Jake Moshenko
2a2414d6af
Merge pull request #60 from coreos-inc/jwtauthentication
...
Add support for an external JWT-based authentication system
2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e
Add support for an external JWT-based authentication system
...
This authentication system hits two HTTP endpoints to check and verify the existence of users:
Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
Returns 200 if the username/email exists, 4** otherwise
Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message
The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
josephschorr
63f289a8cb
Merge pull request #59 from jzelinskie/custom-git-fix
...
triggers: metadata.commit_sha -> metadata.commit
2015-06-02 16:10:26 -04:00
Joseph Schorr
477a3fdcdc
Add a test to verify that all important blueprints have all their methods decorated
...
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0
triggers: metadata.commit_sha -> metadata.commit
...
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031
Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository
...
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
2015-06-02 15:16:22 -04:00
Joseph Schorr
3602b59465
Add registry tests for anonymous access
2015-06-02 14:27:57 -04:00
Joseph Schorr
c0e995c1d4
Merge branch 'master' into nolurk
2015-06-02 13:55:16 -04:00
Jake Moshenko
7bc5f7a1ca
Merge pull request #53 from coreos-inc/v1test
...
Add tests for the registry that mimic Docker's calls
2015-06-02 12:24:42 -04:00
Joseph Schorr
9585e2a765
End-to-end registry tests
2015-06-01 16:35:30 -04:00
Joseph Schorr
1aff701bc7
Fix LDAP referral and multiple pair handling
...
Fixes two issues found with our LDAP handling code. First, we now follow referrals in both LDAP calls, as some LDAP systems will return a referral instead of the original record. Second, we now make sure to handle multiple search result pairs properly by further filtering based on the presence of the 'mail' attribute when we have multiple valid pairs. This CL also adds tests for all of the above cases.
2015-05-27 15:04:34 -04:00
Joseph Schorr
b0d763b5ff
Fix encrypted password generator to use the LDAP username, not the Quay username.
...
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-20 16:37:09 -04:00
Joseph Schorr
eb773e40a2
Add some more debug logging around bitbucket triggers and add some tests to verify we properly handle trigger branch filters
2015-05-20 14:18:12 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
efab02ae47
LDAP improvements:
...
- Better logging
- Better error messages
- Add unit tests
- Clean up the setup tool for LDAP
2015-05-11 21:23:18 -04:00
Joseph Schorr
3e1abba284
Add ability for super users to rename and delete organizations
2015-05-11 18:03:25 -04:00
Joseph Schorr
f858caf6cd
Only return the team and repo permissions when listing robots when we absolutely need them.
2015-05-08 16:43:07 -04:00
Joseph Schorr
469f25b64c
Start measuring the number of queries on critical API calls
2015-05-07 22:25:23 -04:00
Joseph Schorr
3627de103c
Minimize the queries used when retrieve builds. Previously, we'd call out to SQL extra times per build.
2015-05-07 21:11:15 -04:00
Joseph Schorr
7b35555776
Make sure to test for unicode usernames, since the collate on the username field is latin1
2015-05-07 18:13:45 -04:00
Joseph Schorr
d07f9f04e9
UI and code improvements to make working with the multiple SCMs easier
2015-05-03 10:38:11 -07:00
Joseph Schorr
e3aededcbc
Merge branch 'master' into gitlab
2015-05-03 12:13:09 -04:00
Jimmy Zelinskie
3ac884beb4
gitlab oauth
2015-05-02 17:54:48 -04:00
Joseph Schorr
b96e35b28c
Merge master into bitbucket
2015-04-30 15:52:08 -04:00
Joseph Schorr
b3675df667
Fix tests
2015-04-30 15:47:40 -04:00
Joseph Schorr
60036927c9
Really disallow usage of the same account for an org as the one being converted. Before, you could do so via email.
