Evan Cordell
abd78bce56
Use constants for TUF roots
2017-03-27 11:37:17 -04:00
Evan Cordell
6ad107709c
Change build_context_and_subject to take kwargs
2017-03-27 11:37:17 -04:00
Evan Cordell
21d969d309
Refactor tests, no g required
2017-03-27 11:37:17 -04:00
Evan Cordell
43dd974dca
Determine which TUF root to show based on actual access, not requested
...
access
2017-03-27 11:37:17 -04:00
Antoine Legrand
d2ed37e158
Fix force push causing duplicated entries
2017-03-27 15:39:57 +02:00
Joseph Schorr
e509eb4cba
Better custom cert handling in the superuser tool
...
We now only allow certificates ending in .crt to be uploaded and we automatically install the certificate once it has been validated
2017-03-24 17:15:26 -04:00
Antoine Legrand
35bebf9e99
Use 401 for bad or missing credentials, 403 for forbidden access
2017-03-24 18:46:13 +01:00
Joseph Schorr
94c5eca286
Add CNR API auth tests for public repos
2017-03-23 21:19:56 -04:00
Jimmy Zelinskie
0ce68706ee
Merge pull request #2465 from coreos-inc/force_push
...
Allow force push for app
2017-03-23 21:05:08 -04:00
Antoine Legrand
16f2479a96
test: push twice same blob from different package
2017-03-24 00:39:04 +01:00
Antoine Legrand
bbd74eabd1
Allow force push for app
2017-03-23 22:50:07 +01:00
Joseph Schorr
ac4a79ae01
Update PR for rebase
2017-03-23 15:57:49 -04:00
Joseph Schorr
95e1cf6673
Make V2 login errors more descriptive
...
If login fails, we now call validate again to get the reason for the failure, and then surface it to the user of the CLI. This allows for more actionable responses, such as:
$ docker login 10.0.2.2:5000
Username (devtable): devtable
Password:
Error response from daemon: Get http://10.0.2.2:5000/v2/ : unauthorized: Client login with unencrypted passwords is disabled. Please generate an encrypted password in the user admin panel for use here.
2017-03-23 15:42:45 -04:00
Joseph Schorr
651666b60b
Refactor our auth handling code to be cleaner
...
Breaks out the validation code from the auth context modification calls, makes decorators easier to define and adds testing for each individual piece. Will be the basis of better error messaging in the following change.
2017-03-23 15:42:45 -04:00
Joseph Schorr
1bd4422da9
Move auth decorators into a decorators module
...
The non-decorators will be broken out in the followup change
2017-03-23 15:42:45 -04:00
Joseph Schorr
abf179eb09
Move fixtures under test, since they are shared globally
2017-03-23 15:42:45 -04:00
Joseph Schorr
c9a5ce6701
Start validating login in CNR
...
Fixes https://www.pivotaltracker.com/story/show/142342305
2017-03-23 15:07:46 -04:00
Joseph Schorr
ef4569f2c5
Add very basic security tests for CNR APIs
2017-03-23 13:14:12 -04:00
Joseph Schorr
b765836cfd
Make sure blobs in CNR are auth checked
2017-03-23 12:41:56 -04:00
Jimmy Zelinskie
77d2b9b290
endpoints.appr.test: mark failing db restore test
...
This test should fail as long as the CNR tests use 'v1' in the
mediatype.
2017-03-23 11:24:15 -04:00
Joseph Schorr
35b500aa2a
Fix test override
2017-03-23 11:17:05 -04:00
Joseph Schorr
e7d7849937
Make sure channels and releases match the tag regex
2017-03-23 00:55:36 -04:00
Joseph Schorr
3277fe9b4e
Make sure repository names in APPR match regex
2017-03-23 00:51:54 -04:00
Joseph Schorr
1145651b7a
Work towards fixing tests
2017-03-23 00:37:39 -04:00
Joseph Schorr
069208f2f1
Break out repo kind checking into its own decorator
...
We then use that decorator both in the API and in the permissions check decorator
2017-03-23 00:01:37 -04:00
Joseph Schorr
4c34b00b38
Prevent CNR methods from auth-ing on non-app repos
2017-03-22 23:56:34 -04:00
Jimmy Zelinskie
3d0e63d8e5
endpoints.appr.decorators: isolate appr decorators
2017-03-22 23:53:03 -04:00
Jimmy Zelinskie
6dfd1ef660
endpoints.appr.test: include CNR fixtures
2017-03-22 23:42:19 -04:00
Jimmy Zelinskie
82bcd45727
endpoints: clarify repo access decorators
2017-03-22 23:41:38 -04:00
Jimmy Zelinskie
cafde81322
endpoints.appr.test: init
2017-03-22 22:57:22 -04:00
Jimmy Zelinskie
102c671587
endpoints.appr: init
2017-03-22 22:57:21 -04:00
Jimmy Zelinskie
3ccf3c5f33
Merge pull request #2447 from jzelinskie/cnr-step2
...
CNR Step 2
2017-03-22 18:45:51 -04:00
Joseph Schorr
df1e7f90e0
Add verb security tests and fix small issues
2017-03-22 18:29:53 -04:00
Jimmy Zelinskie
d5fa2ad0c0
endpoints.verbs: abort 405 for non-container repos
2017-03-22 17:50:58 -04:00
Joseph Schorr
dcb970b783
Add registry app repository failure test
2017-03-22 17:26:59 -04:00
Jimmy Zelinskie
ca7a0f14d8
endpoints.v1: return 405 for non-docker repos
2017-03-22 17:26:59 -04:00
Jimmy Zelinskie
48ba59d615
endpoints.v2: only work on docker repositories
2017-03-22 17:26:59 -04:00
Joseph Schorr
178373293d
Disable web endpoints for app repos
2017-03-22 15:51:19 -04:00
Joseph Schorr
54efed62ee
Make sure start_build
cannot be called for app repos
2017-03-22 15:51:19 -04:00
Joseph Schorr
30b532254c
Disallow non-apps-supported APIs for application repositories
2017-03-22 15:51:19 -04:00
Jimmy Zelinskie
a2bac7dabd
endpoints.v1: only work on docker repositories
2017-03-22 14:31:22 -04:00
Joseph Schorr
ff7f78e990
Have blob uploads be checked against configurable max layer size
2017-03-21 13:16:55 -04:00
Joseph Schorr
239b6d7cf8
Make LayerTooLarge error more informative
2017-03-21 13:14:11 -04:00
Joseph Schorr
dd7f254f96
Have blob uploads be checked against configurable max layer size
2017-03-21 13:14:11 -04:00
josephschorr
4bee4dbfff
Merge pull request #2443 from coreos-inc/build-webhook-tests
...
Add tests for build web hooks endpoint
2017-03-20 16:26:57 -04:00
Joseph Schorr
8bbe0e5e9b
Always allow robot accounts to be selected by admins in trigger setup
...
Currently during trigger setup, if we don't know for sure that a robot account is necessary, we don't show the option to select one. This fails if the user has a Dockerfile in a branch or tag with a private base image *or* they *intend* to add a private base image once the trigger is setup. Following this change, we always show the option to select a robot account, even if it isn't determined to be strictly necessary.
2017-03-20 13:24:55 -04:00
Joseph Schorr
6f567e0850
Add tests for build web hooks endpoint
2017-03-20 13:22:59 -04:00
Joseph Schorr
cfb81c977f
Add UI for editing labels on a manifest
2017-03-14 11:34:43 -04:00
Joseph Schorr
69e476b1f4
Fix param regex for path params with complex filters
2017-03-14 11:34:43 -04:00
Joseph Schorr
e90cab4d77
Change revert tag into restore tag and add manifest support
2017-03-14 11:34:42 -04:00
Joseph Schorr
af743b156b
Show manifest digests in place of V1 ids in the tag view when possible
2017-03-14 11:34:41 -04:00
josephschorr
432b2d3fe8
Merge pull request #2392 from coreos-inc/search-optimization
...
