Jake Moshenko
ae61ebeac9
The translate placements query was renamed in v2
2015-11-17 12:24:05 -05:00
Jake Moshenko
7205bf5e7f
Merge pull request #885 from jakedt/python-registry-v2
...
Python registry v2 mega merge
2015-11-16 16:15:40 -05:00
Silas Sewell
30b0101584
Fix seq generators for enum tables in postgres
...
This attempts to insert a temporary entry into each enum table until it
succeeds. It re-synchronizes the postgres sequence generators with the max id
of the table.
Fixes #883 and #880
2015-11-16 15:29:51 -05:00
Matt Jibson
13aa6cfcfc
No PUT for logarchive
...
fixes #862
2015-11-16 15:01:12 -05:00
Jake Moshenko
0459c3bc54
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-16 14:22:54 -05:00
Jake Moshenko
52125bbfed
Fix gc by using the v1/v2 storage location helper everywhere
2015-11-16 14:13:37 -05:00
Joseph Schorr
819d461ed6
Remove migration re-added by merge accidentally
2015-11-12 22:02:26 -05:00
Joseph Schorr
030c69d7d2
Further merge fixes
2015-11-12 22:00:28 -05:00
Joseph Schorr
7816b0c657
Merge master into vulnerability-tool
2015-11-12 21:52:47 -05:00
Joseph Schorr
25b8b7590f
Fix all the things!
2015-11-12 20:55:41 -05:00
Jake Moshenko
44d06b0c2e
Fix v1 backward compatibility
2015-11-12 16:22:19 -05:00
Jake Moshenko
cf1ec68046
Correlate a specific blob storage with its placements
2015-11-12 16:20:59 -05:00
Jake Moshenko
ab340e20ea
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-11 16:41:40 -05:00
Jake Moshenko
1d7be74a1f
Revert "Drop the v1 checksum column from imagestorage"
...
This reverts commit d292a34343
.
2015-11-11 16:39:46 -05:00
Jake Moshenko
a1ccd860e7
Merge pull request #823 from coreos-inc/phase3-11-07-2015
...
Phase3 11 07 2015
2015-11-11 14:22:19 -05:00
Jake Moshenko
1c6919dd93
We must fill in the parent_id on linking
2015-11-10 14:31:46 -05:00
Silas Sewell
e826b14ca4
Merge pull request #725 from coreos-inc/setup-tool-georeplication
...
superuser: add storage replication config
2015-11-09 17:43:38 -05:00
Silas Sewell
5000b1621c
superuser: add storage replication config
2015-11-09 17:34:22 -05:00
Joseph Schorr
a69c9e12fd
Update quay sec code to fix problems identified in previous review
...
- Change get_repository_images_recursive to operate over a single docker image and storage uuid
- Move endpoints/sec to endpoints/secscan
- Change notification system to work with new Quay-sec format
Fixes #768
2015-11-09 17:14:35 -05:00
Silas Sewell
c739c453da
Merge pull request #807 from coreos-inc/storage-preference
...
Enable storage preference
2015-11-09 16:30:47 -05:00
josephschorr
eb2e42dce9
Merge pull request #830 from coreos-inc/fix_parent_id
...
Fix deleting repos and images under MySQL
2015-11-09 14:43:01 -05:00
Joseph Schorr
2d2662f53f
Fix deleting repos and images under MySQL
...
MySQL doesn't handle constraints at the end of transactions, so deleting images currently fails. This removes the constraint and just leaves parent_id as an int
2015-11-09 14:42:05 -05:00
Matt Jibson
e5282a216f
Merge pull request #818 from mjibson/redis-socket-timeout
...
Set timeout for redis commands
2015-11-09 14:39:00 -05:00
Joseph Schorr
b408cfd2cc
Ready for demo
2015-11-09 12:51:05 -05:00
Joseph Schorr
407eaae137
WIP: Towards sec demo
2015-11-09 12:50:39 -05:00
Joseph Schorr
d7ace69fe3
Add a vulnerability_found event for notice when we detect a vuln
...