2015-04-29 20:30:37 -04:00
Joseph Schorr
5a8093bbea
Fix API tests
2015-04-29 17:30:24 -04:00
Joseph Schorr
31260d50f5
Rename the new images method to a slightly better name
2015-04-24 16:37:37 -04:00
Joseph Schorr
e70343d849
Faster cache lookup by removing a join with the ImagePlacementTable, removing the extra loop to add the locations and filtering the images looked up by the base image
2015-04-24 16:22:19 -04:00
Jimmy Zelinskie
c238626c56
tests: update to reflect trigger API changes
2015-04-23 18:16:14 -04:00
Jimmy Zelinskie
02498d72ba
almost all PR discussion fixes
2015-04-21 18:04:25 -04:00
Jimmy Zelinskie
93cd459460
Merge branch 'master' into git
2015-04-20 10:58:49 -04:00
Joseph Schorr
e56d5a9fe5
Rebuild test db
2015-04-19 15:48:34 -04:00
Joseph Schorr
d1e2d072ea
Add unit tests and a stronger restriction on the revert API call
2015-04-19 15:43:16 -04:00
Joseph Schorr
e16657ed0e
Add security tests for the new revert endpoint
2015-04-19 15:25:33 -04:00
Jimmy Zelinskie
ba2cb08904
Merge branch 'master' into git
2015-04-16 17:38:35 -04:00
Joseph Schorr
f8c80f7d11
Add a history view to the tags page. Next step will add the ability to revert back in time
2015-04-15 15:21:09 -04:00
Joseph Schorr
396cba64e6
Fix search to return better results by searching for robots and namespaces in different queries.
2015-04-09 12:57:20 -04:00
Joseph Schorr
3707feaf5d
Disable MySQL in the full db test because the table setup fails
2015-04-09 11:47:58 -04:00
Joseph Schorr
40a6892a49
Add search tests
2015-04-07 14:05:12 -04:00
Joseph Schorr
5cd500257d
Merge branch 'master' into orgview
2015-04-01 13:56:49 -04:00
Jimmy Zelinskie
f55c478a30
testdb: resync
2015-04-01 13:43:11 -04:00
Joseph Schorr
1f5e6df678
- Fix tests
...
- Add new endpoints for retrieving the repo permissions for a robot account
- Have the robots list return the number of repositories for which there are permissions
- Other UI fixes
2015-03-31 18:50:43 -04:00
Jimmy Zelinskie
c5272f3545
initdb: add custom trigger and refresh test.db
2015-03-27 11:23:49 -04:00
Joseph Schorr
e4b659f107
Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords
2015-03-25 18:43:12 -04:00
Jake Moshenko
201943ed1c
Fix deadlocks with tags and garbage collection.
2015-03-24 18:00:04 -04:00
Jimmy Zelinskie
9c55aca011
migration: make resource_key nullable
2015-03-23 15:46:35 -04:00
Jimmy Zelinskie
f6f93e9079
consolidate everything into one GitHub trigger
2015-03-19 17:12:27 -04:00
Jimmy Zelinskie
93a9e9d01a
migration: add private key to build triggers
2015-03-19 14:30:25 -04:00
Jimmy Zelinskie
5a29218c5c
Merge branch 'master' into git
2015-03-19 12:10:34 -04:00
Jimmy Zelinskie
2a02d08dc6
testdb: update with github-git trigger
2015-03-19 12:07:25 -04:00
Joseph Schorr
44ff85d044
Remove migration (temporarily), fix a broken test, and make the aggregate size calculation use the entire image ancestry (for now).
2015-03-17 12:13:01 -04:00
Joseph Schorr
7b5341c067
Update database
2015-03-16 17:35:57 -04:00
Joseph Schorr
afc8e95e19
Start on new tag view
2015-03-09 22:03:39 -07:00
Joseph Schorr
8423b5874f
Typo fixes
2015-03-06 14:29:56 -05:00
Joseph Schorr
6a625ba9e6
Fix build logs date/time
2015-03-06 14:22:19 -05:00
Joseph Schorr
12b458780b
Handle loading status better for each namespace displayed in the repo list and update the database we use for testing
2015-03-05 16:25:16 -05:00
Joseph Schorr
43ab838998
Merge branch 'newbuildview'
2015-03-05 16:17:29 -05:00
Joseph Schorr
86447c0a99
Merge branch 'master' into pagesnew
2015-03-05 14:22:10 -05:00
Joseph Schorr
ed46d37ea7
- Add copy button to the build logs
...
- Add support for timestamps in the build logs
- Other small UI improvements to the build view
2015-02-27 16:00:32 -05:00
Jimmy Zelinskie
fb0d3d69c2
changes to reflect PR comments (not finished)
2015-02-24 17:50:54 -05:00
Joseph Schorr
a7ddf46c2a
Fix default test DB
2015-02-24 15:00:40 -05:00
Jimmy Zelinskie
35a2414d85
tests: star security tests
2015-02-23 14:23:32 -05:00
Joseph Schorr
10e2eabb1c
Fix test
2015-02-23 13:47:21 -05:00
Joseph Schorr
5f605b7cc8
Fix queue handling to remove the dependency from repobuild, and have a cancel method
2015-02-23 13:38:01 -05:00
Jimmy Zelinskie
2914a5da96
tests: add test for star/unstar repo
2015-02-20 15:11:41 -05:00
Jimmy Zelinskie
46832676f7
testdb: re-run initdb
2015-02-19 17:46:44 -05:00
Jake Moshenko
41108a0856
Allow tags to be marked as hidden. Create a hidden tag on every image during a push to prevent them from getting GCed.
