Commit graph

1698 commits

Author SHA1 Message Date
Sam Chow
d9f7c07f42 Add db configuration to modifying config
Move more tests over
2018-08-21 15:19:24 -04:00
Joseph Schorr
5a997eb4e3 Change label creation function to return the label created 2018-08-21 14:27:10 -04:00
Joseph Schorr
584a18c0e1 Change datatype base to raise AttributeError on missing keys 2018-08-20 15:49:51 -04:00
Joseph Schorr
254f06e634 Implement legacy image portion of the data model
This also makes use of the newly created input system
2018-08-20 15:49:51 -04:00
Joseph Schorr
8aafbf8b8c Switch the registry data model types to our own class constructor
This allows us to hide the DB ID from external-to-the-package users of the types and will allow us to add model-level caching as well
2018-08-20 15:49:51 -04:00
Joseph Schorr
9f96e595ac Change build component labeling to use new registry interface 2018-08-20 15:49:51 -04:00
Joseph Schorr
301532279c Fix broken registry data interface tests 2018-08-20 13:01:12 -04:00
Joseph Schorr
e30b746aef Fix TagManifests with shared digests under the same repository.
TagManifests can (apparently, in very rare scenarios) share manifests with the exact same digests, so we need to support that case in the backfill worker. We also need to remove a unique constraint on the manifest column in the mapping table to support this case.
2018-08-20 11:32:59 -04:00
Joseph Schorr
6414e580f6
Merge pull request #3204 from quay/joseph.schorr/QUAY-1030/registry-interface
Start on a basic registry_model interface
2018-08-17 15:31:11 -04:00
Sam Chow
ec14007268
Merge pull request #3207 from quay/project/gen-sec-key
Add the service key creation to config tool
2018-08-16 16:48:15 -04:00
Sam Chow
cc9bedbeb9 refactor approval service key to not need approver 2018-08-15 17:18:41 -04:00
Joseph Schorr
2b4d52a357 Migrate the manifest bytes column to UTF8 2018-08-15 11:41:26 -04:00
Joseph Schorr
70df10dade Change manifest backfill to lookup missing content checksums in the repository
After discussion, we decided the best solution for the missing content checksum problem was to lookup the proper blobs in the repository and, if not present, mark the manifest as broken, as this would reflect the actual issue the user faces if they pull the repository tag today via V2
2018-08-14 14:36:19 -04:00
Joseph Schorr
c30214c7a8 Start on a basic registry_model interface and change a single module to use it. This will allow us to completely abstract out how we deal with registry-related tables and ensure that transitioning to the new OCI-like model will be easier to do. 2018-08-14 13:48:59 -04:00
Joseph Schorr
96e0fc4ad6 Fix manifest backfill for manifests pointing to V1 images
V1 images don't have checksums, so we just always use the full storage set for the manifest, rather than a checksum map
2018-08-13 15:51:18 -04:00
Joseph Schorr
03ea3a3250 Add worker to backfill the new manifest tables from the tagmanifest table 2018-08-13 14:56:31 -04:00
Joseph Schorr
2ab7ca30d0 Change ManifestBlob row creation to be a single batch operation
Should reduce DB roundtrip times and the overall time we spend under the transaction
2018-08-09 17:04:16 -04:00
Joseph Schorr
1f04b3ea03
Merge pull request #3197 from quay/remove-transaction
Remove the transaction around creating the tag and the tag manifest
2018-08-09 16:34:31 -04:00
Joseph Schorr
8cdddd365b Remove the transaction around creating the tag and the tag manifest
The tag manifest creation operation is now quite a bit heavier (because it is populating a bunch of new-model tables as well), and it is not necessary for the transaction to include this operation, because tags are valid without manifests currently.
2018-08-09 16:32:07 -04:00
Joseph Schorr
590f8f65a3 Allow lookup of "dead" manifests so manifest links can be clicked in the tag history
Fixes https://jira.coreos.com/browse/QUAY-1021
2018-08-09 16:05:10 -04:00
Joseph Schorr
56222f95dc Change manifest creation to take in the map of blobs that form the manifest
We need to lookup the blobs *specific to the images in that manifest*, so we now pass them in from the locations in which we know that information
2018-08-07 16:28:50 -04:00
Joseph Schorr
e3da522d26 Rename store_tag_manifest to indicate clearly it is only to be used for testing 2018-08-07 14:52:59 -04:00
Joseph Schorr
9669320df2 Fix pushing of manifests whose layers share blobs
If a blob was repeated previously, we would get a constraint error from the ManifestBlob table
2018-08-07 13:06:30 -04:00
Joseph Schorr
89582438cd Fix the V22 phase 1 migrations to use new tables for mapping rather than editing existing tables
The ALTER TABLE operations previously used were causing the DB to die when run on the production TagManifest table which has 7 million rows. We instead now use new mapping tables, which is less nice, but these are temporary anyway, so hopefully we only have to deal with their ugliness for a short duration.
2018-08-06 16:58:27 -04:00
Joseph Schorr
7068010751
Merge pull request #3186 from quay/joseph.schorr/QUAY-1013-1015/manifest-migration
First phase of V2_2 data model migrations
2018-08-06 13:56:14 -04:00
Joseph Schorr
a46660a06f Add new Manifest, ManifestLabel, ManifestLegacyImage and ManifestBlob tables and start writing and GCing to/from them
This change also starts passing in the manifest interface, rather than the raw data, to the model for writing.