Fixes #637
Note: This PR does *not* actually raise the event; it merely adds support for it
2015-11-09 12:49:19 -05:00
Quentin Machu
37118423a5
Add support for Quay's vulnerability tool
2015-11-09 12:49:19 -05:00
Quentin Machu
ade664036c
Fix migration 57dad559ff2d's header
...
Fixes #825
2015-11-08 15:22:15 -05:00
Jake Moshenko
b526e2a3cd
Merge pull request #822 from coreos-inc/phase2-11-07-2015
...
Phase2 11 07 2015
2015-11-08 13:21:59 -05:00
Joseph Schorr
8463514a09
Fix delete_user call to remove all user data
2015-11-08 13:10:01 -05:00
Matt Jibson
afa119d82e
Set timeout for redis commands
...
fixes #779
2015-11-06 18:48:47 -05:00
Jake Moshenko
7efa6265bf
Merge branch 'newchanges' into python-registry-v2
2015-11-06 18:24:32 -05:00
Jake Moshenko
c2fcf8bead
Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2
2015-11-06 18:18:29 -05:00
Jake Moshenko
4314882fa0
Reverse the order of get_parent_images
2015-11-06 17:47:08 -05:00
Jake Moshenko
d292a34343
Drop the v1 checksum column from imagestorage
2015-11-06 16:49:16 -05:00
Jake Moshenko
ad93425ead
Stop writing to v1 checksum on ImageStorage
2015-11-06 16:40:04 -05:00
Jake Moshenko
fd3f88f489
Re-enable parent id backfill, use new backfill style
2015-11-06 16:17:12 -05:00
Jake Moshenko
9036ca2f2f
Backfill the v1 checksums from imagestorage
2015-11-06 16:17:12 -05:00
Jimmy Zelinskie
d5e7f6bea7
resolve migration branches and run initdb
2015-11-06 16:10:31 -05:00
Jimmy Zelinskie
f3c3e684a1
prepare branch to be merged into phase1-11-07-2015
...
This removes the checksum backfill, removes the migration that runs the
backfills, and defaults the security scan feature off.
2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea
Add a vulnerability_found event for notice when we detect a vuln
...
Fixes #637
Note: This PR does *not* actually raise the event; it merely adds support for it
2015-11-06 15:22:18 -05:00
Quentin Machu
3677947521
Add support for Quay's vulnerability tool
2015-11-06 15:22:18 -05:00
Quentin Machu
a99b8fcfe4
Fix migration
2015-11-06 15:22:18 -05:00
Quentin Machu
f59e35cc81
Add support for Quay's vulnerability tool
2015-11-06 15:22:18 -05:00
Jake Moshenko
3d0bcbaaeb
Move v1 checksums to image and track v2 separately
2015-11-06 15:17:55 -05:00
Joseph Schorr
2b3633b107
Remove the used_legacy_github column
2015-11-06 15:17:55 -05:00
Joseph Schorr
bbf4a1fac4
Remove the used_legacy_github column
2015-11-06 15:17:55 -05:00
Silas Sewell
a7fef8377c
Enable storage preference
2015-11-06 13:34:49 -05:00
Matt Jibson
57ffb39651
Merge pull request #714 from mjibson/queue-locking
...
Refactor queue locking to not use select for update
2015-11-04 12:05:53 -05:00
Matt Jibson
a994b367da
Refactor queue locking to not use select for update
...
The test suggests this works.
fixes #622
2015-11-03 11:32:28 -05:00
Jimmy Zelinskie
c78c450211
UTF-8 v1_json_metadata, comment, manifest
...
This will allow us to store unicode JSON blobs in the column on MySQL.
2015-11-02 15:40:19 -05:00
Jake Moshenko
2c10d28afc
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-10-26 14:44:16 -04:00
Jake Moshenko
3186311669
Test postgres before mysql variations in migration
2015-10-24 15:00:19 -04:00
Jake Moshenko
b920bf6436
Fix references to mysql in migrations
2015-10-24 15:00:19 -04:00
Jake Moshenko
ddbe33e2ce
Switch Text to LongText for MySQL manifests
2015-10-24 15:00:19 -04:00
Jake Moshenko
cb7ec2f239
Backport remaining v2 changes to phase4
2015-10-24 15:00:13 -04:00
Jake Moshenko
e965ed9f3b
Remove the unused imagestorage columns from the db.
