Commit graph

432 commits

Author SHA1 Message Date
Joseph Schorr
70de107268 Make GC of repositories fully async for whitelisted namespaces
This change adds a worker to conduct GC on repositories with garbage every 10s.

Fixes #144
2015-07-28 15:30:04 -04:00
Joseph Schorr
687bab1c05 Support invite codes for verification of email
Also changes the system so we don't apply the invite until it is called explicitly from the frontend

Fixes #241
2015-07-22 13:41:27 -04:00
Jake Moshenko
5d86fa80e7 Merge pull request #197 from coreos-inc/keystone
Add Keystone Auth
2015-07-22 13:38:47 -04:00
Joseph Schorr
a0c4e72f13 Clean up the repository list API and loads stars with it
We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified)
2015-07-22 13:05:02 -04:00
Joseph Schorr
7e4b23916a Small SQL query fix
Fixes #248
2015-07-20 14:17:26 -04:00
Joseph Schorr
33b54218cc Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass 2015-07-20 11:39:59 -04:00
Jake Moshenko
bc29561f8f Fix and templatize the logic for external JWT AuthN and registry v2 Auth.
Make it explicit that the registry-v2 stuff is not ready for prime time.
2015-07-17 11:56:15 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Jake Moshenko
bea8b9ac53 More changes for registry-v2 in python.
Implement the minimal changes to the local filesystem storage driver and feed them through the distributed storage driver.
Create a digest package which contains digest_tools and checksums.
Fix the tests to use the new v1 endpoint locations.
Fix repository.delete_instance to properly filter the generated queries to avoid most subquery deletes, but still generate them when not explicitly filtered.
2015-07-17 11:50:41 -04:00
Jake Moshenko
acbcc2e206 Start of a v2 API. 2015-07-17 11:50:41 -04:00
Joseph Schorr
5ae8c11638 Extra list repos test to mimic the conditions of a known issue with one customer 2015-07-16 01:25:19 +03:00
Jake Moshenko
cb95a800e3 Oops, added logging.basicConfig to a test. 2015-07-14 17:56:34 -04:00
Jake Moshenko
ebecb1dc89 Regenerate the test db and supporting files. 2015-07-14 16:57:04 -04:00
Jimmy Zelinskie
bde781c98b Merge pull request #205 from coreos-inc/delrobot
Fix deletion of robot accounts when attached to builds
2015-07-13 12:19:01 -04:00
Jimmy Zelinskie
cf4800c06c Merge pull request #213 from coreos-inc/orgmember
Add a secondary tab to Teams for managing org members
2015-07-06 11:48:40 -04:00
Joseph Schorr
4333bb9e14 Implement stream_read_file for the Swift storage engine
Note that Swift doesn't seem to have a file-like interface, so we need to wrap the generator we get back from it.

Fixes #210
2015-07-02 17:52:43 +03:00
Joseph Schorr
3a59c99b08 Add a secondary tab to Teams for managing org members
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click

Fixes #212
2015-07-02 17:06:36 +03:00
josephschorr
cb238f8764 Merge pull request #207 from coreos-inc/squashperm
Have the fetch tag dialog show a warning for robot accounts without access
2015-07-02 10:23:14 +03:00
Joseph Schorr
b535e222b8 Have the fetch tag dialog show a warning for robot accounts without access
Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.
2015-07-01 19:37:52 +03:00
Joseph Schorr
b91b60e83d Add encrypted password output in the superuser API
When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along
2015-07-01 19:29:42 +03:00
Joseph Schorr
3ba321934f Fix deletion of robot accounts when attached to builds
Fixes #204
2015-06-30 22:56:44 +03:00
Jake Moshenko
7b470237a1 The superuser capability does not require the idea of ordinality since it is a binary permission. 2015-06-30 11:02:13 -04:00
Joseph Schorr
d9ce8fdf52 Fix swagger test 2015-06-29 21:38:21 +03:00
Joseph Schorr
81bb76d3df Fix spelling mistakes 2015-06-29 21:38:01 +03:00
Joseph Schorr
2b1bbcb579 Add a table view to the repos list page
Fixes #104
2015-06-29 21:12:53 +03:00
Jimmy Zelinskie
756d6784ca Merge pull request #192 from coreos-inc/sqlssl
Allow SSL cert for the database to be configured
2015-06-29 13:33:31 -04:00
Joseph Schorr
dc5af7496c Allow superusers to disable user accounts 2015-06-29 18:40:52 +03:00
Joseph Schorr
b8c74bbb17 Remove container usage tab and replace with changlog view
Fixes #179
2015-06-29 11:07:46 +03:00
Joseph Schorr
bb07d0965f Allow SSL cert for the database to be configured
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
2015-06-29 08:08:10 +03:00
Joseph Schorr
75b36c0f33 Update test 2015-06-25 23:13:33 -04:00
Joseph Schorr
e7915baf8c Have LDAP return a better error message if it fails to connect
Currently, the error results in a 500 being raised when a user tries to login.
2015-06-23 17:41:53 -04:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Jake Moshenko
b21a033ef3 Merge pull request #131 from coreos-inc/moveapp
Refactor JWT auth to not import app locally
2015-06-23 17:24:01 -04:00
Joseph Schorr
b4c39e8ec0 Fix ephemeral build manager to ask for watches in index order with no gaps 2015-06-23 17:11:46 -04:00
Joseph Schorr
805af9338a Fix index test spec 2015-06-22 17:33:32 -04:00
Joseph Schorr
331c300893 Refactor JWT auth to not import app locally 2015-06-17 15:53:21 -04:00
Joseph Schorr
e7fa560787 Add support for custom fields in billing invoices
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.

Fixes #106
2015-06-12 16:45:01 -04:00
Jake Moshenko
f767fc4d03 Track whether builders ever came online in etcd. Mark builds which never successfully heartbeated as incomplete. 2015-06-10 16:19:51 -04:00
Joseph Schorr
44f49a43dd Fix creation of repositories when having a creator permission
This fixes the grants on a user's session when creating a repository with only the creator permission

Fixes #117
2015-06-10 16:12:42 -04:00
Joseph Schorr
f980b892d8 Remove debug flag from JWT tests
This can break unit tests running
2015-06-05 15:39:27 -04:00
Jake Moshenko
2a2414d6af Merge pull request #60 from coreos-inc/jwtauthentication
Add support for an external JWT-based authentication system
2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
josephschorr
63f289a8cb Merge pull request #59 from jzelinskie/custom-git-fix
triggers: metadata.commit_sha -> metadata.commit
2015-06-02 16:10:26 -04:00
Joseph Schorr
477a3fdcdc Add a test to verify that all important blueprints have all their methods decorated
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0 triggers: metadata.commit_sha -> metadata.commit
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031 Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
2015-06-02 15:16:22 -04:00
Joseph Schorr
3602b59465 Add registry tests for anonymous access 2015-06-02 14:27:57 -04:00
Joseph Schorr
c0e995c1d4 Merge branch 'master' into nolurk 2015-06-02 13:55:16 -04:00
Jake Moshenko
7bc5f7a1ca Merge pull request #53 from coreos-inc/v1test
Add tests for the registry that mimic Docker's calls
2015-06-02 12:24:42 -04:00
Joseph Schorr
9585e2a765 End-to-end registry tests 2015-06-01 16:35:30 -04:00