Commit graph

257 commits

Author SHA1 Message Date
josephschorr
d77aa9228f
Merge pull request #3002 from coreos-inc/joseph.schorr/QUAY-822/gc-app-tokens
Add a worker to automatically GC expired app specific tokens
2018-02-20 17:21:48 -05:00
Joseph Schorr
9a452ace11 Add configurable limits for number of builds allowed under a namespace
We also support that limit being increased automatically once a successful billing charge has gone through
2018-02-20 16:54:22 -05:00
Joseph Schorr
188ea98441 Add new decorator to prevent reflected text attacks
Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend.
2018-02-20 11:33:45 -05:00
Joseph Schorr
d45161b120 Add a worker to automatically GC expired app specific tokens
Fixes https://jira.coreos.com/browse/QUAY-822
2018-02-12 14:56:01 -05:00
Joseph Schorr
5490e64669 Fill out schema and schema whitelist 2018-02-06 15:27:01 -05:00
Joseph Schorr
eae9175950 Allow size of pages in V2 api to be configurable 2018-02-02 13:54:41 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
5dd95038cf Add maximum lifetime of 30m on password recovery tokens
Fixes https://jira.coreos.com/browse/QS-80
2017-12-06 17:06:03 -05:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth
OIDC internal auth support
2017-10-02 16:51:17 -04:00
Joseph Schorr
804d3c46c3 Add feature flag to allow users to be created only if invited to join a team
Allows for open user creation, but only if extended an invitation by someone who already has access
2017-09-14 16:28:39 -04:00
Joseph Schorr
c6aad5fef0 Add option to disable partial autocompletion of users 2017-09-12 15:55:37 -04:00
Joseph Schorr
e724125459 Add support for using OIDC tokens via the Docker CLI 2017-09-12 12:23:22 -04:00
Joseph Schorr
650dbe5f5b Add config to enable "public" namespaces
These are namespaces that will be displayed in the repo list view, regardless of whether the user is a member.
2017-08-07 15:59:06 -04:00
Joseph Schorr
dff4207a89 Add feature flag to enable viewing builds and build logs for public repos 2017-08-07 15:24:36 -04:00
Joseph Schorr
8a96647d6e Add feature flag to enable team syncing setup when not a superuser 2017-07-21 11:06:21 -04:00
Joseph Schorr
b7d6bb12fa Hide extended health check information behind superuser permission or a session property
Also adds an endpoint that (when specified with the proper secret), sets the session property
2017-07-19 16:17:02 +03:00
Evan Cordell
45bf7efc84 Merge branch 'master' into no-signing-whitelist 2017-07-12 15:50:32 -04:00
Evan Cordell
75c1533aec Revert "Only show signing UI when namespace is explicitly whitelisted"
85d382cd84
2017-07-12 15:48:35 -04:00
Antoine Legrand
cdb3722c17 Use $QUAYPATH and $QUAYDIR in conf and init files 2017-07-05 16:23:54 +02:00
Joseph Schorr
555041876d Make public catalog only enabled via a feature flag 2017-06-02 15:30:51 -07:00
Jimmy Zelinskie
915c2073ec config.py: bump QSS Engine version to Clair 2.0. 2017-05-30 17:46:35 -07:00
Evan Cordell
85d382cd84 Only show signing UI when namespace is explicitly whitelisted 2017-05-08 13:50:07 -04:00
Joseph Schorr
3dcbe3c631 If enabled, allow users and orgs to set their time machine expiration
Fixes https://www.pivotaltracker.com/story/show/142881203
2017-04-21 11:32:45 -04:00
Jake Moshenko
8d279c8cc4 Unify app and api exception handling
Move some confi to an immutable section
Make ApiExceptions real werkzeug exceptions
2017-04-14 11:18:01 -04:00
Evan Cordell
abe6f40bc5 Add support for deleting TUF metadata when repo is deleted 2017-04-12 17:33:51 -04:00
Erica
3f79422a52 Merge pull request #2306 from coreos-inc/QUAY-2842-audit-log-strict-config-option