Note that this change does *not* backfill the existing rows in to the new tables; that will occur in a followup PR. The new columns in `tagmanifest` and `tagmanifestlabel` will be used to track the backfill, as it will occur in a worker.
2018-08-06 13:01:11 -04:00
Sida Chen
6efe262217
Merge pull request #3188 from KeyboardNerd/sidchen/notification_datetime_bug
Fixes empty "created" field in notification
2018-08-06 12:58:38 -04:00
Sida Chen
415631153a Fixes empty "created" field in notification
Fixes https://jira.coreos.com/browse/QUAY-1022
2018-08-01 17:17:47 -04:00
Joseph Schorr
7325b22c90 Change id column in LogEntry to a BigInt and migrate back to using that table 2018-07-30 12:42:56 -04:00
Joseph Schorr
8e425ee559 Fix for merge 2018-07-23 12:43:23 -04:00
Joseph Schorr
9a40e99a8f Enhancements for validation of DB urls
We now turn off retries and DB pooling, and make sure to always close the connection
2018-07-23 12:43:23 -04:00
Joseph Schorr
d15dcae505 Reenable retry wrapper on database operations 2018-07-23 12:43:23 -04:00
Brad Ison
d3d9cca182 Upgrade Peewee to latest 3.x
This requires a number of small changes in the data model code, as well as additional testing.
2018-07-23 12:43:23 -04:00
Joseph Schorr
487edf0ba1 Phase 3 of Appr migration
Deletes the old models and their code
2018-07-21 15:43:00 -04:00
Joseph Schorr
acb7d626a4 Phase 2 of Appr migration
Backfills the new tables from the old ones, and switches all code to read and write from the new tables
2018-07-21 15:25:04 -04:00
Joseph Schorr
113bb96f29 Phase 1 of migrating APPR-specific tables to tables with the Appr prefix
Fixes https://jira.coreos.com/browse/QUAY-950
2018-07-20 13:19:01 -04:00
Joseph Schorr
6622f27c93 Rename oci_model to appr_model 2018-07-20 12:46:19 -04:00
Joseph Schorr
3f3a0946f6 Move repo visibility tests into pytest 2018-07-19 11:23:11 -04:00
Joseph Schorr
f84cb05792
Merge pull request #3164 from quay/move-queue-tests
Move queue tests to pytest
2018-07-18 17:27:38 -04:00
Joseph Schorr
2d7b4dd1bf Move public repo test to pytest 2018-07-18 17:22:05 -04:00
Joseph Schorr
f648b3311b Move queue tests to pytest 2018-07-18 15:22:38 -04:00
Joseph Schorr
928a5d604a Move build query tests to pytest 2018-07-18 11:26:18 -04:00
Sam Chow
f5a8116f5a Remove password confirmation in config app
Small fix to manually clean up temp dir when creating new temp dir,
small fix to font awesome icons, change the jwt/keystone
validators to not use username/password
2018-07-17 16:00:55 -04:00
Sam Chow
496d94138c
Merge pull request #3139 from quay/spike/install-certs
Install certs in the config app, small refactor to LDAP validation
2018-07-16 12:50:36 -04:00
Joseph Schorr
eb8e325f94 Move image sharing model tests to pytest 2018-07-16 09:58:21 -04:00
Joseph Schorr
dda083abb1 Move blob model tests to pytest 2018-07-13 13:19:46 +03:00
Sam Chow
9024419896 Modify ldap validator to just check user existence
Remove auth user check from updating config app config

remove duplicate certs install script
2018-07-11 16:49:13 -04:00
Joseph Schorr
924dda296f Fully migrate API security tests into the pytest test suite
Also adds an additional test that ensures that at least one security test exists for every (api endpoint, http method) pair.
2018-07-08 18:33:21 +03:00
Brad Ison
73cb7f3228
endpoints/api: Allow null fields in user metadata
The user metadata fields are nullable in the database, but were not in
the json sechema.  This prevented users from updating some of their
information on the site if they hadn't set the metadata fields.
2018-06-27 15:34:55 -04:00
Sam Chow
872be8605a Fix error case in uploading tar, more comments 2018-06-22 13:23:08 -04:00
Sam Chow
aff1a08a83 Fix main app migration pathway 2018-06-21 15:33:26 -04:00
Sam Chow
b5f630ba29 Fix alembic migrations importing app
Ensure we connect to loaded config db
2018-06-20 17:17:35 -04:00
Joseph Schorr
371f6f8946
Merge pull request #3118 from quay/joseph.schorr/QUAY-977/catalog-efficiency
Catalog efficiency improvements
2018-06-20 16:40:37 -04:00
Joseph Schorr
2caaf84f31 Add caching support to catalog
We will now cache the results of the catalog for 60s and not hit the database at all if cached
2018-06-20 14:58:01 -04:00
Joseph Schorr
7604e9842b Change repo filtering for users to use a user ID reference, rather than the username
While this means we need an additional query for initial lookup, it makes the *filtering* query (which is the heavy part) require far fewer joins, thus making it more efficient.

