Commit graph

917 commits

Author SHA1 Message Date
Sam Chow
554d4f47a8 Change validators to use the validator_context
Change InstanceKeys to take a namedtuple for context
2018-06-01 14:59:49 -04:00
Joseph Schorr
b2262eaf46 Add feature flag to disable username confirmation
Fixes https://jira.coreos.com/browse/QUAY-914
2018-06-01 13:30:50 -04:00
Sam Chow
e967fde3ae Decouple oauth methods from app with a namedtuple 2018-05-31 14:53:27 -04:00
Sam Chow
d45b925155 Move config provider to _init to decouple from app
remove app references from validators
2018-05-25 11:15:06 -04:00
Joseph Schorr
6ffafe44d3
Merge pull request #3059 from quay/joseph.schorr/QUAY-906/reg-tests
Move registry integration tests to py.test
2018-05-22 17:09:11 -04:00
Joseph Schorr
ad1da86986 Add some additional caching and logs to the robot cleanup migration 2018-05-15 15:34:54 -04:00
josephschorr
7345ff855c
Merge pull request #3071 from quay/joseph.schorr/QUAY-932/namespace-robot-deletion
Fix issue where we didn't delete robots immediately under a namespace
2018-05-11 00:27:17 +03:00
Joseph Schorr
2ae69dc651 Further fixes to the Kubernetes config provider, and a new set of proper unit tests 2018-05-10 16:44:18 +03:00
Joseph Schorr
f06eec8a35 Fix issue where we didn't delete robots immediately under a namespace
This could result in "hanging" robot accounts, although that would only leak the names of said accounts. Now we delete them immediately AND we proactively delete them before replacing the namespace (just to be sure)
2018-05-09 17:53:30 +03:00
josephschorr
7722721396
Merge pull request #3064 from quay/joseph.schorr/QUAY-928/fix-worker-count
Fix worker count to  use CPU affinity correctly and be properly bounded
2018-05-07 20:45:26 +03:00
josephschorr
de36b36f9a
Merge pull request #3051 from quay/joseph.schorr/QUAY-911/fix-kub-provider
Fix Kubernetes config provider for recent changes in Kub API
2018-05-07 20:45:09 +03:00
Joseph Schorr
942f526016 Missing parens on IP resolver lookup
Also adds a generic catch in case this happens again; we should *never* fail
2018-05-04 02:14:26 +03:00
Joseph Schorr
b26a131085 Fix worker count to use CPU affinity correctly and be properly bounded
We were using the `cpu_count`, which doesn't respect container affinity. Now, we use `cpu_affinity` and also bound to make sure we don't start a million workers

Fixes https://jira.coreos.com/browse/QUAY-928
2018-05-03 11:57:20 +03:00
Joseph Schorr
77adf9dd77 Fix bug which allowed for implicit library namespace access via the V1 registry protocol when the feature flag was off
Now we raise a 400 as expected
2018-05-01 13:28:24 +03:00
Joseph Schorr
178c8e7cb0 Fix bug in in-memory data cache
Previously, if we didn't find a key, we'd empty the entire cache, making it essentially a single-key cache. We skip clearing now, although this does mean we won't GC expired entries (not a problem for tests, though)
2018-05-01 13:28:24 +03:00
Sam Chow
f89ad30320
Merge pull request #3060 from quay/max-results-help-text
Configurable options for search, disable next page & add help text when at max results
2018-04-25 08:17:35 -07:00
Sam Chow
1afedafcbb Configurable options for search, info when at max
includes the options for  maximum search results per page, and the
maximum number of pages available before help text is shown, and
the next page button is disabled
2018-04-25 11:12:09 -04:00
Joseph Schorr
e20295f573 Fix Kubernetes config provider for recent changes in Kub API
Kubernetes secret volumes are now mounted as read-only, so we have to write the files *only* via the Kub API

