vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
5704 commits 2 branches 62 tags 205 MiB
Commit graph

1501 commits

Author SHA1 Message Date
josephschorr
a85c3ebff7 Merge pull request #1457 from coreos-inc/xauth 
Add support for direct granting of OAuth tokens and add tests
 2016-06-01 12:07:12 -04:00
Joseph Schorr
04df2410ec Add better errors if Redis is down 
Fixes #1497
 2016-05-31 15:24:36 -04:00
Jimmy Zelinskie
70f794b0af replace rfc3987 library with urlparse 
The former is GPL licensed.
 2016-05-26 13:29:48 -04:00
Jake Moshenko
8323c51e6e Extend registry auth to support notary JWTs. 2016-05-24 13:42:28 -04:00
josephschorr
fa3b342901 Merge pull request #1483 from coreos-inc/superuser-external-user 
Fix setup tool when binding to external auth
 2016-05-23 17:17:45 -04:00
Joseph Schorr
7933aecf25 Add support for direct granting of OAuth tokens and add tests 
This allows a client (when authorized in a whitelist) to send direct credentials via a Basic auth header and therefore bypass the OAuth approval UI for that user.
 2016-05-23 17:17:06 -04:00
Joseph Schorr
60bbca2185 Fix setup tool when binding to external auth 
We now query the external auth provider for the external service's identifier before adding the linking row into the database. This fixes the case where the external service resolves a different identifier for the same username.

Fixes #1477
 2016-05-23 17:11:36 -04:00
Joseph Schorr
f670c4c7a9 Change Signer to use the config provider and fix tests 
Fixes the broken ACI tests
 2016-05-23 17:10:03 -04:00
Joseph Schorr
343a080833 Make security scan testing much faster 2016-05-05 13:55:24 -04:00
Jake Moshenko
9221a515de Use the registry API for security scanning 
when the storage engine doesn't support direct download url
 2016-05-04 18:04:06 -04:00
Joseph Schorr
73fa593d02 Various small fixes in prep for QE release 2016-05-04 15:20:27 -04:00
josephschorr
550b9cb2b3 Merge pull request #1428 from coreos-inc/clair-setup-new 
Implement setup tool support for Clair
 2016-05-04 13:52:54 -04:00
Joseph Schorr
2cbdecb043 Implement setup tool support for Clair 
Fixes #1387
 2016-05-04 13:40:50 -04:00
Joseph Schorr
6e2df3b339 Fix key server to not list expired keys 
Fixes the key server to not list expire keys and by default not return expired or unapproved keys unless explicitly requested.