Also adds a new unit test to verify that our filter filters to the correct set of repositories.
2018-06-19 10:51:30 -04:00
Joseph Schorr
f6ff0d6ca0 Add support for populating test data during migration testing
This change ensures that the tables in the database during migration have at least one row of "real" data, which should help catch issues in the future where we forget to set column defaults and other such schema oversights that can only be truly tested with non-empty tables

Fixes https://jira.coreos.com/browse/QUAY-913
2018-06-18 14:14:32 -04:00
Joseph Schorr
0fa1a1d5fd Implement support for blob mounting via the mount parameter on blob uploads
Fixes https://jira.coreos.com/browse/QUAY-893
2018-06-06 11:31:28 -04:00
Joseph Schorr
b2262eaf46 Add feature flag to disable username confirmation
Fixes https://jira.coreos.com/browse/QUAY-914
2018-06-01 13:30:50 -04:00
Joseph Schorr
8ee98c1c48 Show starred public repositories in the starred repos list
We forgot to check if the repository was public in the filter

Fixes https://jira.coreos.com/browse/QUAY-857
2018-05-31 17:34:17 -04:00
Joseph Schorr
6ffafe44d3
Merge pull request #3059 from quay/joseph.schorr/QUAY-906/reg-tests
Move registry integration tests to py.test
2018-05-22 17:09:11 -04:00
Joseph Schorr
861e81cccd Allow team syncing if user creation is disabled
Before this change, if user creation was disabled, team sync would fail to sync over users that had not yet been invited/logged in, because their accounts could not be created. Following this change, team syncing of users not yet in the system will create those user accounts, allowing users to be "auto invited" via team sync.

Fixes https://jira.coreos.com/browse/QUAY-910
2018-05-22 14:09:40 -04:00
Joseph Schorr
a007332d4c Temporarily change to storing logs in a new LogEntry2 table
This will prevent us from running out of auto-incrementing ID values until such time as we can upgrade to peewee 3 and change the field type to a BigInt

Fixes https://jira.coreos.com/browse/QUAY-943
2018-05-18 20:15:16 -04:00
Joseph Schorr
f5fafc480f Notifications can target robots, but the model did not reflect that
This fixes a breakage when deleting robots that have notifications targeting them.
2018-05-15 16:19:46 -04:00
josephschorr
58612955d6
Merge pull request #3079 from quay/joseph.schorr/QUAY-927/robots-limit
Limit robots displayed in entity search
2018-05-15 13:59:48 -04:00
josephschorr
6780a1f06b
Merge pull request #3077 from quay/joseph.schorr/QUAY-931/log-slowdown
Logs slowdown fixes
2018-05-15 13:28:05 -04:00
Joseph Schorr
5c50161d85 Limit robots displayed in entity search
Before, we'd load *all* the robots, which can be a huge issue in namespaces with a large number of robots. Now, we only load the top-20 robots (as per recency in login), and we also limit the information returned to the entity search to save some bandwidth.

Fixes https://jira.coreos.com/browse/QUAY-927
2018-05-15 11:00:57 -04:00
Joseph Schorr
b98c65b3a3 Filter out deleted users and organizations from the superuser list
Superusers were getting confused because the users/orgs were being disabled and renamed, but still appeared in the list until they were GCed by the background worker. Now we just hide them.

Fixes https://jira.coreos.com/browse/QUAY-936
2018-05-15 10:42:41 -04:00
Joseph Schorr
e3248bde47 Small fixes to make loading of logs faster
Removes filtering of log types where not necessary, removes filtering based on namespace when filtering based on repository (superfluous check that was causing issues in MySQL preventing the use of the correct index) and fix some other small issues around the API

