vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
7111 commits 2 branches 62 tags 205 MiB
Commit graph

1786 commits

Author SHA1 Message Date
Jimmy Zelinskie
3d0e63d8e5 endpoints.appr.decorators: isolate appr decorators 2017-03-22 23:53:03 -04:00
Jimmy Zelinskie
6dfd1ef660 endpoints.appr.test: include CNR fixtures 2017-03-22 23:42:19 -04:00
Jimmy Zelinskie
82bcd45727 endpoints: clarify repo access decorators 2017-03-22 23:41:38 -04:00
Jimmy Zelinskie
cafde81322 endpoints.appr.test: init 2017-03-22 22:57:22 -04:00
Jimmy Zelinskie
102c671587 endpoints.appr: init 2017-03-22 22:57:21 -04:00
Jimmy Zelinskie
3ccf3c5f33 Merge pull request #2447 from jzelinskie/cnr-step2 
CNR Step 2
 2017-03-22 18:45:51 -04:00
Joseph Schorr
df1e7f90e0 Add verb security tests and fix small issues 2017-03-22 18:29:53 -04:00
Jimmy Zelinskie
d5fa2ad0c0 endpoints.verbs: abort 405 for non-container repos 2017-03-22 17:50:58 -04:00
Joseph Schorr
dcb970b783 Add registry app repository failure test 2017-03-22 17:26:59 -04:00
Jimmy Zelinskie
ca7a0f14d8 endpoints.v1: return 405 for non-docker repos 2017-03-22 17:26:59 -04:00
Jimmy Zelinskie
48ba59d615 endpoints.v2: only work on docker repositories 2017-03-22 17:26:59 -04:00
Joseph Schorr
178373293d Disable web endpoints for app repos 2017-03-22 15:51:19 -04:00
Joseph Schorr
54efed62ee Make sure start_build cannot be called for app repos 2017-03-22 15:51:19 -04:00
Joseph Schorr
30b532254c Disallow non-apps-supported APIs for application repositories 2017-03-22 15:51:19 -04:00
Jimmy Zelinskie
a2bac7dabd endpoints.v1: only work on docker repositories 2017-03-22 14:31:22 -04:00
Joseph Schorr
ff7f78e990 Have blob uploads be checked against configurable max layer size 2017-03-21 13:16:55 -04:00
Joseph Schorr
239b6d7cf8 Make LayerTooLarge error more informative 2017-03-21 13:14:11 -04:00
Joseph Schorr
dd7f254f96 Have blob uploads be checked against configurable max layer size 2017-03-21 13:14:11 -04:00
josephschorr
4bee4dbfff Merge pull request #2443 from coreos-inc/build-webhook-tests 
Add tests for build web hooks endpoint
 2017-03-20 16:26:57 -04:00
Joseph Schorr
8bbe0e5e9b Always allow robot accounts to be selected by admins in trigger setup 
Currently during trigger setup, if we don't know for sure that a robot account is necessary, we don't show the option to select one. This fails if the user has a Dockerfile in a branch or tag with a private base image *or* they *intend* to add a private base image once the trigger is setup. Following this change, we always show the option to select a robot account, even if it isn't determined to be strictly necessary.
 2017-03-20 13:24:55 -04:00
Joseph Schorr
6f567e0850 Add tests for build web hooks endpoint 2017-03-20 13:22:59 -04:00
Joseph Schorr
cfb81c977f Add UI for editing labels on a manifest 2017-03-14 11:34:43 -04:00
Joseph Schorr
69e476b1f4 Fix param regex for path params with complex filters 2017-03-14 11:34:43 -04:00
Joseph Schorr
e90cab4d77 Change revert tag into restore tag and add manifest support 2017-03-14 11:34:42 -04:00
Joseph Schorr
af743b156b Show manifest digests in place of V1 ids in the tag view when possible 2017-03-14 11:34:41 -04:00
josephschorr
432b2d3fe8 Merge pull request #2392 from coreos-inc/search-optimization 
Optimize repository search by changing our lookup strategy
 2017-03-10 15:44:26 -05:00
Joseph Schorr
d42ec4e585 Abstract out constant scores into constants 2017-03-10 14:06:39 -05:00
Joseph Schorr
3813d0d23d Add tests for all notification event calls 2017-03-10 11:26:12 -05:00
Joseph Schorr
48db77b521 Fix bug in QSS notifications 2017-03-10 11:25:55 -05:00
Joseph Schorr
b5bb76cdea Optimize repository search by changing our lookup strategy 
Previous to this change, repositories were looked up unfiltered in six different queries, and then filtered using the permissions model, which issued a query per repository found, making search incredibly slow. Instead, we now lookup a chunk of repositories unfiltered and then filter them via a single query to the database. By layering the filtering on top of the lookup, each as queries, we can minimize the number of queries necessary, without (at the same time) using a super expensive join.

