Commit graph

731 commits

Author SHA1 Message Date
Joseph Schorr
e7fa560787 Add support for custom fields in billing invoices
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.

Fixes #106
2015-06-12 16:45:01 -04:00
Jake Moshenko
79f1181a63 Switch build-scheduled to an official build phase. 2015-06-10 16:19:51 -04:00
Jake Moshenko
e09d84b3c8 Merge pull request #55 from coreos-inc/oauthdeny
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-05 14:00:16 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
Jake Moshenko
42da017d69 Merge pull request #48 from coreos-inc/nobots
Change API calls that expect non-robots to explicitly filter
2015-06-02 12:31:19 -04:00
Joseph Schorr
5516911de9 Fix OAuth redirect for denial action when generating for internal tokens 2015-06-02 12:25:59 -04:00
Joseph Schorr
2a56790d38 Switch to using a named LDAP tuple for more readable code 2015-06-01 14:02:05 -04:00
Joseph Schorr
1aff701bc7 Fix LDAP referral and multiple pair handling
Fixes two issues found with our LDAP handling code. First, we now follow referrals in both LDAP calls, as some LDAP systems will return a referral instead of the original record. Second, we now make sure to handle multiple search result pairs properly by further filtering based on the presence of the 'mail' attribute when we have multiple valid pairs. This CL also adds tests for all of the above cases.
2015-05-27 15:04:34 -04:00
Joseph Schorr
fdd43e2490 Change API calls that expect non-robots to explicitly filter
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
2015-05-26 17:47:33 -04:00
Joseph Schorr
b0d763b5ff Fix encrypted password generator to use the LDAP username, not the Quay username.
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-20 16:37:09 -04:00
Joseph Schorr
d5e70c6e2a Explicitly enable LDAP referrals
Note: The mock LDAP system doesn't support referrals, so we can't add a unit test for this.
2015-05-20 14:53:31 -04:00
Jimmy Zelinskie
3daa0e6a52 migration: use SA boolean value for server_default 2015-05-15 19:04:54 -04:00
Jimmy Zelinskie
e12d5af52c migration: server_default for boolean field 2015-05-15 17:04:50 -04:00
Joseph Schorr
6a52ffa942 Add missing default value on the new reversion column 2015-05-13 13:49:21 -04:00
Joseph Schorr
07b4fb9105 LDAP sometimes has multiple records for a user 2015-05-12 12:02:09 -04:00
Joseph Schorr
efab02ae47 LDAP improvements:
- Better logging
  - Better error messages
  - Add unit tests
  - Clean up the setup tool for LDAP
2015-05-11 21:23:18 -04:00
Joseph Schorr
3e1abba284 Add ability for super users to rename and delete organizations 2015-05-11 18:03:25 -04:00
Joseph Schorr
1c41d34b7c Add ability for superusers to change user emails 2015-05-11 14:38:10 -04:00
Joseph Schorr
1c83def15b LDAP should only show logs when asked. 2015-05-11 13:01:49 -04:00
Joseph Schorr
f858caf6cd Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 16:43:07 -04:00
Joseph Schorr
561f2c7db0 Remove unnecessary sort 2015-05-08 15:10:31 -04:00
Joseph Schorr
3b93854c0b MySQL returns a decimal type for the tuple, which we need to convert to an int 2015-05-08 14:55:54 -04:00
Joseph Schorr
36f33e8fd7 Merge branch 'master' of github.com:coreos-inc/quay 2015-05-08 14:19:39 -04:00
Joseph Schorr
f9c1f123c2 Add better debugging to LDAP 2015-05-08 14:19:32 -04:00
Joseph Schorr
8ed8367404 PR changes in response to comments 2015-05-08 13:38:34 -04:00
Joseph Schorr
c767aafcd6 Make the repository API faster by only checking the log entries table once for each kind of entry, rather than twice. We make use of a special subquery-like syntax, which allows us to count those entries that are both 30 days only and 1 day old in the same query. This was tested successfully on MySQL, Postgres and Sqlite. 2015-05-07 22:49:11 -04:00