Fixes #1430
 2016-05-03 17:58:47 -04:00
josephschorr
f0af2ca9c3 Merge pull request #1407 from coreos-inc/enterpriselanding 
Add Enterprise Landing page
 2016-05-03 13:52:22 -04:00
Evan Cordell
2242c6773d Add 'Automatic' ServiceKeyApprovalType 2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd Generate private key on startup 2016-04-29 14:10:33 -04:00
Joseph Schorr
6091db983b Hide expired keys outside of their staleness window 2016-04-29 14:10:33 -04:00
Jimmy Zelinskie
726cb5fe6a key server: 403 on expired approved keys (#1410) 2016-04-29 14:09:37 -04:00
Joseph Schorr
4f63a50a17 Change account-less logs to use a user and not null 
This allows us to skip the migration
 2016-04-29 14:09:37 -04:00
Jimmy Zelinskie
ca5794ba18 key server: use total_seconds() for cache headers 2016-04-29 14:09:37 -04:00
Joseph Schorr
5d6e5a42e8 Add delete logging and tests for logging 2016-04-29 14:09:09 -04:00
Jimmy Zelinskie
6aa7040f39 keyserver: add cache-control headers 2016-04-29 14:05:16 -04:00
Joseph Schorr
bc08ac2749 Fix timeouts in the JWT endpoint tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
522cf68c5d Lots of smaller fixes: 
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d0bd70fb36 endpoints.web: add missing import 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
370ac3ecd0 service keys: add rotation_duration field 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
fca258d8bf endpoints: remove /keys 
BitTorrent support should now be able to use the keyserver
infrastructure instead.
 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
9f4a4092da keyserver: get signer kid from unverified headers 2016-04-29 14:05:16 -04:00
Joseph Schorr
08017c5111 Further UI updates 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
cfc15746a6 keyserver: tests! 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d19eb16b45 keyserver: add generate key function 
The superuser API, initdb, and tests will all need this functionality.
 2016-04-29 14:05:16 -04:00
Joseph Schorr
fb1dca4e94 Add API usage tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59 keys ui WIP 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
136f92400f key_server: remove s at the end of endpoint 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
e456228434 keyserver: insert rotation policy into metadata 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
885a41e6f5 key server: misc fixes to make jwtproxy work 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
50ad1bb6b1 key server: misc cleanup to get it working 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c0ab45d335 key server: derive audience from host and scheme 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
93720bd0f4 superuser: proper view for approvals/keys 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
d277fe6741 add final service key config 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c6b8b3ce8c service_keys: s/get_keys/list_keys 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
0ec54fc70e clear notifications on delete/replace service_key 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
42b5196b21 add notification path and use for service keys 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
97ae800e6c canonicalize json 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
f406942984 converging on proper rotation 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
aaf9e83278 basically finish superuser key api 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
35ed73e195 rework superuser api 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
4079dba167 service keys: do all the right stuff 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
499bb16306 service key server wip 2016-04-29 13:38:25 -04:00
Joseph Schorr
c6f7dfa102 Add Enterprise Landing page 
Note: The design comes directparners.
 2016-04-28 13:47:54 -04:00
Joseph Schorr
03489c22ad Log the pushed tag and add IP address display 
Fixes #798
 2016-04-20 13:00:21 -04:00
Evan Cordell
9a1d97216b Switch error mimetype back to application/json 2016-04-18 17:42:08 -05:00
Evan Cordell
4d7843580f Fix superuser page 2016-04-15 16:50:01 -04:00
josephschorr
cf04fedd6a Merge pull request #1347 from coreos-inc/marketingtagman 
Add Google Tag Manager support to Quay
 2016-04-13 16:50:36 -04:00
Evan Cordell
09064853ac Merge pull request #1364 from ecordell/error-json-fixes 
Fix error-related issues
 2016-04-13 13:32:00 -04:00
Evan Cordell
eb3e7eba88 Merge pull request #1351 from ecordell/document-201-swagger 
Swagger: document 201 responses for POST requests
 2016-04-13 09:50:34 -04:00
Evan Cordell
e1b3312495 Add back error_message and error_type for backwards-compatibility 2016-04-13 09:11:40 -04:00
Evan Cordell
7b44beb1fd Fix WWW-Authenticate header on 401 2016-04-13 09:01:42 -04:00
Evan Cordell
d67c4ba46c Fix formatting in endpoints/api/error.py 2016-04-12 16:53:50 -04:00
Joseph Schorr
891f7d9213 Add Google Tag Manager support to Quay 2016-04-12 15:28:24 -04:00
Evan Cordell
1cdbd89120 Fix test (response validation in debug mode) 2016-04-12 07:56:58 -04:00
Evan Cordell
693a11c58e Add RFC citation 2016-04-11 20:08:45 -04:00
Evan Cordell
7c361c07f9 Use ApiService to get error message 2016-04-11 17:31:30 -04:00
Evan Cordell
b5db41920f Address review comments 2016-04-11 16:34:40 -04:00
Evan Cordell
eba75494d9 Use new error format for auth errors (factor exceptions into module) 2016-04-11 16:22:26 -04:00
Evan Cordell
9c08717173 Return application/problem+json format errors and provide error endpoint 
to dereference error codes.
 2016-04-11 14:57:24 -04:00
Evan Cordell
d69d79d302 swagger: document 201 responses for POST requests 2016-04-07 09:26:28 -04:00
Joseph Schorr
a06bda5910 Never include Stripe checking in LDN 
Instead, we always load it from Stripe when billing is enabled. Also fixes our Stripe icon.
 2016-04-01 14:10:11 -04:00
Joseph Schorr
a882055f62 Better error message for invalid recovery codes 2016-03-30 16:02:47 -04:00
Joseph Schorr
42e934d84f Make notification lookup faster and fix repo pagination on Postgres 2016-03-30 14:46:31 -04:00
josephschorr
4aa079e743 Merge pull request #1247 from coreos-inc/useradminscopes 
Remove internal_only from some APIs now that we expose a user admin scope
 2016-03-23 14:16:02 -04:00
Joseph Schorr
aa5587c93c Fixes and added tests for the security notification worker 
Fixes #1301