Optimize repository search by changing our lookup strategy
2017-03-10 15:44:26 -05:00
Joseph Schorr
d42ec4e585
Abstract out constant scores into constants
2017-03-10 14:06:39 -05:00
Joseph Schorr
3813d0d23d
Add tests for all notification event calls
2017-03-10 11:26:12 -05:00
Joseph Schorr
48db77b521
Fix bug in QSS notifications
2017-03-10 11:25:55 -05:00
Joseph Schorr
b5bb76cdea
Optimize repository search by changing our lookup strategy
...
Previous to this change, repositories were looked up unfiltered in six different queries, and then filtered using the permissions model, which issued a query per repository found, making search incredibly slow. Instead, we now lookup a chunk of repositories unfiltered and then filter them via a single query to the database. By layering the filtering on top of the lookup, each as queries, we can minimize the number of queries necessary, without (at the same time) using a super expensive join.
Other changes:
- Remove the 5 page pre-lookup on V1 search and simply return that there is one more page available, until there isn't. While technically not correct, it is much more efficient, and no one should be using pagination with V1 search anyway.
- Remove the lookup for repos without entries in the RAC table. Instead, we now add a new RAC entry when the repository is created for *the day before*, with count 0, so that it is immediately searchable
- Remove lookup of results with a matching namespace; these aren't very relevant anyway, and it overly complicates sorting
2017-03-09 19:47:55 -05:00
Jimmy Zelinskie
850c32ebfb
Merge pull request #2298 from jzelinskie/maintainers
...
MAINTAINERS: init owners to subpkgs
2017-03-09 17:30:38 -05:00
Joseph Schorr
0ab6388e30
Add support for null ref, as that can be the value if a default branch is not chosen
2017-03-07 20:39:42 -05:00
josephschorr
aa2f88d321
Merge pull request #2337 from coreos-inc/new-trigger-ux
...
Implement new create and manager trigger UI
2017-03-02 18:15:32 -05:00
Joseph Schorr
9e6c368f7a
Make QSS multiple notification messaging nicer
2017-03-01 16:11:11 -05:00
Joseph Schorr
eff1827d9d
Batch QSS notifications after initial scan
2017-03-01 15:42:49 -05:00
Joseph Schorr
8e863b8cf5
Implement new create and manager trigger UI
...
Implements the new trigger setup user interface, which is now a linear workflow found on its own page, rather than a tiny modal dialog
Fixes #1187
2017-02-28 16:51:42 -05:00
Charlton Austin
59d6cf8a86
Merge pull request #2376 from charltonaustin/quay_jwts_indicate_which_root_a_user_should_see_137968801
...
Adding in what metadata_root_name to JWT
2017-02-23 17:10:21 -05:00
Charlton Austin
e87404c327
Adding in what metadata_root_name to JWT
2017-02-22 16:59:19 -05:00
Joseph Schorr
3f1d394e14
Catch IOErrors when starting builds
...
Fixes https://sentry.io/coreos/backend-production/issues/207144068/
2017-02-22 13:20:04 -05:00
Joseph Schorr
9db20ff961
Catch SSL errors due to timeouts in Github calls
...
Fixes https://sentry.io/coreos/backend-production/issues/219378902/
2017-02-22 13:20:04 -05:00
Joseph Schorr
89b7c13da5
Catch team member invite missing exception
...
Fixes https://sentry.io/coreos/backend-production/issues/195926082/
2017-02-22 13:18:22 -05:00
Joseph Schorr
a319c55616
Don't make permissions request in search for public callers
...
They are unnecessary, so we can skip them
2017-02-17 12:22:21 -05:00
Joseph Schorr
198bdf88bc
Move OAuth login into its own endpoints module
2017-02-16 16:27:54 -05:00
Joseph Schorr
0167e1e7bf
Style fixes
2017-02-16 16:27:54 -05:00
Joseph Schorr
d47696b69c
Add support for sub
binding field
2017-02-16 16:27:53 -05:00
Joseph Schorr
7b386e9d63
Move endpoint test fixtures to a non-conftest file
2017-02-16 16:27:53 -05:00
Joseph Schorr
2c35383724
Allow OAuth and OIDC login engines to bind to fields in internal auth
...
This feature is subtle but very important: Currently, when a user logs in via an "external" auth system (such as Github), they are either logged into an existing bound account or a new account is created for them in the database. While this normally works jut fine, it hits a roadblock when the *internal* auth system configured is not the database, but instead something like LDAP. In that case, *most* Enterprise customers will prefer that logging in via external auth (like OIDC) will also *automatically* bind the newly created account to the backing *internal* auth account. For example, login via PingFederate OIDC (backed by LDAP) should also bind the new QE account to the associated LDAP account, via either username or email. This change allows for this binding field to be specified, and thereafter will perform the proper lookups and bindings.
2017-02-16 16:27:53 -05:00
Joseph Schorr
c6b0376d61
Remove unnecessary email generation in OAuth login
...
Handled by the `emaIl_required` flag already
2017-02-16 16:27:53 -05:00
Joseph Schorr
92c0b5ac3e
Fix handling of None queries
2017-02-16 15:26:45 -05:00
josephschorr
38e079ced2
Merge pull request #2344 from coreos-inc/v1-search-fix
...
Implement the full spec for the old Docker V1 registry search API
2017-02-16 15:08:33 -05:00
Joseph Schorr
a0bc0e9488
Implement the full spec for the old Docker V1 registry search API
...
This API is still (apparently) being used by the Docker CLI for `docker search` (why?!) and we therefore have customers expecting this to work the same way as the DockerHub.
2017-02-16 14:45:33 -05:00
Joseph Schorr
11c931f781
Log more information to the action logs and display the namespaces for superusers
...
This helps superusers understand better what, exactly, is going on in the registry
2017-02-14 14:55:24 -05:00
Joseph Schorr
8d96d8b682
Add tests for missing logs APIs
2017-02-08 16:52:17 -08:00
Charlton Austin
5a06530b43
Merge pull request #2314 from charltonaustin/move_tests_over_to_pytest_no_story
...
update(security_test.py): moving tests to new framework
2017-02-03 16:21:03 -05:00
josephschorr
1edebb804e
Merge pull request #2334 from coreos-inc/manifest-security-api
...
Add API endpoint for retrieving security status by *manifest*, rather than Docker V1 image ID
2017-02-02 22:37:17 -05:00
Joseph Schorr
cf539487a1
Add API endpoint for retrieving security status by *manifest*, rather than Docker V1 image ID
2017-02-02 17:51:18 -05:00
Alec Merdler
7c904f2e21
Merge pull request #2292 from coreos-inc/frontend-typescript
...
Upgrading Front-end Client to TypeScript
2017-02-02 14:24:35 -08:00
Charlton Austin
85bcb63439
update(security_test.py): moving tests to new framework
...
We should be moving tests over to pytest
[none]
2017-02-02 13:40:00 -05:00
josephschorr
01ec22b362
Merge pull request #2300 from coreos-inc/openid-connect
...
