Commit graph

1305 commits

Author SHA1 Message Date
Joseph Schorr
481cebe46b Fix pytests and enable parallel registry tests 2016-12-20 15:42:04 -05:00
Joseph Schorr
001691e579 Fix whitespace 2016-12-20 13:25:23 -05:00
Joseph Schorr
5b3212ea0e Change security notification code to use the new stream diff reporters
This ensures that even if security scanner pagination sends Old and New layer IDs on different pages, they will properly be handled across the entire notification.

Fixes https://www.pivotaltracker.com/story/show/136133657
2016-12-20 12:50:19 -05:00
Joseph Schorr
ced0149520 Implement helper classes for tracking streaming diffs, both indexed and non-indexed
These classes will be used to handle the Layer ID paginated diffs from Clair.
2016-12-20 12:50:18 -05:00
Joseph Schorr
e2efb6c458 Add default and configurable LDAP timeouts
Fixes https://www.pivotaltracker.com/story/show/135885019
2016-12-19 11:53:06 -05:00
josephschorr
e58e04b0e9 Merge pull request #2242 from coreos-inc/clair-exceptions
Security scanner flow changes and auto-retry
2016-12-16 15:54:52 -05:00
Joseph Schorr
405eca074c Security scanner flow changes and auto-retry
Changes the security scanner code to raise exceptions now for non-successful operations. One of the new exceptions raised is MissingParentLayerException, which, when raised, will cause the security worker to perform a full rescan of all parent images for the current layer, before trying once more to scan the current layer. This should allow the system to be "self-healing" in the case where the security scanner engine somehow loses or corrupts a parent layer.
2016-12-16 15:38:09 -05:00
josephschorr
f72185f527 Merge pull request #2240 from coreos-inc/wrong-email-invite-accept
Fix attempts to confirm team invite for mismatched email address
2016-12-16 14:30:37 -05:00
josephschorr
9fa16679f8 Merge pull request #2238 from coreos-inc/fake-clair
Add a fake security scanner class for easier testing
2016-12-15 20:51:24 -05:00
Joseph Schorr
785c74de52 Fix attempts to confirm team invite for mismatched email address
Currently, if a user tries to confirm an invite sent to them on an account with a mismatching email address, we simply redirect to the org (where they get a 403). This change ensures they get the proper error response message, and restyles the error page to be nicer.

Fixes #2227
Fixes https://www.pivotaltracker.com/story/show/136088507
2016-12-15 17:15:11 -05:00
Joseph Schorr
15041ac5ed Add a fake security scanner class for easier testing
The FakeSecurityScanner mocks out all calls that Quay is expected to make to the security scanner API, and returns faked data that can be adjusted by the calling test case
2016-12-14 17:11:45 -05:00
EvB
0a5d4990e6 test(endpoints/api): ensure empty 202 resp 2016-12-14 16:32:06 -05:00
Joseph Schorr
6871eb95b1 Send notifications for previously unscannable layers in QSS
Following this change, if an image was previously indexed unsuccessfully, then we will send notifications once successfully indexed
2016-12-14 11:25:45 -05:00
Joseph Schorr
a9a75cd4cf Add a test for selecting images to be scanned 2016-12-14 00:07:48 -05:00
Joseph Schorr
624b2a8385 Have security scanner analyze only send notifications for *new* layers
Following this change, anytime a layer is indexed by the security scanner, we only send notifications out if the layer previously had a security_indexed_engine value of `-1`, thus ensuring it has *never* been indexed previously. This will allow us to change to version of the security scanner upwards, and have all the images be re-indexed, without firing off notifications in a spammy manner.
2016-12-13 23:17:11 -05:00
Evan Cordell
5686c80af1 Revert "Add GC of layers in Clair"
This reverts 49872838ab
2016-12-13 18:40:58 -05:00
Joseph Schorr
1302fd2fbd Switch csrf token check to use compare_digest to prevent timing attacks
Also adds some additional tests for CSRF tokens
2016-12-08 23:46:31 -05:00
Joseph Schorr
dbdcb802b1 Add end-to-end OAuth login and attach tests 2016-12-08 18:35:42 -05:00
josephschorr
410b9d74fc Merge pull request #2214 from coreos-inc/clair-gc
Add GC of layers in Clair
2016-12-07 17:58:21 -05:00
josephschorr
111b7b0788 Merge pull request #2206 from coreos-inc/ldap-user-search-fix
Fix external auth returns for query_user calls
2016-12-07 17:53:04 -05:00
Jimmy Zelinskie
00eafff747 Merge pull request #2204 from jzelinskie/429builds
add rate limiting to build queues
2016-12-07 15:03:31 -05:00
Joseph Schorr
3203fd6de1 Fix external auth returns for query_user calls
Adds the missing field on the query_user calls, updates the external auth tests to ensure it is returned properly, and adds new end-to-end tests which call the external auth engines via the *API*, to ensure this doesn't break again
2016-12-07 14:28:42 -05:00
Jimmy Zelinskie
ebbe58d311 replace prefix w/ canonical name list 2016-12-07 12:56:56 -05:00
Joseph Schorr
49872838ab Add GC of layers in Clair
Fixes https://www.pivotaltracker.com/story/show/135583207
2016-12-06 19:52:56 -05:00
Jimmy Zelinskie
eb69abff8b build rate limiting: tests 2016-12-06 16:30:12 -05:00
Jake Moshenko
21e3001446 Add a bulk insert for queue and notifications.
Use it for Clair spawned notifications.
2016-12-06 14:00:16 -05:00
Joseph Schorr
97d150e281 Have QSS only add security scanner notifications once 2016-12-05 19:08:20 -05:00
Joseph Schorr
a565251b58 Remove check that breaks under full db tests 2016-12-02 17:46:01 -05:00
Charlton Austin
0a6322015c Fix the queue item delete. 2016-12-02 15:30:35 -05:00
Antoine Legrand
784c5f4fc7 Merge pull request #2160 from ant31/use_pytest
Add pytest, tox  and code-coverage to run tests
2016-12-02 15:53:40 +01:00
Joseph Schorr
fdff0bee4e Add configurable Docker host in full db tests 2016-12-01 15:45:08 -05:00
josephschorr
64c954dc58 Merge pull request #2182 from coreos-inc/fix-full-db-tests
Fix full database test script to not fail randomly
2016-12-01 14:33:22 -05:00
Charlton Austin
1f03fcb146 Adding in notification type for notification kind. 2016-12-01 12:26:18 -05:00
Joseph Schorr
e6ee538e15 Fix full database test script to not fail randomly
- Switches database schema creation to alembic, which solves the MySQL issue (and makes sure we test migrations as well)
- Adds a few time.sleep(1) to work around MySQL's second-precision issue when adding items to queues and then immediately retrieving them
- Disables the storage proxy tests when running against non-SQLite databases, as it causes failures with the multiple process and multiple transactions
- Changes initdb to support only populating the database, as well as fixing a few small items around the test data when working with non-SQLite data
2016-11-30 18:24:08 -05:00
Charlton Austin
2c637fe5ce Merge pull request #2173 from charltonaustin/adding_in_build_cancel_notifications
Adding in cancel notifications
2016-11-30 15:03:17 -05:00
Charlton Austin
4103a0b75f Adding in cancel notifications 2016-11-30 14:38:34 -05:00
Joseph Schorr
236655adb4 Fix config validator for storage and add a test suite
Note that the test suite doesn't fully verify that each validation succeeds; rather, it ensures that the proper system (storage, security scanning, etc) is called with the configuration and returns at all (usually with an expected error). This should prevent us from forgetting to update these code paths when we change config-based systems. Longer term, we might want to have these tests stand up fake/mock versions of the endpoint services as well, for end-to-end testing.
2016-11-30 11:58:41 -05:00
Joseph Schorr
402ad25690 Change team invitation acceptance to join all invited teams under the org
Fixes #1989
2016-11-28 18:39:28 -05:00
Evan Cordell
b4ace1dd29 registry auth tests: test more access types 2016-11-28 14:02:08 -05:00
Evan Cordell
9e96e6870f Add support for * (admin) permission to registry auth v2 endpoint 2016-11-28 14:02:08 -05:00
ant31
2eaa8a4a1b Add pytest and tox to run tests 2016-11-28 13:13:07 +01:00
Jimmy Zelinskie
498d7fc15e Merge pull request #2143 from jakedt/makebuildmanasyncagain
Make buildman async again
2016-11-21 15:08:06 -05:00
Charlton Austin
2fe74e4057 Adding in UI for cancel anytime. 2016-11-21 10:58:32 -05:00
Jake Moshenko
f0ef4347e5 Make the redis client use AsyncWrapper and coroutines
Change all log messages to be synchronous
2016-11-18 15:59:14 -05:00
Jake Moshenko
5935e93eb8 Linter fixes. 2016-11-18 15:56:08 -05:00
Joseph Schorr
0b549125d9 Fix 500 on get label endpoint and add a test
Fixes #2133
2016-11-17 14:55:14 -05:00
Joseph Schorr
69e2cfad70 Fix github trigger when submitting a webhook without a head_commit
Fixes #2125
2016-11-16 14:14:17 -05:00
josephschorr
1346b7fb63 Merge pull request #2105 from coreos-inc/frack-swift
Fix swift exception reporting on deletion and add async chunk cleanup
2016-11-15 17:59:48 -05:00
Joseph Schorr
5f99448adc Add a chunk cleanup queue for async GC of empty chunks
Instead of having the Swift storage engine try to delete the empty chunk(s) synchronously, we simply queue them and have a worker come along after 30s to delete the empty chunks. This has a few key benefits: it is async (doesn't slow down the push code), helps deal with Swift's eventual consistency (less retries necessary) and is generic for other storage engines if/when they need this as well
2016-11-15 15:07:41 -05:00
Joseph Schorr
1a61ef4e04 Report the user's name and company to Marketo
Also fixes the API to report the other changes (username and email) as well
2016-11-14 17:34:50 -05:00
Joseph Schorr
59cb6bd216 Make sure to not log exceptions if Swift deletes fail 2016-11-11 14:17:32 -05:00
Joseph Schorr
3d221bcdd7 Add tests for the Swift storage layer using a fake swift engine 2016-11-10 15:43:03 -05:00
josephschorr
45b1148118 Merge pull request #2086 from coreos-inc/user-info
Add collection of user metadata: name and company
2016-11-09 13:15:07 -05:00
Joseph Schorr
bf2804bd4d Add a test for deleting a user with a user prompt 2016-11-08 18:27:12 -05:00
Joseph Schorr
0f2eb61f4a Add collection of user metadata: name and company 2016-11-08 16:15:02 -05:00
josephschorr
233b2be5c2 Merge pull request #2066 from coreos-inc/select-username
Add support for temp usernames and an interstitial to confirm username
2016-11-03 16:22:16 -04:00
Joseph Schorr
1e3b354201 Add support for temp usernames and an interstitial to confirm username
When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username.

