Joseph Schorr
31bfa697f3
Merge pull request #3136 from quay/joseph.schorr/QUAY-990/etcd-timeout
...
Add a timeout to various operations against etcd in the build manager when it cannot connect to etcd
2018-07-11 14:07:26 +03:00
Joseph Schorr
00d965a301
Merge pull request #3135 from quay/joseph.schorr/QUAY-999/informative-errors
...
Make API errors more informative
2018-07-10 22:41:34 +03:00
Joseph Schorr
8d6946bd9e
Merge pull request #3138 from quay/pytest-api-security
...
Fully migrate API security tests into the pytest test suite
2018-07-10 22:40:57 +03:00
Sam Chow
bd54eacbad
Add app var for init scripts location to access certs install
2018-07-10 11:43:34 -04:00
Sam Chow
01c23be9d6
Install certs locally in config app to validate
2018-07-09 16:32:41 -04:00
Joseph Schorr
924dda296f
Fully migrate API security tests into the pytest test suite
...
Also adds an additional test that ensures that at least one security test exists for every (api endpoint, http method) pair.
2018-07-08 18:33:21 +03:00
Joseph Schorr
2d6a6a1f6c
Add a timeout to various operations against etcd in the build manager when it cannot connect to etcd
...
This will ensure that the build managers don't simply sit there thrashing against a non-existing cluster, thus driving the CPU up on our production nodes, and thus taking them out of service
Addresses https://jira.coreos.com/browse/QUAY-990
2018-07-08 12:25:33 +03:00
Joseph Schorr
4f152fd7c7
Make API errors more informative
...
Fixes https://jira.coreos.com/browse/QUAY-999
2018-07-08 11:45:33 +03:00
Sam Chow
beebe6d5ed
Merge pull request #3133 from quay/no-config-info
...
Change wording on error when no config volume
2018-07-06 16:30:02 -04:00
Sam Chow
8c37eb50ea
Change wording on error when no config volume
2018-07-05 17:12:07 -04:00
Sam Chow
6dc2cd3691
Merge pull request #3132 from quay/project/cleanup
...
Add some step bars, other styles for config app
2018-07-05 16:39:08 -04:00
Sam Chow
ab4bfee019
Add progress bar to other parts of the config app
...
Hardcode active classes to modal step bars
2018-07-05 14:22:31 -04:00
Joseph Schorr
0eaff446e0
Merge pull request #3131 from quay/joseph.schorr/QUAY-954/cloudfront
...
Return S3 URLs for security scanner
2018-07-05 17:23:05 +03:00
Joseph Schorr
7426f9e93a
Change cloudfront storage to report non-cloudfront (i.e. S3) URLs for all requests missing IP information
...
This ensures the security scanner gets S3 URLs
Fixes https://jira.coreos.com/browse/QUAY-954
2018-07-05 16:16:20 +03:00
Sam Chow
100d7eae81
Merge pull request #3128 from quay/log-rotation-threshold
...
Add log rotation threshold configuration
2018-07-02 10:27:43 -04:00
Sam Chow
84f604739f
Add log rotation threshold configuration
2018-06-29 17:16:44 -04:00
Sam Chow
31e4c6d380
Merge pull request #3127 from quay/project/download-tar
...
Q.E. Config User can update a config tarball pt 2
2018-06-29 16:53:28 -04:00
Sam Chow
14fefea38f
Revert local validation context, extract another util
2018-06-29 15:09:33 -04:00
Sam Chow
d7ffb54333
Move tar filter to file, add tests for it
2018-06-28 17:02:33 -04:00
Sam Chow
db757edcd2
Create transient config provider, temp dir logic
...
Allows us to have a new config provider for each setup, with no overlap
of the directories used, and automatic cleanup of those directories.
2018-06-28 13:58:57 -04:00
Sam Chow
2d0a599aab
Create download modal following setup completion
2018-06-28 13:53:28 -04:00
Sam Chow
aa93d698b2
Tarball the config and give it to the front end
...
Download file as blob to avoid binary string encoding
2018-06-28 13:53:17 -04:00
Brad Ison
06f3a7d20a
Merge pull request #3124 from bison/update-user-schema
...
endpoints/api: Allow null fields in user metadata
2018-06-27 17:02:57 -04:00
Brad Ison
73cb7f3228
endpoints/api: Allow null fields in user metadata
...
The user metadata fields are nullable in the database, but were not in
the json sechema. This prevented users from updating some of their
information on the site if they hadn't set the metadata fields.
2018-06-27 15:34:55 -04:00
Sam Chow
7619ab44e5
Revert inmemoryprov, skip local storage validation
2018-06-25 15:23:30 -04:00
Sam Chow
f32bbf1fdc
Merge pull request #3121 from quay/project/upload-tar
...