OpenID Connect support and OAuth login refactoring
2017-01-31 18:14:44 -05:00
Charlton Austin
2dfae9e892
Merge pull request #2303 from charltonaustin/view_build_logs_as_superuser_137910387
...
feature(superuser panel): ability to view logs
2017-01-27 12:32:31 -05:00
Charlton Austin
dae93dce78
feature(superuser panel): ability to view logs
...
users would like the ability to view build logs in the superuser panel
[None]
2017-01-26 13:54:03 -05:00
Joseph Schorr
05e9e31941
Fix small lookup bug under MySQL
2017-01-25 12:55:56 -05:00
alecmerdler
c9fa22b093
moved Webpack bundle directory out of /static/js because it contains more than just JS files
2017-01-24 14:05:06 -08:00
Joseph Schorr
a9791ea419
Have external login always make an API request to get the authorization URL
...
This makes the OIDC lookup lazy, ensuring that the rest of the registry and app continues working even if one OIDC provider goes down.
2017-01-23 19:06:19 -05:00
Joseph Schorr
fda203e4d7
Add proper and tested OIDC support on the server
...
Note that this will still not work on the client side; the followup CL for the client side is right after this one.
2017-01-23 17:53:34 -05:00
Jimmy Zelinskie
64421db0a3
MAINTAINERS: init owners to subpkgs
2017-01-23 17:46:34 -05:00
alecmerdler
615e233671
moved Angular routes to separate module; load Webpack bundle before other main scripts
2017-01-20 16:24:55 -08:00
Joseph Schorr
19f7acf575
Lay foundation for truly dynamic external logins
...
Moves all the external login services into a set of classes that share as much code as possible. These services are then registered on both the client and server, allowing us in the followup change to dynamically register new handlers
2017-01-20 15:21:08 -05:00
Joseph Schorr
4755d08677
Refactor and rename the standard OAuth services
2017-01-19 15:23:15 -05:00
Joseph Schorr
bee2551dc2
Temporarily remove Dex login support
...
This will be added back in later in this PR as part of proper generic OIDC support
2017-01-19 14:51:12 -05:00
josephschorr
e2748fccd9
Merge pull request #2282 from coreos-inc/motd-updates
...
Severity and Markdown support in MOTD
2017-01-18 17:41:27 -05:00
Joseph Schorr
3106504f39
Severity and Markdown support in MOTD
...
[Delivers #133555165 ]
2017-01-18 16:55:32 -05:00
Joseph Schorr
669a3070bd
Only parse request URL in track_and_log when necessary
2017-01-18 11:23:23 -05:00
Joseph Schorr
89229a8f2c
Don't publish registry events to Redis for robots
...
The tutorial can only be used by users, so no need to publish for robots, which can cause issues in pulling for builders and other prod mechanisms if Redis is being finicky
2017-01-18 11:22:07 -05:00
josephschorr
9b65b37011
Merge pull request #2245 from coreos-inc/recaptcha
...
Add support for recaptcha during the create account flow
2017-01-17 11:34:23 -05:00
josephschorr
ac8cddc5a9
Merge pull request #2274 from coreos-inc/custom-cert-management
...
Custom SSL certificates config panel
2017-01-13 16:24:47 -05:00
Joseph Schorr
efdedba2ae
Superuser config tool warnings
...
Adds warnings displayed in the superuser config tool that the changes made will only be applied to the local instance (in non-k8s case) or that a deployment is required (in the k8s case)
[Delivers #137537413 ]
2017-01-13 15:50:50 -05:00
Joseph Schorr
7e0fbeb625
Custom SSL certificates config panel
...
Adds a new panel to the superuser config tool, for managing custom SSL certificates in the config bundle
[Delivers #135586525 ]
2017-01-13 14:34:35 -05:00
Alec Merdler
081424ed82
Merge pull request #2268 from coreos-inc/frontend-testing-framework
...
Front-end testing framework
2017-01-11 16:20:40 -08:00
Jake Moshenko
fe9f97cd0e
Fix the order and number of arguments for squashing/ACI
2017-01-11 15:16:49 -05:00
Joseph Schorr
3eb17b7caa
Add support for recaptcha during the create account flow
...
If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed.
2017-01-09 11:08:21 -05:00
alecmerdler
659417f7ef
tests for AngularViewArray service
2017-01-07 00:28:02 -08:00
Joseph Schorr
9413e25123
Change georeplication queuing to use new batch system
2016-12-21 17:44:30 -05:00
josephschorr
732ab67b57
Merge pull request #2252 from coreos-inc/parallel-tests
...
Fix pytests and enable parallel registry tests
2016-12-20 16:56:52 -05:00
Joseph Schorr
481cebe46b
Fix pytests and enable parallel registry tests
2016-12-20 15:42:04 -05:00
Joseph Schorr
f4f5a065df
Add check for None repository in start build API
...
Fixes #2244
2016-12-19 11:40:24 -05:00
Brad Ison
2730c26b2e
Merge pull request #2237 from coreos-inc/metrics-labels
...
Don't record size in chunk upload metrics
2016-12-15 14:20:34 -05:00
Brad Ison
df7366eace
Add chunk size metric
2016-12-15 13:20:16 -05:00
EvB
43aed7c6f4
fix(endpoints/api): return empty 204 resp
...
Return an empty body on API requests with status code 204, which
means "No content". Incorrect 'Deleted' responses were being
returned after successful DELETE operations despite the "No Content"
definition of 204.
2016-12-14 16:22:39 -05:00
Brad Ison
8f59ac1251
Don't record size in chunk upload metrics
2016-12-14 12:16:02 -05:00
Joseph Schorr
fd364ccca3
Remove unneeded exception var
2016-12-09 14:52:49 -05:00
Joseph Schorr
1302fd2fbd
Switch csrf token check to use compare_digest
to prevent timing attacks
...
Also adds some additional tests for CSRF tokens
2016-12-08 23:46:31 -05:00
Joseph Schorr
dbdcb802b1
Add end-to-end OAuth login and attach tests
2016-12-08 18:35:42 -05:00
Joseph Schorr
36324708db
Fix small pylint issues
2016-12-08 16:21:44 -05:00
Joseph Schorr
ff52fde8a5
Have Quay always use an OAuth-specific CSRF token
...
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.
Fixes https://www.pivotaltracker.com/story/show/135803615
2016-12-08 16:11:57 -05:00
josephschorr
543d86ae10
Merge pull request #2221 from coreos-inc/fix-error-pages
...
Have all error pages be rendered by Angular
2016-12-07 17:53:14 -05:00
josephschorr
111b7b0788
Merge pull request #2206 from coreos-inc/ldap-user-search-fix
...
Fix external auth returns for query_user calls
2016-12-07 17:53:04 -05:00
Joseph Schorr
c06bba38de
Have all error pages be rendered by Angular
...
Fixes #2198
Fixes https://www.pivotaltracker.com/story/show/135724483
2016-12-07 17:49:02 -05:00
Jimmy Zelinskie
00eafff747
Merge pull request #2204 from jzelinskie/429builds
...
add rate limiting to build queues
2016-12-07 15:03:31 -05:00
Joseph Schorr
3203fd6de1
Fix external auth returns for query_user calls
...
Adds the missing field on the query_user calls, updates the external auth tests to ensure it is returned properly, and adds new end-to-end tests which call the external auth engines via the *API*, to ensure this doesn't break again
2016-12-07 14:28:42 -05:00
Jimmy Zelinskie
ebbe58d311
replace prefix w/ canonical name list
2016-12-07 12:56:56 -05:00
Joseph Schorr
d349e1639a
Fix doc comment on security scan API endpoint
...
Fixes #2216
2016-12-07 11:50:22 -05:00
Jimmy Zelinskie
c41de8ded6
build queue rate limiting: address PR comments
2016-12-06 20:40:54 -05:00
Jimmy Zelinskie
eb69abff8b
build rate limiting: tests
2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
57770493fa
build rate limiting: use a rate
2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
7877c6ab94
add rate limiting to build queues
2016-12-06 16:30:12 -05:00
Jake Moshenko
d656e54d99
Fix unsafe mutable default params.