Addresses most of the user issues around #74
2016-11-03 15:59:14 -04:00
Joseph Schorr
3fd92aef35 Fix entity search API to not IndexError 2016-11-02 16:22:35 -04:00
josephschorr
840ea4e768 Merge pull request #2047 from coreos-inc/external-auth-email-optional
Make email addresses optional in external auth if email feature is turned off
2016-10-31 14:16:33 -04:00
Joseph Schorr
d7f56350a4 Make email addresses optional in external auth if email feature is turned off
Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
2016-10-31 13:50:24 -04:00
Joseph Schorr
bab17932ac Fix namespace lookup in V1 registry search
Fixes #2053
2016-10-31 13:24:40 -04:00
josephschorr
934cdecbd6 Merge pull request #1905 from coreos-inc/external-auth-search
Add support for entity search against external auth users not yet linked
2016-10-27 16:06:42 -04:00
Joseph Schorr
b3d1d7227c Add support to Keystone Auth for external user linking
Also adds Keystone V3 support
2016-10-27 15:42:03 -04:00
Joseph Schorr
fbb524e34e Add support to ExternalJWT Auth for external user linking 2016-10-27 15:42:03 -04:00
Joseph Schorr
f9ee8d2bef Add support to LDAP for external user linking 2016-10-27 15:42:03 -04:00
Joseph Schorr
d145222812 Add support for linking to external users in entity search 2016-10-27 15:42:03 -04:00
Jimmy Zelinskie
30821569a4 key server: fix tests by exporting jwk_with_kid 2016-10-25 16:14:18 -04:00
josephschorr
500a218768 Merge pull request #1875 from coreos-inc/max-chunk-size
Make sure we don't generate chunk sizes larger than 5 GB.
2016-10-25 14:12:31 -04:00
Joseph Schorr
bfe2646a50 Make sure we don't generate chunk sizes larger than 5 GB.
Amazon S3 does not allow for chunk sizes larger than 5 GB; we currently don't handle that case at all, which is why large uploads are failing. This change ensures that if a storage engine specifies a *maximum* chunk size, we write multiple chunks no larger than that size.
2016-10-25 13:57:49 -04:00
Jake Moshenko
6f815907a4 Merge pull request #2030 from jakedt/twooh
Prepare the changelog for v2.0.0
2016-10-24 16:30:49 -04:00
Charlton Austin
dc35769396 Merge pull request #2022 from charltonaustin/refactor_for_cancel_anytime
Making some refactors to make it easier to cancel the build at any time.
2016-10-24 16:17:55 -04:00
Jake Moshenko
45bacbabaa s/Regions/Deployments 2016-10-24 16:04:04 -04:00
Charlton Austin
1cde22e76c Making some refactors to make it easier to cancel the build at any time. 2016-10-24 15:59:33 -04:00
Joseph Schorr
19393a8619 Add a test for deleting a user with federated login 2016-10-21 17:55:22 -04:00
Joseph Schorr
5ed13da2e6 Add missing security test for delete org 2016-10-21 17:37:49 -04:00
Joseph Schorr
73eb66eac5 Add support for deleting namespaces (users, organizations)
Fixes #102
Fixes #105
2016-10-21 15:41:09 -04:00
Joseph Schorr
864c44501e Fix global messages by removing "extra" method
I think this happened due to a bad merge.
2016-10-20 13:53:51 -04:00
josephschorr
67dde6e154 Merge pull request #1852 from coreos-inc/underscore_orgs
Better handling of namespace validation to fix a number of issues
2016-10-20 13:36:32 -04:00
Joseph Schorr
3a68740ff7 Better handling of namespace validation to fix a number of issues
- Fixes a bug which allows for underscores at the beginning of namespaces: Fixes #1849
- Allows dots and dashes for newer Docker clients: Fixes #1188
- Has the UI display better messaging associated with namespace entry
2016-10-20 13:32:22 -04:00
Joseph Schorr
2eabf1a291 Fix tests and test provider for real license format 2016-10-18 23:44:08 -04:00
Joseph Schorr
67f828279d Switch the license validator to use config_provider and have a test license
Fixes the broken tests currently which try (and fail) to read the license file
2016-10-18 11:44:13 -04:00
Joseph Schorr
7a6fb7554d Only attempt to load the license for the setup tool once there is a valid user
Prevents the 401 session expired box from appearing
2016-10-17 21:57:17 -04:00
Joseph Schorr
ee96693252 Add superuser config section for updating license 2016-10-17 21:44:25 -04:00
Jimmy Zelinskie
0c5400b7d1 enforce license across registry blueprints 2016-10-17 21:43:45 -04:00
Joseph Schorr
8fe29c5b89 Add license upload step to the setup flow
Fixes #853
2016-10-17 21:43:15 -04:00
Charlton Austin
f45aac063e Merge pull request #2005 from charltonaustin/fix_spacing_for_motd
Moving the messages endpoint to something more generic, and making th…
2016-10-17 17:21:03 -04:00
Charlton Austin
8e5dc8d3db Moving the messages endpoint to something more generic, and making the get visible all the time. 2016-10-17 16:23:48 -04:00
Joseph Schorr
3439f814b6 Fix quoting of scopes in WWW-Authenticate header
Fixes part of #2002
2016-10-17 14:32:43 -04:00
Joseph Schorr
18097a1bd6 Fix Link headers for pagination to match RFC
Fixes part of #2002
2016-10-17 13:57:05 -04:00
josephschorr
b4dd04cca4 Merge pull request #1996 from coreos-inc/aci-con-test-fix
Add a sleep to fix ACI conversion tests
2016-10-14 16:25:57 -04:00
Joseph Schorr
886489c666 Fix NPE raised if a vulnerability notification doesn't have a level filter
Fixes #1990
2016-10-14 14:23:50 -04:00
Joseph Schorr
c3ce491f02 Add a sleep to fix ACI conversion tests
This ensures that the cache is cleared before the second request is made
2016-10-14 13:36:47 -04:00
Charlton Austin
97d644d95d Adding in the delete api and the delete and create UI. 2016-10-13 10:40:52 -04:00
charltonaustin
5546fa6214 Adding in messages table 2016-10-11 10:55:12 -04:00
Charlton Austin
be916fb6ed Merge pull request #1966 from charltonaustin/j_code_review_comments
Adding in security tests and docs.
2016-10-11 09:50:47 -04:00
charltonaustin
5a4b702888 Adding in security tests and docs. 2016-10-11 09:30:37 -04:00
Jake Moshenko
7a3ee86e53 Merge pull request #1957 from jakedt/absolutecorruption
Always use absolute URLs in Location headers.
2016-10-10 18:25:29 -04:00
Jake Moshenko
df1f35e9f9 Always use absolute URLs in Location headers.
This works around docker/docker#15048
2016-10-10 16:30:24 -04:00
josephschorr
7fc33a9a57 Merge pull request #1965 from coreos-inc/condense-slack-notifications
Less verbose notifications for QSS
2016-10-10 15:38:12 -04:00
Joseph Schorr
ebf4120326 Less verbose notifications for QSS
Fixes #1914
2016-10-10 15:18:49 -04:00
charltonaustin
fa10d799b2 Adding in one more unit test. 2016-10-10 14:00:20 -04:00
charltonaustin
14eb3005b6 Some fixes for code review. 2016-10-10 12:55:00 -04:00
charltonaustin
1e733ddffb Adding in a new message data model and the corresponding methods to in the API. 2016-10-07 15:56:58 -04:00
charltonaustin
002f533bf8 Creating message api. 2016-10-07 10:22:30 -04:00
josephschorr
6b33503d8c Merge pull request #1939 from coreos-inc/unicode-search
Handle unicode in entity search
2016-10-04 22:19:59 +03:00
Joseph Schorr
ff0a292548 Handle unicode in entity search
Fixes #1934
2016-10-04 21:56:47 +03:00
josephschorr
768459ef86 Merge pull request #1938 from coreos-inc/v2-missing-parent-test
Add parent mis-ordered registry test
2016-10-04 21:53:13 +03:00
josephschorr
d8bef56e68 Merge pull request #1933 from coreos-inc/test-notifications-api
Add a test for issuing test notifications
2016-10-04 20:15:11 +03:00
Joseph Schorr
a046141708 Add parent mis-ordered registry test 2016-10-04 19:26:12 +03:00
Joseph Schorr
f4e1748bb7 Fix parent rewrite bug in schema1 manifest code and add a bunch more tests
Before this change, if you ended up writing a middle layer whose parent is not in the database, the manifest would fail to rewrite. We now just lookup the parent image in the manifest given to us, ignoring whether it is in the database or not (as it doesn't actually matter if not present; it'll be created if necessary).
2016-10-04 09:15:27 -04:00
Joseph Schorr
fdcedafe91 Add a test for issuing test notifications 2016-10-04 10:57:32 +03:00
Evan Cordell
42ebb0a6c3 Record metrics in a separate etcd record 2016-10-03 16:11:37 -04:00
Joseph Schorr
f72cb1d2ba Fix tags API pagination and add a test 2016-10-03 22:06:31 +03:00
Joseph Schorr
0b7bb6d6c6 Fix issue in V1 registry code with accessing locations under HEAD
Fixes #1922
2016-10-03 17:09:12 +03:00
Joseph Schorr
95b7b47501 Add a registry tests for numeric tags 2016-10-03 16:06:49 +03:00
Evan Cordell
68c5384473 Fixes prometheus start metric 2016-09-30 13:09:03 -04:00
josephschorr
2d9ce6dbe3 Merge pull request #1906 from coreos-inc/gitlab-bug
Gitlab trigger payload bug fixes
2016-09-30 17:52:49 +02:00
Joseph Schorr
f50bb8a1ce Add missing call to set_phase when a build doesn't start
This change fixes the build manager ephemeral executor to tell the overall build server to call set_phase when a build never starts. Before this change, we'd properly adjust the queue item, but not the repo build row or the logs, which is why users just saw "Preparing Build Node", with no indicating the node failed to start.

