Joseph Schorr
d6fd2fcb8f
Fix config setup tool contact field to allow removal of empty non-URL fields
...
We just need to clear the binding when the value entered is completely empty
Fixes https://jira.coreos.com/browse/QUAY-815
2018-06-01 13:50:39 -04:00
Joseph Schorr
111ba8f7ee
Changes missing from the license removal code
2018-03-27 16:18:56 -04:00
Joseph Schorr
de47b13c24
Add superuser config for Azure blob storage
2018-02-06 13:48:40 -05:00
Joseph Schorr
b0f656731c
Add support for configuring CloudFront storage engine
...
Fixes https://jira.coreos.com/browse/QS-116
2018-01-31 11:22:14 -05:00
Joseph Schorr
524d77f527
Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password
2018-01-04 15:27:41 -05:00
Joseph Schorr
72bfebdb60
Add license validation to the config validation check
...
Should prevent a customer from accidentally saving a config that violates their license
Fixes https://jira.coreos.com/browse/QS-97
2017-12-19 13:44:08 -05:00
josephschorr
3bef21253d
Merge pull request #2695 from coreos-inc/oidc-internal-auth
...
OIDC internal auth support
2017-10-02 16:51:17 -04:00
Joseph Schorr
9a4c87795f
Fix contacts setup in superuser panel
...
Adds a missing import
2017-09-14 15:40:11 -04:00
Joseph Schorr
bc82edb2d1
Add ability to configure OIDC internal auth engine via superuser panel
2017-09-12 12:23:52 -04:00
Joseph Schorr
a13235c032
Fix typo
2017-07-10 18:35:51 +03:00
Joseph Schorr
661c0e6432
Add superuser configuration for action log rotation
2017-07-10 13:22:29 +03:00
Joseph Schorr
2b9873483a
Enable toggling of the direct login feature in the superuser panel
...
Allows superusers to disable login to the UI via credentials if at least one OIDC provider is configured
2017-05-24 12:57:55 -04:00
Joseph Schorr
3dcbe3c631
If enabled, allow users and orgs to set their time machine expiration
...
Fixes https://www.pivotaltracker.com/story/show/142881203
2017-04-21 11:32:45 -04:00
Joseph Schorr
835acfc58e
Make custom cert upload not hang and handle errors properly
2017-03-29 16:06:15 -04:00
Joseph Schorr
e509eb4cba
Better custom cert handling in the superuser tool
...
We now only allow certificates ending in .crt to be uploaded and we automatically install the certificate once it has been validated
2017-03-24 17:15:26 -04:00
Joseph Schorr
1146b62c13
Add superuser config panel support for OIDC login
2017-02-28 16:18:34 -05:00
Joseph Schorr
7e0fbeb625
Custom SSL certificates config panel
...
Adds a new panel to the superuser config tool, for managing custom SSL certificates in the config bundle
[Delivers #135586525 ]
2017-01-13 14:34:35 -05:00
Joseph Schorr
f4bcf68928
Add support for custom ports on RADOS and S3 storage engines
2016-12-01 14:23:18 -05:00
josephschorr
74e54bdbbb
Merge pull request #1872 from coreos-inc/qe-torrent
...
Add QE setup tool support for BitTorrent downloads
2016-11-11 13:56:22 -05:00
Joseph Schorr
681f975df5
Add QE setup tool support for BitTorrent downloads
...
Fixes #1871
2016-11-02 17:32:12 -04:00
Jake Moshenko
45bacbabaa
s/Regions/Deployments
2016-10-24 16:04:04 -04:00
Joseph Schorr
213cc856e4
Fix UI for real license handling
...
Following this change, the user gets detailed errors and entitlement information
2016-10-19 17:49:15 -04:00
Joseph Schorr
7a6fb7554d
Only attempt to load the license for the setup tool once there is a valid user
...
Prevents the 401 session expired box from appearing
2016-10-17 21:57:17 -04:00
Joseph Schorr
ee96693252
Add superuser config section for updating license
2016-10-17 21:44:25 -04:00
Joseph Schorr
5a8200f17a
Add option to properly handle external TLS
...
Fixes #1984
2016-10-13 14:49:29 -04:00
Joseph Schorr
14b93f72ff
Make S3 access key and secret key optional, enabling IAM.
...