Other changes:
- Remove the 5 page pre-lookup on V1 search and simply return that there is one more page available, until there isn't. While technically not correct, it is much more efficient, and no one should be using pagination with V1 search anyway.
- Remove the lookup for repos without entries in the RAC table. Instead, we now add a new RAC entry when the repository is created for *the day before*, with count 0, so that it is immediately searchable
- Remove lookup of results with a matching namespace; these aren't very relevant anyway, and it overly complicates sorting
 2017-03-09 19:47:55 -05:00
Jimmy Zelinskie
850c32ebfb Merge pull request #2298 from jzelinskie/maintainers 
MAINTAINERS: init owners to subpkgs
 2017-03-09 17:30:38 -05:00
Joseph Schorr
0ab6388e30 Add support for null ref, as that can be the value if a default branch is not chosen 2017-03-07 20:39:42 -05:00
josephschorr
aa2f88d321 Merge pull request #2337 from coreos-inc/new-trigger-ux 
Implement new create and manager trigger UI
 2017-03-02 18:15:32 -05:00
Joseph Schorr
9e6c368f7a Make QSS multiple notification messaging nicer 2017-03-01 16:11:11 -05:00
Joseph Schorr
eff1827d9d Batch QSS notifications after initial scan 2017-03-01 15:42:49 -05:00
Joseph Schorr
8e863b8cf5 Implement new create and manager trigger UI 
Implements the new trigger setup user interface, which is now a linear workflow found on its own page, rather than a tiny modal dialog

Fixes #1187
 2017-02-28 16:51:42 -05:00
Charlton Austin
59d6cf8a86 Merge pull request #2376 from charltonaustin/quay_jwts_indicate_which_root_a_user_should_see_137968801 
Adding in what metadata_root_name to JWT
 2017-02-23 17:10:21 -05:00
Charlton Austin
e87404c327 Adding in what metadata_root_name to JWT 2017-02-22 16:59:19 -05:00
Joseph Schorr
3f1d394e14 Catch IOErrors when starting builds 
Fixes https://sentry.io/coreos/backend-production/issues/207144068/
 2017-02-22 13:20:04 -05:00
Joseph Schorr
9db20ff961 Catch SSL errors due to timeouts in Github calls 
Fixes https://sentry.io/coreos/backend-production/issues/219378902/
 2017-02-22 13:20:04 -05:00
Joseph Schorr
89b7c13da5 Catch team member invite missing exception 
Fixes https://sentry.io/coreos/backend-production/issues/195926082/
 2017-02-22 13:18:22 -05:00
Joseph Schorr
a319c55616 Don't make permissions request in search for public callers 
They are unnecessary, so we can skip them
 2017-02-17 12:22:21 -05:00
Joseph Schorr
198bdf88bc Move OAuth login into its own endpoints module 2017-02-16 16:27:54 -05:00
Joseph Schorr
0167e1e7bf Style fixes 2017-02-16 16:27:54 -05:00
Joseph Schorr
d47696b69c Add support for sub binding field 2017-02-16 16:27:53 -05:00
Joseph Schorr
7b386e9d63 Move endpoint test fixtures to a non-conftest file 2017-02-16 16:27:53 -05:00
Joseph Schorr
2c35383724 Allow OAuth and OIDC login engines to bind to fields in internal auth 
This feature is subtle but very important: Currently, when a user logs in via an "external" auth system (such as Github), they are either logged into an existing bound account or a new account is created for them in the database. While this normally works jut fine, it hits a roadblock when the *internal* auth system configured is not the database, but instead something like LDAP. In that case, *most* Enterprise customers will prefer that logging in via external auth (like OIDC) will also *automatically* bind the newly created account to the backing *internal* auth account. For example, login via PingFederate OIDC (backed by LDAP) should also bind the new QE account to the associated LDAP account, via either username or email. This change allows for this binding field to be specified, and thereafter will perform the proper lookups and bindings.
 2017-02-16 16:27:53 -05:00
Joseph Schorr
c6b0376d61 Remove unnecessary email generation in OAuth login 
Handled by the `emaIl_required` flag already
 2017-02-16 16:27:53 -05:00
Joseph Schorr
92c0b5ac3e Fix handling of None queries 2017-02-16 15:26:45 -05:00
josephschorr
38e079ced2 Merge pull request #2344 from coreos-inc/v1-search-fix 
Implement the full spec for the old Docker V1 registry search API
 2017-02-16 15:08:33 -05:00
Joseph Schorr
a0bc0e9488 Implement the full spec for the old Docker V1 registry search API 
This API is still (apparently) being used by the Docker CLI for `docker search` (why?!) and we therefore have customers expecting this to work the same way as the DockerHub.
 2017-02-16 14:45:33 -05:00
Joseph Schorr
11c931f781 Log more information to the action logs and display the namespaces for superusers 
This helps superusers understand better what, exactly, is going on in the registry
 2017-02-14 14:55:24 -05:00
Joseph Schorr
8d96d8b682 Add tests for missing logs APIs 2017-02-08 16:52:17 -08:00
Charlton Austin
5a06530b43 Merge pull request #2314 from charltonaustin/move_tests_over_to_pytest_no_story 
update(security_test.py): moving tests to new framework
 2017-02-03 16:21:03 -05:00
josephschorr
1edebb804e Merge pull request #2334 from coreos-inc/manifest-security-api 
Add API endpoint for retrieving security status by *manifest*, rather than Docker V1 image ID
 2017-02-02 22:37:17 -05:00
Joseph Schorr
cf539487a1 Add API endpoint for retrieving security status by *manifest*, rather than Docker V1 image ID 2017-02-02 17:51:18 -05:00
Alec Merdler
7c904f2e21 Merge pull request #2292 from coreos-inc/frontend-typescript 
Upgrading Front-end Client to TypeScript
 2017-02-02 14:24:35 -08:00
Charlton Austin
85bcb63439 update(security_test.py): moving tests to new framework 
We should be moving tests over to pytest