2016-12-06 14:00:16 -05:00
Jake Moshenko
21e3001446
Add a bulk insert for queue and notifications.
...
Use it for Clair spawned notifications.
2016-12-06 14:00:16 -05:00
Joseph Schorr
97d150e281
Have QSS only add security scanner notifications once
2016-12-05 19:08:20 -05:00
Joseph Schorr
cf61c29671
Move SETUP_COMPLETE check up to allow users to add license
...
Somehow this change got lost.
2016-12-05 13:22:14 -05:00
Charlton Austin
4103a0b75f
Adding in cancel notifications
2016-11-30 14:38:34 -05:00
josephschorr
b7aac159ae
Merge pull request #2170 from coreos-inc/password-reset
...
Fix small bugs around account recovery and user settings redirection
2016-11-28 19:51:23 -05:00
Joseph Schorr
dcd8157207
Fix JWT exception in Dex code
2016-11-28 18:55:51 -05:00
Joseph Schorr
0e24f6b40a
Fix user redirects to go to the correct URL
...
`/user` no longer works and returns a 404; we now need to redirect to the specific user page
2016-11-28 18:55:41 -05:00
Joseph Schorr
402ad25690
Change team invitation acceptance to join all invited teams under the org
...
Fixes #1989
2016-11-28 18:39:28 -05:00
Evan Cordell
9e96e6870f
Add support for * (admin) permission to registry auth v2 endpoint
2016-11-28 14:02:08 -05:00
josephschorr
1529ed2086
Merge pull request #2154 from coreos-inc/receipt-filename
...
Make receipt filenames include date information
2016-11-23 12:25:53 -05:00
Joseph Schorr
964b1013d9
Make receipt filenames include date information
...
Fixes #1997
2016-11-21 15:35:56 -05:00
Joseph Schorr
080802ed2d
Add tracking of pulled tag/digest to logs
...
Fixes #2148
2016-11-21 12:29:59 -05:00
Charlton Austin
2fe74e4057
Adding in UI for cancel anytime.
2016-11-21 10:58:32 -05:00
josephschorr
ff14601669
Merge pull request #2139 from coreos-inc/oauth-reauth
...
Fix error displayed for OAuth if an existing token already matches scopes
2016-11-17 16:42:56 -05:00
Joseph Schorr
0e602efbf9
Fix error displayed for OAuth if an existing token already matches scopes
...
Before this change, the OAuth system would automatically redirect to display the code if the scopes requested were a subset of those already granted by the user. However, the missing process auth resulted in `get_authenticated_user` returning None, which broke the OAuth flow.
Fixes #2131
2016-11-17 16:21:26 -05:00
Joseph Schorr
0b549125d9
Fix 500 on get label endpoint and add a test
...
Fixes #2133
2016-11-17 14:55:14 -05:00
Joseph Schorr
1a61ef4e04
Report the user's name and company to Marketo
...
Also fixes the API to report the other changes (username and email) as well
2016-11-14 17:34:50 -05:00
Joseph Schorr
aa2704acc7
Add a test for operation name collisions and fix the one additional collision found
2016-11-10 15:38:27 -05:00
Joseph Schorr
932fa56227
Fix name collision between the two organization delete calls
...
Fixes #2104
The collision was causing the frontend to try to call the *superuser* method (in local, where superuser is enabled), but on prod (where it isn't), it was calling the normal method, which takes a different parameter name
2016-11-10 15:28:20 -05:00
josephschorr
45b1148118
Merge pull request #2086 from coreos-inc/user-info
...
Add collection of user metadata: name and company
2016-11-09 13:15:07 -05:00
josephschorr
6200a2a49a
Merge pull request #2088 from coreos-inc/license-about-notification
...
Add a warning bar when the license will become invalid in a week
2016-11-09 11:45:48 -05:00
Joseph Schorr
7e78406112
Add a defined timeout on all HTTP calls in notification methods
2016-11-08 18:28:06 -05:00
Joseph Schorr
0f2eb61f4a
Add collection of user metadata: name and company
2016-11-08 16:15:02 -05:00
Joseph Schorr
74c3346562
Add a warning bar when the license will become invalid in a week
2016-11-08 14:24:55 -05:00
josephschorr
9aac68fbeb
Merge pull request #2031 from coreos-inc/license-notification
...
Add banner bar message when license has expired or is invalid
2016-11-07 13:52:53 -05:00
josephschorr
d051e58e69
Merge pull request #2082 from coreos-inc/moar-stats
...
Add new metrics as requested by some customers
2016-11-03 16:25:11 -04:00
Joseph Schorr
1e3b354201
Add support for temp usernames and an interstitial to confirm username
...
When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username.
Addresses most of the user issues around #74
2016-11-03 15:59:14 -04:00
Joseph Schorr
4b926ae189
Add new metrics as requested by some customers
...
Note that the `status` field on the pull and push metrics will eventually be set to False for failed pulls and pushes in a followup PR
2016-11-03 15:28:40 -04:00
josephschorr
840ea4e768
Merge pull request #2047 from coreos-inc/external-auth-email-optional
...
Make email addresses optional in external auth if email feature is turned off
2016-10-31 14:16:33 -04:00
Joseph Schorr
0fc132cffb
Make sure Google email addresses are verified
2016-10-31 13:52:09 -04:00
Joseph Schorr
3a473cad2a
Enable permanent sessions
...
Fixes #1955
2016-10-31 13:52:09 -04:00
Joseph Schorr
d7f56350a4
Make email addresses optional in external auth if email feature is turned off
...
Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
2016-10-31 13:50:24 -04:00
Joseph Schorr
bab17932ac
Fix namespace lookup in V1 registry search
...
Fixes #2053
2016-10-31 13:24:40 -04:00
Joseph Schorr
ccb5bc8f1b
Add external auth emails to entity search
...
Fixes #1791
2016-10-27 16:08:07 -04:00
josephschorr
934cdecbd6
Merge pull request #1905 from coreos-inc/external-auth-search
...
Add support for entity search against external auth users not yet linked
2016-10-27 16:06:42 -04:00
Joseph Schorr
d145222812
Add support for linking to external users in entity search
2016-10-27 15:42:03 -04:00
Jimmy Zelinskie
30821569a4
key server: fix tests by exporting jwk_with_kid
2016-10-25 16:14:18 -04:00
Jimmy Zelinskie
b1327bcb8f
key server: add kid to services JWKs
2016-10-25 15:33:01 -04:00
Joseph Schorr
43a63af44c
Add banner bar message when license has expired or is invalid
2016-10-24 15:37:45 -04:00
Joseph Schorr
5ed13da2e6
Add missing security test for delete org
2016-10-21 17:37:49 -04:00
josephschorr
edc2bc8b93
Merge pull request #1698 from coreos-inc/delete-namespace
...
Add support for deleting namespaces (users, organizations)
2016-10-21 16:54:52 -04:00
Joseph Schorr
73eb66eac5
Add support for deleting namespaces (users, organizations)
...
Fixes #102
Fixes #105
2016-10-21 15:41:09 -04:00
Joseph Schorr
b7fc7999c3
Delete old "license" checking code arounds user counts
...
This is legacy code that doesn't actually do anything of value
2016-10-20 14:58:35 -04:00
Joseph Schorr
864c44501e
Fix global messages by removing "extra" method
...
I think this happened due to a bad merge.
2016-10-20 13:53:51 -04:00
Joseph Schorr
213cc856e4
Fix UI for real license handling
...
