15:40:19 -05:00
Joseph Schorr
f6a53f7cc5
Change all Quay.io references to Quay, fix tour and change logo
...
Fixes #741
2015-11-02 14:37:48 -05:00
Jake Moshenko
2c10d28afc
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-10-26 14:44:16 -04:00
Jake Moshenko
9da64f3aba
Stop writing to deprecated columns for image data.
2015-10-24 14:45:15 -04:00
Jimmy Zelinskie
e973289397
Revert "Revert "Merge pull request #682 from jzelinskie/revertrevert""
...
This reverts commit 278bc736e3
.
2015-10-23 15:26:33 -04:00
Joseph Schorr
05262125a0
Make the namespace and secret name configurable via env var for the k8s provider
...
Fixes #695
2015-10-23 12:18:11 -04:00
Jake Moshenko
e7a6176594
Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2
2015-10-22 16:59:28 -04:00
Jimmy Zelinskie
278bc736e3
Revert "Merge pull request #682 from jzelinskie/revertrevert"
...
This reverts commit 627ad25c9c
, reversing
changes made to 31c392fecc
.
2015-10-22 16:02:07 -04:00
Jake Moshenko
ce94931540
Stop writing to deprecated columns for image data.
2015-10-22 12:14:39 -04:00
josephschorr
ad53bf5671
Merge pull request #644 from coreos-inc/namechoose
...
Docker changed their namespace regex, so we need to adjust
2015-10-22 12:07:52 -04:00
Joseph Schorr
a8aa6d1939
Docker changed their namespace regex, so we need to adjust
...
Fixes #617
2015-10-22 12:07:31 -04:00
Jimmy Zelinskie
67497bb99c
write None if we cannot find the json
2015-10-21 16:26:30 -04:00
Jimmy Zelinskie
39cfe77d42
Revert "Merge pull request #557 from coreos-inc/revert-migration"
...
This reverts commit c4f938898a
, reversing
changes made to 7ad2522dbe
.
2015-10-21 15:29:57 -04:00
Silas Sewell
dd3d939b31
Update tag validation
...
Fixes #536
2015-10-05 19:32:10 -04:00
Joseph Schorr
f393236c9f
Add repo name check to V2
...
Fixes #592
2015-10-05 14:19:52 -04:00
Jimmy Zelinskie
ffeb99d4ee
BaseStreamFileLike: handle reads that return None
...
Fixes #555 .
2015-09-30 17:46:59 -04:00
Joseph Schorr
a3ebb9028d
Add full unit tests for the file-like objects and fix them
...
Fixes #568
2015-09-30 14:19:25 -04:00
josephschorr
41bfe2ffde
Merge pull request #551 from coreos-inc/python-registry-v2-swift
...
Add V2 storage methods to Swift storage engine
2015-09-28 17:09:34 -04:00
Joseph Schorr
6c59161527
Add V2 storage methods to Swift storage engine
...
Fixes #508
2015-09-28 16:46:19 -04:00
Silas Sewell
9000169b53
Revert "Merge pull request #491 from jakedt/migratebackp2"
...
This reverts commit 7ad2522dbe
, reversing
changes made to a0b191ffa1
.
2015-09-28 16:09:22 -04:00
Jimmy Zelinskie
c5aa3ca4f0
make registry v2 tests pass for GCS
...
Fixes #509 .
2015-09-28 15:42:48 -04:00
josephschorr
7ad2522dbe
Merge pull request #491 from jakedt/migratebackp2
...
Migrate image data back phase 2
2015-09-26 15:11:46 -04:00
Joseph Schorr
a283c8d8ec
Add a check to ensure repository names are valid according to an extended set of rules.
...
Fixes #534
2015-09-24 11:55:08 -04:00
Joseph Schorr
40f3b7137d
Fix dict wrapper access to not raise an exception
2015-09-22 14:18:37 -04:00
Joseph Schorr
bf578420f0
Fix import of Github migration
2015-09-21 16:52:56 -04:00
Joseph Schorr
49b575afb6
Start refactoring of the trigger system:
...
- Move each trigger handler into its own file
- Add dictionary helper classes for easier reading and writing of dict-based data
- Extract the web hook payload -> internal representation building for each trigger system
- Add tests for this transformation
- Remove support for Github archived-based building
2015-09-21 16:36:48 -04:00
Joseph Schorr
1c6933a28d
Fix Github build trigger migration
2015-09-19 14:34:46 -04:00
Jake Moshenko
26cea9a07c
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-17 16:16:27 -04:00
Jake Moshenko
a887125c3f
Fixes for backfill_aggregate_size script.