2015-10-24 14:51:35 -04:00
Jake Moshenko
9da64f3aba
Stop writing to deprecated columns for image data.
2015-10-24 14:45:15 -04:00
Jake Moshenko
fee95bc096
Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2
2015-10-23 16:47:13 -04:00
Jake Moshenko
5dd377400e
Test postgres before mysql variations in migration
2015-10-23 16:26:47 -04:00
Jake Moshenko
a1e92f7150
Fix references to mysql in migrations
2015-10-23 16:23:27 -04:00
Jake Moshenko
4191d69055
Switch Text to LongText for MySQL manifests
2015-10-23 15:55:25 -04:00
Jimmy Zelinskie
e973289397
Revert "Revert "Merge pull request #682 from jzelinskie/revertrevert""
...
This reverts commit 278bc736e3
.
2015-10-23 15:26:33 -04:00
Jake Moshenko
e9722c9468
Backport remaining v2 changes to phase4
2015-10-23 13:49:23 -04:00
Jake Moshenko
e7a6176594
Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2
2015-10-22 16:59:28 -04:00
Jimmy Zelinskie
278bc736e3
Revert "Merge pull request #682 from jzelinskie/revertrevert"
...
This reverts commit 627ad25c9c
, reversing
changes made to 31c392fecc
.
2015-10-22 16:02:07 -04:00
Jimmy Zelinskie
d568697034
remove migration to get fixes into prod
2015-10-22 15:30:49 -04:00
Jimmy Zelinskie
a34ddc1f71
copy over v1 metadata when linking existing image
2015-10-22 15:21:15 -04:00
Joseph Schorr
c518874ded
I hate Redis!
...
- Remove redis check from our health endpoint in prod entirely
- Have the redis check have a maximum timeout of 1 second
2015-10-22 14:24:42 -04:00
Jake Moshenko
67ad7ecc88
Remove the unused imagestorage columns from the db.
2015-10-22 12:14:54 -04:00
Jake Moshenko
ce94931540
Stop writing to deprecated columns for image data.
2015-10-22 12:14:39 -04:00
Joseph Schorr
803a983126
Fix deletion of repos and users with V2 stuff
...
Fixes #674
2015-10-22 11:58:52 -04:00
Jimmy Zelinskie
39cfe77d42
Revert "Merge pull request #557 from coreos-inc/revert-migration"
...
This reverts commit c4f938898a
, reversing
changes made to 7ad2522dbe
.
2015-10-21 15:29:57 -04:00
Joseph Schorr
147b7b26b4
Fix is_public in repo list
...
Fixes #678
2015-10-21 14:13:39 -04:00
Joseph Schorr
4e5c8a9281
Reduce GC work time and make sure to use distinct query
2015-10-20 18:13:29 -04:00
Jimmy Zelinskie
2dea9cf05e
Merge pull request #666 from jzelinskie/fixbackfill
...
Copy new fields over to the linked image
2015-10-19 17:18:06 -04:00
Jimmy Zelinskie
109d69abfd
Copy new fields over to the linked image
...
This potentially fixes an issue with the v2 image field backfill. We
should be safe to copy these fields over at link time so that hopefully
it doesn't get skipped by the docker client. `_find_or_link_image`
should NEVER be used by the registry v2 protocol.
2015-10-19 17:11:11 -04:00
Joseph Schorr
5941f3937c
Enable async GC for all
...
Fixes #569
2015-10-19 14:22:41 -04:00
josephschorr
2f42a4d94d
Merge pull request #641 from coreos-inc/wildcardfix
...
Make sure to filter wildcard queries
2015-10-15 14:26:51 -04:00
Joseph Schorr
6df7f60e4a
Make sure to filter wildcard queries
...