Fixes https://jira.coreos.com/browse/QUAY-931
2018-05-14 11:41:49 -04:00
Joseph Schorr
29058201e5 Fix bug in modelutil pagination that caused us to load far more results than necessary
Also adds tests for the modelutil pagination
2018-05-14 11:40:31 -04:00
Joseph Schorr
49699fe251 Fix MySQL bug in full text search
Fixes https://jira.coreos.com/browse/QUAY-937
2018-05-14 08:41:40 -04:00
Joseph Schorr
f06eec8a35 Fix issue where we didn't delete robots immediately under a namespace
This could result in "hanging" robot accounts, although that would only leak the names of said accounts. Now we delete them immediately AND we proactively delete them before replacing the namespace (just to be sure)
2018-05-09 17:53:30 +03:00
Joseph Schorr
178c8e7cb0 Fix bug in in-memory data cache
Previously, if we didn't find a key, we'd empty the entire cache, making it essentially a single-key cache. We skip clearing now, although this does mean we won't GC expired entries (not a problem for tests, though)
2018-05-01 13:28:24 +03:00
Joseph Schorr
3309daa32e Add support for reduced initial build count for new possible abusing users
If configured, we now check the IP address of the user signing up and, if they are a possible threat, we further reduce their number of allowed maximum builds to the configured value.
2018-04-20 18:46:32 +03:00
Joseph Schorr
4418772745 Postgres requires defaults for non-nullable cols, even integer ones
Fixes https://jira.coreos.com/browse/QUAY-912
2018-04-08 18:54:23 -04:00
Brad Ison
8e5c67e207
Use get_or_create in place of create_or_get
Peewee v2.9.0 removes the create_or_get method.
2018-04-04 14:21:16 -04:00
Joseph Schorr
82da2042fd Add tests for image model, fix a small bug and remove an unused function 2018-04-04 13:13:52 -04:00
Joseph Schorr
8146646761 Simplifying queries around images and placements
Only verbs needs to load placements for multiple images, so we can vastly simplify and optimize most queries by making it two-step, and having the rest of the image loads not worry about placements
2018-04-03 16:23:49 -04:00
Joseph Schorr
f6b647bd61 Default for robot account metadata should be an empty dict, not a string 2018-03-27 17:29:55 -04:00
josephschorr
b897d896d7
Merge pull request #2876 from coreos-inc/blocking-logs-fix
Decrease redis timeouts to within the WAMP message window
2018-03-22 21:40:47 -04:00
josephschorr
6c43b7ff0d
Merge pull request #3024 from coreos-inc/manageable-robots
Manageable robots epic
2018-03-21 18:50:17 -04:00
Joseph Schorr
2ea13e86a0 Add last_accessed information to User and expose for robot accounts
Fixes https://jira.coreos.com/browse/QUAY-848
2018-03-21 15:28:34 -04:00
Joseph Schorr
c4debe011c Fix team add/invite logic around when an invite is required
We were accidentally skipping the invite if the user was a member of *any* organization, rather than the specific organization (as intended)

Fixes https://jira.coreos.com/browse/QUAY-880
2018-03-16 17:13:27 -04:00
Joseph Schorr
254cdfe43a Add support for metadata on robot accounts
Fixes https://jira.coreos.com/browse/QUAY-847
Fixes https://jira.coreos.com/browse/QUAY-816
2018-03-12 20:32:05 -04:00
Joseph Schorr
a693771345 Add creation date information to robots API and UI
Fixes https://jira.coreos.com/browse/QUAY-846
2018-03-09 13:55:19 -05:00
Joseph Schorr
c4a6273e00 Add creation date to User table 2018-03-09 13:31:29 -05:00
Joseph Schorr
2d34b89203 Decrease redis timeouts to within the WAMP message window
This ensures that if the builder sends a heartbeat, but redis is down, we don't time out the build while waiting to connect or receive. Since Redis data is ephemeral anyway, this should give us more stability in builds if/when redis is down
2018-03-02 16:53:37 -05:00
Joseph Schorr
24b77bbc10 Fix serialization of blobs to/from the cache
Also makes sure the test checks that serialization
2018-03-02 14:22:55 -05:00
Joseph Schorr
ff1773bd28 Change name field back to a normal string
Our prod MySQL does not support an index on a UTF8 field of this size; thankfully, we don't need UTF8 here
2018-03-02 13:23:30 -05:00
Joseph Schorr
4db4a44491 Add missing server_default on enabled col in repositorybuildtrigger
Without it, we'll default all existing triggers to disabled
2018-03-02 13:13:32 -05:00
Joseph Schorr
ed84835d23 Changes for code review 2018-03-01 16:49:52 -05:00
Joseph Schorr
3837a7c2ed Add datetime of when a trigger was disabled 2018-03-01 16:49:51 -05:00
Joseph Schorr
93d79e777e Automatically disable build triggers with successive failures or internal errors
We allow users to reenable them manually once disabled
2018-03-01 16:49:51 -05:00
Joseph Schorr
c35eec0615 Add ability for triggers to be disabled
Will be used in the followup commit to automatically disable broken triggers
2018-03-01 16:49:28 -05:00
Joseph Schorr
ab0172d2fd Switch Quay to using an in-container memcached for data model caching 2018-02-27 16:55:22 -05:00
Joseph Schorr
8bc55a5676 Make namespace deletion asynchronous
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.