Following this change, the user gets detailed errors and entitlement information
2016-10-19 17:49:15 -04:00
Joseph Schorr
2eabf1a291
Fix tests and test provider for real license format
2016-10-18 23:44:08 -04:00
Jake Moshenko
9f1c12e413
Refactor our license code to be entitlement centric.
2016-10-18 22:33:28 -04:00
josephschorr
2a7dbd3348
Merge pull request #2009 from coreos-inc/qe2-license
...
Add license support for QE
2016-10-17 23:11:43 -04:00
Joseph Schorr
ee96693252
Add superuser config section for updating license
2016-10-17 21:44:25 -04:00
Jimmy Zelinskie
5fee4d6d19
*: misc formatting cleanup
2016-10-17 21:43:45 -04:00
Jimmy Zelinskie
a42eb09a3e
util.license: make bp-modification a method
2016-10-17 21:43:45 -04:00
Jimmy Zelinskie
0c5400b7d1
enforce license across registry blueprints
2016-10-17 21:43:45 -04:00
Joseph Schorr
8fe29c5b89
Add license upload step to the setup flow
...
Fixes #853
2016-10-17 21:43:15 -04:00
Joseph Schorr
b1c17b1a45
Fix messages API to not NPE
...
show_if does not work on a method route
2016-10-17 17:43:12 -04:00
Charlton Austin
f45aac063e
Merge pull request #2005 from charltonaustin/fix_spacing_for_motd
...
Moving the messages endpoint to something more generic, and making th…
2016-10-17 17:21:03 -04:00
Charlton Austin
8e5dc8d3db
Moving the messages endpoint to something more generic, and making the get visible all the time.
2016-10-17 16:23:48 -04:00
Joseph Schorr
18097a1bd6
Fix Link headers for pagination to match RFC
...
Fixes part of #2002
2016-10-17 13:57:05 -04:00
Jake Moshenko
95ced00457
Merge pull request #1982 from jakedt/marsquito
...
Write our users to Marketo as leads.
2016-10-14 16:30:03 -04:00
Jake Moshenko
f04b018805
Write our users to Marketo as leads.
2016-10-14 16:29:11 -04:00
Joseph Schorr
886489c666
Fix NPE raised if a vulnerability notification doesn't have a level filter
...
Fixes #1990
2016-10-14 14:23:50 -04:00
Charlton Austin
97d644d95d
Adding in the delete api and the delete and create UI.
2016-10-13 10:40:52 -04:00
Charlton Austin
be916fb6ed
Merge pull request #1966 from charltonaustin/j_code_review_comments
...
Adding in security tests and docs.
2016-10-11 09:50:47 -04:00
charltonaustin
5a4b702888
Adding in security tests and docs.
2016-10-11 09:30:37 -04:00
Jake Moshenko
7a3ee86e53
Merge pull request #1957 from jakedt/absolutecorruption
...
Always use absolute URLs in Location headers.
2016-10-10 18:25:29 -04:00
Jake Moshenko
df1f35e9f9
Always use absolute URLs in Location headers.
...
This works around docker/docker#15048
2016-10-10 16:30:24 -04:00
josephschorr
7fc33a9a57
Merge pull request #1965 from coreos-inc/condense-slack-notifications
...
Less verbose notifications for QSS
2016-10-10 15:38:12 -04:00
Joseph Schorr
ebf4120326
Less verbose notifications for QSS
...
Fixes #1914
2016-10-10 15:18:49 -04:00
charltonaustin
2739a40479
Removing validate annotation.
2016-10-10 15:15:28 -04:00
charltonaustin
f179320944
Adding in validate son request.
2016-10-10 14:15:09 -04:00
charltonaustin
14eb3005b6
Some fixes for code review.
2016-10-10 12:55:00 -04:00
charltonaustin
075e87089f
removing debug print statement
2016-10-10 09:36:59 -04:00
charltonaustin
1e733ddffb
Adding in a new message data model and the corresponding methods to in the API.
2016-10-07 15:56:58 -04:00
charltonaustin
002f533bf8
Creating message api.
2016-10-07 10:22:30 -04:00
charltonaustin
5264b64999
Adding in an endpoint for super user messages.
2016-10-06 17:33:32 -04:00
Joseph Schorr
ff0a292548
Handle unicode in entity search
...
Fixes #1934
2016-10-04 21:56:47 +03:00
Jake Moshenko
2efaee6aef
Fix all of the sample notification calls.
2016-10-03 15:26:49 -04:00
Joseph Schorr
f72cb1d2ba
Fix tags API pagination and add a test
2016-10-03 22:06:31 +03:00
Jimmy Zelinskie
671dc73b82
Merge pull request #1924 from coreos-inc/manifestlogs
...
v2: better manifest error messages
2016-10-03 10:32:49 -04:00
Jimmy Zelinskie
afa220a744
v2: add logs around InvalidManifest exception
2016-10-03 10:29:14 -04:00
Jimmy Zelinskie
6c6ef0f22a
v2: better manifest error messages
2016-10-03 10:13:39 -04:00
Joseph Schorr
0b7bb6d6c6
Fix issue in V1 registry code with accessing locations under HEAD
...
Fixes #1922
2016-10-03 17:09:12 +03:00
Jimmy Zelinskie
fae9538467
notifications: another switch to repo attrdict
...
Fixes #1919 .
2016-10-01 16:44:19 -04:00
Jimmy Zelinskie
31b77cf232
rename auth.auth to auth.process
...
This fixes some ambiguity around imports.
2016-09-29 15:24:57 -04:00
Jimmy Zelinskie
fc7301be0d
*: fix legacy imports
...
This change reorganizes imports and renames the legacy flask extensions.
2016-09-28 20:17:14 -04:00
josephschorr
4943ae3d32
Merge pull request #1857 from coreos-inc/better-404
...
Better 404 (and 403) pages
2016-09-27 11:12:54 +02:00
Jimmy Zelinskie
44eca10c05
update interfaces to use ABC
2016-09-26 14:50:24 -04:00
Jimmy Zelinskie
ca883e5662
port label support to refactored v2 registry
2016-09-26 14:49:58 -04:00
Joseph Schorr
3c8b87e086
Fix verbs in manifestlist
...
All registry_tests now pass
2016-09-26 14:49:58 -04:00
Jimmy Zelinskie
c35413d4f6
add boilerplate for verbs data interface
2016-09-26 14:49:23 -04:00
Jimmy Zelinskie
2e5a94bc0b
create key server data interface
2016-09-26 14:49:23 -04:00
Jimmy Zelinskie
c06d395f96
create interfaces for v1 and v2 data model
2016-09-26 14:49:23 -04:00
Joseph Schorr
db60df827d
Implement V2 interfaces and remaining V1 interfaces
...
Also adds some tests to registry tests for V1 stuff.
Note: All *registry* tests currently pass, but as verbs are not yet converted, the verb tests in registry_tests.py currently fail.
2016-09-26 14:49:04 -04:00
Jimmy Zelinskie
d67991987b
v1: refactor index
2016-09-26 14:48:42 -04:00
Jimmy Zelinskie
419779b9c5
v2/blob: remove references to docker client
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
c77a7bc0b9
v2/blob: _upload_chunk parse range header
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
9f743fd6cd
address PR comments
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
16b451437f
v2/blob: s/make_response/Response()
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
35579093ca
s/close_db_filter/CloseForLongOperation
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
b68e1b5efc
add "get_" prefix to all db read funcs
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
32a6c22b43
mv data/types image
...
This change also merges formats into the new image module.