Fixes #640
2015-10-15 14:26:33 -04:00
josephschorr
d3857e509f
Merge pull request #643 from coreos-inc/nullimage
...
Check and handle NULL image_size
2015-10-15 13:26:13 -04:00
Joseph Schorr
fe79d5fb66
Check and handle NULL image_size
...
Fixes #613
2015-10-15 13:25:54 -04:00
Joseph Schorr
c9daf7d8a9
Add additional tests for repo visibility and further simplify the query for perf
2015-10-15 12:12:57 -04:00
Joseph Schorr
e8cb359d96
Unionize the mega query - It needed more performance-based benefits
2015-10-09 14:45:05 -07:00
Jimmy Zelinskie
9818481b08
limit logs to a maximum number of pages
2015-10-06 14:13:23 -04:00
Matt Jibson
87cc3289a0
Remove transaction from metric reporting
2015-10-06 01:28:43 -04:00
Joseph Schorr
8ca92d6828
Remove old search API and switch V1 search to use the new search system
2015-10-05 14:36:43 -04:00
Joseph Schorr
6e0ca735a5
Add a better redis health check that reads and writes
...
This will hopefully catch issues earlier with Redis
2015-09-30 15:23:19 -04:00
Joseph Schorr
35c35d9913
Load images and storage references in bulk during V1 synthesize
...
Currently, we perform multiple queries for each layer, making it much slower (especially cross-region)
Fixes #413
2015-09-29 17:53:39 -04:00
Silas Sewell
9000169b53
Revert "Merge pull request #491 from jakedt/migratebackp2"
...
This reverts commit 7ad2522dbe
, reversing
changes made to a0b191ffa1
.
2015-09-28 16:09:22 -04:00
josephschorr
7ad2522dbe
Merge pull request #491 from jakedt/migratebackp2
...
Migrate image data back phase 2
2015-09-26 15:11:46 -04:00
Matt Jibson
4da66c1219
Move the metric put outside the transaction
2015-09-21 13:37:49 -04:00
Jimmy Zelinskie
2ff77df946
Merge pull request #518 from jzelinskie/fixmysqlssl
...
move UseThenDisconnect into queueworker
2015-09-21 13:35:35 -04:00
Jimmy Zelinskie
7c82e0b5b3
move UseThenDisconnect into queueworker
...
This makes the tests pass while maintaining the same behavior.
2015-09-21 13:34:12 -04:00
Jimmy Zelinskie
0de17627d5
Merge pull request #517 from jzelinskie/fixmysqlssl
...
close connections after getting queue metrics
2015-09-21 12:28:23 -04:00
Jimmy Zelinskie
98d6262a7f
close connections after getting queue metrics
2015-09-21 12:21:39 -04:00
Matt Jibson
bba1557437
Monitor queue adds and EC2 node starts
...
fixes #157
see #304
2015-09-18 16:21:16 -04:00
Jake Moshenko
26cea9a07c
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-17 16:16:27 -04:00
Jake Moshenko
8baacd2741
Migrate old data to new locations, read only new.
2015-09-17 15:47:13 -04:00
Joseph Schorr
b807accfb5
Fix migration head
2015-09-16 18:34:42 -04:00
josephschorr
217779273f
Merge pull request #503 from coreos-inc/ghmigrate
...
Migrate all GitHub build triggers to use deploy keys
2015-09-16 18:32:32 -04:00
Joseph Schorr
eff9ff7a66
Migrate all GitHub build triggers to use deploy keys
2015-09-16 17:55:51 -04:00
Silas Sewell
0a48f1cfb0
Merge pull request #495 from coreos-inc/quay-versions
...
Add quay releases
2015-09-16 17:29:58 -04:00
Silas Sewell
386c017d99
Add quay releases
2015-09-16 17:18:46 -04:00
Joseph Schorr
30379a2dd8
Fix interleaved repo delete with RAC via a transaction
...
The RepositoryActionCount table can have entries added while a repository deletion is in progress. We now perform the repository deletion under a transaction and explicitly test for RAC entries in the deletion unit test (which doesn't test interleaving, but it was missing this check).
