vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
8353 commits 2 branches 62 tags 205 MiB
Commit graph

262 commits

Author SHA1 Message Date
Joseph Schorr
3309daa32e Add support for reduced initial build count for new possible abusing users 
If configured, we now check the IP address of the user signing up and, if they are a possible threat, we further reduce their number of allowed maximum builds to the configured value.
 2018-04-20 18:46:32 +03:00
Joseph Schorr
2ea13e86a0 Add last_accessed information to User and expose for robot accounts 
Fixes https://jira.coreos.com/browse/QUAY-848
 2018-03-21 15:28:34 -04:00
Joseph Schorr
93d79e777e Automatically disable build triggers with successive failures or internal errors 
We allow users to reenable them manually once disabled
 2018-03-01 16:49:51 -05:00
Joseph Schorr
ab0172d2fd Switch Quay to using an in-container memcached for data model caching 2018-02-27 16:55:22 -05:00
Joseph Schorr
8bc55a5676 Make namespace deletion asynchronous 
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.

Fixes https://jira.coreos.com/browse/QUAY-838
 2018-02-27 13:12:51 -05:00
josephschorr
d77aa9228f
Merge pull request #3002 from coreos-inc/joseph.schorr/QUAY-822/gc-app-tokens 
Add a worker to automatically GC expired app specific tokens
 2018-02-20 17:21:48 -05:00
Joseph Schorr
9a452ace11 Add configurable limits for number of builds allowed under a namespace 
We also support that limit being increased automatically once a successful billing charge has gone through
 2018-02-20 16:54:22 -05:00
Joseph Schorr
188ea98441 Add new decorator to prevent reflected text attacks 
Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend.
 2018-02-20 11:33:45 -05:00
Joseph Schorr
d45161b120 Add a worker to automatically GC expired app specific tokens 
Fixes https://jira.coreos.com/browse/QUAY-822
 2018-02-12 14:56:01 -05:00
Joseph Schorr
5490e64669 Fill out schema and schema whitelist 2018-02-06 15:27:01 -05:00
Joseph Schorr
eae9175950 Allow size of pages in V2 api to be configurable 2018-02-02 13:54:41 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
5dd95038cf Add maximum lifetime of 30m on password recovery tokens 
Fixes https://jira.coreos.com/browse/QS-80
 2017-12-06 17:06:03 -05:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth 
OIDC internal auth support
 2017-10-02 16:51:17 -04:00
Joseph Schorr
804d3c46c3 Add feature flag to allow users to be created only if invited to join a team 
Allows for open user creation, but only if extended an invitation by someone who already has access
 2017-09-14 16:28:39 -04:00
Joseph Schorr
c6aad5fef0 Add option to disable partial autocompletion of users 2017-09-12 15:55:37 -04:00
Joseph Schorr
e724125459 Add support for using OIDC tokens via the Docker CLI 2017-09-12 12:23:22 -04:00
Joseph Schorr
650dbe5f5b Add config to enable "public" namespaces 
These are namespaces that will be displayed in the repo list view, regardless of whether the user is a member.
 2017-08-07 15:59:06 -04:00
Joseph Schorr
dff4207a89 Add feature flag to enable viewing builds and build logs for public repos 2017-08-07 15:24:36 -04:00
Joseph Schorr
8a96647d6e Add feature flag to enable team syncing setup when not a superuser 2017-07-21 11:06:21 -04:00
Joseph Schorr
b7d6bb12fa Hide extended health check information behind superuser permission or a session property 
Also adds an endpoint that (when specified with the proper secret), sets the session property
 2017-07-19 16:17:02 +03:00
Evan Cordell
45bf7efc84 Merge branch 'master' into no-signing-whitelist 2017-07-12 15:50:32 -04:00
Evan Cordell