Fixes https://jira.coreos.com/browse/QUAY-911
2018-04-22 17:22:28 +03:00
Joseph Schorr
3309daa32e Add support for reduced initial build count for new possible abusing users
If configured, we now check the IP address of the user signing up and, if they are a possible threat, we further reduce their number of allowed maximum builds to the configured value.
2018-04-20 18:46:32 +03:00
Joseph Schorr
a59c951aa3 Add support for multiple scope parameters on V2 auth requests
Fixes https://jira.coreos.com/browse/QUAY-892
2018-04-18 20:16:49 +03:00
Brad Ison
c2ad6c5060
Check for null model objects
As of v2.8.2, peewee will not create model objects with all null
fields when an FK reference is null.  We have to check the model
instances for None.  See:

  https://github.com/coleifer/peewee/issues/1012
2018-04-04 14:19:45 -04:00
Jimmy Zelinskie
58072f8673 util/config/validators: ensure endpoint isn't prom 2018-04-02 17:59:48 -04:00
josephschorr
323eb63747
Merge pull request #3032 from coreos-inc/joseph.schorr/QUAY-885/squashed-sym
Retarget broken hard links in squashed images
2018-03-26 17:59:52 -04:00
Joseph Schorr
747819fbd2 Fix error with unicode URLs in torrent creation
Fixes https://jira.coreos.com/browse/QUAY-896
2018-03-26 17:07:00 -04:00
Joseph Schorr
dd470bdc9d Add a reporter for verbs to track number of storage streams are needed 2018-03-26 17:02:39 -04:00
Joseph Schorr
110366f656 Retarget hard links pointing to deleted files by emitting the deleted file contents under the first hard link instance. This fixes a breakage in the squashed TAR where we were pointing hard links to missing data.
Fixes https://jira.coreos.com/browse/QUAY-885
2018-03-23 14:00:46 -04:00
josephschorr
6c43b7ff0d
Merge pull request #3024 from coreos-inc/manageable-robots
Manageable robots epic
2018-03-21 18:50:17 -04:00
Joseph Schorr
2ea13e86a0 Add last_accessed information to User and expose for robot accounts
Fixes https://jira.coreos.com/browse/QUAY-848
2018-03-21 15:28:34 -04:00
Joseph Schorr
3586955669 Remove license code in Quay
No longer needed under Red Hat rules \o/

Fixes https://jira.coreos.com/browse/QUAY-883
2018-03-20 17:03:35 -04:00
Joseph Schorr
8e6ede4ac7 Small fixes for config schema validator in response to customer logs 2018-03-20 13:35:26 -04:00
Joseph Schorr
3438c1bfad Add new config fields to the schema 2018-03-01 16:49:51 -05:00
Joseph Schorr
ab0172d2fd Switch Quay to using an in-container memcached for data model caching 2018-02-27 16:55:22 -05:00
Joseph Schorr
8bc55a5676 Make namespace deletion asynchronous
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.

Fixes https://jira.coreos.com/browse/QUAY-838
2018-02-27 13:12:51 -05:00
Brad Ison
5da8744ddf Reject JWTs with future issued-at times
PyJWT stopped doing this in 1.5.0 because it's not part of the spec,
and there are legitimate reasons to issue future tokens.  We still
want to reject these though as we don't have that need.
2018-02-26 12:55:32 -05:00
josephschorr
d77aa9228f
Merge pull request #3002 from coreos-inc/joseph.schorr/QUAY-822/gc-app-tokens
Add a worker to automatically GC expired app specific tokens
2018-02-20 17:21:48 -05:00
Joseph Schorr
4d0ad0074d Fix config schema for bitbucket trigger 2018-02-20 16:59:34 -05:00
Joseph Schorr
9a452ace11 Add configurable limits for number of builds allowed under a namespace
We also support that limit being increased automatically once a successful billing charge has gone through
2018-02-20 16:54:22 -05:00
Brad Ison
62971b7f20
Merge pull request #2999 from bison/user-location
Add user location metadata filed
2018-02-20 16:48:37 -05:00
Joseph Schorr
188ea98441 Add new decorator to prevent reflected text attacks
Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend.
2018-02-20 11:33:45 -05:00
Evan Cordell
b545cad380 log response data on non-200 responses in TUF API 2018-02-20 09:46:53 -05:00
josephschorr
7cd2c00d4d
Merge pull request #2967 from coreos-inc/joseph.schorr/QS-111/auth-refactor
Refactor auth code to be cleaner and more extensible
2018-02-15 16:02:22 -05:00
Joseph Schorr
e220b50543 Refactor auth code to be cleaner and more extensible
We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc).
2018-02-14 15:35:27 -05:00
Brad Ison
87e55870b7 Add script for fixing missing admin permissions
Adds a util script to find and fix repositories in user namespaces
that are missing admin permissions for the owning user.  These admin
permissions are required, but were missing in some cases.  See:

