Commit graph

98 commits

Author SHA1 Message Date
josephschorr
01ec22b362 Merge pull request #2300 from coreos-inc/openid-connect
OpenID Connect support and OAuth login refactoring
2017-01-31 18:14:44 -05:00
Joseph Schorr
f5dbc350f8 Fix missed tests and revert conftest change (breaks docker build) 2017-01-30 17:28:25 -05:00
Joseph Schorr
d9003d1375 Make sure the parent dir of a file path exists before writing the file
Fixes when the `extra_ca_certs` directory doesn't exist when using the new custom certs tool
2017-01-26 15:15:40 -05:00
Joseph Schorr
4755d08677 Refactor and rename the standard OAuth services 2017-01-19 15:23:15 -05:00
Joseph Schorr
bee2551dc2 Temporarily remove Dex login support
This will be added back in later in this PR as part of proper generic OIDC support
2017-01-19 14:51:12 -05:00
Joseph Schorr
7e0fbeb625 Custom SSL certificates config panel
Adds a new panel to the superuser config tool, for managing custom SSL certificates in the config bundle

[Delivers #135586525]
2017-01-13 14:34:35 -05:00
Joseph Schorr
3a24871422 Add SSL certificate utility and tests 2017-01-10 17:06:13 -05:00
Joseph Schorr
f1c9965edf Add more volume file operations and cleanup k8s provider code 2017-01-10 17:06:13 -05:00
Joseph Schorr
29d6abddb5 Linter fixes 2017-01-10 17:06:13 -05:00
Joseph Schorr
1e5b97318a Fix loading of public keys for OIDC under Linux
Python's crypto lib under Linux has issues with loading PEM-encoded keys, so we just load it as a DER here and give PyJWT the key *instance* to use directly.
2016-12-09 14:26:56 -05:00
Joseph Schorr
dbdcb802b1 Add end-to-end OAuth login and attach tests 2016-12-08 18:35:42 -05:00
Joseph Schorr
236655adb4 Fix config validator for storage and add a test suite
Note that the test suite doesn't fully verify that each validation succeeds; rather, it ensures that the proper system (storage, security scanning, etc) is called with the configuration and returns at all (usually with an expected error). This should prevent us from forgetting to update these code paths when we change config-based systems. Longer term, we might want to have these tests stand up fake/mock versions of the endpoint services as well, for end-to-end testing.
2016-11-30 11:58:41 -05:00
josephschorr
74e54bdbbb Merge pull request #1872 from coreos-inc/qe-torrent
Add QE setup tool support for BitTorrent downloads
2016-11-11 13:56:22 -05:00
Joseph Schorr
681f975df5 Add QE setup tool support for BitTorrent downloads
Fixes #1871
2016-11-02 17:32:12 -04:00
Joseph Schorr
d7f56350a4 Make email addresses optional in external auth if email feature is turned off
Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
2016-10-31 13:50:24 -04:00
Joseph Schorr
b3d1d7227c Add support to Keystone Auth for external user linking
Also adds Keystone V3 support
2016-10-27 15:42:03 -04:00
Joseph Schorr
fbb524e34e Add support to ExternalJWT Auth for external user linking 2016-10-27 15:42:03 -04:00
Joseph Schorr
2eabf1a291 Fix tests and test provider for real license format 2016-10-18 23:44:08 -04:00
Jake Moshenko
9f1c12e413 Refactor our license code to be entitlement centric. 2016-10-18 22:33:28 -04:00
Joseph Schorr
67f828279d Switch the license validator to use config_provider and have a test license
Fixes the broken tests currently which try (and fail) to read the license file
2016-10-18 11:44:13 -04:00
Joseph Schorr
ee96693252 Add superuser config section for updating license 2016-10-17 21:44:25 -04:00
Jimmy Zelinskie
5fee4d6d19 *: misc formatting cleanup 2016-10-17 21:43:45 -04:00
Jimmy Zelinskie
6eb26d7998 configproviders: pass filemode when opening volume 2016-10-17 21:43:45 -04:00
Jimmy Zelinskie
0c5400b7d1 enforce license across registry blueprints 2016-10-17 21:43:45 -04:00
Joseph Schorr
8fe29c5b89 Add license upload step to the setup flow
Fixes #853
2016-10-17 21:43:15 -04:00
Joseph Schorr
5211c407ff Add license checking to Quay
Based off of mjibson's changes