[none]
 2017-02-02 13:40:00 -05:00
josephschorr
01ec22b362 Merge pull request #2300 from coreos-inc/openid-connect 
OpenID Connect support and OAuth login refactoring
 2017-01-31 18:14:44 -05:00
Charlton Austin
2dfae9e892 Merge pull request #2303 from charltonaustin/view_build_logs_as_superuser_137910387 
feature(superuser panel): ability to view logs
 2017-01-27 12:32:31 -05:00
Charlton Austin
dae93dce78 feature(superuser panel): ability to view logs 
users would like the ability to view build logs in the superuser panel

[None]
 2017-01-26 13:54:03 -05:00
Joseph Schorr
05e9e31941 Fix small lookup bug under MySQL 2017-01-25 12:55:56 -05:00
alecmerdler
c9fa22b093 moved Webpack bundle directory out of /static/js because it contains more than just JS files 2017-01-24 14:05:06 -08:00
Joseph Schorr
a9791ea419 Have external login always make an API request to get the authorization URL 
This makes the OIDC lookup lazy, ensuring that the rest of the registry and app continues working even if one OIDC provider goes down.
 2017-01-23 19:06:19 -05:00
Joseph Schorr
fda203e4d7 Add proper and tested OIDC support on the server 
Note that this will still not work on the client side; the followup CL for the client side is right after this one.
 2017-01-23 17:53:34 -05:00
Jimmy Zelinskie
64421db0a3 MAINTAINERS: init owners to subpkgs 2017-01-23 17:46:34 -05:00
alecmerdler
615e233671 moved Angular routes to separate module; load Webpack bundle before other main scripts 2017-01-20 16:24:55 -08:00
Joseph Schorr
19f7acf575 Lay foundation for truly dynamic external logins 
Moves all the external login services into a set of classes that share as much code as possible. These services are then registered on both the client and server, allowing us in the followup change to dynamically register new handlers
 2017-01-20 15:21:08 -05:00
Joseph Schorr
4755d08677 Refactor and rename the standard OAuth services 2017-01-19 15:23:15 -05:00
Joseph Schorr
bee2551dc2 Temporarily remove Dex login support 
This will be added back in later in this PR as part of proper generic OIDC support
 2017-01-19 14:51:12 -05:00
josephschorr
e2748fccd9 Merge pull request #2282 from coreos-inc/motd-updates 
Severity and Markdown support in MOTD
 2017-01-18 17:41:27 -05:00
Joseph Schorr
3106504f39 Severity and Markdown support in MOTD 
[Delivers #133555165]
 2017-01-18 16:55:32 -05:00
Joseph Schorr
669a3070bd Only parse request URL in track_and_log when necessary 2017-01-18 11:23:23 -05:00
Joseph Schorr
89229a8f2c Don't publish registry events to Redis for robots 
The tutorial can only be used by users, so no need to publish for robots, which can cause issues in pulling for builders and other prod mechanisms if Redis is being finicky
 2017-01-18 11:22:07 -05:00
josephschorr
9b65b37011 Merge pull request #2245 from coreos-inc/recaptcha 
Add support for recaptcha during the create account flow
 2017-01-17 11:34:23 -05:00
josephschorr
ac8cddc5a9 Merge pull request #2274 from coreos-inc/custom-cert-management 
Custom SSL certificates config panel
 2017-01-13 16:24:47 -05:00
Joseph Schorr
efdedba2ae Superuser config tool warnings 
Adds warnings displayed in the superuser config tool that the changes made will only be applied to the local instance (in non-k8s case) or that a deployment is required (in the k8s case)