  https://github.com/coreos-inc/quay/pull/2998
2018-02-13 16:23:17 -05:00
Joseph Schorr
d45161b120 Add a worker to automatically GC expired app specific tokens
Fixes https://jira.coreos.com/browse/QUAY-822
2018-02-12 14:56:01 -05:00
josephschorr
846deb75fe
Merge pull request #2902 from coreos-inc/joseph.schorr/QS-51/azure-blob-store
Add support for Azure Blob Storage
2018-02-07 11:34:29 -05:00
Brad Ison
5965929187 Include location in user analytics 2018-02-06 16:06:17 -05:00
Joseph Schorr
5490e64669 Fill out schema and schema whitelist 2018-02-06 15:27:01 -05:00
Joseph Schorr
7893ef6acc Add test to ensure that all config.py properties are defined in the config schema 2018-02-06 15:26:31 -05:00
Joseph Schorr
d488517b36 Implement storage driver for Azure Blob Storage 2018-02-06 13:48:40 -05:00
josephschorr
9f7b08d0ff
Merge pull request #2993 from coreos-inc/joseph.schorr/QUAY-797/pagination-size
Allow size of pages in V2 api to be configurable
2018-02-02 15:21:15 -05:00
Joseph Schorr
eae9175950 Allow size of pages in V2 api to be configurable 2018-02-02 13:54:41 -05:00
Joseph Schorr
bbdf9e074c Add metrics for tracking when instance key renewal succeeds and fails, as well as when instance key *lookup* fails 2018-02-02 11:14:42 -05:00
josephschorr
6514bf229f
Merge pull request #2973 from coreos-inc/joseph.schorr/QS-116/cloudfront-storage
Add support for configuring cloudfront storage
2018-02-02 10:14:28 -05:00
Joseph Schorr
b0f656731c Add support for configuring CloudFront storage engine
Fixes https://jira.coreos.com/browse/QS-116
2018-01-31 11:22:14 -05:00
Joseph Schorr
462500a389 Temp revert dot fix because it applies to repo names as well on pull 2018-01-26 14:43:37 -05:00
IvanCherepov
c228734978
Generates HTML documentation explaining all of configuration fields (#2952)
* create HTML documentation explaining all of schema's configuration fields
2018-01-24 14:09:29 -05:00
Joseph Schorr
ede3a81c68 Disallow dots in repository names to fix reflected text "attack"
Fixes https://jira.coreos.com/browse/QS-125
2018-01-18 13:19:37 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
72bfebdb60 Add license validation to the config validation check
Should prevent a customer from accidentally saving a config that violates their license

Fixes https://jira.coreos.com/browse/QS-97
2017-12-19 13:44:08 -05:00
IvanCherepov
c383ac1f9d
Add config validation on startup (#2903)
* WIP

* Finish schema

Add three sections: security scanning, bittorrent support and feature flags.
2017-12-01 10:46:39 -05:00
Joseph Schorr
c168413a8e Fix bug when running ipresolver under Gitlab CI
Since the container does contain IP data, this would fail
2017-11-30 10:23:58 -05:00
Joseph Schorr
400a5db719 Add additional metrics on executor start and failure
This will allow us to register a pager if one of the executors starts failing consistently
2017-11-27 11:52:37 +02:00
Ivan Cherapau
a0adc1b0ec Fix typo in metrics 2017-11-14 23:16:25 -05:00
Joseph Schorr
2677720577 Fix exception raised for certain non-JSON strings given to is_json
This is breaking pushes in production for certain manifests

Fixes https://jira.prod.coreos.systems/browse/QS-60
2017-11-14 13:46:06 -05:00
Joseph Schorr
74f99ba94a Ensure encrypted passwords are not enabled with OIDC auth
Fixes https://jira.prod.coreos.systems/browse/QS-49
2017-10-31 16:03:28 -04:00
Joseph Schorr
8194f5cf72 Switch ipresolver to always be defined in the storage context
We now use a no-op IP resolver instead of an IF check