Fixes #499
2016-10-17 21:43:15 -04:00
Joseph Schorr
5a8200f17a Add option to properly handle external TLS
Fixes #1984
2016-10-13 14:49:29 -04:00
Jimmy Zelinskie
fc7301be0d *: fix legacy imports
This change reorganizes imports and renames the legacy flask extensions.
2016-09-28 20:17:14 -04:00
Jimmy Zelinskie
ae16d24fd1 license: validate via key instance rather than PEM 2016-09-28 15:44:28 -04:00
josephschorr
e1771abe58 Merge pull request #739 from coreos-inc/license
Add license checking to Quay
2016-09-27 16:52:08 +02:00
Joseph Schorr
476576bb70 Add license checking to Quay
Based off of mjibson's changes

Fixes #499
2016-09-27 10:31:34 +02:00
Joseph Schorr
25ed99f9ef Add feature flag to turn off requirement for team invitations
Fixes #1804
2016-09-20 16:45:00 -04:00
Joseph Schorr
c7beea2032 Fix handling of custom LDAP cert
This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs

Fixes #1846
2016-09-19 17:55:08 -04:00
josephschorr
480d890442 Merge pull request #1771 from coreos-inc/kubernetes-save-error
Make sure the Quay Enterprise Kubernetes namespace exists
2016-08-30 12:59:00 -04:00
Joseph Schorr
3f9c82462f Make sure the Quay Enterprise Kubernetes namespace exists
Prevents config from failing to save. Also clarifies any other errors that do occur.

Fixes #1449
2016-08-30 12:58:39 -04:00
Joseph Schorr
608ffd9663 Basic labels support
Adds basic labels support to the registry code (V2), and the API. Note that this does not yet add any UI related support.
2016-08-26 15:24:26 -04:00
Joseph Schorr
770ac0016e Change validate method to work for all storages 2016-08-02 15:01:37 -04:00
Joseph Schorr
9558c0e937 Fix handling of Github API paths and add tests 2016-06-30 14:10:22 -04:00
Joseph Schorr
2983195a4a Fix OAuth key not found error for Dex
Fixes #1582
2016-06-27 13:38:11 -04:00
Joseph Schorr
66ec1d81ce Switch to install custom LDAP cert by name 2016-06-21 15:10:26 -04:00
Joseph Schorr
20816804e5 Add ability for super users to take ownership of namespaces
Fixes #1395
2016-06-13 16:22:52 -04:00
Joseph Schorr
f670c4c7a9 Change Signer to use the config provider and fix tests
Fixes the broken ACI tests
2016-05-23 17:10:03 -04:00
Jake Moshenko
9221a515de Use the registry API for security scanning
when the storage engine doesn't support direct download url
2016-05-04 18:04:06 -04:00
Joseph Schorr
73fa593d02 Various small fixes in prep for QE release 2016-05-04 15:20:27 -04:00
josephschorr
f55fd2049f Merge pull request #1433 from coreos-inc/ldapoptions
Add additional options for LDAP
2016-05-04 14:06:29 -04:00
Joseph Schorr
42515ed9ec Add additional options for LDAP
Fixes #1420
2016-05-04 13:59:20 -04:00
Joseph Schorr
2cbdecb043 Implement setup tool support for Clair
Fixes #1387
2016-05-04 13:40:50 -04:00
josephschorr
b9f47f6761 Merge pull request #1285 from coreos-inc/configmaildefaults
Fix mail and signing defaults
2016-03-31 12:31:26 -04:00
Jimmy Zelinskie
5094e1f712 move slash_join to prevent local imports 2016-03-18 15:09:25 -04:00
Jimmy Zelinskie
e5d8a431f4 replace use of URL joining with slash_join 2016-03-18 14:56:10 -04:00