Fixes #1904
2016-09-30 14:54:49 +02:00
Joseph Schorr
26e8e241da Fix handling of Gitlab payloads with multiple commits
Gitlab sends multiple commits in the order reversed from Github. As this only broke recently, I suspect that they may have changed the ordering. This change makes the code order-agnostic to hopefully remove the problem going forward.

Fixes #1900
2016-09-30 12:14:32 +02:00
Joseph Schorr
c43173576a Fix Gitlab trigger payload bug when commits is empty
Gitlab will occasionally send trigger payloads with an empty commit list (and a null checkout_ha) for branches that have been deleted. Properly handle that case.
2016-09-30 12:03:08 +02:00
josephschorr
684ace3b5a Merge pull request #1761 from coreos-inc/nginx-direct-download
Add feature flag to force all direct download URLs to be proxied
2016-09-29 22:46:57 +02:00
Evan Cordell
832ee89923 Add duration metric collector decorator (#1885)
Track time-to-start for builders
Track time-to-build for builders
Track ec2 builder fallbacks
Track build time
2016-09-29 15:44:06 -04:00
Jimmy Zelinskie
31b77cf232 rename auth.auth to auth.process
This fixes some ambiguity around imports.
2016-09-29 15:24:57 -04:00
Joseph Schorr
6ae3faf7fc Add explicit config parameter to the JWT auth methods 2016-09-29 11:15:20 +02:00
Joseph Schorr
dd2e086a20 Add feature flag to force all direct download URLs to be proxied
Fixes #1667
2016-09-29 11:13:41 +02:00
Jimmy Zelinskie
fc7301be0d *: fix legacy imports
This change reorganizes imports and renames the legacy flask extensions.
2016-09-28 20:17:14 -04:00
Jimmy Zelinskie
ae16d24fd1 license: validate via key instance rather than PEM 2016-09-28 15:44:28 -04:00
Joseph Schorr
fac9d9fc5d Fix broken test after the recent 404 change 2016-09-27 17:14:56 +02:00
josephschorr
e1771abe58 Merge pull request #739 from coreos-inc/license
Add license checking to Quay
2016-09-27 16:52:08 +02:00
Joseph Schorr
476576bb70 Add license checking to Quay
Based off of mjibson's changes