[Delivers #137537413]
 2017-01-13 15:50:50 -05:00
Joseph Schorr
7e0fbeb625 Custom SSL certificates config panel 
Adds a new panel to the superuser config tool, for managing custom SSL certificates in the config bundle

[Delivers #135586525]
 2017-01-13 14:34:35 -05:00
Alec Merdler
081424ed82 Merge pull request #2268 from coreos-inc/frontend-testing-framework 
Front-end testing framework
 2017-01-11 16:20:40 -08:00
Jake Moshenko
fe9f97cd0e Fix the order and number of arguments for squashing/ACI 2017-01-11 15:16:49 -05:00
Joseph Schorr
3eb17b7caa Add support for recaptcha during the create account flow 
If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed.
 2017-01-09 11:08:21 -05:00
alecmerdler
659417f7ef tests for AngularViewArray service 2017-01-07 00:28:02 -08:00
Joseph Schorr
9413e25123 Change georeplication queuing to use new batch system 2016-12-21 17:44:30 -05:00
josephschorr
732ab67b57 Merge pull request #2252 from coreos-inc/parallel-tests 
Fix pytests and enable parallel registry tests
 2016-12-20 16:56:52 -05:00
Joseph Schorr
481cebe46b Fix pytests and enable parallel registry tests 2016-12-20 15:42:04 -05:00
Joseph Schorr
f4f5a065df Add check for None repository in start build API 
Fixes #2244
 2016-12-19 11:40:24 -05:00
Brad Ison
2730c26b2e Merge pull request #2237 from coreos-inc/metrics-labels 
Don't record size in chunk upload metrics
 2016-12-15 14:20:34 -05:00
Brad Ison
df7366eace Add chunk size metric 2016-12-15 13:20:16 -05:00
EvB
43aed7c6f4 fix(endpoints/api): return empty 204 resp 
Return an empty body on API requests with status code 204, which
means "No content". Incorrect 'Deleted' responses were being
returned after successful DELETE operations despite the "No Content"
definition of 204.
 2016-12-14 16:22:39 -05:00
Brad Ison
8f59ac1251 Don't record size in chunk upload metrics 2016-12-14 12:16:02 -05:00
Joseph Schorr
fd364ccca3 Remove unneeded exception var 2016-12-09 14:52:49 -05:00
Joseph Schorr
1302fd2fbd Switch csrf token check to use compare_digest to prevent timing attacks 
Also adds some additional tests for CSRF tokens
 2016-12-08 23:46:31 -05:00
Joseph Schorr
dbdcb802b1 Add end-to-end OAuth login and attach tests 2016-12-08 18:35:42 -05:00
Joseph Schorr
36324708db Fix small pylint issues 2016-12-08 16:21:44 -05:00
Joseph Schorr
ff52fde8a5 Have Quay always use an OAuth-specific CSRF token 
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.

Fixes https://www.pivotaltracker.com/story/show/135803615
 2016-12-08 16:11:57 -05:00
josephschorr
543d86ae10 Merge pull request #2221 from coreos-inc/fix-error-pages 
Have all error pages be rendered by Angular
 2016-12-07 17:53:14 -05:00
josephschorr
111b7b0788 Merge pull request #2206 from coreos-inc/ldap-user-search-fix 
Fix external auth returns for query_user calls
 2016-12-07 17:53:04 -05:00
Joseph Schorr
c06bba38de Have all error pages be rendered by Angular 
Fixes #2198

Fixes https://www.pivotaltracker.com/story/show/135724483
 2016-12-07 17:49:02 -05:00
Jimmy Zelinskie
00eafff747 Merge pull request #2204 from jzelinskie/429builds 
add rate limiting to build queues
 2016-12-07 15:03:31 -05:00
Joseph Schorr
3203fd6de1 Fix external auth returns for query_user calls 
Adds the missing field on the query_user calls, updates the external auth tests to ensure it is returned properly, and adds new end-to-end tests which call the external auth engines via the *API*, to ensure this doesn't break again
 2016-12-07 14:28:42 -05:00