Fixes https://jira.coreos.com/browse/QUAY-838
2018-02-27 13:12:51 -05:00
Brad Ison
f89a16a64d Make byte_count on BlobUpload table not nullable
The byte_count field on the BlobUpload model is marked as not
nullable, but the migration to make the field a big integer removed
that restriction (#2388 :: 76de324) in the database.  It's still in
the model though, which means they are out of sync.  This adds a
migration to mark the field as not nullable in the database again.
2018-02-26 11:36:56 -05:00
Brad Ison
5bd826e7b5 Drop checksum from ImageStorage table
The checksum field was removed from the ImageStorage model in #815,
but was never dropped from the database.  This adds a migration to
drop the unused column.
2018-02-24 17:00:07 -05:00
Joseph Schorr
e446eb5757 Switch build queue limiter query to use total number of alive jobs
This is slightly more accurate and, not being based on time, will work better under MySQL
2018-02-21 14:04:40 -05:00
josephschorr
d77aa9228f
Merge pull request #3002 from coreos-inc/joseph.schorr/QUAY-822/gc-app-tokens
Add a worker to automatically GC expired app specific tokens
2018-02-20 17:21:48 -05:00
Joseph Schorr
9a452ace11 Add configurable limits for number of builds allowed under a namespace
We also support that limit being increased automatically once a successful billing charge has gone through
2018-02-20 16:54:22 -05:00
Brad Ison
62971b7f20
Merge pull request #2999 from bison/user-location
Add user location metadata filed
2018-02-20 16:48:37 -05:00
Joseph Schorr
e220b50543 Refactor auth code to be cleaner and more extensible
We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc).
2018-02-14 15:35:27 -05:00
Joseph Schorr
e1a3857de9 Make sure to filtered already-expired tokens from the "expiring soon" tokens 2018-02-12 17:07:50 -05:00
Joseph Schorr
d45161b120 Add a worker to automatically GC expired app specific tokens
Fixes https://jira.coreos.com/browse/QUAY-822
2018-02-12 14:56:01 -05:00
Brad Ison
3de6b4a646 Add location metadata field for users 2018-02-06 16:06:17 -05:00
Joseph Schorr
da0fa2e0d2 Make sure to add primary repo permissions under a transaction
Should prevent a repository from being created under a user's namespace without a corresponding admin permission

Fixes https://jira.coreos.com/browse/QUAY-826
2018-02-06 11:20:40 -05:00
Joseph Schorr
6228ab5a51 We cannot cache the full expiration for an app specific token, as it would include the datetime when the cache is created, rather than now
Fixes https://jira.coreos.com/browse/QUAY-819
2018-02-02 16:11:59 -05:00
Joseph Schorr
bbdf9e074c Add metrics for tracking when instance key renewal succeeds and fails, as well as when instance key *lookup* fails 2018-02-02 11:14:42 -05:00
josephschorr
fd1237cff9
Merge pull request #2974 from coreos-inc/joseph.schorr/QS-118/manifest-write-query
Audit the number of SQL queries we make in writing manifests, and significantly reduce in the common case
2018-01-31 11:08:33 -05:00
Joseph Schorr
182c4594e7 Remove unsupported DB connection arguments for non-pooled DB handler 2018-01-26 13:37:08 -05:00
Joseph Schorr
9e16a989f5 Audit the number of SQL queries we make in writing manifests, and significantly reduce in the common case
Instead of 41 queries now for the simple manifest, we are down to 14.