Q.E. User can upload a tarball config to modify
2018-06-22 14:50:21 -04:00
Sam Chow
872be8605a
Fix error case in uploading tar, more comments
2018-06-22 13:23:08 -04:00
Joseph Schorr
92aaa23669
Merge pull request #3122 from quay/joseph.schorr/QUAY-975/disabled-routes
...
Audit which routes needed to be disabled for disabled users
2018-06-22 11:34:22 -04:00
Sam Chow
d6d0bb640a
Modify config field to use base api endpoint
...
allow streaming from gzipped tarball config
2018-06-22 10:57:35 -04:00
Sam Chow
aff1a08a83
Fix main app migration pathway
2018-06-21 15:33:26 -04:00
Joseph Schorr
2b34ae74fe
Add test for trying to pull the tags of a repository under a disabled namespace
2018-06-21 14:41:27 -04:00
Joseph Schorr
fdd0db7a7f
Add test for trying to pull the catalog under a disabled namespace
2018-06-21 14:41:27 -04:00
Joseph Schorr
892cc82b6a
Ensure that verbs cannot be performed on disabled namespaces or by disabled users
2018-06-21 14:41:27 -04:00
Brad Ison
db7e5f7cfa
Merge pull request #3123 from bison/no-parallel-tests
...
Revert "Parallelize pytest runs in Makefile"
2018-06-21 13:42:53 -04:00
Brad Ison
b68d3b399e
Revert "Parallelize pytest runs in Makefile"
...
This reverts commit 5ce15348ea
.
2018-06-21 12:07:00 -04:00
Sam Chow
561522c6d3
Port cor-title and add file check endpoint
...
Fix some FA5 regressions
Fix uploading cert files
Add fix some icons
2018-06-20 17:36:48 -04:00
Sam Chow
b5f630ba29
Fix alembic migrations importing app
...
Ensure we connect to loaded config db
2018-06-20 17:17:35 -04:00
Sam Chow
bb2b28cd11
Read tarball into in-memory config provider
2018-06-20 17:15:43 -04:00
Sam Chow
8aa18a29a8
Add writing config to file, modal for validation
2018-06-20 17:15:43 -04:00
Sam Chow
c7513199df
link config comp to upload files to endpoint
2018-06-20 17:15:43 -04:00
Sam Chow
b631b0f271
Add missing files changed directive to upload
2018-06-20 17:15:43 -04:00
Joseph Schorr
68f8eb5a8f
Merge pull request #3120 from quay/joseph.schorr/QUAY-989/ip-api-key
...
Fix the IP data lookup to take in an API key
2018-06-20 16:58:09 -04:00
Joseph Schorr
371f6f8946
Merge pull request #3118 from quay/joseph.schorr/QUAY-977/catalog-efficiency
...
Catalog efficiency improvements
2018-06-20 16:40:37 -04:00
Joseph Schorr
ebb5d17641
Merge pull request #3119 from quay/joseph.schorr/QUAY-976/rate-limit-audit
...
Audit out endpoints and ensure everything has a defined rate limit (even if quite large)
2018-06-20 15:50:48 -04:00
Joseph Schorr
d4882f0077
Fix the IP data lookup to take in an API key
...
Fixes https://jira.coreos.com/browse/QUAY-989
2018-06-20 15:44:40 -04:00
Joseph Schorr
2caaf84f31
Add caching support to catalog
...
We will now cache the results of the catalog for 60s and not hit the database at all if cached
2018-06-20 14:58:01 -04:00
Joseph Schorr
33a8099f35
Temporarily double the request limit. We'll start ratcheting it down over time.
2018-06-20 14:31:51 -04:00
Joseph Schorr
1d94e4d605
Audit out endpoints and ensure everything has a defined rate limit (even if quite large)
...
For registry operations, these were the numbers found at time the PR was written:
download_blob 108 per second across fleet
v2_auth 180 per second across fleet
catalog 1 per second across fleet
fetch_manifest 205 per second across fleet
list_all_tags 150 per second across fleet
With an average fleet size of 25. As a result, we went with a registry limit of 10r/s (10 * 25 = 250 requests) to bound even the most prolific puller.
Fixes https://jira.coreos.com/browse/QUAY-976
2018-06-20 13:36:24 -04:00
Joseph Schorr
a1c06042c6
Add a unique_key fields to the auth context type for tracking different instances
...
This will allow us to lookup a cache for the catalog without needing to make a database call
2018-06-19 11:09:58 -04:00
Joseph Schorr
7604e9842b
Change repo filtering for users to use a user ID reference, rather than the username
...
While this means we need an additional query for initial lookup, it makes the *filtering* query (which is the heavy part) require far fewer joins, thus making it more efficient.
Also adds a new unit test to verify that our filter filters to the correct set of repositories.
2018-06-19 10:51:30 -04:00