75c1533aec Revert "Only show signing UI when namespace is explicitly whitelisted" 
85d382cd84
 2017-07-12 15:48:35 -04:00
Antoine Legrand
cdb3722c17 Use $QUAYPATH and $QUAYDIR in conf and init files 2017-07-05 16:23:54 +02:00
Joseph Schorr
555041876d Make public catalog only enabled via a feature flag 2017-06-02 15:30:51 -07:00
Jimmy Zelinskie
915c2073ec config.py: bump QSS Engine version to Clair 2.0. 2017-05-30 17:46:35 -07:00
Evan Cordell
85d382cd84 Only show signing UI when namespace is explicitly whitelisted 2017-05-08 13:50:07 -04:00
Joseph Schorr
3dcbe3c631 If enabled, allow users and orgs to set their time machine expiration 
Fixes https://www.pivotaltracker.com/story/show/142881203
 2017-04-21 11:32:45 -04:00
Jake Moshenko
8d279c8cc4 Unify app and api exception handling 
Move some confi to an immutable section
Make ApiExceptions real werkzeug exceptions
 2017-04-14 11:18:01 -04:00
Evan Cordell
abe6f40bc5 Add support for deleting TUF metadata when repo is deleted 2017-04-12 17:33:51 -04:00
Erica
3f79422a52 Merge pull request #2306 from coreos-inc/QUAY-2842-audit-log-strict-config-option 
feat(config.py): add setting for audit log strictness
 2017-04-07 13:43:11 -04:00
Joseph Schorr
f9e6110f73 Add basic user interface for application repos 
Adds support for creating app repos, viewing app repos and seeing the list of app repos in the Quay UI.
 2017-04-05 11:30:09 -04:00
EvB
6916d82e0d feat(endpoints/trackhelper): wrap log op for silent fails 2017-04-05 11:26:10 -04:00
EvB
503c4cd235 feat(config.py): add setting for audit log strictness 2017-04-05 11:26:10 -04:00
josephschorr
1bfca871ec Merge pull request #2387 from coreos-inc/team-sync 
Team synchronization support in Quay Enterprise
 2017-04-03 18:26:29 -04:00
Joseph Schorr
83320c2868 Have CDN use be off by default 
We only use the CDN now for testing and local development, and having it on by default breaks when doing initial setup for QE behind a corporate firewall that doesn't allow loading of the external libraries we need
 2017-04-03 14:31:28 -04:00
Joseph Schorr
04225f2d25 Add feature flag for team syncing 2017-04-03 11:31:29 -04:00
Joseph Schorr
e204f7784c Make app registry off by default 2017-03-23 12:01:59 -04:00
Jimmy Zelinskie
4614419e53 config: add app registry feature flag 2017-03-22 22:57:21 -04:00
Joseph Schorr
dd35677712 Add configurable maximum layer size in nginx 2017-03-21 13:14:11 -04:00
Jimmy Zelinskie
4ed0cdda14 securityscanner: add a min image id option 
This will enable us to force some instances of the securityworker to
scan only new images.
 2017-03-03 13:55:25 -05:00
Jake Moshenko
de7a5c9959 Make the security scanning worker period configurable 2017-02-27 15:02:29 -05:00
Evan Cordell
eac9927414 Add FEATURE_SIGNING flag and refactor nginx_conf_create.sh 2017-02-23 14:38:16 -05:00
Evan Cordell
9affe193db Add support for tuf metadata endpoints 2017-02-23 14:38:16 -05:00
Jimmy Zelinskie
e81926fcba util.secscan.api: init read-only failover 2017-02-03 19:20:13 -05:00
Joseph Schorr
3eb17b7caa Add support for recaptcha during the create account flow 
If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed.
 2017-01-09 11:08:21 -05:00
Jimmy Zelinskie
00eafff747 Merge pull request #2204 from jzelinskie/429builds 
add rate limiting to build queues
 2016-12-07 15:03:31 -05:00
Jimmy Zelinskie
57770493fa build rate limiting: use a rate 2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
7877c6ab94 add rate limiting to build queues 2016-12-06 16:30:12 -05:00
Jake Moshenko
709edd7eb6 Reduce the update period on queue worker metrics. 2016-12-05 18:12:14 -05:00