The biggest changes:
  - Only synthesize the V1 image rows if we haven't already found them in the database
  - Thread the repository object through to the other model method calls, and use it instead of loading again and again
2018-01-25 11:10:43 -05:00
Joseph Schorr
208dc38d25 Allow expired app specific tokens to be deleted 2018-01-23 11:40:51 -05:00
Joseph Schorr
3bc5840496 Extend our logs about whether we are using connection pooling for a DB 2018-01-11 16:43:46 -05:00
josephschorr
b17c05fbd5
Merge pull request #2968 from coreos-inc/joseph.schorr/QS-110/user-login-lock
Reduce lock contention on invalid user login calls
2018-01-09 12:41:00 -05:00
Joseph Schorr
81be47486c Reduce lock contention on invalid user login calls
Fixes https://jira.coreos.com/browse/QS-110
2018-01-08 16:57:50 -05:00
josephschorr
13b738c43c
Merge pull request #2954 from coreos-inc/joseph.schorr/QS-102/user-api-filter
Add ability to filter users list to enabled users
2018-01-05 15:40:50 -05:00
josephschorr
d8fde005d8
Merge pull request #2961 from coreos-inc/joseph.schorr/QS-107/create-repo-opt
Small optimizations around create repository code
2018-01-05 15:40:30 -05:00
Joseph Schorr
6a876a6b73 Change title to be UTF8 2018-01-04 15:27:42 -05:00
Joseph Schorr
888b564a9b Add a banner to the Quay UI when an app specific token is about to expire 2018-01-04 15:27:42 -05:00
Joseph Schorr
2214a2c7ad Disable fresh login check in auth engines that won't support it 2018-01-04 15:27:41 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
3f99e864e1 Reduce the number of DB queries for creating a repo 2018-01-04 14:32:39 -05:00
Joseph Schorr
1e1bec0afe Remove extra update call on create repo 2018-01-04 13:42:05 -05:00
Joseph Schorr
8e473b9779 Add filter for disabled users to superuser user list API
Fixes https://jira.coreos.com/browse/QS-102
2017-12-22 16:45:49 -05:00
josephschorr
024c183f67
Merge pull request #2944 from coreos-inc/joseph.schorr/QS-91/v2-caching
V2 registry blob caching
2017-12-18 14:42:02 -05:00
Joseph Schorr
9e16596854 Add a bunch of logging to the data model caching mechanism
Should help us debug any potential issues
2017-12-18 14:18:37 -05:00
Joseph Schorr
097cbbeaae Add new Quay pricing plans 2017-12-18 13:12:16 -05:00
Joseph Schorr
60bc655695 Fix flakiness in a test when comparing date times 2017-12-14 14:00:20 -05:00
Joseph Schorr
3c72e9878d Add the concept of a data model cache, for caching of Namedtuple objects from the data model
Will be used to cache blobs, thus removing the need to hit the database in most blob requests
2017-12-14 13:36:51 -05:00
Joseph Schorr
51e67ab7f5 Fix get_blob_path to not make any database calls and add a test
This will be supported by caching, hopefully removing the need to hit the database when the blob object is cached
2017-12-13 16:27:46 -05:00
josephschorr
b2db266747
Merge pull request #2935 from coreos-inc/joseph.schorr/QS-80/password-reset-expire
Add maximum lifetime of 30m on password recovery tokens
2017-12-07 14:21:32 -05:00
josephschorr
1861d7dee9
Merge pull request #2938 from coreos-inc/joseph.schorr/QS-85/signout-all
Invalidate all session tokens when a user signs out
2017-12-07 13:25:00 -05:00
Joseph Schorr
1d1c6f0606 Invalidate all session tokens when a user signs out
Fixes https://jira.coreos.com/browse/QS-85
2017-12-07 13:03:11 -05:00
Joseph Schorr
d38a1fc851 Ensure user files are always sent with the Content-Disposition header
This prevents them from being executed in the browser directly

Fixes https://jira.coreos.com/browse/QS-84
2017-12-06 17:12:00 -05:00
Joseph Schorr
5dd95038cf Add maximum lifetime of 30m on password recovery tokens
Fixes https://jira.coreos.com/browse/QS-80
2017-12-06 17:06:03 -05:00
josephschorr
8d7381336a
Merge pull request #2910 from coreos-inc/joseph.schorr/QS-58/oidc-auth-bug
Don't add a "password required" notification for non-database auth via OIDC
2017-12-06 14:19:49 -05:00
Joseph Schorr
32255f122b Simplify and further optimize handling of unfiltered search results
Using the DB-side limit is much faster
2017-11-30 16:56:01 -05:00
Joseph Schorr
eea026be52 Fix bug around search pagination with non-filtered searches
Also further optimizes the queries
2017-11-30 16:13:42 -05:00
Joseph Schorr
0440cca3ef Fix typo in how we order search results
`.desc()` needs to be on the field
2017-11-30 14:53:23 -05:00
Joseph Schorr
c767c88b82 Optimize searching of repositories when there is no query 2017-11-30 14:10:22 -05:00
Joseph Schorr
2ced523313 Add Explore tab and query-less searching
Allows for exploration of all visible repositories, in paginated form.

This change also fixes the layout of the header on different viewport sizes to be consistently a single line in height.

Fixes https://jira.coreos.com/browse/QS-63
2017-11-28 16:50:23 +02:00
Joseph Schorr
503cff8f0c Don't add a "password required" notification for non-database auth via OIDC 2017-11-13 16:17:36 -05:00
Joseph Schorr
2e28976d7c Change exception to debug on expected RAC integrity error
Fixes https://jira.prod.coreos.systems/browse/QS-44
2017-10-30 12:55:24 -04:00
Joseph Schorr
9f804de23d Fix bug in deletion of repos with OCI-style linked tags
MySQL does not allow rows in the same table referencing other rows to be deleted in a single statement. We now do a two-pass deletion, and add a test to make sure.