2015-02-18 17:05:16 -05:00
Joseph Schorr
7c81d90cda
Start recording the commit sha and other metadata about github triggered builds. We'll eventually show this information in the UI
2015-02-18 14:12:59 -05:00
Jake Moshenko
2dd03f1bed
Merge remote-tracking branch 'origin/master' into rockyhorror
...
Conflicts:
test/data/test.db
2015-02-18 10:56:01 -05:00
Jake Moshenko
2cd5bdb563
Address concerns from pull request.
2015-02-18 10:43:08 -05:00
Joseph Schorr
83e05d2342
Add tracking of the kind of temporary access tokens, so we can display if a pull/push by token is for a build worker
2015-02-17 12:35:16 -05:00
Joseph Schorr
81ce4c771e
Add ability to cancel builds that are in the waiting state
2015-02-13 15:54:01 -05:00
Jake Moshenko
2ce6e76d9d
Add the required migration for time machine tag lifetimes.
2015-02-13 14:41:08 -05:00
Jake Moshenko
5aedd1fabc
Merge remote-tracking branch 'origin/master' into rockyhorror
...
Conflicts:
test/data/test.db
2015-02-13 13:17:10 -05:00
Joseph Schorr
cae460b11b
Fix test db
2015-02-12 16:27:26 -05:00
Jake Moshenko
d306e37e9d
Add some simple tests to sanity check the time machine gc.
2015-02-12 16:05:45 -05:00
Jake Moshenko
b154e7acef
Merge remote-tracking branch 'origin/master' into rockyhorror
2015-02-12 15:27:28 -05:00
Jake Moshenko
740bc31058
Fix the gc test.
2015-02-12 14:44:01 -05:00
Jake Moshenko
872539bdbf
Switch to a per-namespace configurable expiration policy for time machine, and switch the tag gc to respect it.
2015-02-12 14:11:56 -05:00
Joseph Schorr
f107b50a46
Merge branch 'master' into ackbar
2015-02-12 12:04:45 -05:00
Jake Moshenko
f32bd748e4
Use a consistent concept of tag liveness everywhere. Fix the tests.
2015-02-11 15:02:50 -05:00
Jake Moshenko
90c0a9c1e0
First stab at time machine using fixed two week expiration policy.
2015-02-11 14:15:40 -05:00
Joseph Schorr
f8a917ec26
Fix test
2015-02-10 22:02:39 -05:00
Joseph Schorr
893ae46dec
Add an ImageTree class and change to searching *all applicable* branches when looking for the best cache tag.
2015-02-10 21:46:58 -05:00
Joseph Schorr
045614c6c8
Merge branch 'master' into ackbar
2015-02-09 17:16:42 -05:00
Joseph Schorr
c081b1fa86
Fix DB test and upgrade to peewee 2.4.7, which has the delete instance fix
2015-02-09 11:10:26 -05:00
Joseph Schorr
cf774e23df
Merge branch 'master' into v2
2015-02-05 15:37:14 -05:00
Joseph Schorr
9dfe523615
Merge master changes
2015-02-05 13:11:16 -05:00
Joseph Schorr
84e5c0644e
Address comments
2015-02-02 14:07:32 -05:00
Jake Moshenko
adce277d49
Fix the tests to use the default realm and building config.
2015-02-02 12:05:36 -05:00
Jake Moshenko
35ba2a6c1f
Use a file for sqlite in tests, in-memory seems to be seg-faulting
2015-01-30 16:32:37 -05:00
Joseph Schorr
3872d29de9
Add a transaction around the extend_processing call
2015-01-29 18:40:41 -05:00
Joseph Schorr
15397d270a
Add tests for path prefixing and super long filenames
2015-01-29 14:57:42 -05:00
Joseph Schorr
30b895b795
Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar
2015-01-23 17:26:14 -05:00
Joseph Schorr
c8229b9c8a
Implement new step-by-step setup
2015-01-23 17:19:15 -05:00
Jake Moshenko
44f7ab53a2
Merge remote-tracking branch 'origin/master' into ephemeral
2015-01-21 13:39:27 -05:00
Joseph Schorr
15a69ac872
Change robot deletions to set the performer to null, rather than attempting to delete the rows from the large log entries table
2015-01-14 12:56:06 -05:00
Joseph Schorr
0d2c42ad03
Fix tests
2015-01-09 17:11:51 -05:00
Joseph Schorr
6d604a656a
Move config handling into a provider class to make testing much easier
2015-01-09 16:23:31 -05:00
Joseph Schorr
7933bd44fd
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production
2015-01-08 12:53:36 -05:00
Joseph Schorr
508bc10a58
Fix broken test due to the permissions change
2015-01-07 16:31:16 -05:00
Joseph Schorr
40d2b1748f
Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py).