Fixes #494
2015-09-16 15:34:32 -04:00
Jake Moshenko
502f5e4c8a
Missed one place to duplicate metadata.
2015-09-15 15:57:55 -04:00
Jake Moshenko
b56de3355c
Migrate data back to Image in preparation for v2
2015-09-15 11:53:31 -04:00
Matt Jibson
d36c7dcb4b
Merge pull request #425 from mjibson/monitor-queue-size
...
Monitor various sizes for queues
2015-09-14 16:13:31 -04:00
Matt Jibson
39dc4c7d8d
Monitor various sizes for queues
...
see #304
2015-09-14 15:57:08 -04:00
josephschorr
6d8752bdb5
Merge pull request #454 from coreos-inc/urlfor
...
Remove uses of _external for url_for
2015-09-14 15:54:42 -04:00
Jake Moshenko
9c3ddf846f
Some fixes and tests for v2 auth
...
Fixes #395
2015-09-10 15:38:57 -04:00
Joseph Schorr
96d5bbb155
Fix exceptions raised by the diffs worker
...
Fixes #465
2015-09-10 14:12:16 -04:00
josephschorr
edef283697
Merge pull request #447 from coreos-inc/ronon
...
Add support for Dex to Quay
2015-09-10 11:42:01 -04:00
Joseph Schorr
474fffd01f
Select the full RepositoryBuild record
...
If we just return the ID, then peewee just fills in the other fields with defaults (such as UUID).
2015-09-09 21:43:48 -04:00
Jimmy Zelinskie
ece08f6e88
Merge pull request #463 from jzelinskie/fixpagination
...
fix pagination of tags in API
2015-09-09 15:53:55 -04:00
Jimmy Zelinskie
ebdee55585
list_repository_tag_history fallback orderby name
...
If tags are created at the same time (usually from a tight loop), it is
possible that they will be order nondeterministically unless we fallback
to another orderby.
2015-09-09 15:52:25 -04:00
Joseph Schorr
3ee4147117
Switch the build logs archiver to a more performant query
...
Fixes #459
2015-09-09 13:59:45 -04:00
Joseph Schorr
f0c8552668
Remove uses of _external for url_for
...
Fixes #439
2015-09-08 10:29:28 -04:00
Joseph Schorr
c0286d1ac3
Add support for Dex to Quay
...
Fixes #306
- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
2015-09-04 17:05:06 -04:00
Jake Moshenko
210ed7cf02
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-04 16:32:01 -04:00
Jake Moshenko
82efc746b3
Make our JWT checking more strict.
2015-09-04 15:18:57 -04:00
josephschorr
9889ca268a
Merge pull request #432 from coreos-inc/oauthcheck
...
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
2015-09-02 13:35:44 -04:00
Joseph Schorr
b7f487da42
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
2015-09-02 13:32:11 -04:00
josephschorr
62ea4a6cf4
Merge pull request #191 from coreos-inc/carmen
...
Add automatic storage replication
2015-09-01 15:04:36 -04:00
Joseph Schorr
724b1607d7
Add automatic storage replication
...
Adds a worker to automatically replicate data between storages and update the database accordingly
2015-09-01 14:53:32 -04:00
Joseph Schorr
51c507d02d
Add back the ability to retrieve information for an org member directly
...
Fixes #427
2015-08-31 16:45:24 -04:00
Joseph Schorr
c0c1da3232
Change build logs load to using streaming Gzip
2015-08-28 14:08:13 -04:00
Jake Moshenko
398202e6fc
Implement some new methods on the storage engines.
2015-08-27 11:29:19 -04:00
Joseph Schorr
2b724509b9
Fix 500 error when pushing a manifest previously pushed
...
Fixes #400
2015-08-25 15:34:49 -04:00
Joseph Schorr
1450b7e84c
Fix verbs support in V2
2015-08-24 12:05:09 -04:00
Joseph Schorr
cf030e2a98
Save the compressed image size on blob upload completion
2015-08-24 12:05:09 -04:00
Joseph Schorr
d246e68e68
Move shared V1/V2 code into common methods and fix verbs
2015-08-24 12:05:09 -04:00
Jake Moshenko
b998eca8e5
Fix the tests for registry v2 changes.