Fixes https://jira.prod.coreos.systems/browse/QS-18
2017-10-18 17:03:27 -04:00
Joseph Schorr
c2a56ae828 Add a test for ping in OIDC auth 2017-10-12 16:49:06 -04:00
Joseph Schorr
c1ce84822d Fix tuple for health check 2017-10-12 16:25:31 -04:00
Joseph Schorr
7e63184ab4 Add missing ping method 2017-10-12 16:25:21 -04:00
Joseph Schorr
2ce4e49711 Build job does not have a request context when calling get_file_url
We therefore need to specify some sort of IP or get_file_url will attempt to get it from context
2017-10-06 12:57:02 -04:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth
OIDC internal auth support
2017-10-02 16:51:17 -04:00
Joseph Schorr
f51a863158 Remove access_token from user_info 2017-10-02 16:51:09 -04:00
Joseph Schorr
56fbbcf7cf Add request IP to get_direct_download_url method 2017-09-25 17:14:28 -04:00
Joseph Schorr
804d3c46c3 Add feature flag to allow users to be created only if invited to join a team
Allows for open user creation, but only if extended an invitation by someone who already has access
2017-09-14 16:28:39 -04:00
Joseph Schorr
c6aad5fef0 Add option to disable partial autocompletion of users 2017-09-12 15:55:37 -04:00
Evan Cordell
1d246784dd Include invalid oidc token in the error message for debugging 2017-09-12 12:26:42 -04:00
Joseph Schorr
ed897c7cb0 Change OIDC engine to not be federated
We don't need linking, just the ability to perform lookup
2017-09-12 12:26:41 -04:00
Joseph Schorr
bc82edb2d1 Add ability to configure OIDC internal auth engine via superuser panel 2017-09-12 12:23:52 -04:00
Joseph Schorr
e724125459 Add support for using OIDC tokens via the Docker CLI 2017-09-12 12:23:22 -04:00
Jimmy Zelinskie
9e09612851 Revert "Merge pull request #2844 from coreos-inc/alegrand/use_latest_appr_server_code"
This reverts commit 646fafb2fd, reversing
changes made to 5c1b635439.
2017-08-09 20:45:46 -04:00
Antoine Legrand
646fafb2fd Merge pull request #2844 from coreos-inc/alegrand/use_latest_appr_server_code
Migrate from cnr -> appr
2017-08-09 00:01:25 +02:00
Antoine Legrand
6336a4a971 Migrate from cnr -> appr 2017-08-08 11:48:59 +02:00
Charlton Austin
6c29ec873a refactor(endpoints/api/superuser*): refactored code behind db model
this moves all the db model code behind an interface in prep for v2-2

Issue: https://coreosdev.atlassian.net/browse/QUAY-750

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-08-01 11:27:55 -04:00
josephschorr
6ce06942f0 Merge pull request #2791 from coreos-inc/purge-repo-optimization
Optimize purging of a repository by skipping the unreferenced check
2017-07-31 18:02:28 -04:00
Jimmy Zelinskie
fe6760749a Merge pull request #2826 from jzelinskie/appr-v22
endpoints.appr: move to new v22 format
2017-07-31 07:36:40 -07:00
Joseph Schorr
dfe371286a Optimize purging of a repository by skipping the unreferenced check 2017-07-28 13:41:14 -04:00
Joseph Schorr
6043bf45b4 Add configurable stale_timeout and max_connections on pool 2017-07-27 15:26:26 -04:00
Joseph Schorr
f79542fefb Enable connection pooling in the registry 2017-07-27 14:00:23 -04:00
Jake Moshenko
e9a5fdbad1 Use a more pro-active approach to identify an uninitialized db proxy. 2017-07-26 18:23:05 -04:00
Joseph Schorr
50c144a7c4 Remove the configure call in UseThenDisconnect
This hopefully avoids us creating secondary connections
2017-07-26 14:14:52 -04:00
Jimmy Zelinskie
155cb65f7d endpoints.appr: move to new v22 format 2017-07-26 11:02:44 -07:00
Jake Moshenko
0011ddda16 Release database connections after updating build statuses. 2017-07-26 12:29:51 -04:00
Joseph Schorr
9febb539a7 Close the database connection after operations in buildman
Also adds a *temporary* hack to prevent this from breaking tests
2017-07-26 12:10:48 -04:00
Charlton Austin
be206a8b88 Merge pull request #2814 from charltonaustin/create_data_interface_for_subsystem_api/repository_633
refactor(endpoints/api/repository*): added in pre_oci_model abstraction
2017-07-25 13:59:52 -04:00
josephschorr
074b4e4981 Merge pull request #2810 from coreos-inc/joseph.schorr/QUAY-747/common-data-interface
Convert endpoints/common into using a data interface
2017-07-24 15:59:13 -04:00
Charlton Austin
8f1200b00d style(data, endpoints, test): ran yapf against changed files
### Description of Changes

Issue: https://coreosdev.atlassian.net/browse/QUAY-633

## Reviewer Checklist

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-07-24 11:05:15 -04:00
Joseph Schorr
aecec02b6c Change common_login to take in a user uuid, instead of a user DB object 2017-07-20 16:01:39 -04:00
Jimmy Zelinskie
d7b094f65c Merge pull request #2801 from jzelinskie/keyserver-update
endpoints.keyserver: new fs org for data interface
2017-07-20 14:48:57 -04:00
Joseph Schorr
7d4fed6892 Change error message when trying to pull a deleted or expired tag
Will let the users know they can recover the tag via time machine