Fixes https://jira.prod.coreos.systems/browse/QS-38
2017-10-17 14:29:40 -04:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth
OIDC internal auth support
2017-10-02 16:51:17 -04:00
Joseph Schorr
f51a863158 Remove access_token from user_info 2017-10-02 16:51:09 -04:00
Joseph Schorr
05b4a7d457 Add worker to update ipresolver data files every few hours 2017-09-28 14:40:59 -04:00
Joseph Schorr
52927de7f6 Add resolved IP information to track_and_log 2017-09-28 14:40:58 -04:00
Joseph Schorr
010dda2c52 Add CloudFrontedS3Storage, which redirects to CloudFront for non-S3 ips 2017-09-28 14:40:58 -04:00
Joseph Schorr
2d522764f7 Add IP resolver utility that returns whether an IP is under AWS 2017-09-26 16:11:16 -04:00
josephschorr
c44cc072fa Merge pull request #2864 from coreos-inc/partial-autocomplete
Partial autocomplete
2017-09-13 11:26:11 -04:00
Joseph Schorr
54a4476cbb Make missing log more descriptive 2017-09-12 16:19:55 -04:00
Joseph Schorr
c105123ad4 Add superuser config for prefix autocomplete setting 2017-09-12 15:57:57 -04:00
Joseph Schorr
bc82edb2d1 Add ability to configure OIDC internal auth engine via superuser panel 2017-09-12 12:23:52 -04:00
Joseph Schorr
783799c227 Make team sync timeout config actually configurable 2017-09-06 14:08:30 -04:00
Joseph Schorr
751598056e Enable support in OIDC for endpoints without user info support
The user info endpoint is apparently optional.
2017-08-01 13:24:27 -04:00
Antoine Legrand
2d60ad71b6 Print only first line of s3 error message 2017-07-27 18:05:06 +02:00
Joseph Schorr
e7dbc4ee91 Move notification helper code into the root module 2017-07-25 17:00:07 -04:00
Joseph Schorr
ce56031846 Move notifications into its own package 2017-07-25 17:00:06 -04:00
Jake Moshenko
3b79955c8c Fix the relative path problem when running quay from non-root 2017-07-13 15:30:50 -04:00
Joseph Schorr
e00437c227 Add support for disabling an entire namespace, including its team members 2017-07-13 12:25:19 +03:00
Joseph Schorr
7910dc4b2a Fix reference error 2017-07-13 12:25:19 +03:00
Joseph Schorr
2814d2d5eb Add support for organizations to disableabuser 2017-07-13 12:25:19 +03:00
josephschorr
96d1fd128d Merge pull request #2757 from coreos-inc/joseph.schorr/QUAY-606/logarchive-georep
Add support for QE customers to enable log rotation
2017-07-12 00:30:04 +03:00
Evan Cordell
ac54dd6f5d fix(secscan): don't use slash_join, it discards the root 2017-07-11 14:12:57 -04:00
Evan Cordell
b9581e0baf fix(secscan): fix mitm cert path calculation 2017-07-11 13:26:19 -04:00
Joseph Schorr
a13235c032 Fix typo 2017-07-10 18:35:51 +03:00
Evan Cordell
939ddfd1d7 Merge v2.4.0-release into cherrypick-2.4.0 2017-07-10 10:25:18 -04:00
Joseph Schorr
176c26e3f7 Add config validation for action log archiving 2017-07-10 13:09:33 +03:00
EvB
ccca0c9655 refactor(util/tufmetadata/test): move app test to gc suite 2017-07-07 15:14:14 -04:00
Antoine Legrand
cdb3722c17 Use $QUAYPATH and $QUAYDIR in conf and init files 2017-07-05 16:23:54 +02:00
Evan Cordell
d64b8b1fcf Revert to old secret handling, fix license loading 2017-06-28 23:15:14 -04:00
Jimmy Zelinskie
1d2640e012 util.secscan.fake: add test for unexpected status 2017-06-28 13:40:04 -04:00
Evan Cordell
ef459a2d18 Update the expected response layout for kubernetes config 2017-06-28 07:28:57 -04:00
Jimmy Zelinskie
46087d5e64 util.secscan.api: more robust API failures cases
Addresses QUAY-672 by handling all status codes that are not 404 and 5xx
and moving response decoding inside the try/except block to ensure that
the response object is in scope.
2017-06-26 17:13:51 -04:00
Jimmy Zelinskie
e028e159c0 add app registry config to setup tool: default off 2017-06-16 15:44:00 -04:00
Jimmy Zelinskie
9df04a09d6 Merge pull request #2694 from jzelinskie/fix-torrent-config-validation
Fix torrent config validation
2017-06-09 13:39:01 -04:00
Jimmy Zelinskie
a16b469d9b util.registry.torrent: stash kid in JWT headers
Upstream, chihaya reads this header in order to find the kid in the list
of maintained keys. A long time ago, it used to just iterate, but now it
needs to know the kid.
2017-06-09 13:31:38 -04:00
Jimmy Zelinskie
7d07c2ed07 util.config.validators: fix torrent validation
This code was mistaken the info dict with the params passed in an
announce request. Rather, now we expose a function for creating a jwt
from infohashes directly.
2017-06-09 13:31:38 -04:00
Antoine Legrand
f0dd2e348b Merge pull request #2551 from coreos-inc/structured-logs
Add log formatter class
2017-06-07 08:22:18 -07:00
Antoine Legrand
3c99928a27 Add log JSON formatter 2017-06-07 00:02:52 +02:00
Kenny Lee Sin Cheong
1f76e9dc3b Merge pull request #2661 from kleesc/securityworker_cpu
Raise an APIRequestFailure exception when security scanner is unavail…
2017-06-03 12:15:45 -04:00
Joseph Schorr
0ba54ed4fc Simplify the caching of service keys to hopefully avoid the not found issue
Makes accesses simpler and reduces the number of dictionaries to one, in an effort to remove race conditions
2017-05-26 13:51:48 -04:00
josephschorr
2ec43483a8 Merge pull request #2662 from coreos-inc/direct-login
Enable toggling of the direct login feature in the superuser panel