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
a516c08deb
v2: refactor auth to use data.types
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
3de6000428
v2: refactor blob.py to use data.types
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
21cbe0bd07
v2: mv _paginate paginate
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
3f722f880e
v2: add pagination decorator
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
5b630ebdb0
v2/manifest: refactor to use types
2016-09-26 14:48:05 -04:00
Jimmy Zelinskie
a5502b54f8
trackhelper: use data.types.Repository
2016-09-26 14:47:06 -04:00
Joseph Schorr
ea18790dfe
Get V1 registry code working with new model methods
2016-09-26 14:47:06 -04:00
Jimmy Zelinskie
8435c254c3
finish v1 registry refactor
2016-09-26 14:47:06 -04:00
Jimmy Zelinskie
c14437e54a
initial v1 refactor to use model methods
2016-09-26 14:47:06 -04:00
Jimmy Zelinskie
4f95a814c0
satisfy the pylint gods
2016-09-26 14:47:06 -04:00
josephschorr
ad4efba802
Merge pull request #1830 from coreos-inc/superuser-dashboard
...
Add prometheus stats to enable better dashboarding
2016-09-26 17:19:22 +02:00
josephschorr
1a1a5f7240
Merge pull request #1854 from coreos-inc/invite
...
Add feature flag to turn off requirement for team invitations
2016-09-22 11:36:58 -04:00
Joseph Schorr
6fffc22b8a
Fix build should_perform for empty JSON
2016-09-21 15:00:47 -04:00
Joseph Schorr
af79fde50d
Fix build notifications
2016-09-21 14:37:23 -04:00
Joseph Schorr
4d5c65e6d4
Better 404 (and 403) pages
...
Fixes #1819
2016-09-21 13:54:21 -04:00
Joseph Schorr
25ed99f9ef
Add feature flag to turn off requirement for team invitations
...
Fixes #1804
2016-09-20 16:45:00 -04:00
josephschorr
33bfe2678b
Merge pull request #1831 from coreos-inc/well-known
...
Add well-known endpoint for Quay
2016-09-16 21:07:30 -04:00
josephschorr
349bd1e0fa
Merge pull request #1839 from coreos-inc/better-notifications
...
Better notifications UI and features
2016-09-16 21:07:14 -04:00
Joseph Schorr
03d4445a02
Add notification filtering for builds based on ref regex
...
Fixes #1835
2016-09-14 16:48:17 -04:00
Joseph Schorr
2fb43196c6
Add well-known endpoint for Quay
...
Fixes #1790
2016-09-12 17:33:08 -04:00
Joseph Schorr
bda0311dbe
Allow build triggers to be invoked by any repo admin
...
Fixes #1079
2016-09-09 17:21:14 -04:00
Joseph Schorr
3f2447d831
Make the frontend agnostic to why a trigger can be run manually
2016-09-09 16:54:46 -04:00
Joseph Schorr
c8a1b8abab
Add prom stats for repository push, pull and verb actions
2016-09-09 15:13:58 -04:00
Joseph Schorr
5d6876eb81
Remove old metrics dashboard
...
It only applies to a single instance, making it fairly useless
2016-09-09 14:46:33 -04:00
Jake Moshenko
1d8b72235a
Add a helper method to Image to parse ancestor string.
2016-09-07 10:48:58 -04:00
josephschorr
cd8b45e25b
Merge pull request #1754 from coreos-inc/team-add-perms
...
Better UI and permissions handling for robots and teams
2016-09-06 17:21:19 -04:00
Joseph Schorr
1b7b3ea41d
Make sure to filter starred repos to those visible to the user
...
Fixes #1793
2016-08-31 14:08:31 -04:00
Joseph Schorr
357005e33f
Raise a 409 if we try to insert a tag twice at the same time
...
Also fixes handling of labels for existing manifests
Fixes #1775
2016-08-29 16:03:35 -04:00
Joseph Schorr
608ffd9663
Basic labels support
...
Adds basic labels support to the registry code (V2), and the API. Note that this does not yet add any UI related support.
2016-08-26 15:24:26 -04:00
Joseph Schorr
391d70d9ec
Add repo permissions dialog for existing teams and robots
...
Fixes #1686
2016-08-22 14:43:12 -04:00
Joseph Schorr
6ebb417923
Redesign the teams page to use a table
...
Allows for faster loading and easier viewing of important information about teams
2016-08-22 14:42:54 -04:00
Ben Spoon
979d813551
Merge pull request #1736 from coreos-inc/analytics
...
Analytics
2016-08-19 12:17:34 -07:00
Joseph Schorr
b459581637
Fix handling of dates in logs view
...
- Fixes #1742
- Also fixes the time zone on the aggregated logs API
2016-08-17 16:27:06 -04:00
Joseph Schorr
193040a473
Fix tag links
...
Fixes #1741
2016-08-17 15:06:10 -04:00
Ben Spoon
a706901405
analytics: add google analytics
2016-08-16 11:35:39 -07:00
Joseph Schorr
7f5b536ddb
Fix pagination of repositories
...
Fixes #1725
2016-08-15 16:48:04 -04:00
Joseph Schorr
4f5b4e63f2
Really fix the hack (for now) on public repo pagination
2016-08-13 14:40:11 -04:00
Joseph Schorr
0a12c0cd34
Hack to temporarily fix pagination over public repos
2016-08-13 14:21:23 -04:00
Joseph Schorr
75e8af47e5
Switch Olark to Chatlio
2016-08-08 18:18:35 -04:00
Joseph Schorr
b7bde27b3c
Fix display for builds which have fully expired
...
Fixes #1663
2016-08-04 11:13:32 -04:00
josephschorr
8bc0080aeb
Merge pull request #1672 from coreos-inc/off-by-one
...
Fix off-by-one error in repo tags pagination
2016-08-03 15:00:23 -04:00
josephschorr
b662fad09e
Merge pull request #1670 from coreos-inc/blob-upload-logs
...
Add additional logs for invalid blob upload
2016-08-02 14:55:44 -04:00
Joseph Schorr
dc22b50b56
Add missing requires_cors to build log archive URL
...
Fixes #1671
2016-08-02 14:18:58 -04:00
Joseph Schorr
b1b0da7afd
Fix off-by-one error in repo tags pagination
...
Fixes #1665
2016-08-02 14:17:33 -04:00
Joseph Schorr
a1a6647ea7
Add additional logs for invalid blob upload
...
Fixes #1668
2016-08-02 12:15:30 -04:00
Joseph Schorr
cb9a99fc7b
Change user events tutorial Redis error to be an inline box
...
Fixes #1653
2016-07-27 13:41:26 -07:00
Joseph Schorr
06d52f2c83
Fix handling of multi-part branches in the build triggers
...
Fixes #1360
2016-07-26 13:41:13 -07:00
Joseph Schorr
0fe3e6510a
Prevent invalid tags on builds
...
Fixes #1632
2016-07-25 17:50:35 -07:00
Joseph Schorr
cbf7c2bf44
Add better logging to blob uploads
...
Fixes #1635
2016-07-20 17:53:43 -04:00
Joseph Schorr
4e1259b58a
Fix the Repository ID in pagination problem once and for all
...
But.... ONCE AND FOR ALL!
Note: Tested on SQLite, Postgres and MySQL
2016-07-14 17:09:52 -04:00
Joseph Schorr
e252ee07cb
Fix popularity metrics on list repos API
2016-07-06 16:15:54 -04:00
josephschorr
6bde6406c9
Merge pull request #1598 from coreos-inc/instance-key-id-health
...
Add instance key ID to the health check endpoint
2016-07-05 15:45:47 -04:00
Joseph Schorr
a1009af61c
Move aggregator into its own repo and add it to the image
2016-07-05 15:39:51 -04:00
Joseph Schorr
7fddc61b8f
Add instance key ID to the health check endpoint
...