Fixes #499
2016-09-27 10:31:34 +02:00
Joseph Schorr
3c8b87e086 Fix verbs in manifestlist
All registry_tests now pass
2016-09-26 14:49:58 -04:00
Jimmy Zelinskie
2e5a94bc0b create key server data interface 2016-09-26 14:49:23 -04:00
Joseph Schorr
db60df827d Implement V2 interfaces and remaining V1 interfaces
Also adds some tests to registry tests for V1 stuff.
Note: All *registry* tests currently pass, but as verbs are not yet converted, the verb tests in registry_tests.py currently fail.
2016-09-26 14:49:04 -04:00
Joseph Schorr
de990253bc Fix the build manager tests for recent change 2016-09-26 17:28:09 +02:00
Joseph Schorr
a5fef119c9 Add an end-to-end test for the notifications queue 2016-09-21 15:15:35 -04:00
Joseph Schorr
6fffc22b8a Fix build should_perform for empty JSON 2016-09-21 15:00:47 -04:00
Joseph Schorr
af79fde50d Fix build notifications 2016-09-21 14:37:23 -04:00
Joseph Schorr
03d4445a02 Add notification filtering for builds based on ref regex
Fixes #1835
2016-09-14 16:48:17 -04:00
Jake Moshenko
d56f570d3b Improve the imagetree test. 2016-09-07 13:25:19 -04:00
Jake Moshenko
cf83c9a16a Improve the garbage collection tests. 2016-09-07 13:25:19 -04:00
Jake Moshenko
584a5a7ddd Reduce database bandwidth by tracking gc candidate images. 2016-09-07 13:25:19 -04:00
Jake Moshenko
0815f6b6c4 Fix indentation for DB queries. 2016-09-07 10:48:58 -04:00
josephschorr
cd8b45e25b Merge pull request #1754 from coreos-inc/team-add-perms
Better UI and permissions handling for robots and teams
2016-09-06 17:21:19 -04:00
Joseph Schorr
1b7b3ea41d Make sure to filter starred repos to those visible to the user
Fixes #1793
2016-08-31 14:08:31 -04:00
Joseph Schorr
b4939a3cd0 Fix filtering of repos only visible to org admins 2016-08-31 13:51:53 -04:00
Joseph Schorr
1864196d8d TAR creation is not deterministic, so we can't test repush consistently 2016-08-29 16:38:12 -04:00
Joseph Schorr
357005e33f Raise a 409 if we try to insert a tag twice at the same time
Also fixes handling of labels for existing manifests

Fixes #1775
2016-08-29 16:03:35 -04:00
Joseph Schorr
1a2666be07 Fix deletion of labels and add tests 2016-08-26 16:07:49 -04:00
Joseph Schorr
608ffd9663 Basic labels support
Adds basic labels support to the registry code (V2), and the API. Note that this does not yet add any UI related support.
2016-08-26 15:24:26 -04:00
Joseph Schorr
391d70d9ec Add repo permissions dialog for existing teams and robots
Fixes #1686
2016-08-22 14:43:12 -04:00
josephschorr
2caa82d091 Merge pull request #1713 from coreos-inc/enable-iam
Enable IAM support for S3 storage
2016-08-16 16:13:29 -04:00
Joseph Schorr
742e153133 Fix watch of the jobs key in the build manager 2016-08-16 15:43:09 -04:00
Joseph Schorr
06718d1237 Fix S3 tests for IAM 2016-08-15 20:34:17 -04:00
josephschorr
de9be6e993 Merge pull request #1730 from coreos-inc/fix-pagination
Fix pagination of repositories
2016-08-15 17:14:32 -04:00
Joseph Schorr
d78361b041 Cleanup old executions that never start
Fixes #1727
2016-08-15 16:54:02 -04:00
Joseph Schorr
7f5b536ddb Fix pagination of repositories
Fixes #1725
2016-08-15 16:48:04 -04:00
Joseph Schorr
4f5b4e63f2 Really fix the hack (for now) on public repo pagination 2016-08-13 14:40:11 -04:00
josephschorr
d9b65b88e9 Merge pull request #1716 from coreos-inc/unicode-tags
Add a test for unicode tags to ensure they cannot be set
2016-08-11 18:34:44 -04:00
Joseph Schorr
19fb8fcf7c Add a test for unicode tags to ensure they cannot be set
Fixes #1324
2016-08-11 18:21:01 -04:00
Joseph Schorr
bab5cf69c7 Add a test for a deleted ref for the Github trigger
Fixes #1047
2016-08-11 18:01:04 -04:00
Joseph Schorr
4a2acac5dc Fix pagination of public repos, make more efficient and add test 2016-08-10 15:08:06 -04:00
Jimmy Zelinskie
22a25ac2d3 Revert "Merge pull request #1678 from coreos-inc/delete-repo-fix"
This reverts commit df64caf133, reversing
changes made to 0d1e453566.
2016-08-08 12:38:15 -04:00
josephschorr
df64caf133 Merge pull request #1678 from coreos-inc/delete-repo-fix
Have repo deletion not lock all the things
2016-08-04 16:48:03 -04:00
Joseph Schorr
c4daf1cc3d Change permissions model so that non-admins do not get org-wide read
Fixes #1684
2016-08-04 16:47:28 -04:00
Joseph Schorr
0b5cd95693 Have repo deletion not lock all the things 2016-08-04 16:45:59 -04:00
josephschorr
8bc0080aeb Merge pull request #1672 from coreos-inc/off-by-one
Fix off-by-one error in repo tags pagination
2016-08-03 15:00:23 -04:00
josephschorr
de58c1e38b Merge pull request #1661 from coreos-inc/buildman-timeout
Fix TTL on heartbeat in etcd
2016-08-03 11:18:32 -04:00
Joseph Schorr
c29f9ccc7f Fix TTL on heartbeat in etcd
Until now, once the heartbeat has expired, we would issue a TTL that is negative, which causes etcd to either raise an exception or simply ignore the expiration (depending on the version of etcd). This change ensures that once the key is expired, it is removed immediately via a set of a TTL of 0. Also adds tests for this case and the normal expiration case.
2016-08-03 11:15:03 -04:00
Joseph Schorr
b1b0da7afd Fix off-by-one error in repo tags pagination
Fixes #1665
2016-08-02 14:17:33 -04:00
Jake Moshenko
8ac88facab Add a test to make sure the random policy function runs. 2016-08-01 18:42:55 -04:00
Jake Moshenko
05e2773fa7 Get rid of remaining slow query for garbage collection. 2016-08-01 18:22:38 -04:00
josephschorr
b0bffe56ca Merge pull request #1638 from coreos-inc/swift-retry-seek
Add retry support to Swift
2016-08-01 14:04:54 -04:00
josephschorr
46a28617e8 Merge pull request #1651 from coreos-inc/fix-branches
Fix handling of multi-part branches in the build triggers
2016-07-26 16:00:21 -07:00
josephschorr
0162d3da30 Merge pull request #1645 from coreos-inc/gc-query-optimize
Optimize GC query for looking up deletable storages
2016-07-26 16:00:17 -07:00
Joseph Schorr
9e4f8cac03 Optimize GC query for looking up deletable storages 2016-07-26 13:47:15 -07:00
Joseph Schorr
06d52f2c83 Fix handling of multi-part branches in the build triggers
Fixes #1360
2016-07-26 13:41:13 -07:00
Joseph Schorr
a41ccf0356 Add retry support to Swift
Fixes #1636
2016-07-26 09:56:00 -07:00
Joseph Schorr
0fe3e6510a Prevent invalid tags on builds
Fixes #1632
2016-07-25 17:50:35 -07:00
Joseph Schorr
5de1e98d3c Fix LDAP DN building for empty RDN list 2016-07-22 14:40:53 -04:00
Joseph Schorr
392242d20b Another fix for the record keeping in buildman
Adds some more mocked tests as well
2016-07-22 12:01:30 -04:00
josephschorr
cf630838f0 Merge pull request #1624 from coreos-inc/builder-cleanup-tests
Bug fixes, refactoring and "new" tests for the build manager
2016-07-21 13:50:41 -04:00
Jimmy Zelinskie
2ed5723ca9 test_secscan: add a second before reads from queue
Because of the granularity of MySQL's clock, we need to wait a second
before an item becomes available.
2016-07-18 14:19:36 -04:00
Joseph Schorr
2c1880b944 Bug fixes, refactoring and "new" tests for the build manager
- Fixes various bugs introduced in the most recent build system commit
- Refactors state management in the build manager to be cleaner and more contained
- Adds back in the mock-based tests, fixed to not use threads and adjusted for the refactoring
- Adds some more simplified unit tests around non-etch related flows
2016-07-18 13:46:48 -04:00
Joseph Schorr
b0b7b63be9 Fix queue tests for MySQL
MySQL's date time's appear to have a 1 second threshold, so we need to make sure the queue items added for the tests are available as soon as they are added. Before this change, the available_after was set to `datetime.utcnow()`, and, if the `get` was called within 1 second, then its check would fail.
2016-07-15 13:27:50 -04:00
Joseph Schorr
1ed1bc9ed3 Disable prometheus in tests 2016-07-14 15:48:21 -04:00
Joseph Schorr
74b87fa813 Build manager cleanup and more logging 2016-07-14 14:33:14 -04:00
Joseph Schorr
3d558f6090 Disable ACI tests when build under Docker
We need to figure out why they fail on our build fleet
2016-07-13 14:23:30 -04:00
josephschorr
a69266c282 Merge pull request #1605 from coreos-inc/kubernetes-builder
Kubernetes builder
2016-07-12 14:49:10 -04:00
josephschorr
3143da6392 Merge pull request #1608 from coreos-inc/storage-rep
Fix storage replication for CAS and add tests
2016-07-12 13:56:36 -04:00
Joseph Schorr
5cd793331e Fix storage replication for CAS and add tests 2016-07-12 13:46:06 -04:00
Joseph Schorr
c1e4bf79b7 Fix delete team error message for admin teams 2016-07-11 15:47:05 -04:00
Joseph Schorr
811413fe9c Add multiple executor and whitelist support to build manager 2016-07-08 15:50:51 -04:00
Joseph Schorr
6bdbe25cdc Cleanup unused imports 2016-07-08 15:50:51 -04:00
Colin Hom
bc13333f20 Kubernetes build worker 2016-07-08 15:50:51 -04:00
Joseph Schorr
adaeeba5d0 Allow for multiple user RDNs in LDAP
Fixes #1600
2016-07-07 14:46:38 -04:00
Joseph Schorr
e252ee07cb Fix popularity metrics on list repos API 2016-07-06 16:15:54 -04:00
Joseph Schorr
1eec6f53b2 Fix SQL error with pagination around Repositories
Fixes #1591
2016-06-30 17:31:35 -04:00
Joseph Schorr
9558c0e937 Fix handling of Github API paths and add tests 2016-06-30 14:10:22 -04:00
Joseph Schorr
2f771304fa Disable flaky mock-based tests 2016-06-24 16:04:34 -04:00
Joseph Schorr
30ede029d5 Fix GeneratorFile for working with BufferedReader
The user files system uses a BufferedReader along with the magic library to determine the mime type of the user file being served. Currently, BufferedReader fails with an exception on Swift storage, because Swift storage returns a GeneratorFile, which is missing the `readable()` method.
2016-06-23 13:40:57 -04:00
josephschorr
9e6a264f5f Merge pull request #1523 from coreos-inc/verb-tag-cache-fix
Add a uniqueness hash to derived image storage to break caching over …
2016-06-20 16:38:25 -04:00
Joseph Schorr
a43b741f1b Add a uniqueness hash to derived image storage to break caching over tags
This allows converted ACIs and squashed images to be unique based on the specified tag.