2017-05-24 16:51:43 -04:00
Joseph Schorr
2b9873483a Enable toggling of the direct login feature in the superuser panel
Allows superusers to disable login to the UI via credentials if at least one OIDC provider is configured
2017-05-24 12:57:55 -04:00
Evan Cordell
c55c233f1f Merge pull request #2646 from ecordell/kubernetes-ca-fix
ConfigProviders abstract over path construction
2017-05-24 11:37:17 -04:00
josephschorr
8e8470890a Merge pull request #2653 from coreos-inc/new-signing-ui
Implement updated UI for displaying the signing status of a tag, now …
2017-05-24 11:31:52 -04:00
Kenny Lee Sin Cheong
203c0b76e0 Raise an APIRequestFailure exception when security scanner is unavailable
Put worker to sleep for the duration of the default indexing interval
when an APIRequestFailure occurs, when the API request fails due to a
connection error, timeout, or other ambiguous errors, from
analyze_layer or get_layer_data .
2017-05-24 11:04:44 -04:00
Evan Cordell
20da91d879 Add tests for providers and update install script 2017-05-23 15:43:21 -04:00
Evan Cordell
b3a5f0db1b Merge coreos/new-signing-ui into new-signing-ui 2017-05-23 13:07:18 -04:00
Evan Cordell
897da1df67 Fix tuf api calls 2017-05-23 12:36:49 -04:00
Evan Cordell
f877865e82 Fix tuf api calls 2017-05-23 10:47:59 -04:00
Evan Cordell
01b59e8d66 ConfigProviders abstract over path construction
Fixes issue where certs can't be uploaded in UI in k8s
2017-05-17 08:12:09 -04:00
Jimmy Zelinskie
702cdf59ff Merge pull request #2637 from jzelinskie/audit-apps
Audit Logs for Apps
2017-05-16 17:06:25 -04:00
Jimmy Zelinskie
4db789b656 add audit logging to app registry endpoints 2017-05-16 15:54:02 -04:00
Evan Cordell
e2be8481b0 Merge pull request #2643 from ecordell/all-delegations-tuf
Return all tags in all delegations in tuf api
2017-05-15 17:23:05 -04:00
Evan Cordell
3e3ed11634 Add api for getting all signed tags, separated by delegation 2017-05-15 16:18:30 -04:00
Jake Moshenko
21cb9f1aa1 Handle null executor cancellations separately from other exceptions 2017-05-15 13:45:44 -04:00
josephschorr
19f67bfa1b Merge pull request #2607 from coreos-inc/faster-security-notify
Batch the tag lookups in the security notification worker in an attempt to significant reduce load
2017-05-03 13:49:13 -04:00
Joseph Schorr
977bbc20a2 Add filtering onto the images query in get_matching_tags_for_images
Should make the query even faster in the security notification case
2017-05-02 18:29:14 -04:00
Joseph Schorr
4e09fff181 Remove test that breaks MySQL full DB tests 2017-05-02 16:04:46 -04:00
Joseph Schorr
98fcae753b Change the security notification system to use get_matching_tags_for_images
This should vastly reduce the number of database calls we make, as instead of making 2-3 calls per image, we'll make two calls per ~100 images
2017-05-02 15:39:27 -04:00
Evan Cordell
738f53f61a Merge pull request #2597 from ecordell/sni
TUF metadata api SNI support
2017-05-02 13:01:16 -04:00
Evan Cordell
b2569ffbb2 Support SNI in python requests, and only delete tuf metadata if it
exists
2017-05-02 09:32:12 -04:00
Joseph Schorr
ae0d1e831b Add prometheus metric for queued builds 2017-05-01 15:16:55 -04:00
josephschorr
8b148bf1d4 Merge pull request #2576 from coreos-inc/full-db-tests-tox
Reenable full database testing locally and in concourse
2017-04-27 18:09:15 -04:00
Joseph Schorr
4ea4ee3aa4 Fix time machine config validator on old-style config
Existing config won't have the keys defined, so make sure we skip in that case (and just use the defaults)
2017-04-27 14:24:47 -04:00
Joseph Schorr
cb3695a629 Change config validator tests to use the shared fixtures 2017-04-24 16:45:14 -04:00
Joseph Schorr
f296599162 Add additional logging around secscan analyze 2017-04-21 16:52:47 -04:00
Jake Moshenko
3b26e819d3 Merge pull request #2558 from jakedt/betternooper
Make the nooper impl even smaller!
2017-04-21 14:29:52 -04:00
Joseph Schorr
3dcbe3c631 If enabled, allow users and orgs to set their time machine expiration
Fixes https://www.pivotaltracker.com/story/show/142881203
2017-04-21 11:32:45 -04:00
Jimmy Zelinskie
6bef1d1ff3 Merge pull request #2322 from jzelinskie/acifix
image/appc: fix volume conversion and add tests
2017-04-21 10:15:03 -04:00
Jake Moshenko
e97ef09bd3 Make the nooper impl even smaller! 2017-04-20 13:42:49 -04:00
josephschorr
b03771669b Merge pull request #2554 from coreos-inc/no-secscan-delete
Fix deleting repos when sec scan or signing is disabled
2017-04-19 17:09:59 -04:00
Joseph Schorr
c5bb9abf11 Fix deleting repos when sec scan or signing is disabled
Make sure we don't invoke the APIs to non-existent endpoints
2017-04-19 16:57:36 -04:00
Joseph Schorr
08b9c4b0d4 Fill backfill script for recent changes
We forgot that we need to lookup by user *object* and we need to lookup locations on their own
2017-04-19 16:50:51 -04:00
Jake Moshenko
ba07270bb2 Turn off in-app sentry logging, only log 500s at the WSGI layer 2017-04-18 16:38:22 -04:00
Jake Moshenko
22f5934f34 Add error logging to Marketo calls 2017-04-17 10:19:52 -04:00
Evan Cordell
2661db7485 Add flag to enable trust per repo (#2541)
* Add flag to enable trust per repo