Joseph Schorr
3627de103c Minimize the queries used when retrieve builds. Previously, we'd call out to SQL extra times per build. 2015-05-07 21:11:15 -04:00
Joseph Schorr
7b35555776 Make sure to test for unicode usernames, since the collate on the username field is latin1 2015-05-07 18:13:45 -04:00
Joseph Schorr
729249f42b Need to add the tables to the .select() to prevent N+1, not merely to the join 2015-05-07 16:59:13 -04:00
Joseph Schorr
b50600cde8 Make sure to join the Repo table on its namespace user and its visibility so we don't issue additional queries from the starred repos API call 2015-05-07 16:18:17 -04:00
Joseph Schorr
3cec22defe Make sorting by repo ID, rather than description 2015-05-07 13:10:26 -04:00
Joseph Schorr
73193e2ab5 Remove sort by description, which is slow (and fairly useless anyway) 2015-05-06 20:55:31 -04:00
Joseph Schorr
c89760278f Add migration to add gitlab trigger type 2015-05-03 10:49:13 -07:00
Joseph Schorr
a59100b231 Add the missing index on the peewee side. We already have the associated migration. 2015-04-30 15:56:40 -04:00
Joseph Schorr
17bc9b81bf Add bitbucket trigger type 2015-04-30 15:55:57 -04:00
Joseph Schorr
b96e35b28c Merge master into bitbucket 2015-04-30 15:52:08 -04:00
Joseph Schorr
31260d50f5 Rename the new images method to a slightly better name 2015-04-24 16:37:37 -04:00
Joseph Schorr
e70343d849 Faster cache lookup by removing a join with the ImagePlacementTable, removing the extra loop to add the locations and filtering the images looked up by the base image 2015-04-24 16:22:19 -04:00
Jimmy Zelinskie
fd65ca5916 migration: add custom-git service to database 2015-04-24 16:11:58 -04:00
Joseph Schorr
c480fb2105 Work in progress: bitbucket support 2015-04-24 15:13:08 -04:00
Jimmy Zelinskie
d25cc4db9c migrations: fix percona migration test 2015-04-21 18:01:40 -04:00
Jimmy Zelinskie
93cd459460 Merge branch 'master' into git 2015-04-20 10:58:49 -04:00
Joseph Schorr
43ff6839b8 Hide hidden tags in the tags timeline 2015-04-19 18:12:06 -04:00
Joseph Schorr
ed342ae831 Add migration for properly creating the repository_id+datetime index 2015-04-19 16:03:06 -04:00
Joseph Schorr
d1e2d072ea Add unit tests and a stronger restriction on the revert API call 2015-04-19 15:43:16 -04:00
Joseph Schorr
a8f8c317f9 Fix branch in alembic migrations 2015-04-19 15:20:01 -04:00
Joseph Schorr
2815ea2723 Merge branch 'master' of github.com:coreos-inc/quay 2015-04-19 15:16:39 -04:00
Joseph Schorr
8714eb207a Merge branch 'actioncount' 2015-04-19 15:12:44 -04:00
Jimmy Zelinskie
4133924813 migrations: rebase on top of master's changes 2015-04-17 13:19:04 -04:00
Jimmy Zelinskie
ba2cb08904 Merge branch 'master' into git 2015-04-16 17:38:35 -04:00
Joseph Schorr
f19d2f684e Add ability to revert tags via time machine 2015-04-16 17:18:00 -04:00
Joseph Schorr
f8c80f7d11 Add a history view to the tags page. Next step will add the ability to revert back in time 2015-04-15 15:21:09 -04:00
Joseph Schorr
3f1e8f3c27 Add a RepositoryActionCount table so we can use it (instead of LogEntry) when scoring repo search results 2015-04-13 13:31:07 -04:00
Joseph Schorr
1df025b57e Change search to use a set of queries for repo lookup rather than a single monolithic query, in the hopes that this will make things significantly faster and actually useable. The individual queries have been tested by hand on MySQL, but the real test will be staging 2015-04-10 15:27:37 -04:00
Joseph Schorr
0be0aed17d Move the repo sorting by pull count into the main matching query, to both make it more accurate and make the search faster 2015-04-09 14:41:59 -04:00
Joseph Schorr