2015-08-24 11:59:12 -04:00
Jimmy Zelinskie
7787e1350d
Merge pull request #386 from coreos-inc/missingmigration2
...
Add missing migration
2015-08-21 14:21:51 -04:00
Joseph Schorr
e7c405f56b
Add missing migration
...
Should have been in commit 84276ee945
2015-08-21 14:21:11 -04:00
Joseph Schorr
e5d2083912
Add new carrier billing plan
...
Fixes #370
2015-08-21 14:10:48 -04:00
Matt Jibson
4cb4288672
Merge pull request #373 from mjibson/fix-metric-tests
...
Fix test_queue.py tests
2015-08-18 14:05:29 -04:00
Joseph Schorr
0854d20cbd
SECURITY FIX FOR LDAP
...
It appears the recent migration of the LDAP code and add of a check for the admin username/password being invalid *broke the LDAP password check*, allowing any password to succeed for login. This fixes the problem, add unit tests to verify the fix and add some tests to our other external auth test suite.
A release will be needed immediately along with an announcement
2015-08-18 12:32:19 -04:00
Matt Jibson
fc671f3dde
Fix test_queue.py tests
...
This restores the reporter class as was before the metrics changes.
2015-08-17 17:22:46 -04:00
Joseph Schorr
84276ee945
Better notifications UI
...
Fixes #369
2015-08-17 17:08:58 -04:00
Jake Moshenko
2fd1d5969e
Merge pull request #351 from mjibson/more-metrics
...
More metrics
2015-08-17 13:09:08 -04:00
Jake Moshenko
e1b3e9e6ae
Another huge batch of registry v2 changes
...
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
2015-08-12 16:41:12 -04:00
Jake Moshenko
ec6bee35b6
Allow a stripe plan to be superseded
...
If a plan has a direct corrolary, show that one as the selected plan
instead of showing the plan as deprecated even though it has the same
details
2015-08-12 15:01:15 -04:00
Matt Jibson
cfb6e884f2
Refactor metric collection
...
This change adds a generic queue onto which metrics can be pushed. A
separate module removes metrics from the queue and adds them to Cloudwatch.
Since these are now separate ideas, we can easily change the consumer from
Cloudwatch to anything else.
This change maintains near feature parity (the only change is there is now
just one queue instead of two - not a big deal).
2015-08-12 12:15:52 -04:00
Jake Moshenko
0cbc96a54b
Unify the free trial period
...
Fixes #263
2015-08-10 17:36:13 -04:00
Joseph Schorr
ea25538646
MySQL and Postgres complain about the group by, so calculate dates ourselves
2015-08-06 12:52:55 -04:00
Joseph Schorr
d34afde954
Fix logs view and API
...
- We needed to use an engine-agnostic way to extract the days
- Joining with the LogEntryKind table has *horrible* performance in MySQL, so do it ourselves
- Limit to 50 logs per page
2015-08-05 17:47:03 -04:00
Joseph Schorr
d480a204f5
Revert change to queue
2015-08-05 15:27:33 -04:00
josephschorr
ee53c04a45
Merge pull request #309 from coreos-inc/fasterqueue
...
Improve the performance of queue candidate queries.
2015-08-04 18:24:28 -04:00
Jake Moshenko
ed62339f89
Improve the performance of queue candidate queries.
2015-08-04 18:20:54 -04:00
Joseph Schorr
9f2d6282bd
Add missing index on retries_remaining
2015-08-04 18:01:28 -04:00
josephschorr
f772bd0c9e
Merge pull request #300 from coreos-inc/toomanyutils
...
Refactor the util directory to use subpackages.
2015-08-03 16:18:55 -04:00
Jake Moshenko
18100be481
Refactor the util directory to use subpackages.
2015-08-03 16:04:19 -04:00
Jimmy Zelinskie
8e6a0fbbee
Merge pull request #294 from coreos-inc/logsload
...