- Ensures that the worker uses pagination properly
- Ensures that the worker handles failure as expected
- Moves marking the notification as read to after the worker processes it
- Increases the number of layers requested to 100
 2016-03-18 20:28:06 -04:00
Joseph Schorr
6a4584b87a Add another test for security notification filtering 2016-03-17 12:59:27 -04:00
Joseph Schorr
57e5141fb5 Fix link-to-parent-with-different-blob issue and add a test 2016-03-14 15:35:18 -04:00
Jimmy Zelinskie
ea2e17cc11 v2: send proper scopes for authorization failures 
Fixes #1278.
 2016-03-11 13:41:38 -05:00
Jimmy Zelinskie
bb46cc933d use kwargs for parse_repository_name 2016-03-09 16:20:28 -05:00
Jake Moshenko
fe2cd240bc Revert "Remove old search API which is no longer in use" 2016-03-07 10:07:41 -05:00
josephschorr
57430a18b4 Merge pull request #1224 from coreos-inc/removeoldsearch 
Remove old search API which is no longer in use
 2016-03-04 12:05:07 -05:00
Joseph Schorr
85919cbc39 Fix error when constructing DownstreamIssue exception 2016-02-25 17:45:49 -05:00
Jimmy Zelinskie
c7904db30d v2: always send www-authn headers on unauthorized 
Fixes #1254.
 2016-02-25 17:09:29 -05:00
Joseph Schorr
f498e92d58 Implement against new Clair paginated notification system 2016-02-25 15:58:42 -05:00
Joseph Schorr
c0374d71c9 Refactor the security worker and API calls and add a bunch of tests 2016-02-25 12:29:41 -05:00
Quentin Machu
0183c519f7 Merge pull request #1253 from Quentin-M/clair2 
Adapt securityworker, secscan API and Quay UI for Clair 1.0
 2016-02-19 18:21:25 -05:00
Quentin Machu
4bd5996bbf Adapt secscan API for Clair v1.0 
Squash /vulnerabilities and /packages as it basically does the same
action on Clair and we don't need both for Quay
 2016-02-19 17:44:23 -05:00
josephschorr
11af123ba5 Merge pull request #1244 from coreos-inc/enableaci 
Add UI to the setup tool for enabling ACI conversion
 2016-02-17 12:29:48 -05:00
Joseph Schorr
1940fd9939 Add UI to the setup tool for enabling ACI conversion 
Fixes #1211
 2016-02-17 12:05:48 -05:00
Joseph Schorr
8d9f3309aa Remove internal_only from some APIs now that we expose a user admin scope 
Fixes #1246
 2016-02-16 16:50:33 -05:00
josephschorr
e8faa9f843 Merge pull request #939 from coreos-inc/user-admin 
Add user admin scope
 2016-02-16 16:42:29 -05:00
josephschorr
81a36ee3b8 Merge pull request #1217 from coreos-inc/v2pagination 
Fix V2 catalog and tag pagination
 2016-02-16 15:34:49 -05:00
josephschorr
ded0a27901 Merge pull request #1242 from coreos-inc/receiptemailsbug 
Fix schema for invoice email updating
 2016-02-16 13:26:26 -05:00
Joseph Schorr
ecaa051791 Fix schema for invoice email updating 
Fixes #1209
 2016-02-16 11:52:57 -05:00
Jake Moshenko
6e05920d6b Delete bad manifests from the DB 2016-02-16 11:42:19 -05:00
Joseph Schorr
4b24556cb3 Check for the parent's ID in the updated ID map. 
Fixes #1240
 2016-02-15 11:02:52 -05:00
Joseph Schorr
69262282fe Make sure to encode all V1 metadata strings 
Fixes #1239
 2016-02-15 10:57:20 -05:00
Jimmy Zelinskie
70aa7cc731 Merge pull request #1230 from jzelinskie/aci-head 
allow HEAD on ACI images
 2016-02-12 16:29:12 -05:00
Jimmy Zelinskie
2b07b6d8a9 allow HEAD on ACI images 
Fixes #911.
 2016-02-12 16:28:44 -05:00
Jake Moshenko
6454b5aeb7 Update the layer rename PR to preserve the original manifest 2016-02-12 16:25:47 -05:00
Joseph Schorr
abd2e3c234 V1 Docker ID <-> V2 layer SHA mismatch fix 
Fix handling of V1 Docker ID <-> V2 layer SHA mismatch by dynamically rewriting the manifest to use new synthesized IDs for all layers above the mismatch. Also adds a bunch of tests for this and other use cases, fixes a bug around manifest digest uniqueness and fixes the 5.5 migration for MySQL.
 2016-02-12 17:39:27 +02:00
Quentin Machu
5c7f2a5c16 Remove abort(500) on checksum mismatch 2016-02-11 18:32:21 -05:00