2015-09-17 15:47:18 -04:00
Jake Moshenko
8baacd2741
Migrate old data to new locations, read only new.
2015-09-17 15:47:13 -04:00
Joseph Schorr
eff9ff7a66
Migrate all GitHub build triggers to use deploy keys
2015-09-16 17:55:51 -04:00
Joseph Schorr
6f2271d0ae
Add support for direct download in Swift storage engine
...
Fixes #483
2015-09-14 18:00:03 -04:00
josephschorr
57329b6c78
Merge pull request #475 from coreos-inc/seofix
...
Use a proper HTML parser with BS and catch exceptions
2015-09-14 15:56:03 -04:00
Joseph Schorr
6ca33ca108
Use a proper HTML parser with BS and catch exceptions
...
Fixes #473
2015-09-10 16:14:29 -04:00
Jake Moshenko
9c3ddf846f
Some fixes and tests for v2 auth
...
Fixes #395
2015-09-10 15:38:57 -04:00
Joseph Schorr
fd3a21fba9
Add Kubernetes configuration provider which writes config to a secret
...
Fixes #145
2015-09-10 12:19:59 -04:00
Joseph Schorr
88a04441de
Extract the config provider into its own sub-module
2015-09-10 12:19:59 -04:00
Joseph Schorr
c2fe751d15
Despite being disabled, OAuth config is still read, so switch to .get
2015-09-10 12:09:01 -04:00
Joseph Schorr
c0286d1ac3
Add support for Dex to Quay
...
Fixes #306
- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
2015-09-04 17:05:06 -04:00
Jake Moshenko
210ed7cf02
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-04 16:32:01 -04:00
Jake Moshenko
82efc746b3
Make our JWT checking more strict.
2015-09-04 15:18:57 -04:00
Jake Moshenko
8269d4ac90
Checkpoint implementing PATCH according to Docker
2015-09-03 16:26:02 -04:00
Joseph Schorr
b7f487da42
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
2015-09-02 13:32:11 -04:00
josephschorr
c693afca6a
Merge pull request #426 from coreos-inc/unicodefix
...
Fix Dockerfile parsing for unicode and add testing
2015-08-31 15:03:01 -04:00
Joseph Schorr
fb86b4bf2c
Fix Dockerfile parsing for unicode and add testing
...
Fixes #423
2015-08-31 14:32:26 -04:00
josephschorr
adc66a2894
Merge pull request #422 from coreos-inc/logsgzipfix
...
Change build logs load to using streaming Gzip
2015-08-31 12:15:30 -04:00
Joseph Schorr
c0c1da3232
Change build logs load to using streaming Gzip
2015-08-28 14:08:13 -04:00
Joseph Schorr
43e77a7a14
Add missing tell()
method to GeneratorFile and add tests
2015-08-28 12:10:03 -04:00
Matt Jibson
4aa5ab88dd
Use real cloudwatch limit
...
Although cloudwatch allows 40KB of data, it may be from no more than 20
different metrics. Until we can do that, limit the total points to 20.
2015-08-26 16:48:48 -04:00
Joseph Schorr
84458811d5
Rename wrap_with_hash to a more generic wrap_with_handler
2015-08-25 15:53:13 -04:00
Joseph Schorr
c07dec4d39
File reader fixes for verbs
...
- Fix local file reader to always read in chunks
- Have gzip stream raise an exception if the full data is requested
2015-08-25 13:49:21 -04:00
Joseph Schorr
84276ee945
Better notifications UI
...
Fixes #369
2015-08-17 17:08:58 -04:00
Joseph Schorr
4625ecf273
Fix tests in response to breakage in #351
2015-08-17 16:26:20 -04:00
Matt Jibson
9a7e5bb35e
Batch cloudwatch puts
2015-08-17 12:03:49 -04:00
Jake Moshenko
e1b3e9e6ae
Another huge batch of registry v2 changes
...
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
2015-08-12 16:41:12 -04:00
Matt Jibson
7c3b555ee9
Code review
2015-08-12 16:31:01 -04:00
Matt Jibson
f043bc1379
Don't enable the metric queue if there's no Cloudwatch
2015-08-12 15:14:09 -04:00
Matt Jibson
b483209862
Wrap API and registry requests with common metric timings
...