If not specified, then boto will fallback to reading the credentials from IAM if on an EC2 machine. This should be safe as the validator will still ensure the credentials work if not specified.
Fixes #1707
2016-08-11 17:17:36 -04:00
Joseph Schorr
adaeeba5d0
Allow for multiple user RDNs in LDAP
...
Fixes #1600
2016-07-07 14:46:38 -04:00
Joseph Schorr
40ec2fcfd0
Fix enter key in password dialogs
2016-06-09 14:45:48 -04:00
Joseph Schorr
60bbca2185
Fix setup tool when binding to external auth
...
We now query the external auth provider for the external service's identifier before adding the linking row into the database. This fixes the case where the external service resolves a different identifier for the same username.
Fixes #1477
2016-05-23 17:11:36 -04:00
Joseph Schorr
f2b3c89ec9
Fix checkboxes in setup tool to use a directive
...
Fixes #1481
2016-05-20 12:23:32 -05:00
Joseph Schorr
4aab834156
Move to Angular 1.5
...
This has been reasonably well tested, but further testing should be done on staging.
Also optimizes avatar handling to use a constant size and not 404.
Fixes #1434
2016-05-17 16:32:08 -04:00
Joseph Schorr
9113fcecb5
Add basic Swift V3 support
2016-05-16 14:57:59 -04:00
Joseph Schorr
2cbdecb043
Implement setup tool support for Clair
...
Fixes #1387
2016-05-04 13:40:50 -04:00
Joseph Schorr
09f252a7e1
Fix handling of default values in string config fields
...
Fixes #1322
2016-04-22 13:55:47 -04:00
Joseph Schorr
1940fd9939
Add UI to the setup tool for enabling ACI conversion
...
Fixes #1211
2016-02-17 12:05:48 -05:00
Joseph Schorr
04f96ea859
Fix upload file boxes in config setup
2015-12-07 15:55:55 -05:00
Matt Jibson
b3c2388618
Allow setting of boto's S3 host for SIGv4
...
The problem only happens when a user has configured the new AWS Frankfurt
region for their S3 backend. It is the only region to require the new
v4 signature. All other regions support both v2 and v4. I'm not sure
which version is used by default on US Standard.
We could attempt to figure out where the bucket is hosted based on its
DNS resolution and auto-populate the host field that way. But I think
the amount of effort to have that work correctly outweighs its benefit
for such a simple solution.
fixes #863
fixes #764
2015-11-18 17:19:33 -05:00
Silas Sewell
5000b1621c
superuser: add storage replication config
2015-11-09 17:34:22 -05:00
Joseph Schorr
6f2271d0ae
Add support for direct download in Swift storage engine
...
Fixes #483
2015-09-14 18:00:03 -04:00
josephschorr
0823ba5c46
Merge pull request #441 from coreos-inc/ersetupimprove
...
ER setup improvements
2015-09-02 17:46:53 -04:00
Joseph Schorr
587ef85c7f
Allow users to choose the version of Swift to use
...
Fixes #442
2015-09-02 17:46:14 -04:00
Joseph Schorr
f6cca81178
Handle hostname changes in the config panel
...
Fixes #436
2015-09-02 17:21:38 -04:00
Joseph Schorr
397dc139a5
Don't accidentally overwrite true values from config
2015-08-05 13:52:48 -04:00
Joseph Schorr
38a6b3621c
Automatically link the superuser account to federated service for auth
...
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
2015-07-22 13:37:23 -04:00
Joseph Schorr
066637f496
Basic Keystone Auth support
...
Note: This has been verified as working by the end customer
2015-07-20 10:55:21 -04:00
Joseph Schorr
bb07d0965f
Allow SSL cert for the database to be configured
...
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
2015-06-29 08:08:10 +03:00
Joseph Schorr
07439328a4
Remove user_exists
endpoint from all auth systems
2015-06-23 17:33:51 -04:00
Joseph Schorr
8aac3fd86e
Add support for an external JWT-based authentication system
...
This authentication system hits two HTTP endpoints to check and verify the existence of users:
Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
Returns 200 if the username/email exists, 4** otherwise
Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message
The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
Joseph Schorr
5845e37e32
Add Swift storage library
2015-05-26 16:05:21 -04:00
Joseph Schorr
4f2a1b3734
Add setup UI for the new trigger types (bitbucket and gitlab) and add validation
2015-05-03 11:50:26 -07:00