Fixes #92
2016-06-20 16:34:52 -04:00
Jake Moshenko
a1cf12e460 Add a sitemap.txt for popular public repos
and reference it from the robots.txt
2016-06-17 14:34:20 -04:00
josephschorr
614b9124ae Merge pull request #1512 from coreos-inc/optimize-queries
Optimize various queries
2016-06-16 14:22:59 -04:00
Joseph Schorr
fea47bdaed Increase test counter to 10 2016-06-13 17:31:42 -04:00
josephschorr
58bef472d9 Merge pull request #1526 from coreos-inc/superuser-grant
Add ability for super users to take ownership of namespaces
2016-06-13 16:23:10 -04:00
Joseph Schorr
20816804e5 Add ability for super users to take ownership of namespaces
Fixes #1395
2016-06-13 16:22:52 -04:00
josephschorr
9263aad2ac Merge pull request #1534 from coreos-inc/flakey-test
Fix flaky tests
2016-06-13 16:12:15 -04:00
Joseph Schorr
4747dea395 Fix flaky tests 2016-06-13 16:00:55 -04:00
josephschorr
92f0db8056 Merge pull request #1514 from coreos-inc/better-logs
Only send heavy log-based stats for repository where required
2016-06-09 14:52:30 -04:00
Joseph Schorr
c3701cea7a Only send heavy log-based stats for repository where required 2016-06-09 14:52:15 -04:00
Joseph Schorr
8887f09ba8 Use the instance service key for registry JWT signing 2016-06-07 11:58:10 -04:00
Joseph Schorr
53538f9001 Optimize get_tag_image query
No caller uses the image placements or locations, so no need to load them.
2016-06-02 16:36:38 -04:00
josephschorr
cad8746f9d Merge pull request #1502 from coreos-inc/image-replication
Enable storage replication for V2 and add backfill tool
2016-06-02 15:02:53 -04:00
Joseph Schorr
12924784ce Enable storage replication for V2 and add backfill tool
Fixes #1501
2016-06-02 14:36:08 -04:00
josephschorr
ec492bb683 Merge pull request #1323 from coreos-inc/secworkerreturn
Move security notification work into its own method to allow for retu…
2016-06-02 13:59:25 -04:00
Joseph Schorr
48213f9ff9 Reject manifest 2 earlier to make pushes faster 2016-06-02 12:46:20 -04:00
Jimmy Zelinskie
2317938bfa Merge pull request #1496 from jzelinskie/ripRMS
dockerfile: add check for GPL pip packages
2016-06-02 12:28:18 -04:00
Jimmy Zelinskie
e5241c6d88 tests: simple test for BuildRequest w/ archive URL 2016-06-02 12:27:49 -04:00
Joseph Schorr
a18c4dd210 Make exponential back off test try multiple times
Slower runtime environments require multiple calls before we hit the 429
2016-06-01 15:00:10 -04:00
josephschorr
a85c3ebff7 Merge pull request #1457 from coreos-inc/xauth
Add support for direct granting of OAuth tokens and add tests
2016-06-01 12:07:12 -04:00
Jimmy Zelinskie
6178371cf5 Merge pull request #1493 from jzelinskie/noorder
queue: explicitly declare ordering requirement
2016-05-31 15:46:39 -04:00
Jimmy Zelinskie
44b56ae2cf queue: explicitly declare ordering requirement
This change defaults the ordering requirement of queue items to be off
and only enables it for the build manager. This should make the queries
for getting queueitems significantly faster for every other use case.
2016-05-27 14:44:30 -04:00
josephschorr
47afbb65dc Merge pull request #1490 from coreos-inc/aci-reproduce
Make ACI generation consistent across calls
2016-05-26 19:37:01 -04:00
Joseph Schorr
4ec3a6c231 Make ACI generation consistent across calls
This will ensure that no matter which signature we write for the generated ACI, it is correct for that image.
2016-05-26 17:09:19 -04:00
Jake Moshenko
8323c51e6e Extend registry auth to support notary JWTs. 2016-05-24 13:42:28 -04:00
josephschorr
fa3b342901 Merge pull request #1483 from coreos-inc/superuser-external-user
Fix setup tool when binding to external auth
2016-05-23 17:17:45 -04:00
Joseph Schorr
7933aecf25 Add support for direct granting of OAuth tokens and add tests
This allows a client (when authorized in a whitelist) to send direct credentials via a Basic auth header and therefore bypass the OAuth approval UI for that user.
2016-05-23 17:17:06 -04:00
Joseph Schorr
60bbca2185 Fix setup tool when binding to external auth
We now query the external auth provider for the external service's identifier before adding the linking row into the database. This fixes the case where the external service resolves a different identifier for the same username.