2015-01-05 12:31:02 -05:00
Jake Moshenko
b33ee1a474
Register existing builders to watch their expirations.
2015-01-05 11:21:36 -05:00
Joseph Schorr
1bf25f25c1
WIP
2015-01-04 14:38:41 -05:00
Jake Moshenko
a9839021af
When the etcd key tracking realms is first created the action is create, not set.
2014-12-31 11:46:02 -05:00
Jake Moshenko
cc70225043
Generalize the ephemeral build managers so that any manager may manage a builder spawned by any other manager.
2014-12-31 11:33:56 -05:00
Jake Moshenko
4a2295373f
Fix tests for no timeout watches.
2014-12-23 15:35:34 -05:00
Jake Moshenko
4e22e22ba1
We have to serialize our build data before sending it to etc.
2014-12-23 14:09:04 -05:00
Jake Moshenko
709e571b78
Handle read timeouts from etcd when watching a key.
2014-12-23 12:13:49 -05:00
Jake Moshenko
055a6b0c37
Add a total maximum time that a machine is allowed to stick around before we terminate it more forcefully.
2014-12-23 11:18:10 -05:00
Jake Moshenko
34bf92673b
Add support for adjusting etcd ttl on job_heartbeat. Switch the heartbeat method to a coroutine.
2014-12-22 17:24:44 -05:00
Jake Moshenko
2b6c2a2a50
Improve tests for the ephemeral build manager.
2014-12-22 16:22:07 -05:00
Jake Moshenko
12ee8e0fc0
Switch a few of the buildman methods to coroutines in order to support network calls in methods. Add a test for the ephemeral build manager.
2014-12-22 12:14:16 -05:00
Jimmy Zelinskie
f3259c862b
Merge branch 'koh'
...
Conflicts:
auth/scopes.py
requirements-nover.txt
requirements.txt
static/css/quay.css
static/directives/namespace-selector.html
static/js/app.js
static/partials/manage-application.html
templates/oauthorize.html
2014-12-01 12:30:09 -08:00
Joseph Schorr
2155bbee6c
Add some basic tests for the changes lib
2014-11-29 19:08:59 -05:00
Joseph Schorr
e9cac407df
Add a configurable avatar system and add an internal avatar system for enterprise
2014-11-24 19:25:13 -05:00
Jimmy Zelinskie
716d7a737b
Strip whitespace from ALL the things.
2014-11-24 16:07:38 -05:00
Jimmy Zelinskie
dee4c389a8
Base sessions on UUIDs.
...
Now that a backfill has been applied, sessions can now be based on UUIDs
because all users will have one.
2014-11-20 18:44:36 -05:00
Jimmy Zelinskie
12ff4b107c
Undo sessions being driven by UUID.
...
Basing sessions on UUIDs must be done in phases. First all users
must obtain an UUID. Once a backfill has given all previous users
UUIDs and new users are being generated with UUIDs, then we can
actually change the session to be based on that value.
2014-11-20 12:57:17 -05:00
Joseph Schorr
9b31b9805a
Fix performance problem with looking up org members and add some tests
2014-11-20 11:33:42 -05:00
Jake Moshenko
aa62395777
Fix a test to use the new calling convention for get_build_trigger.
2014-11-19 15:43:28 -05:00
Jimmy Zelinskie
faeb3b9a10
Update tests to use uuid in session
2014-11-19 13:28:16 -05:00
Jimmy Zelinskie
9d677b8eb3
Add UUID to User model and use in cookie.
2014-11-19 13:28:16 -05:00
Jake Moshenko
f4681f2c18
Merge branch 'master' into nomenclature
...
Conflicts:
test/data/test.db
2014-11-17 17:59:59 -05:00
Joseph Schorr
6e47ec2ef1
Add additional locations to the gc tests
2014-11-13 13:20:21 -05:00
Joseph Schorr
d73747ce1d
- Fix some other group_by clauses
...