Fixes #1429
2016-07-05 14:14:22 -04:00
Joseph Schorr
1eec6f53b2
Fix SQL error with pagination around Repositories
...
Fixes #1591
2016-06-30 17:31:35 -04:00
Joseph Schorr
310ecd11cc
Handle user events Redis not working in tutorial
...
Also does some basic restyling
Fixes #1586
2016-06-28 17:04:31 -04:00
Joseph Schorr
38744c81c5
Change future entries in heat map to be empty
2016-06-23 17:08:11 -04:00
Joseph Schorr
853cca35f3
Change repo stats to use the RAC table and a nice UI
2016-06-22 15:06:53 -04:00
josephschorr
9e6a264f5f
Merge pull request #1523 from coreos-inc/verb-tag-cache-fix
...
Add a uniqueness hash to derived image storage to break caching over …
2016-06-20 16:38:25 -04:00
Joseph Schorr
a43b741f1b
Add a uniqueness hash to derived image storage to break caching over tags
...
This allows converted ACIs and squashed images to be unique based on the specified tag.
Fixes #92
2016-06-20 16:34:52 -04:00
Joseph Schorr
9158fe38ee
Add Marketo munchkin tracking via angulartics
2016-06-20 16:22:30 -04:00
Jake Moshenko
a1cf12e460
Add a sitemap.txt for popular public repos
...
and reference it from the robots.txt
2016-06-17 14:34:20 -04:00
Joseph Schorr
b73b534022
Disable hosted status on 500 pages
...
Fixes #1547
2016-06-16 16:27:18 -04:00
josephschorr
614b9124ae
Merge pull request #1512 from coreos-inc/optimize-queries
...
Optimize various queries
2016-06-16 14:22:59 -04:00
Jake Moshenko
746728ba24
Remove escaped_fragment snapshot rendering.
2016-06-14 12:53:10 -04:00
josephschorr
58bef472d9
Merge pull request #1526 from coreos-inc/superuser-grant
...
Add ability for super users to take ownership of namespaces
2016-06-13 16:23:10 -04:00
Joseph Schorr
20816804e5
Add ability for super users to take ownership of namespaces
...
Fixes #1395
2016-06-13 16:22:52 -04:00
josephschorr
92f0db8056
Merge pull request #1514 from coreos-inc/better-logs
...
Only send heavy log-based stats for repository where required
2016-06-09 14:52:30 -04:00
Joseph Schorr
c3701cea7a
Only send heavy log-based stats for repository where required
2016-06-09 14:52:15 -04:00
Joseph Schorr
8177c39aff
Move privacy and TOS to Angular
...
Fixes #1529
2016-06-09 13:45:37 -04:00
Joseph Schorr
8887f09ba8
Use the instance service key for registry JWT signing
2016-06-07 11:58:10 -04:00
Joseph Schorr
73cb3c00ec
Remove unused import
2016-06-03 13:33:22 -04:00
Joseph Schorr
9a747ca6a0
Have get_parent_images not join on placements
...
The only case that needs the placements is in verbs, for which we use a new method
2016-06-03 13:33:15 -04:00
Joseph Schorr
53538f9001
Optimize get_tag_image query
...
No caller uses the image placements or locations, so no need to load them.
2016-06-02 16:36:38 -04:00
josephschorr
cad8746f9d
Merge pull request #1502 from coreos-inc/image-replication
...
Enable storage replication for V2 and add backfill tool
2016-06-02 15:02:53 -04:00
Joseph Schorr
12924784ce
Enable storage replication for V2 and add backfill tool
...
Fixes #1501
2016-06-02 14:36:08 -04:00
Joseph Schorr
48213f9ff9
Reject manifest 2 earlier to make pushes faster
2016-06-02 12:46:20 -04:00
Jimmy Zelinskie
2317938bfa
Merge pull request #1496 from jzelinskie/ripRMS
...
dockerfile: add check for GPL pip packages
2016-06-02 12:28:18 -04:00
josephschorr
a85c3ebff7
Merge pull request #1457 from coreos-inc/xauth
...
Add support for direct granting of OAuth tokens and add tests
2016-06-01 12:07:12 -04:00
Joseph Schorr
04df2410ec
Add better errors if Redis is down
...
Fixes #1497
2016-05-31 15:24:36 -04:00
Jimmy Zelinskie
70f794b0af
replace rfc3987 library with urlparse
...
The former is GPL licensed.
2016-05-26 13:29:48 -04:00
Jake Moshenko
8323c51e6e
Extend registry auth to support notary JWTs.
2016-05-24 13:42:28 -04:00
josephschorr
fa3b342901
Merge pull request #1483 from coreos-inc/superuser-external-user
...
Fix setup tool when binding to external auth
2016-05-23 17:17:45 -04:00
Joseph Schorr
7933aecf25
Add support for direct granting of OAuth tokens and add tests
...
This allows a client (when authorized in a whitelist) to send direct credentials via a Basic auth header and therefore bypass the OAuth approval UI for that user.
2016-05-23 17:17:06 -04:00
Joseph Schorr
60bbca2185
Fix setup tool when binding to external auth
...
We now query the external auth provider for the external service's identifier before adding the linking row into the database. This fixes the case where the external service resolves a different identifier for the same username.
Fixes #1477
2016-05-23 17:11:36 -04:00
Joseph Schorr
f670c4c7a9
Change Signer to use the config provider and fix tests
...
Fixes the broken ACI tests
2016-05-23 17:10:03 -04:00
Joseph Schorr
343a080833
Make security scan testing much faster
2016-05-05 13:55:24 -04:00
Jake Moshenko
9221a515de
Use the registry API for security scanning
...
when the storage engine doesn't support direct download url
2016-05-04 18:04:06 -04:00
Joseph Schorr
73fa593d02
Various small fixes in prep for QE release
2016-05-04 15:20:27 -04:00
josephschorr
550b9cb2b3
Merge pull request #1428 from coreos-inc/clair-setup-new
...
Implement setup tool support for Clair
2016-05-04 13:52:54 -04:00
Joseph Schorr
2cbdecb043
Implement setup tool support for Clair
...
Fixes #1387
2016-05-04 13:40:50 -04:00
Joseph Schorr
6e2df3b339
Fix key server to not list expired keys
...
Fixes the key server to not list expire keys and by default not return expired or unapproved keys unless explicitly requested.
Fixes #1430
2016-05-03 17:58:47 -04:00
josephschorr
f0af2ca9c3
Merge pull request #1407 from coreos-inc/enterpriselanding
...
Add Enterprise Landing page
2016-05-03 13:52:22 -04:00
Evan Cordell
2242c6773d
Add 'Automatic' ServiceKeyApprovalType
2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd
Generate private key on startup
2016-04-29 14:10:33 -04:00
Joseph Schorr
6091db983b
Hide expired keys outside of their staleness window
2016-04-29 14:10:33 -04:00
Jimmy Zelinskie
726cb5fe6a
key server: 403 on expired approved keys ( #1410 )
2016-04-29 14:09:37 -04:00
Joseph Schorr
4f63a50a17
Change account-less logs to use a user and not null
...
This allows us to skip the migration
2016-04-29 14:09:37 -04:00
Jimmy Zelinskie
ca5794ba18
key server: use total_seconds() for cache headers
2016-04-29 14:09:37 -04:00
Joseph Schorr
5d6e5a42e8
Add delete logging and tests for logging
2016-04-29 14:09:09 -04:00
Jimmy Zelinskie
6aa7040f39
keyserver: add cache-control headers
2016-04-29 14:05:16 -04:00
Joseph Schorr
bc08ac2749
Fix timeouts in the JWT endpoint tests
2016-04-29 14:05:16 -04:00
Joseph Schorr
522cf68c5d
Lots of smaller fixes:
...