396cba64e6 Fix search to return better results by searching for robots and namespaces in different queries. 2015-04-09 12:57:20 -04:00
Joseph Schorr
762fdaf319 Fix DB migration tests 2015-04-08 17:41:53 -04:00
Joseph Schorr
4f4bb05621 Fix search SQL issues 2015-04-08 17:41:08 -04:00
Joseph Schorr
19e25ac340 Merge branch 'master' into bing 2015-04-08 15:23:36 -04:00
Joseph Schorr
d09f2f6e22 Get the new context-sensitive new menu working 2015-04-07 18:33:43 -04:00
Joseph Schorr
40a6892a49 Add search tests 2015-04-07 14:05:12 -04:00
Joseph Schorr
1b56567268 Make sure also include teams from organizations that the user admins 2015-04-07 13:45:49 -04:00
Joseph Schorr
951b0cbab8 Start on new interactive search 2015-04-06 19:17:18 -04:00
Joseph Schorr
4cb7921c3a Make sure to show public repos on the user and orgs pages 2015-04-03 14:55:09 -04:00
Joseph Schorr
094f91fb8b Fix the tutorial's user events 2015-04-03 12:13:33 -04:00
Joseph Schorr
5cd500257d Merge branch 'master' into orgview 2015-04-01 13:56:49 -04:00
Joseph Schorr
fde9666647 Add the team membership to the robots view 2015-04-01 13:56:30 -04:00
Joseph Schorr
1f5e6df678 - Fix tests
- Add new endpoints for retrieving the repo permissions for a robot account
- Have the robots list return the number of repositories for which there are permissions
- Other UI fixes
2015-03-31 18:50:43 -04:00
Joseph Schorr
27a9b84587 Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists 2015-03-30 17:55:04 -04:00
Jimmy Zelinskie
da15eda2bf migration: make auth_token for builds nullable 2015-03-27 11:20:30 -04:00
Joseph Schorr
7b1d35737e Merge branch 'master' of github.com:coreos-inc/quay 2015-03-26 17:45:49 -04:00
Joseph Schorr
a7b6cb5c23 Fix handling of byte strings and large ints 2015-03-26 17:45:43 -04:00
Jimmy Zelinskie
4d4947edaf Merge branch 'master' of github.com:coreos-inc/quay 2015-03-26 16:31:20 -04:00
Jimmy Zelinskie
bcc7a9580b models: change UUID of user on password change
This prevents old cookies from continuing to work after a password has
been changed.
2015-03-26 16:30:41 -04:00
Joseph Schorr
c4a2574b0d Clarify unencrypted password error message 2015-03-26 16:23:28 -04:00
Joseph Schorr
f8afd8b5ce Make sure to parse the big int into a byte string 2015-03-26 16:13:35 -04:00
Joseph Schorr
4d1792db1c getrandbits creates an int, not a float 2015-03-26 15:47:44 -04:00
Joseph Schorr
aaf1b23e98 Address CL concerns and switch to a real encryption system 2015-03-26 15:10:58 -04:00
Joseph Schorr
d23bb6616d Fix error message to exactly match current output 2015-03-26 13:22:16 -04:00
Joseph Schorr
e4b659f107 Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords 2015-03-25 18:43:12 -04:00
Jake Moshenko
3d44416016 Add the migration for the unique index which helps prevent tag deadlocks. 2015-03-24 18:00:04 -04:00
Jake Moshenko
201943ed1c Fix deadlocks with tags and garbage collection. 2015-03-24 18:00:04 -04:00
Jimmy Zelinskie
9c55aca011 migration: make resource_key nullable 2015-03-23 15:46:35 -04:00
Jimmy Zelinskie
93a9e9d01a migration: add private key to build triggers 2015-03-19 14:30:25 -04:00
Joseph Schorr
ab2331a486 Performance improvements for the repo API and the new repo UI 2015-03-18 14:47:53 -04:00
Joseph Schorr
fe8d006855 Fix subquery on MySQL 2015-03-17 13:54:51 -04:00
Joseph Schorr
44ff85d044 Remove migration (temporarily), fix a broken test, and make the aggregate size calculation use the entire image ancestry (for now). 2015-03-17 12:13:01 -04:00
Joseph Schorr
b8d88c0f4e Add aggregate size column and a migration to backfill it 2015-03-16 18:03:17 -04:00
Joseph Schorr
333e0acd6d Add the builds tab 2015-03-13 15:34:28 -07:00
Joseph Schorr
002dc083f2 Get the main repo page design working 2015-03-10 17:22:46 -07:00