- Fix garbage_collect for an empty list (fixes a test)
- Add a script which runs the full test suite against mysql and postgres (note: QueueTest's are broken for MySQL, but they obviously work in production, so they need to be fixed)
2014-11-13 12:51:37 -05:00
Joseph Schorr
eddcc02ea6
Make repository deletes much faster by adding custom deletion code and have additional tests to verify the deletion code paths
2014-11-10 23:05:20 -05:00
Joseph Schorr
611bc895e1
Handle invalid tar layers and add tests
2014-11-10 18:26:37 -05:00
Joseph Schorr
cc9d5798b3
Add an extra root dir test
2014-11-10 18:18:28 -05:00
Joseph Schorr
158acd4f41
- Turn on foreign key constraint checking in the tests
...
- Change all ForeignKeyField's that refer to users to use our custom class, and mark those that allow robots
- Change robot delete to only execute the subset of queries necessary to actually delete robots
2014-11-07 12:05:21 -05:00
Joseph Schorr
4eedd54b66
- Make usage language more accurate by stating "repositories"
...
- Have usage counter be based on a 4 weeks TTL
- Add a simple usage counter breakage test
2014-10-30 13:26:02 -04:00
Joseph Schorr
79e4864eb2
Move the the track_and_log code into its own module. This breaks a dependency chain between index -> common -> api -> subscribe -> common again.
2014-10-30 12:49:51 -04:00
Joseph Schorr
c1398c6d2b
- Add a log entry for repo verb handling and make the container usage calculation take it into account
...
- Move all the repo push/pull/verb logging into a central track_and_log method
- Readd images accidentally deleted in the last CL
- Make the uncompressed size migration script better handle exceptions
2014-10-29 15:42:44 -04:00
Joseph Schorr
e9c2e54dbc
Change delete to once again not perform everything under a transaction. A recent revision accidentally moved everything back under it.
2014-10-29 11:59:02 -04:00
Jake Moshenko
1461310ab8
Merge remote-tracking branch 'origin/master' into nomenclature
...
Conflicts:
endpoints/common.py
endpoints/notificationhelper.py
test/data/test.db
workers/dockerfilebuild.py
2014-10-23 13:25:37 -04:00
Joseph Schorr
2ef9a68b08
Add another empty GC test
2014-10-17 17:49:58 -04:00
Joseph Schorr
0c0cd693dd
Add a GC test for a noop
2014-10-17 17:48:31 -04:00
Joseph Schorr
baca3f79ed
Add tests for image garbage collection
2014-10-17 14:35:17 -04:00
Joseph Schorr
daa194aef7
Re-add removed testdb
2014-10-15 15:52:12 -04:00
Joseph Schorr
d43109d7cb
- Merge branch 'master' into sha-lom
...
- Extract out the tar handling from streamlayerformat into tarlayerformat
- Add a new tarfileappender class to make it easy to append data to gzipped tars
- Fix the gzipwrap to properly close
- Have the .git injection use the new appender
2014-10-15 15:51:34 -04:00
Joseph Schorr
dba75a08af
Make sure to handle deleted prefixes properly
2014-10-15 11:57:54 -04:00
Joseph Schorr
da28bc4ce9
- Handle missing images properly
...
- Add support for deleting directories
- Add a slew of tests for deletion of directories and other kinds of deletion and layering
2014-10-14 21:40:02 -04:00
Joseph Schorr
eef7edab49
Fix file deletion skipping
2014-10-14 18:48:26 -04:00
Joseph Schorr
b234019a02
Fix tests
2014-10-14 16:23:01 -04:00
Jake Moshenko
328db8b660
Split the app into separate backends, which can use different worker types and different timeouts.
2014-10-14 13:58:08 -04:00
Jake Moshenko
8a37d63e35
Update the test db to use unique uuds for images storages.
2014-10-07 16:40:44 -04:00
Jake Moshenko
a0d94f9d59
Merge remote-tracking branch 'origin/laffa' into nomenclature
...
Conflicts:
test/data/test.db
2014-10-07 15:56:28 -04:00
Joseph Schorr
f4daa5e97b
- Update the migrations tool to verify migrations work up and down for both MySQL and PostgresSQL.
...
- Add migrations for the squashed image tables and for backfilling the uncompressed sizes
- Make sure gzip stream uses a max length when determining the uncompressed size
2014-10-07 15:29:56 -04:00
Joseph Schorr
f38ce51943
Merge master into laffa
2014-10-07 14:03:17 -04:00