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d0bd70fb36
endpoints.web: add missing import
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
370ac3ecd0
service keys: add rotation_duration field
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
fca258d8bf
endpoints: remove /keys
...
BitTorrent support should now be able to use the keyserver
infrastructure instead.
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
9f4a4092da
keyserver: get signer kid from unverified headers
2016-04-29 14:05:16 -04:00
Joseph Schorr
08017c5111
Further UI updates
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
cfc15746a6
keyserver: tests!
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d19eb16b45
keyserver: add generate key function
...
The superuser API, initdb, and tests will all need this functionality.
2016-04-29 14:05:16 -04:00
Joseph Schorr
fb1dca4e94
Add API usage tests
2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59
keys ui WIP
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
136f92400f
key_server: remove s at the end of endpoint
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
e456228434
keyserver: insert rotation policy into metadata
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
885a41e6f5
key server: misc fixes to make jwtproxy work
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
50ad1bb6b1
key server: misc cleanup to get it working
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c0ab45d335
key server: derive audience from host and scheme
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
93720bd0f4
superuser: proper view for approvals/keys
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
d277fe6741
add final service key config
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c6b8b3ce8c
service_keys: s/get_keys/list_keys
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
0ec54fc70e
clear notifications on delete/replace service_key
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
42b5196b21
add notification path and use for service keys
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
97ae800e6c
canonicalize json
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
f406942984
converging on proper rotation
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
aaf9e83278
basically finish superuser key api
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
35ed73e195
rework superuser api
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
4079dba167
service keys: do all the right stuff
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
499bb16306
service key server wip
2016-04-29 13:38:25 -04:00
Joseph Schorr
c6f7dfa102
Add Enterprise Landing page
...
Note: The design comes directparners.
2016-04-28 13:47:54 -04:00
Joseph Schorr
03489c22ad
Log the pushed tag and add IP address display
...
Fixes #798
2016-04-20 13:00:21 -04:00
Evan Cordell
9a1d97216b
Switch error mimetype back to application/json
2016-04-18 17:42:08 -05:00
Evan Cordell
4d7843580f
Fix superuser page
2016-04-15 16:50:01 -04:00
josephschorr
cf04fedd6a
Merge pull request #1347 from coreos-inc/marketingtagman
...
Add Google Tag Manager support to Quay
2016-04-13 16:50:36 -04:00
Evan Cordell
09064853ac
Merge pull request #1364 from ecordell/error-json-fixes
...
Fix error-related issues
2016-04-13 13:32:00 -04:00
Evan Cordell
eb3e7eba88
Merge pull request #1351 from ecordell/document-201-swagger
...
Swagger: document 201 responses for POST requests
2016-04-13 09:50:34 -04:00
Evan Cordell
e1b3312495
Add back error_message
and error_type
for backwards-compatibility
2016-04-13 09:11:40 -04:00
Evan Cordell
7b44beb1fd
Fix WWW-Authenticate
header on 401
2016-04-13 09:01:42 -04:00
Evan Cordell
d67c4ba46c
Fix formatting in endpoints/api/error.py
2016-04-12 16:53:50 -04:00
Joseph Schorr
891f7d9213
Add Google Tag Manager support to Quay
2016-04-12 15:28:24 -04:00
Evan Cordell
1cdbd89120
Fix test (response validation in debug mode)
2016-04-12 07:56:58 -04:00
Evan Cordell
693a11c58e
Add RFC citation
2016-04-11 20:08:45 -04:00
Evan Cordell
7c361c07f9
Use ApiService to get error message
2016-04-11 17:31:30 -04:00
Evan Cordell
b5db41920f
Address review comments
2016-04-11 16:34:40 -04:00
Evan Cordell
eba75494d9
Use new error format for auth errors (factor exceptions into module)
2016-04-11 16:22:26 -04:00
Evan Cordell
9c08717173
Return application/problem+json format errors and provide error endpoint
...
to dereference error codes.
2016-04-11 14:57:24 -04:00
Evan Cordell
d69d79d302
swagger: document 201 responses for POST requests
2016-04-07 09:26:28 -04:00
Joseph Schorr
a06bda5910
Never include Stripe checking in LDN
...
Instead, we always load it from Stripe when billing is enabled. Also fixes our Stripe icon.
2016-04-01 14:10:11 -04:00
Joseph Schorr
a882055f62
Better error message for invalid recovery codes
2016-03-30 16:02:47 -04:00
Joseph Schorr
42e934d84f
Make notification lookup faster and fix repo pagination on Postgres
2016-03-30 14:46:31 -04:00
josephschorr
4aa079e743
Merge pull request #1247 from coreos-inc/useradminscopes
...
Remove internal_only from some APIs now that we expose a user admin scope
2016-03-23 14:16:02 -04:00
Joseph Schorr
aa5587c93c
Fixes and added tests for the security notification worker
...
Fixes #1301
- Ensures that the worker uses pagination properly
- Ensures that the worker handles failure as expected
- Moves marking the notification as read to after the worker processes it
- Increases the number of layers requested to 100
2016-03-18 20:28:06 -04:00
Joseph Schorr
6a4584b87a
Add another test for security notification filtering
2016-03-17 12:59:27 -04:00
Joseph Schorr
57e5141fb5
Fix link-to-parent-with-different-blob issue and add a test
2016-03-14 15:35:18 -04:00
Jimmy Zelinskie
ea2e17cc11
v2: send proper scopes for authorization failures
...
Fixes #1278 .
2016-03-11 13:41:38 -05:00
Jimmy Zelinskie
bb46cc933d
use kwargs for parse_repository_name
2016-03-09 16:20:28 -05:00
Jake Moshenko
fe2cd240bc
Revert "Remove old search API which is no longer in use"
2016-03-07 10:07:41 -05:00
josephschorr
57430a18b4
Merge pull request #1224 from coreos-inc/removeoldsearch
...
Remove old search API which is no longer in use
2016-03-04 12:05:07 -05:00
Joseph Schorr
85919cbc39
Fix error when constructing DownstreamIssue exception
2016-02-25 17:45:49 -05:00
Jimmy Zelinskie
c7904db30d
v2: always send www-authn headers on unauthorized
...
Fixes #1254 .
2016-02-25 17:09:29 -05:00
Joseph Schorr
f498e92d58
Implement against new Clair paginated notification system
2016-02-25 15:58:42 -05:00
Joseph Schorr
c0374d71c9
Refactor the security worker and API calls and add a bunch of tests
2016-02-25 12:29:41 -05:00
Quentin Machu
0183c519f7
Merge pull request #1253 from Quentin-M/clair2
...
Adapt securityworker, secscan API and Quay UI for Clair 1.0
2016-02-19 18:21:25 -05:00
Quentin Machu
4bd5996bbf
Adapt secscan API for Clair v1.0
...
Squash /vulnerabilities and /packages as it basically does the same
action on Clair and we don't need both for Quay
2016-02-19 17:44:23 -05:00
josephschorr
11af123ba5
Merge pull request #1244 from coreos-inc/enableaci
...
Add UI to the setup tool for enabling ACI conversion
2016-02-17 12:29:48 -05:00
Joseph Schorr
1940fd9939
Add UI to the setup tool for enabling ACI conversion
...
Fixes #1211
2016-02-17 12:05:48 -05:00
Joseph Schorr
8d9f3309aa
Remove internal_only from some APIs now that we expose a user admin scope
...
Fixes #1246
2016-02-16 16:50:33 -05:00
josephschorr
e8faa9f843
Merge pull request #939 from coreos-inc/user-admin
...
Add user admin scope
2016-02-16 16:42:29 -05:00