Record response times, codes, and rollup non-2XX responses.
2015-08-12 12:16:00 -04:00
Matt Jibson
b04c190ca0
Prevent the metric queue from growing unbounded
2015-08-12 12:16:00 -04:00
Matt Jibson
cfb6e884f2
Refactor metric collection
...
This change adds a generic queue onto which metrics can be pushed. A
separate module removes metrics from the queue and adds them to Cloudwatch.
Since these are now separate ideas, we can easily change the consumer from
Cloudwatch to anything else.
This change maintains near feature parity (the only change is there is now
just one queue instead of two - not a big deal).
2015-08-12 12:15:52 -04:00
Jake Moshenko
74d838697f
Fix tarfile to support non-unicode pax fields
2015-08-07 11:56:38 -04:00
Jake Moshenko
18100be481
Refactor the util directory to use subpackages.
2015-08-03 16:04:19 -04:00
Joseph Schorr
26ae629189
Prevent local storage setup on non-mounted paths
...
Fixes #269
2015-07-27 14:32:02 -04:00
Joseph Schorr
52d833b3c6
Fix spacing
2015-07-23 16:00:36 -04:00
Joseph Schorr
c3f269ee23
Add migration for BitBucket web hooks
...
This needs to added only *after* we roll out #255
2015-07-23 14:45:12 -04:00
Joseph Schorr
38a6b3621c
Automatically link the superuser account to federated service for auth
...
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
2015-07-22 13:37:23 -04:00
Joseph Schorr
33b54218cc
Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials
method which only does the verification, without the linking. We use this in the superuser verification pass
2015-07-20 11:39:59 -04:00
Joseph Schorr
066637f496
Basic Keystone Auth support
...
Note: This has been verified as working by the end customer
2015-07-20 10:55:21 -04:00
Jake Moshenko
bc29561f8f
Fix and templatize the logic for external JWT AuthN and registry v2 Auth.
...
Make it explicit that the registry-v2 stuff is not ready for prime time.
2015-07-17 11:56:15 -04:00
Jake Moshenko
3efaa255e8
Accidental refactor, split out legacy.py into separate sumodules and update all call sites.
2015-07-17 11:56:15 -04:00
Jake Moshenko
bea8b9ac53
More changes for registry-v2 in python.
...
Implement the minimal changes to the local filesystem storage driver and feed them through the distributed storage driver.
Create a digest package which contains digest_tools and checksums.
Fix the tests to use the new v1 endpoint locations.
Fix repository.delete_instance to properly filter the generated queries to avoid most subquery deletes, but still generate them when not explicitly filtered.
2015-07-17 11:50:41 -04:00
Joseph Schorr
4726559322
The database SSL name needs to be in its own list
...
FIxes #243
2015-07-16 00:49:07 +03:00
Joseph Schorr
4333bb9e14
Implement stream_read_file
for the Swift storage engine
...
Note that Swift doesn't seem to have a file-like interface, so we need to wrap the generator we get back from it.
Fixes #210
2015-07-02 17:52:43 +03:00
Jimmy Zelinskie
756d6784ca
Merge pull request #192 from coreos-inc/sqlssl
...
Allow SSL cert for the database to be configured
2015-06-29 13:33:31 -04:00
Joseph Schorr
dc5af7496c
Allow superusers to disable user accounts
2015-06-29 18:40:52 +03:00
Joseph Schorr
bb07d0965f
Allow SSL cert for the database to be configured
...
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
2015-06-29 08:08:10 +03:00
Joseph Schorr
07439328a4
Remove user_exists
endpoint from all auth systems
2015-06-23 17:33:51 -04:00
Joseph Schorr
331c300893
Refactor JWT auth to not import app locally
2015-06-17 15:53:21 -04:00
Joseph Schorr
e7fa560787
Add support for custom fields in billing invoices
...
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.
Fixes #106
2015-06-12 16:45:01 -04:00
Joseph Schorr
90b4f0a2ed
Fix default log archive location for ER
...
Before this change, the ER was using the default of 'local_us' from the base config, which is incorrect, and caused no logs to be archived.
2015-06-11 13:43:29 -04:00
Joseph Schorr
457ee7306e
Parenthesis fix on the JWT auth error message
2015-06-10 16:00:25 -04:00
Jake Moshenko
2a2414d6af
Merge pull request #60 from coreos-inc/jwtauthentication
...
Add support for an external JWT-based authentication system
2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e
Add support for an external JWT-based authentication system
...
