Commit graph

6646 commits

Author SHA1 Message Date
josephschorr
e58e04b0e9 Merge pull request #2242 from coreos-inc/clair-exceptions
Security scanner flow changes and auto-retry
2016-12-16 15:54:52 -05:00
Joseph Schorr
405eca074c Security scanner flow changes and auto-retry
Changes the security scanner code to raise exceptions now for non-successful operations. One of the new exceptions raised is MissingParentLayerException, which, when raised, will cause the security worker to perform a full rescan of all parent images for the current layer, before trying once more to scan the current layer. This should allow the system to be "self-healing" in the case where the security scanner engine somehow loses or corrupts a parent layer.
2016-12-16 15:38:09 -05:00
josephschorr
d4b7738a87 Merge pull request #2243 from coreos-inc/entity-autocomplete
Make sure robot accounts always show up first in entity search
2016-12-16 15:09:37 -05:00
Joseph Schorr
58b7481a63 Make sure robot accounts always show up first in entity search
Fixes https://www.pivotaltracker.com/story/show/136277321
Fixes #2241
2016-12-16 15:04:30 -05:00
josephschorr
f72185f527 Merge pull request #2240 from coreos-inc/wrong-email-invite-accept
Fix attempts to confirm team invite for mismatched email address
2016-12-16 14:30:37 -05:00
josephschorr
9fa16679f8 Merge pull request #2238 from coreos-inc/fake-clair
Add a fake security scanner class for easier testing
2016-12-15 20:51:24 -05:00
Joseph Schorr
785c74de52 Fix attempts to confirm team invite for mismatched email address
Currently, if a user tries to confirm an invite sent to them on an account with a mismatching email address, we simply redirect to the org (where they get a 403). This change ensures they get the proper error response message, and restyles the error page to be nicer.

Fixes #2227
Fixes https://www.pivotaltracker.com/story/show/136088507
2016-12-15 17:15:11 -05:00
Ian Minoso
1eff25f459 Merge pull request #2239 from iminoso/loading
Add throbber while waiting for builds to load
2016-12-15 13:27:48 -08:00
Ian Minoso
149dd46076 Add throbber while waiting for builds to load 2016-12-15 13:01:33 -08:00
Brad Ison
2730c26b2e Merge pull request #2237 from coreos-inc/metrics-labels
Don't record size in chunk upload metrics
2016-12-15 14:20:34 -05:00
Brad Ison
df7366eace Add chunk size metric 2016-12-15 13:20:16 -05:00
Ian Minoso
77215b7de4 Merge pull request #2232 from iminoso/services
Basic builds table for new repo view
2016-12-14 15:52:39 -08:00
Ian Minoso
f0be3013ac clear setinterval after unmounting component 2016-12-14 15:04:56 -08:00
Erica
135f4dae0c Merge pull request #2213 from coreos-inc/ISSUE-2026-204-response
fix(endpoints/api): return empty 204 resp
2016-12-14 17:13:57 -05:00
Joseph Schorr
15041ac5ed Add a fake security scanner class for easier testing
The FakeSecurityScanner mocks out all calls that Quay is expected to make to the security scanner API, and returns faked data that can be adjusted by the calling test case
2016-12-14 17:11:45 -05:00
josephschorr
d0ec5afa9c Merge pull request #2235 from coreos-inc/clair-load-error-message
Add error message if security scan not found
2016-12-14 16:32:57 -05:00
EvB
0a5d4990e6 test(endpoints/api): ensure empty 202 resp 2016-12-14 16:32:06 -05:00
EvB
43aed7c6f4 fix(endpoints/api): return empty 204 resp
Return an empty body on API requests with status code 204, which
means "No content". Incorrect 'Deleted' responses were being
returned after successful DELETE operations despite the "No Content"
definition of 204.
2016-12-14 16:22:39 -05:00
Brad Ison
8f59ac1251 Don't record size in chunk upload metrics 2016-12-14 12:16:02 -05:00
josephschorr
fde81c1b58 Merge pull request #2236 from coreos-inc/qss-notification
Send notifications for previously unscannable layers in QSS
2016-12-14 11:56:24 -05:00
Joseph Schorr
6871eb95b1 Send notifications for previously unscannable layers in QSS
Following this change, if an image was previously indexed unsuccessfully, then we will send notifications once successfully indexed
2016-12-14 11:25:45 -05:00
Joseph Schorr
b83784f1e1 Add error message if security scan not found
This change ensures that the user gets an error message (and not a blank tab) if the security scan information could not be successfully loaded