Fixes #1477
2016-05-23 17:11:36 -04:00
Joseph Schorr
f670c4c7a9 Change Signer to use the config provider and fix tests
Fixes the broken ACI tests
2016-05-23 17:10:03 -04:00
Jimmy Zelinskie
5568cc77b8 remove all default keys (#1485)
This change:
- Generates a new BitTorrent pepper by default
- Generates a new pagination key by default
- Changes the pagination key format to base64
- Removes selfsigned JWT certs
- Moves test keys to test/data
2016-05-23 16:00:48 -04:00
Joseph Schorr
1365492b28 Fix ACI signing tests 2016-05-16 13:31:43 -04:00
Joseph Schorr
64fe11a5f1 Add ACI signing tests 2016-05-13 18:29:57 -04:00
josephschorr
de6b7bc88d Merge pull request #1460 from coreos-inc/queuefilebinarydata
Add a binary data test for queue file
2016-05-13 16:43:18 -04:00
Joseph Schorr
d74198ee66 Add a binary data test for queue file 2016-05-13 15:56:06 -04:00
Joseph Schorr
72fd2b76e2 Add basic ACI conversion tests 2016-05-13 15:50:57 -04:00
Joseph Schorr
a736407611 Fix user:admin scope handling and add test 2016-05-09 11:16:01 +02:00
Joseph Schorr
343a080833 Make security scan testing much faster 2016-05-05 13:55:24 -04:00
Joseph Schorr
232fa42897 Add testing of the new secscan-for-local endpoint and fix a bug 2016-05-04 21:47:03 -04:00
Jake Moshenko
9221a515de Use the registry API for security scanning
when the storage engine doesn't support direct download url
2016-05-04 18:04:06 -04:00
josephschorr
550b9cb2b3 Merge pull request #1428 from coreos-inc/clair-setup-new
Implement setup tool support for Clair
2016-05-04 13:52:54 -04:00
Joseph Schorr
2cbdecb043 Implement setup tool support for Clair
Fixes #1387
2016-05-04 13:40:50 -04:00
Joseph Schorr
6e2df3b339 Fix key server to not list expired keys
Fixes the key server to not list expire keys and by default not return expired or unapproved keys unless explicitly requested.

Fixes #1430
2016-05-03 17:58:47 -04:00
Jimmy Zelinskie
e502f50c88 tests: add test RSA key for torrent test (#1427) 2016-05-03 13:11:02 -04:00
Jimmy Zelinskie
b89d81d748 test: add missing helpers.py file 2016-04-29 14:44:52 -04:00
Joseph Schorr
6091db983b Hide expired keys outside of their staleness window 2016-04-29 14:10:33 -04:00
Joseph Schorr
4f63a50a17 Change account-less logs to use a user and not null
This allows us to skip the migration
2016-04-29 14:09:37 -04:00
Joseph Schorr
28a80ef6a9 Make sure to verify service names on key creation 2016-04-29 14:09:37 -04:00
Joseph Schorr
5d6e5a42e8 Add delete logging and tests for logging 2016-04-29 14:09:09 -04:00
Joseph Schorr
bc08ac2749 Fix timeouts in the JWT endpoint tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
522cf68c5d Lots of smaller fixes:
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
2805dad64f test_endpoints: update to use JWT headers 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
cfc15746a6 keyserver: tests! 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d19eb16b45 keyserver: add generate key function
The superuser API, initdb, and tests will all need this functionality.
2016-04-29 14:05:16 -04:00
Joseph Schorr
23a8a29654 More tests 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
b0dac1d27e initdb: add unapproved service key 2016-04-29 14:05:16 -04:00
Joseph Schorr
fb1dca4e94 Add API usage tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59 keys ui WIP 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
dc593c0197 tests: shell of key server tests 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
bbaeaffbdb run initdb for service keys 2016-04-29 13:38:25 -04:00
josephschorr
9e88b1413d Merge pull request #1325 from coreos-inc/blobuncompressedsize
Fix uncompressed size for blob store and add test
2016-04-28 13:15:33 -04:00
Joseph Schorr
3f8d51ebd7 Fix handling of Clair notifications without New block
Fixes #1398
2016-04-22 13:05:34 -04:00
Joseph Schorr
c604dbd0f6 Fix permissions when converting a user to an org
Fixes #1366
2016-04-14 17:39:45 -04:00
Evan Cordell
7b44beb1fd Fix WWW-Authenticate header on 401 2016-04-13 09:01:42 -04:00
Evan Cordell
b5db41920f Address review comments 2016-04-11 16:34:40 -04:00
Evan Cordell
eba75494d9 Use new error format for auth errors (factor exceptions into module) 2016-04-11 16:22:26 -04:00
Evan Cordell
9c08717173 Return application/problem+json format errors and provide error endpoint
to dereference error codes.
2016-04-11 14:57:24 -04:00
josephschorr
affb600423 Merge pull request #1328 from coreos-inc/queuefilefix
Fix QueueFile to support read-to-end semantics and add some tests
2016-04-08 18:07:06 -04:00
Joseph Schorr
1009362d26 Have recovery auto-verify the user
Fixes #1355
2016-04-08 13:41:16 -04:00
Joseph Schorr
d62ec22fc9 Move security notification work into its own method to allow for return values
Fixes #1302
Fixes #1304
2016-03-31 14:08:33 -04:00
Joseph Schorr
6251e63e0e Fix QueueFile to support read-to-end semantics and add some tests 2016-03-31 12:06:49 -04:00
josephschorr
edb157c5cb Merge pull request #1294 from coreos-inc/partialperms
Change permissions to only load required by default
2016-03-30 16:40:40 -04:00
Joseph Schorr
db6f3691e5 Fix broken test 2016-03-30 16:32:08 -04:00
Joseph Schorr
b5b2df2063 Make test more resilient to changes in IDs 2016-03-30 16:19:15 -04:00
Joseph Schorr
42e934d84f Make notification lookup faster and fix repo pagination on Postgres 2016-03-30 14:46:31 -04:00
Joseph Schorr
0dffdb87c9 Fix uncompressed size for blob store and add test 2016-03-29 14:16:56 -04:00
Joseph Schorr
a3aa4592cf Change permissions to only load required by default
Permissions now load just the namespace and/or repository permissions requested, with a fallback to a full permissions load if necessary.
2016-03-28 16:33:32 -04:00
Joseph Schorr
eab6af2b87 Add mocked unit tests for cloud storage engine 2016-03-23 12:13:54 -04:00
Joseph Schorr
aa5587c93c Fixes and added tests for the security notification worker
Fixes #1301