This authentication system hits two HTTP endpoints to check and verify the existence of users:
Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
Returns 200 if the username/email exists, 4** otherwise
Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message
The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
Joseph Schorr
c0e995c1d4
Merge branch 'master' into nolurk
2015-06-02 13:55:16 -04:00
Joseph Schorr
dd28a845db
Fix NPE in cache control decorator
2015-05-28 13:22:42 -04:00
Joseph Schorr
ac239ec4ee
Make sure to only split into two parts max
2015-05-20 14:54:41 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
2379af71f8
Parse the client secret properly
2015-05-18 15:01:37 -04:00
Joseph Schorr
fb8e718c44
Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header
2015-05-18 12:38:39 -04:00
Joseph Schorr
4f2a1b3734
Add setup UI for the new trigger types (bitbucket and gitlab) and add validation
2015-05-03 11:50:26 -07:00
Joseph Schorr
d07f9f04e9
UI and code improvements to make working with the multiple SCMs easier
2015-05-03 10:38:11 -07:00
Jimmy Zelinskie
3ac884beb4
gitlab oauth
2015-05-02 17:54:48 -04:00
Joseph Schorr
c480fb2105
Work in progress: bitbucket support
2015-04-24 15:13:08 -04:00
Jimmy Zelinskie
ba2cb08904
Merge branch 'master' into git
2015-04-16 17:38:35 -04:00
Joseph Schorr
3cd11c8f45
GitHub login fixes:
...
- Allow for case insensitivity in the org name list
- Remove the check for verified email addresses when under Enterprise; it isn't supported there.
2015-04-16 12:17:39 -04:00
Joseph Schorr
036c8e56e0
Add proper error handling when the config volume is mounted in a read-only state.
2015-04-02 18:54:09 -04:00
Joseph Schorr
5cd500257d
Merge branch 'master' into orgview
2015-04-01 13:56:49 -04:00
Joseph Schorr
27a9b84587
Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists
2015-03-30 17:55:04 -04:00
Joseph Schorr
aaf1b23e98
Address CL concerns and switch to a real encryption system
2015-03-26 15:10:58 -04:00
Joseph Schorr
85d6500daa
Merge resistanceisfutile into master
2015-03-23 15:39:08 -04:00
Jimmy Zelinskie
f6f93e9079
consolidate everything into one GitHub trigger
2015-03-19 17:12:27 -04:00
Jimmy Zelinskie
5a29218c5c
Merge branch 'master' into git
2015-03-19 12:10:34 -04:00
Jimmy Zelinskie
288f847e9a
util.ssh: reorder return args
2015-03-18 17:32:59 -04:00
Joseph Schorr
b8d88c0f4e
Add aggregate size column and a migration to backfill it
2015-03-16 18:03:17 -04:00
Joseph Schorr
360aa69d92
Fix LDAP error and url handling to be more clear for the end user
2015-03-16 14:33:53 -04:00
Jimmy Zelinskie
c9d955e432
util.ssh: generate ssh key method
2015-03-16 13:37:27 -04:00
Jimmy Zelinskie
47675b88f5
analytics: fix misspelled class name
2015-03-06 12:02:13 -05:00
Joseph Schorr
2e840654d3
PR changes
2015-03-05 12:07:39 -05:00
Joseph Schorr
4f04ad2acd
Change ImageTree to only use a single loop over the images when building. This should be slightly faster on large image sets
2015-03-04 16:53:22 -05:00
Joseph Schorr
4ca5d9b04b
Add support for filtering github login by org
2015-03-03 19:58:42 -05:00
Joseph Schorr
2c662b7861
Make sure to specify a default mail sender when validating emails. Unfortunately for us, flask-mail by default uses the sender from the *global* app instance, rather than the one specified in the Mail(...) call. This was breaking validation.
2015-03-03 13:56:32 -05:00
Jake Moshenko
24ab0ae53a
Fix some problems with off by one in the id condition when deleteing temporary access tokens.
2015-02-20 16:23:36 -05:00
Jake Moshenko
f7b5221391
Merge branch 'master' of github.com:coreos-inc/quay
2015-02-20 16:07:34 -05:00
Jake Moshenko
3bbe064291
Add a script for deleting the old temporary access tokens in small batches.
2015-02-20 16:07:31 -05:00
Jimmy Zelinskie
9c6b029f87
cloudwatch: update docs
2015-02-20 16:07:02 -05:00
Jimmy Zelinskie
47f8cb77c4
Merge pull request #11 from coreos-inc/nimbus
...