Switch to using an aggregated logs query and infinite scrolling
2015-08-03 14:52:04 -04:00
Joseph Schorr
3d6c92901c
Switch to using an aggregated logs query and infinite scrolling
...
This should allow users to work with large logs set.
Fixes #294
2015-07-31 16:38:02 -04:00
Jake Moshenko
e133ea0962
Try not to throw any sets of data away when computing images to garbage collect.
2015-07-31 16:12:57 -04:00
Joseph Schorr
0fdc8b0f1f
Fix spelling of ancestors
2015-07-28 15:30:04 -04:00
Joseph Schorr
ba7686af99
Switch back to the read-then-write tag deletion code
...
We changed to this originally to avoid locks
2015-07-28 15:30:04 -04:00
Joseph Schorr
70de107268
Make GC of repositories fully async for whitelisted namespaces
...
This change adds a worker to conduct GC on repositories with garbage every 10s.
Fixes #144
2015-07-28 15:30:04 -04:00
Joseph Schorr
acd86008c8
Switch tag deletion to use a single query
2015-07-28 15:30:04 -04:00
Joseph Schorr
378c83598d
Fix subquery issues in MySQL
2015-07-28 15:28:00 -04:00
Joseph Schorr
66b3d45fbc
Remove legacy.py that was misadded
2015-07-27 15:53:25 -04:00
Joseph Schorr
c3f269ee23
Add migration for BitBucket web hooks
...
This needs to added only *after* we roll out #255
2015-07-23 14:45:12 -04:00
Joseph Schorr
ac1b46e7ec
Add missing migration
2015-07-22 16:19:10 -04:00
Joseph Schorr
687bab1c05
Support invite codes for verification of email
...
Also changes the system so we don't apply the invite until it is called explicitly from the frontend
Fixes #241
2015-07-22 13:41:27 -04:00
Jake Moshenko
5d86fa80e7
Merge pull request #197 from coreos-inc/keystone
...
Add Keystone Auth
2015-07-22 13:38:47 -04:00
Joseph Schorr
38a6b3621c
Automatically link the superuser account to federated service for auth
...
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
2015-07-22 13:37:23 -04:00
Joseph Schorr
a0c4e72f13
Clean up the repository list API and loads stars with it
...
We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified)
2015-07-22 13:05:02 -04:00
Joseph Schorr
7e4b23916a
Small SQL query fix
...
Fixes #248
2015-07-20 14:17:26 -04:00
Joseph Schorr
33b54218cc
Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials
method which only does the verification, without the linking. We use this in the superuser verification pass
2015-07-20 11:39:59 -04:00
Joseph Schorr
1245385808
Fix typo
2015-07-20 10:55:21 -04:00
Joseph Schorr
066637f496
Basic Keystone Auth support
...
Note: This has been verified as working by the end customer
2015-07-20 10:55:21 -04:00
Jake Moshenko
bc29561f8f
Fix and templatize the logic for external JWT AuthN and registry v2 Auth.
...
Make it explicit that the registry-v2 stuff is not ready for prime time.
2015-07-17 11:56:15 -04:00
Jake Moshenko
3efaa255e8
Accidental refactor, split out legacy.py into separate sumodules and update all call sites.
2015-07-17 11:56:15 -04:00
Jake Moshenko
bea8b9ac53
More changes for registry-v2 in python.
...
Implement the minimal changes to the local filesystem storage driver and feed them through the distributed storage driver.
Create a digest package which contains digest_tools and checksums.
Fix the tests to use the new v1 endpoint locations.
Fix repository.delete_instance to properly filter the generated queries to avoid most subquery deletes, but still generate them when not explicitly filtered.
2015-07-17 11:50:41 -04:00
Jake Moshenko
acbcc2e206
Start of a v2 API.
2015-07-17 11:50:41 -04:00
Joseph Schorr
7a548ea101
Fix queries for repository list popularity and action count
...