Note: This was tested with the Docker protocol, but the new error code is *technically* out of spec; we should make sure its okay.
2017-07-19 17:13:48 -04:00
Joseph Schorr
99d7fde8ee Add UI for viewing and changing the expiration of tags 2017-07-19 17:13:48 -04:00
Joseph Schorr
4663bf4194 Add additional test for tag expiration 2017-07-19 17:13:06 -04:00
Joseph Schorr
4ad3682b9c Make health check failures report their reasons
Note that we add a new block with expanded service info, to avoid breaking compatibility with existing callers of the health endpoint
2017-07-19 16:17:02 +03:00
Joseph Schorr
0dfb6806e3 Add ping method to auth engines to determine if they are reachable 2017-07-19 16:16:41 +03:00
Jimmy Zelinskie
42869cb00a endpoints.keyserver: new fs org for data interface 2017-07-17 14:25:18 -04:00
josephschorr
fdb21aa5dc Merge pull request #2777 from coreos-inc/joseph.schorr/QUAY-618/notificationworker-data-interface
Change notificationworker to use data interface
2017-07-13 00:23:15 +03:00
josephschorr
d00c7d299c Merge pull request #2778 from coreos-inc/gc-long-chain-test
Add a long-chain test for GC
2017-07-13 00:23:03 +03:00
Charlton Austin
82488c9102 Merge pull request #2753 from charltonaustin/api_tag_v22
refactor(endpoints/api/tag): refactor code for v22
2017-07-12 15:51:48 -04:00
Charlton Austin
131acde317 refactor(data+endpoints): code review changes
this puts the view logic on the object and adds a parameter for logging

[TESTING->locally with docker compose]

Issue: https://coreosdev.atlassian.net/browse/QUAY-632

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-07-12 14:10:21 -04:00
Joseph Schorr
2b51265b48 Add a long-chain test for GC 2017-07-12 18:03:27 +03:00
Joseph Schorr
b6f1782642 Change notificationworker to use a data interface 2017-07-12 17:40:45 +03:00
Joseph Schorr
bdab367285 Change blobuploadcleanupworker to use a data interface 2017-07-11 16:58:09 +03:00
Charlton Austin
897a091692 style(data+endpoints): ran yapf
### Description of Changes

ran yapf for the branch

[TESTING->locally using docker compose]

Issue: https://coreosdev.atlassian.net/browse/QUAY-632

## Reviewer Checklist

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-07-10 09:46:02 -04:00
Charlton Austin
fc4b3642d3 refactor(endpoints/api/tag): refactor code for v22
this decouples the database models from the api

[TESTING->locally with docker compose]

Issue: https://coreosdev.atlassian.net/browse/QUAY-632

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-07-10 09:40:33 -04:00
EvB
ccca0c9655 refactor(util/tufmetadata/test): move app test to gc suite 2017-07-07 15:14:14 -04:00
josephschorr
89ab94ffbb Merge pull request #2720 from coreos-inc/gc-opt
GC optimizations
2017-06-29 20:55:14 +03:00
Jimmy Zelinskie
ecd5996386 endpoints.v2: new fs layout for data interface
Fixes QUAY-656
2017-06-29 13:19:53 -04:00
josephschorr
0e702c72f2 Merge pull request #2739 from coreos-inc/joseph.schorr/QUAY-664/verbs-interface-refactor
Refactor Verbs model definitions to match new style
2017-06-29 10:07:36 +03:00
Jimmy Zelinskie
80c9b611a4 Merge pull request #2730 from jzelinskie/v2-interface
endpoints.v2: new fs layout for data interface
2017-06-28 13:51:43 -04:00
Joseph Schorr
8b4958dbcc Move verbs model into new file structure 2017-06-28 13:05:02 +03:00
Joseph Schorr
8dcea30d58 Fix build by pre-calling the caches
They were being called in a test-dependent order, which caused any tests which relied on query count to fail
2017-06-27 18:11:46 +03:00
Joseph Schorr
cdd7cb9321 Remove directly referenced images from the candidate set before starting GC iteration
Makes the lookup query underneath the transaction smaller if there are a lot of images referenced directly by tag. We still must do the direct referenced check within the transaction, but this should reduce the scope of the search space a bit.
2017-06-27 17:33:58 +03:00
Joseph Schorr
45c7008078 Change Repo GC to be iterative
This prevents us from creating a massive join when there are a large number of tags in the repository, which can result in locking the entire DB for long periods of time. Instead of the join, we just iteratively lookup any images found to be directly referenced by a tag or found as a parent of another image, both of which should be indexed lookups. Once done, we only remove those images and then iterate until the working set stops changing.
2017-06-27 17:33:58 +03:00