- Ensures that the worker uses pagination properly
- Ensures that the worker handles failure as expected
- Moves marking the notification as read to after the worker processes it
- Increases the number of layers requested to 100
2016-03-18 20:28:06 -04:00
Jimmy Zelinskie
8af0b887ef fix broken tests 2016-03-18 15:48:41 -04:00
Jimmy Zelinskie
bf477b6b9c add slash_join helper and tests 2016-03-18 14:56:10 -04:00
josephschorr
c1cceb2949 Merge pull request #1295 from coreos-inc/fixeventseverity
Add another test for security notification filtering
2016-03-17 13:00:59 -04:00
Joseph Schorr
6a4584b87a Add another test for security notification filtering 2016-03-17 12:59:27 -04:00
Quentin Machu
d093a7bde5 Merge pull request #1290 from Quentin-M/split_clair_clusters
Split clair clusters
2016-03-15 11:09:51 -04:00
Joseph Schorr
57e5141fb5 Fix link-to-parent-with-different-blob issue and add a test 2016-03-14 15:35:18 -04:00
Quentin Machu
e28d2d7ce8 Fix Clair's testconfig 2016-03-14 14:28:34 -04:00
Jimmy Zelinskie
ba2851c952 Merge pull request #1287 from jzelinskie/namespace-reponame
v2: send proper scopes for authorization failures
2016-03-11 13:46:16 -05:00
Jimmy Zelinskie
ea2e17cc11 v2: send proper scopes for authorization failures
Fixes #1278.
2016-03-11 13:41:38 -05:00
Jimmy Zelinskie
bb46cc933d use kwargs for parse_repository_name 2016-03-09 16:20:28 -05:00
Joseph Schorr
c75fcfbd5e Add body checking to the analyze layer test
Fixes #1272
2016-03-09 11:45:28 -05:00
Jake Moshenko
fe2cd240bc Revert "Remove old search API which is no longer in use" 2016-03-07 10:07:41 -05:00
josephschorr
57430a18b4 Merge pull request #1224 from coreos-inc/removeoldsearch
Remove old search API which is no longer in use
2016-03-04 12:05:07 -05:00
Quentin Machu
f4131d3c8a Enable security notifications in test suite 2016-03-01 16:14:56 -05:00
Jimmy Zelinskie
c7904db30d v2: always send www-authn headers on unauthorized
Fixes #1254.
2016-02-25 17:09:29 -05:00
Joseph Schorr
f498e92d58 Implement against new Clair paginated notification system 2016-02-25 15:58:42 -05:00
Joseph Schorr
c0374d71c9 Refactor the security worker and API calls and add a bunch of tests 2016-02-25 12:29:41 -05:00
josephschorr
6f9fc7fc08 Merge pull request #1225 from coreos-inc/setuptooltest
Add tests for superuser config API calls
2016-02-16 17:01:43 -05:00
josephschorr
81a36ee3b8 Merge pull request #1217 from coreos-inc/v2pagination
Fix V2 catalog and tag pagination
2016-02-16 15:34:49 -05:00
Joseph Schorr
ecaa051791 Fix schema for invoice email updating
Fixes #1209
2016-02-16 11:52:57 -05:00
Joseph Schorr
69262282fe Make sure to encode all V1 metadata strings
Fixes #1239
2016-02-15 10:57:20 -05:00
Jake Moshenko
6454b5aeb7 Update the layer rename PR to preserve the original manifest 2016-02-12 16:25:47 -05:00
Joseph Schorr
abd2e3c234 V1 Docker ID <-> V2 layer SHA mismatch fix
Fix handling of V1 Docker ID <-> V2 layer SHA mismatch by dynamically rewriting the manifest to use new synthesized IDs for all layers above the mismatch. Also adds a bunch of tests for this and other use cases, fixes a bug around manifest digest uniqueness and fixes the 5.5 migration for MySQL.
2016-02-12 17:39:27 +02:00
Jake Moshenko
abb0e9fb88 Fix allocator test 2016-02-11 17:18:19 -05:00
josephschorr
904b2d53d2 Merge pull request #1197 from coreos-inc/webpytest
Tests for endpoints/web and some small fixes
2016-02-11 22:42:43 +02:00
Joseph Schorr
03533db5a3 Add tests for superuser config API calls 2016-02-11 11:04:37 +02:00
Joseph Schorr
1887dc879c Remove old search API which is no longer in use 2016-02-10 15:02:27 +02:00
Joseph Schorr
db0eab0461 Fix V2 catalog and tag pagination 2016-02-10 00:25:33 +02:00
josephschorr
d5920319de Merge pull request #1193 from coreos-inc/keystonetest
Add basic tests for keystone auth
2016-02-05 09:51:05 +02:00
Joseph Schorr
cc677f9824 Add basic tests for keystone auth 2016-02-05 09:50:46 +02:00
Joseph Schorr
6a8331d305 Tests for endpoints/web and some small fixes 2016-02-05 09:45:25 +02:00
Joseph Schorr
534ec9cb2b Add pagination to the repository list API to make it better for public
Fixes #1166
2016-02-01 22:42:44 +02:00
Joseph Schorr
accc576a98 Fix V1 push URL to match Docker and fix registry tests 2016-01-29 16:42:15 +02:00
Joseph Schorr
8cd38569d6 Fix issue with Docker 1.8.3 and pulling public repos with no creds
We now return the valid subset of auth scopes requested.

Adds a test for this case and adds testing of all returned JWTs in the V2 login tests
2016-01-25 15:54:17 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Joseph Schorr
06b0f756bd Fix test to reflect change in the status code returned for no torrent available 2016-01-20 18:35:07 -05:00
Joseph Schorr
7c572fd218 Add support for torrenting verbs
Fixes #1130
2016-01-20 18:15:32 -05:00
josephschorr
3fdadb51b7 Merge pull request #1155 from coreos-inc/torrenttest
Add torrent tests
2016-01-20 13:42:42 -05:00
Joseph Schorr
68c9d5e432 Add torrent tests
Fixes #1128
2016-01-19 17:40:11 -05:00
Jake Moshenko
fe2bdeb6cb Require some data from all models in initdb 2016-01-19 15:30:27 -05:00
Jake Moshenko
909e7d45b7 Add a test for swift path computation 2016-01-15 15:35:04 -05:00
Jake Moshenko
dc23ccce89 Remove the sample data we no longer use 2016-01-15 10:31:52 -05:00
Joseph Schorr
e4da61a05d Fix piece hash calculation 2016-01-12 17:44:19 -05:00
Joseph Schorr
742f3b4fc1 Add GC test for torrent info 2016-01-12 12:15:07 -05:00
Jake Moshenko
77aa58996a Fix the db definition for torrentinfo and add migration 2016-01-06 14:04:03 -05:00
Jake Moshenko
fe87d3c796 Hash and track layer file chunks for torrenting 2016-01-04 16:17:51 -05:00
Jake Moshenko
40c741f34e Remove the test diffs after dropping image diffs feature 2016-01-04 16:16:40 -05:00
josephschorr
f748d4348d Merge pull request #1106 from coreos-inc/billingemail
Add support for custom billing invoice email address
2016-01-04 14:34:30 -05:00
Joseph Schorr
10efa96009 Add support for custom billing invoice email address
Fixes #782
2015-12-28 13:59:50 -05:00
Joseph Schorr
ab166c4448 Delete the image diff feature
Fixes #1077
2015-12-23 13:08:01 -05:00
Joseph Schorr
94ece129d4 Remove remaining recursive queries on repo delete and add test 2015-12-18 16:04:03 -05:00
Joseph Schorr
a627494e05 Ensure the squashed estimated size is an int
Also adds a test to verify
2015-12-17 13:39:01 -05:00
Jake Moshenko
3fda6696e5 Merge pull request #1069 from jakedt/trackhostname
Trackhostname
2015-12-16 14:08:55 -05:00
Jake Moshenko
f228a0b13a Update the test db for new upload structure 2015-12-16 13:42:35 -05:00
Jake Moshenko
50f4612c72 Merge pull request #1065 from jakedt/spader
Add the ability to blacklist v2 for specific versions
2015-12-16 11:48:43 -05:00
Jake Moshenko
766d60493f Add the ability to blacklist v2 for specific versions 2015-12-15 18:27:10 -05:00
Joseph Schorr
4e942203cb Fix handling of tokens in the new context block of the JWT 2015-12-15 16:52:22 -05:00
Joseph Schorr
ca7d36bf14 Handle empty scopes and always send the WWW-Authenticate header, as per spec
Fixes #1045
2015-12-15 14:59:47 -05:00
Joseph Schorr
54095eb5cb Handle the common case of one chunk when calculating the uncompressed size
Reference #992
2015-12-14 15:27:48 -05:00
josephschorr
1323da20e3 Merge pull request #1050 from coreos-inc/v2betterlogging
Make our JWT subjects better and log using the info
2015-12-14 15:24:39 -05:00
Joseph Schorr
4a4eee5e05 Make our JWT subjects better and log using the info
Fixes #1039
2015-12-14 14:00:33 -05:00
Joseph Schorr
d963f7174a Change manifest delete to mark tag as dead and log 2015-12-10 15:45:53 -05:00
Joseph Schorr
f07b940bc5 Optimize blob lookup
Fixes #1013
2015-12-04 14:47:09 -05:00
Joseph Schorr
f99e74f0a1 Support all schemas in the custom trigger
Fixes #266
2015-12-01 16:59:24 -05:00
josephschorr
dc1f6c2d87 Merge pull request #974 from coreos-inc/derivedfix
Derived image fixes
2015-11-25 11:57:16 -05:00
Joseph Schorr
b2df3bc9cb Add test for push and pull logs
Fixes #961
2015-11-24 15:23:45 -05:00
Joseph Schorr
75a91f0f92 Add login tests and fix scope security issue 2015-11-24 13:39:16 -05:00
Joseph Schorr
762cd56e64 Change derived storage to be based on image
Fixes #971
2015-11-24 12:44:07 -05:00
Joseph Schorr
8d05d40cf7 Add test for verb pulling when the tag has changed images 2015-11-24 11:18:56 -05:00
Joseph Schorr
e9b577104d Add squash testing code to registry tests
Fixes #896
2015-11-20 15:16:11 -05:00
Jake Moshenko
7b53797677 Fix garbage collection when manifests may reference tags 2015-11-19 16:01:36 -05:00
Quentin Machu
605ed1fc77 Refactor security worker 2015-11-18 14:38:32 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Joseph Schorr
da07823e20 Small test fix 2015-11-12 22:28:22 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00
Jake Moshenko
941d13ea3e Fix an off by one error in the common backfill code 2015-11-10 16:14:44 -05:00
Jake Moshenko
dc24e8b1a1 Backfill by allocating and selecting ids in random blocks
Fixes #826
2015-11-09 22:29:17 -05:00
Joseph Schorr
75173d5573 Base DB with notification 2015-11-09 12:51:05 -05:00
Joseph Schorr
136ab28f17 Base demo DB 2015-11-09 12:51:05 -05:00
Joseph Schorr
87c56d1caa Add vulnerabilities and packages API to Quay
Fixes #564
2015-11-09 12:49:19 -05:00
Quentin Machu
37118423a5 Add support for Quay's vulnerability tool 2015-11-09 12:49:19 -05:00
Jake Moshenko
7efa6265bf Merge branch 'newchanges' into python-registry-v2 2015-11-06 18:24:32 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00
Jake Moshenko
99e5429e86 Relax the digest specification to handle more formats 2015-11-06 17:47:28 -05:00
Jimmy Zelinskie
d5e7f6bea7 resolve migration branches and run initdb 2015-11-06 16:10:31 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0 Add vulnerabilities and packages API to Quay
Fixes #564
2015-11-06 15:22:18 -05:00
Quentin Machu
f59e35cc81 Add support for Quay's vulnerability tool 2015-11-06 15:22:18 -05:00
Matt Jibson
249269ad50 Merge pull request #715 from mjibson/localhost
Use local IP instead of deprecated docker IP
2015-11-04 13:49:42 -05:00
Matt Jibson
57ffb39651 Merge pull request #714 from mjibson/queue-locking
Refactor queue locking to not use select for update
2015-11-04 12:05:53 -05:00
Matt Jibson
a994b367da Refactor queue locking to not use select for update
The test suggests this works.