* Add api for enabling/disabling trust

* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api

* Add `set_trust` method to repository

* Expose new logkind to UI

* Fix registry tests

* Rebase migrations and regen test.db

* Raise downstreamissue if trust metadata can't be removed

* Refactor change_repo_trust

* Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00
Evan Cordell
ec63e495fc Add repo purge callbacks and register TUF metadata deletion as one 2017-04-12 17:33:51 -04:00
Evan Cordell
883692345b Add unit tests for gun calculation 2017-04-12 17:33:51 -04:00
Evan Cordell
70ae34357f urljoin GUN together instead of manually concatenating 2017-04-12 17:33:51 -04:00
Evan Cordell
68128b938b Add tests for tuf metadata delete 2017-04-12 17:33:51 -04:00
Evan Cordell
abe6f40bc5 Add support for deleting TUF metadata when repo is deleted 2017-04-12 17:33:51 -04:00
josephschorr
2bc619137a Merge pull request #2512 from ecordell/tufmetadata
Add tufmetadata endpoint
2017-04-07 17:16:11 -04:00
Evan Cordell
217b4a5ab2 Return hashes and expiration when fetching signed tags 2017-04-07 16:12:28 -04:00
Joseph Schorr
ed3da4697f Add client ID and client secret to OIDC config validator 2017-04-07 11:33:02 -04:00
Jake Moshenko
c7241911a5 Fix old-style flask imports to silence deprecation warnings. 2017-04-06 13:15:48 -04:00