Joseph Schorr
afc8e95e19 Start on new tag view 2015-03-09 22:03:39 -07:00
Joseph Schorr
929bad57f5 Fix revision 2015-03-05 15:06:46 -05:00
Joseph Schorr
86447c0a99 Merge branch 'master' into pagesnew 2015-03-05 14:22:10 -05:00
Joseph Schorr
edafa26e6e Fix email confirmation for users created through the superuser API 2015-03-03 14:26:48 -05:00
Joseph Schorr
a36266f758 Add LDAP tracing 2015-02-27 17:01:46 -05:00
Jake Moshenko
6c4e78ec0c Fix the deadlock in tags. 2015-02-25 17:49:46 -05:00
Jimmy Zelinskie
fb0d3d69c2 changes to reflect PR comments (not finished) 2015-02-24 17:50:54 -05:00
Jake Moshenko
d8a34427ec Try to get around the tag deadlock by using a select for update. 2015-02-24 17:18:42 -05:00
Jake Moshenko
246ff556b9 Fix some other list reifications to use nested subqueries for performance and query size safety reasons. 2015-02-23 15:07:38 -05:00
Joseph Schorr
4020cc1102 Reset the number of invalid login attempts when the user change's their password 2015-02-23 13:56:42 -05:00
Joseph Schorr
a0706d20ae Merge branch 'master' of github.com:coreos-inc/quay 2015-02-23 13:38:04 -05:00
Joseph Schorr
5f605b7cc8 Fix queue handling to remove the dependency from repobuild, and have a cancel method 2015-02-23 13:38:01 -05:00
Jake Moshenko
75d41ca371 Switch to an inner inner subquery to make mysql arbitrarily happy. 2015-02-23 12:36:14 -05:00
Jimmy Zelinskie
7fbbf14e49 migrations: resolve branched migration tree
This moves the migration adding stars to HEAD.
2015-02-19 17:10:27 -05:00
Jimmy Zelinskie
917dd6b674 Merge branch 'master' into star 2015-02-18 17:36:58 -05:00
Jake Moshenko
41108a0856 Allow tags to be marked as hidden. Create a hidden tag on every image during a push to prevent them from getting GCed. 2015-02-18 17:05:16 -05:00
Jake Moshenko
59b794dd61 Move the creation of images to when the JSON is uploaded. 2015-02-18 17:04:25 -05:00
Joseph Schorr
89eb5bdcc5 Merge branch 'quark' 2015-02-18 15:59:36 -05:00
Joseph Schorr
a5ff765f3b Validate that we have a valid JSON body 2015-02-18 15:57:05 -05:00
Jake Moshenko
2dd03f1bed Merge remote-tracking branch 'origin/master' into rockyhorror
Conflicts:
	test/data/test.db
2015-02-18 10:56:01 -05:00
Jake Moshenko
2cd5bdb563 Address concerns from pull request. 2015-02-18 10:43:08 -05:00
Joseph Schorr
ff7e97faf7 Merge branch 'master' into quark 2015-02-17 19:16:12 -05:00
Joseph Schorr
524705b88c Get dashboard working and upgrade bootstrap. Note: the bootstrap fixes will be coming in the followup CL 2015-02-17 19:15:54 -05:00
Joseph Schorr
83e05d2342 Add tracking of the kind of temporary access tokens, so we can display if a pull/push by token is for a build worker 2015-02-17 12:35:16 -05:00
Joseph Schorr
3e04e3cfd7 Merge branch 'master' of github.com:coreos-inc/quay 2015-02-13 15:54:09 -05:00
Joseph Schorr
81ce4c771e Add ability to cancel builds that are in the waiting state 2015-02-13 15:54:01 -05:00
Jake Moshenko
579d900ef2 Add server defaults to the new fields which are not nullable. 2015-02-13 14:45:42 -05:00
Jake Moshenko
2ce6e76d9d Add the required migration for time machine tag lifetimes. 2015-02-13 14:41:08 -05:00
Jake Moshenko
5aedd1fabc Merge remote-tracking branch 'origin/master' into rockyhorror
Conflicts:
	test/data/test.db
2015-02-13 13:17:10 -05:00
Jake Moshenko
2743fe6f4d Trap migration exceptions for the migration that we expect to fail in prod. 2015-02-13 13:11:50 -05:00
Jake Moshenko
cd245e62bf Remove the access_token_id column from log entries. 2015-02-13 11:56:59 -05:00
Jake Moshenko
4a921a49b9 Merge remote-tracking branch 'origin/master' into rockyhorror 2015-02-12 16:24:30 -05:00
Joseph Schorr