Before this change, we used extremely inefficient outer joins as part of a single query of lookup, which was spiking our CPU usage to nearly 100% on the query. We now issue two separate queries for popularity and action account, by doing a lookup of the previously found IDs. Interestingly enough, because of the way the queries are now written, MySQL can actually do both queries *directly from the indicies*, which means they each occur in approx 20ms!
Verified by local tests, postgres tests, and testing on staging with monitoring of our CPU usage during lookup
2015-07-17 00:08:27 +03:00
Jimmy Zelinskie
2869e2a6ea
model: add missing params to validate_database_url
2015-07-15 17:39:26 -04:00
Jake Moshenko
eec7886e01
Add a server default for the broken migration.
2015-07-14 16:58:58 -04:00
Jimmy Zelinskie
bde781c98b
Merge pull request #205 from coreos-inc/delrobot
...
Fix deletion of robot accounts when attached to builds
2015-07-13 12:19:01 -04:00
Joseph Schorr
3a59c99b08
Add a secondary tab to Teams for managing org members
...
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click
Fixes #212
2015-07-02 17:06:36 +03:00
Joseph Schorr
b535e222b8
Have the fetch tag dialog show a warning for robot accounts without access
...
Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.
2015-07-01 19:37:52 +03:00
Joseph Schorr
3ba321934f
Fix deletion of robot accounts when attached to builds
...
Fixes #204
2015-06-30 22:56:44 +03:00
josephschorr
7aeaf2344e
Merge pull request #200 from coreos-inc/tagapilimit
...
Add pagination support to tag history API
2015-06-30 22:09:09 +03:00
Joseph Schorr
f7f10f4a6d
Add pagination support to tag history API
...
Fixes #198
2015-06-30 19:44:43 +03:00
Jake Moshenko
38a5963afe
Merge pull request #190 from coreos-inc/timezone
...
Fromtimestamp needs to be in UTC for JWT auth
2015-06-30 12:05:00 -04:00
Joseph Schorr
2b1bbcb579
Add a table view to the repos list page
...
Fixes #104
2015-06-29 21:12:53 +03:00
Jimmy Zelinskie
756d6784ca
Merge pull request #192 from coreos-inc/sqlssl
...
Allow SSL cert for the database to be configured
2015-06-29 13:33:31 -04:00
Joseph Schorr
dc5af7496c
Allow superusers to disable user accounts
2015-06-29 18:40:52 +03:00
Joseph Schorr
bb07d0965f
Allow SSL cert for the database to be configured
...
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
2015-06-29 08:08:10 +03:00
Joseph Schorr
477e244eff
Fromtimestamp needs to be in UTC for JWT auth
2015-06-28 11:37:09 +03:00
Joseph Schorr
e7915baf8c
Have LDAP return a better error message if it fails to connect
...
Currently, the error results in a 500 being raised when a user tries to login.
2015-06-23 17:41:53 -04:00
Joseph Schorr
07439328a4
Remove user_exists
endpoint from all auth systems
2015-06-23 17:33:51 -04:00
Jake Moshenko
b21a033ef3
Merge pull request #131 from coreos-inc/moveapp
...
Refactor JWT auth to not import app locally
2015-06-23 17:24:01 -04:00
Jake Moshenko
5f1d23c6e8
Use a UNION query instead of a multitude of left outer joins for performance reasons.
...
Fixes #159
2015-06-23 17:18:37 -04:00
Joseph Schorr
331c300893
Refactor JWT auth to not import app locally
2015-06-17 15:53:21 -04:00
Joseph Schorr
e7fa560787
Add support for custom fields in billing invoices
...
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.
Fixes #106
2015-06-12 16:45:01 -04:00
Jake Moshenko
79f1181a63
Switch build-scheduled to an official build phase.
2015-06-10 16:19:51 -04:00
Jake Moshenko
e09d84b3c8
Merge pull request #55 from coreos-inc/oauthdeny
...
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-05 14:00:16 -04:00
Joseph Schorr
8aac3fd86e
Add support for an external JWT-based authentication system
...
This authentication system hits two HTTP endpoints to check and verify the existence of users:
Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
Returns 200 if the username/email exists, 4** otherwise
Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message
The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00