Fixes https://www.pivotaltracker.com/story/show/136072509
2016-12-14 00:50:06 -05:00
josephschorr
2a6632cff4 Merge pull request #2234 from coreos-inc/select-image-test
Add a test for selecting images to be scanned
2016-12-14 00:34:27 -05:00
Joseph Schorr
a9a75cd4cf Add a test for selecting images to be scanned 2016-12-14 00:07:48 -05:00
josephschorr
3dea6f6c92 Merge pull request #2233 from coreos-inc/reindex-clair
Have security scanner analyze only send notifications for *new* layers
2016-12-13 23:45:48 -05:00
Joseph Schorr
624b2a8385 Have security scanner analyze only send notifications for *new* layers
Following this change, anytime a layer is indexed by the security scanner, we only send notifications out if the layer previously had a security_indexed_engine value of `-1`, thus ensuring it has *never* been indexed previously. This will allow us to change to version of the security scanner upwards, and have all the images be re-indexed, without firing off notifications in a spammy manner.
2016-12-13 23:17:11 -05:00
Ian Minoso
1ed3c1444d Basic builds table for new repo view 2016-12-13 16:46:35 -08:00
Evan Cordell
5686c80af1 Revert "Add GC of layers in Clair"
This reverts 49872838ab
2016-12-13 18:40:58 -05:00
Evan Cordell
dd5f7cbe6c Fix the ephemeral build metrics 2016-12-13 18:28:04 -05:00
Evan Cordell
808266574e Update changelog for v2.0.3 (#2226)
* Update changelog for v2.0.3
2016-12-09 16:44:41 -05:00
josephschorr
648fed769b Merge pull request #2224 from coreos-inc/oauth-state
Have Quay always use an OAuth-specific CSRF token
2016-12-09 15:16:01 -05:00
Joseph Schorr
fd364ccca3 Remove unneeded exception var 2016-12-09 14:52:49 -05:00
Joseph Schorr
1e5b97318a Fix loading of public keys for OIDC under Linux
Python's crypto lib under Linux has issues with loading PEM-encoded keys, so we just load it as a DER here and give PyJWT the key *instance* to use directly.
2016-12-09 14:26:56 -05:00
Joseph Schorr
1302fd2fbd Switch csrf token check to use compare_digest to prevent timing attacks
Also adds some additional tests for CSRF tokens
2016-12-08 23:46:31 -05:00
Joseph Schorr
dbdcb802b1 Add end-to-end OAuth login and attach tests 2016-12-08 18:35:42 -05:00
Joseph Schorr
36324708db Fix small pylint issues 2016-12-08 16:21:44 -05:00
Joseph Schorr
ff52fde8a5 Have Quay always use an OAuth-specific CSRF token
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.

Fixes https://www.pivotaltracker.com/story/show/135803615
2016-12-08 16:11:57 -05:00
Charlton Austin
ec6ecc02ed Merge pull request #2223 from charltonaustin/removing_unused_imports
Removing an unused import.
2016-12-08 15:31:36 -05:00
Charlton Austin
0b8c2ef92f Removing an unused import. 2016-12-08 13:53:52 -05:00
josephschorr
34f2ddce87 Merge pull request #2222 from coreos-inc/bust-apt-cache
Bust apt cache
2016-12-07 18:10:26 -05:00
Joseph Schorr
1fdca26632 Bust apt cache 2016-12-07 18:09:33 -05:00
josephschorr
410b9d74fc Merge pull request #2214 from coreos-inc/clair-gc
Add GC of layers in Clair
2016-12-07 17:58:21 -05:00
josephschorr
543d86ae10 Merge pull request #2221 from coreos-inc/fix-error-pages
Have all error pages be rendered by Angular
2016-12-07 17:53:14 -05:00
josephschorr
111b7b0788 Merge pull request #2206 from coreos-inc/ldap-user-search-fix
Fix external auth returns for query_user calls
2016-12-07 17:53:04 -05:00
josephschorr
c5111d7930 Merge pull request #2144 from coreos-inc/buildlogs-improvements
Change the append build log method to execute the two calls via one pipelined connection
2016-12-07 17:52:22 -05:00
Joseph Schorr
c06bba38de Have all error pages be rendered by Angular
Fixes #2198

Fixes https://www.pivotaltracker.com/story/show/135724483
2016-12-07 17:49:02 -05:00
Jimmy Zelinskie
00eafff747 Merge pull request #2204 from jzelinskie/429builds
add rate limiting to build queues
2016-12-07 15:03:31 -05:00
Joseph Schorr
3203fd6de1 Fix external auth returns for query_user calls
Adds the missing field on the query_user calls, updates the external auth tests to ensure it is returned properly, and adds new end-to-end tests which call the external auth engines via the *API*, to ensure this doesn't break again
2016-12-07 14:28:42 -05:00
Charlton Austin
9720efbdb6 Merge pull request #2218 from charltonaustin/fix_set_to_Set
Fixing api usage.
2016-12-07 13:28:01 -05:00
Jimmy Zelinskie
b671ee938a Merge pull request #2174 from jzelinskie/pngcrush
dockerfile: optimize static images
2016-12-07 13:04:28 -05:00