feat(config.py): add setting for audit log strictness
2017-04-07 13:43:11 -04:00
Joseph Schorr
f9e6110f73 Add basic user interface for application repos
Adds support for creating app repos, viewing app repos and seeing the list of app repos in the Quay UI.
2017-04-05 11:30:09 -04:00
EvB
6916d82e0d feat(endpoints/trackhelper): wrap log op for silent fails 2017-04-05 11:26:10 -04:00
EvB
503c4cd235 feat(config.py): add setting for audit log strictness 2017-04-05 11:26:10 -04:00
josephschorr
1bfca871ec Merge pull request #2387 from coreos-inc/team-sync
Team synchronization support in Quay Enterprise
2017-04-03 18:26:29 -04:00
Joseph Schorr
83320c2868 Have CDN use be off by default
We only use the CDN now for testing and local development, and having it on by default breaks when doing initial setup for QE behind a corporate firewall that doesn't allow loading of the external libraries we need
2017-04-03 14:31:28 -04:00
Joseph Schorr
04225f2d25 Add feature flag for team syncing 2017-04-03 11:31:29 -04:00
Joseph Schorr
e204f7784c Make app registry off by default 2017-03-23 12:01:59 -04:00
Jimmy Zelinskie
4614419e53 config: add app registry feature flag 2017-03-22 22:57:21 -04:00
Joseph Schorr
dd35677712 Add configurable maximum layer size in nginx 2017-03-21 13:14:11 -04:00
Jimmy Zelinskie
4ed0cdda14 securityscanner: add a min image id option
This will enable us to force some instances of the securityworker to
scan only new images.
2017-03-03 13:55:25 -05:00
Jake Moshenko
de7a5c9959 Make the security scanning worker period configurable 2017-02-27 15:02:29 -05:00
Evan Cordell
eac9927414 Add FEATURE_SIGNING flag and refactor nginx_conf_create.sh 2017-02-23 14:38:16 -05:00
Evan Cordell
9affe193db Add support for tuf metadata endpoints 2017-02-23 14:38:16 -05:00
Jimmy Zelinskie
e81926fcba util.secscan.api: init read-only failover 2017-02-03 19:20:13 -05:00
Joseph Schorr
3eb17b7caa Add support for recaptcha during the create account flow
If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed.
2017-01-09 11:08:21 -05:00
Jimmy Zelinskie
00eafff747 Merge pull request #2204 from jzelinskie/429builds
add rate limiting to build queues
2016-12-07 15:03:31 -05:00
Jimmy Zelinskie
57770493fa build rate limiting: use a rate 2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
7877c6ab94 add rate limiting to build queues 2016-12-06 16:30:12 -05:00
Jake Moshenko
709edd7eb6 Reduce the update period on queue worker metrics. 2016-12-05 18:12:14 -05:00
Joseph Schorr
66e09b2a95 Switch landing page to read template from S3 bucket
This change uses CORS to make the Angular template request to a defined S3 bucket, falling back to the compiled login template if the bucket is not available.

Fixes #1313
2016-11-30 14:00:07 -05:00
Charlton Austin
2fe74e4057 Adding in UI for cancel anytime. 2016-11-21 10:58:32 -05:00
Joseph Schorr
5f99448adc Add a chunk cleanup queue for async GC of empty chunks
Instead of having the Swift storage engine try to delete the empty chunk(s) synchronously, we simply queue them and have a worker come along after 30s to delete the empty chunks. This has a few key benefits: it is async (doesn't slow down the push code), helps deal with Swift's eventual consistency (less retries necessary) and is generic for other storage engines if/when they need this as well
2016-11-15 15:07:41 -05:00
josephschorr
45b1148118 Merge pull request #2086 from coreos-inc/user-info
Add collection of user metadata: name and company
2016-11-09 13:15:07 -05:00
Joseph Schorr
7e78406112 Add a defined timeout on all HTTP calls in notification methods 2016-11-08 18:28:06 -05:00