f84d1bad45 Handle internal errors in a better fashion: If a build would be marked as internal error, only do so if there are retries remaining. Otherwise, we mark it as failed (since it won't be rebuilt anyway) 2015-02-12 16:19:44 -05:00
Jake Moshenko
b154e7acef Merge remote-tracking branch 'origin/master' into rockyhorror 2015-02-12 15:27:28 -05:00
Jake Moshenko
990739b1e5 Add the APIs required to change the time machine policy for users and organizations. 2015-02-12 14:37:11 -05:00
Jake Moshenko
872539bdbf Switch to a per-namespace configurable expiration policy for time machine, and switch the tag gc to respect it. 2015-02-12 14:11:56 -05:00
Joseph Schorr
f107b50a46 Merge branch 'master' into ackbar 2015-02-12 12:04:45 -05:00
Jake Moshenko
f32bd748e4 Use a consistent concept of tag liveness everywhere. Fix the tests. 2015-02-11 15:02:50 -05:00
Jake Moshenko
90c0a9c1e0 First stab at time machine using fixed two week expiration policy. 2015-02-11 14:15:40 -05:00
Joseph Schorr
045614c6c8 Merge branch 'master' into ackbar 2015-02-09 17:16:42 -05:00
Joseph Schorr
3d31c64da2 Make sure to select the latest image in the repository with the matching comment 2015-02-09 16:45:06 -05:00
Joseph Schorr
48949627e0 Merge master in delta 2015-02-09 12:07:43 -05:00
Joseph Schorr
e1c5ccb7d6 Fixes 2015-02-05 17:37:58 -05:00
Joseph Schorr
cf774e23df Merge branch 'master' into v2 2015-02-05 15:37:14 -05:00
Joseph Schorr
a12bfa7623 Add migration for the new tables for signatures 2015-02-05 15:30:45 -05:00
Joseph Schorr
9dfe523615 Merge master changes 2015-02-05 13:11:16 -05:00
Joseph Schorr
bfb0784abc Add signing to the ACI converter 2015-02-04 15:29:24 -05:00
Jake Moshenko
ce7033489b Hopefully fix the deadlock in the queue. 2015-02-03 14:50:01 -05:00
Jake Moshenko
64750e31fc Add the ability to select for update within transactions to fix some write after read hazards. Fix a bug in extend_processing. 2015-01-30 16:32:13 -05:00
Joseph Schorr
3872d29de9 Add a transaction around the extend_processing call 2015-01-29 18:40:41 -05:00
Joseph Schorr
30b895b795 Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar 2015-01-23 17:26:14 -05:00
Joseph Schorr
c8229b9c8a Implement new step-by-step setup 2015-01-23 17:19:15 -05:00
Jake Moshenko
44f7ab53a2 Merge remote-tracking branch 'origin/master' into ephemeral 2015-01-21 13:39:27 -05:00
Joseph Schorr
92d32bc636 Make the DB health check first attempt a simple DB connection. If the database is in the middle of a failover, this will fail after 3 seconds (the connection timeout specified), rather than hanging and causing the ELB health checks to timeout and fail. 2015-01-20 14:46:22 -05:00
Joseph Schorr
15a69ac872 Change robot deletions to set the performer to null, rather than attempting to delete the rows from the large log entries table 2015-01-14 12:56:06 -05:00
Joseph Schorr
bfd273d16f - Make validation a bit nicer:
- Add timeout to the DB validation
  - Make DB validation exception handling a bit nicer
  - Move the DB validation error message

- Fix bug around RADOS config default for Is Secure
- Allow hiding of the validation box
2015-01-08 15:27:49 -05:00
Joseph Schorr
47fb10b79f Merge branch 'master' into ackbar 2015-01-08 13:57:39 -05:00
Jimmy Zelinskie
b18986c72b Continuation of baa4918d89. 2015-01-06 15:11:37 -05:00
Jimmy Zelinskie
baa4918d89 Explicitly declare length of large MySQL indices.
Most MySQL installs silently truncate indices at a specific number of bytes.
This value is 767 bytes unless either the innodb_large_prefix option is turned
on or the innodb_page_size has been changed. This change explicitly limits the
size of large indices to 767 characters due to the latin1 charset being 1 byte
per char.
2015-01-06 14:55:31 -05:00
Joseph Schorr
1bf25f25c1 WIP 2015-01-04 14:38:41 -05:00