CloudWatch for build job status
2015-02-18 17:17:28 -05:00
Jimmy Zelinskie
9ab3554226
buildreporter: does not execute in a coroutine!
2015-02-18 17:11:45 -05:00
Jimmy Zelinskie
0d38e0b00b
metrics: use config['name'] to get metric conf
2015-02-18 16:05:36 -05:00
Jimmy Zelinskie
f53dea46b7
buildman: address PR #11 comments
2015-02-18 14:13:36 -05:00
Joseph Schorr
c69aea1262
Fix invoice address
2015-02-18 11:57:13 -05:00
Jimmy Zelinskie
ef8d320c95
cloudwatch: global before reading queue
...
Technically, it isn't necessary to use the global keyword before reading
a global value, only modifying it. However, in this case it leaves a
pretty annoying log line.
2015-02-17 13:13:12 -05:00
Jimmy Zelinskie
6a1dd376c2
util: add cloudwatch package
...
This isolates the CloudWatch sending thread to it's own package where it
can be shared among any other packages that want to asynchronously send
metrics to CloudWatch.
2015-02-14 16:30:10 -05:00
Jake Moshenko
2ce6e76d9d
Add the required migration for time machine tag lifetimes.
2015-02-13 14:41:08 -05:00
Joseph Schorr
7a199f63eb
Various small fixes and add support for subjectAltName to the SSL cert check
2015-02-12 14:00:26 -05:00
Joseph Schorr
f107b50a46
Merge branch 'master' into ackbar
2015-02-12 12:04:45 -05:00
Joseph Schorr
893ae46dec
Add an ImageTree class and change to searching *all applicable* branches when looking for the best cache tag.
2015-02-10 21:46:58 -05:00
Joseph Schorr
045614c6c8
Merge branch 'master' into ackbar
2015-02-09 17:16:42 -05:00
Joseph Schorr
cf774e23df
Merge branch 'master' into v2
2015-02-05 15:37:14 -05:00
Joseph Schorr
555bd293ea
Fix tar layer format comment
2015-02-05 14:40:02 -05:00
Joseph Schorr
400ffa73e6
Add SSL cert and key validation
2015-02-05 13:06:56 -05:00
Joseph Schorr
bfb0784abc
Add signing to the ACI converter
2015-02-04 15:29:24 -05:00
Joseph Schorr
84e5c0644e
Address comments
2015-02-02 14:07:32 -05:00
Joseph Schorr
30b895b795
Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar
2015-01-23 17:26:14 -05:00
Joseph Schorr
c8229b9c8a
Implement new step-by-step setup
2015-01-23 17:19:15 -05:00
Joseph Schorr
28d319ad26
Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not).
2015-01-20 12:43:11 -05:00
Joseph Schorr
fa55169c35
- Fix bug in tarlayerformat when dealing with larger headers
...
- Fix bug around entry points and config in the ACI converter
2015-01-16 18:23:40 -05:00
Joseph Schorr
53e5fc6265
Have the config setup tool automatically prepare the S3 or GCS storage with CORS config
2015-01-16 16:10:40 -05:00
Jimmy Zelinskie
0da9c5826b
Update MixPanel and use BufferedConsumer
2015-01-16 16:04:13 -05:00
Jimmy Zelinskie
f5138792ad
Merge branch 'master' of github.com:coreos-inc/quay
2015-01-16 15:32:02 -05:00
Jimmy Zelinskie
fe9e19704b
Try/Catch creating connection to CloudWatch
2015-01-16 15:31:40 -05:00
Jimmy Zelinskie
33088f742a
Migrate queued metric from processes to threads
2015-01-16 15:30:58 -05:00
Joseph Schorr
1f9479a230
Merge branch 'boxer'
2015-01-16 14:57:22 -05:00
Joseph Schorr
e93544573f
Add missing action
2015-01-16 14:57:09 -05:00
Joseph Schorr
5e9d9eb6cd
Merge branch 'master' of https://github.com/coreos-inc/quay
2015-01-16 13:44:32 -05:00
Joseph Schorr
b89ba61286
Change to only run the cloud watch reporter in the gunicorn_web
2015-01-16 13:44:29 -05:00
Jimmy Zelinskie
07bb9be603
Some class docs added to queuemetrics classes
2015-01-16 12:14:57 -05:00