fixes #622
2015-11-03 11:32:28 -05:00
Joseph Schorr
387b50bcac Add a unicode test to make sure we don't break 2015-10-27 17:54:02 -04:00
Jimmy Zelinskie
432c33209d use different ports for jwt tests 2015-10-27 17:32:46 -04:00
Jimmy Zelinskie
ca65df68ba skip flaky buildman test 2015-10-27 17:02:15 -04:00
Jake Moshenko
2c10d28afc Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-10-26 14:44:16 -04:00
Jake Moshenko
9da64f3aba Stop writing to deprecated columns for image data. 2015-10-24 14:45:15 -04:00
Matt Jibson
a711ad0e90 Use local IP instead of deprecated docker IP 2015-10-23 17:22:47 -04:00
Joseph Schorr
e0d715024c Fix typo in test 2015-10-23 16:39:40 -04:00
Jake Moshenko
e7a6176594 Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2 2015-10-22 16:59:28 -04:00
Jake Moshenko
ce94931540 Stop writing to deprecated columns for image data. 2015-10-22 12:14:39 -04:00
josephschorr
ad53bf5671 Merge pull request #644 from coreos-inc/namechoose
Docker changed their namespace regex, so we need to adjust
2015-10-22 12:07:52 -04:00
Joseph Schorr
a8aa6d1939 Docker changed their namespace regex, so we need to adjust
Fixes #617
2015-10-22 12:07:31 -04:00
Joseph Schorr
c9daf7d8a9 Add additional tests for repo visibility and further simplify the query for perf 2015-10-15 12:12:57 -04:00
Joseph Schorr
e8cb359d96 Unionize the mega query - It needed more performance-based benefits 2015-10-09 14:45:05 -07:00
josephschorr
3e7a95407b Merge pull request #598 from coreos-inc/limitbadquery
Prevent unlimited insane query from running and fix tests
2015-10-05 21:29:35 -04:00
Silas Sewell
c6da322ec1 Merge pull request #597 from coreos-inc/tag-validation
Update tag validation
2015-10-05 21:10:55 -04:00
Silas Sewell
dd3d939b31 Update tag validation
Fixes #536
2015-10-05 19:32:10 -04:00
Joseph Schorr
dd804816ba Prevent unlimited insane query from running and fix tests
Fixes #591
2015-10-05 17:11:49 -04:00
Joseph Schorr
7ffb28cafa Small test fixes 2015-10-05 15:26:45 -04:00
Joseph Schorr
8ca92d6828 Remove old search API and switch V1 search to use the new search system 2015-10-05 14:36:43 -04:00
Joseph Schorr
f393236c9f Add repo name check to V2
Fixes #592
2015-10-05 14:19:52 -04:00
Joseph Schorr
b0ed930627 Make sure registry pull tests verify the images expected 2015-10-02 14:33:38 -04:00
Joseph Schorr
d0dc8fe45d Add endpoint security tests for the V2 endpoints
Fixes #581
2015-10-02 14:01:12 -04:00
josephschorr
1cf930eb9c Merge pull request #580 from coreos-inc/python-registry-v2-testfix
Fix test specs for recent change in tags endpoint in V1
2015-10-01 12:50:50 -04:00
josephschorr
5b552b0129 Merge pull request #567 from coreos-inc/python-registry-v2-optimize
Load images and storage references in bulk during V1 synthesize
2015-10-01 12:50:36 -04:00
Joseph Schorr
53b096e2f5 Fix test specs for recent change in tags endpoint in V1 2015-10-01 12:48:59 -04:00
Jimmy Zelinskie
ffeb99d4ee BaseStreamFileLike: handle reads that return None
Fixes #555.
2015-09-30 17:46:59 -04:00
Joseph Schorr
a3ebb9028d Add full unit tests for the file-like objects and fix them
Fixes #568
2015-09-30 14:19:25 -04:00
Joseph Schorr
35c35d9913 Load images and storage references in bulk during V1 synthesize
Currently, we perform multiple queries for each layer, making it much slower (especially cross-region)

Fixes #413
2015-09-29 17:53:39 -04:00
Joseph Schorr
decdaa4c79 New tests and small fixes while comparing against the V2 spec
Fixes #391
2015-09-29 15:18:48 -04:00
Joseph Schorr
eaf81959f5 Handle the case where we have lookup_user but no username 2015-09-28 17:12:56 -04:00
Joseph Schorr
d45975051d Fix registry V1 push test 2015-09-28 15:44:18 -04:00
Joseph Schorr
09f8ad695b Fix resumable upload support and add another test 2015-09-28 12:17:17 -04:00
Joseph Schorr
18cfe676ee Fix GH schema for missing usernames and add test 2015-09-25 15:12:24 -04:00
Joseph Schorr
1bba472c14 Refactor test_prepare_trigger to make it easier to add tests 2015-09-25 15:09:47 -04:00
Joseph Schorr
85ed745433 Fix bitbucket trigger validation for commits without authors 2015-09-25 12:03:21 -04:00
Joseph Schorr
4dc30d6321 Remove yaml and switch to JSON because yaml is so slow 2015-09-24 16:17:42 -04:00
Joseph Schorr
051f669a93 Add PATCH tests for resumable upload
Fixes #510
2015-09-24 12:00:27 -04:00
josephschorr
6e94f63a51 Merge pull request #535 from coreos-inc/reponameregex
Add a check to ensure repository names are valid according to an exte…
2015-09-24 11:55:20 -04:00
Joseph Schorr
a283c8d8ec Add a check to ensure repository names are valid according to an extended set of rules.
Fixes #534
2015-09-24 11:55:08 -04:00
josephschorr
28c4f00280 Merge pull request #526 from coreos-inc/preparetriggertest
Add a test for missing optional fields in prepare trigger
2015-09-22 15:05:42 -04:00
Joseph Schorr
05c9a5f7b8 Fix the skip branch logic 2015-09-22 14:44:49 -04:00
Joseph Schorr
97a478e05b Add a test for missing optional fields in prepare trigger 2015-09-22 14:27:29 -04:00
Joseph Schorr
49b575afb6 Start refactoring of the trigger system:
- Move each trigger handler into its own file
- Add dictionary helper classes for easier reading and writing of dict-based data
- Extract the web hook payload -> internal representation building for each trigger system
- Add tests for this transformation
- Remove support for Github archived-based building
2015-09-21 16:36:48 -04:00
Joseph Schorr
88bc93d607 Better test performance for registry tests 2015-09-17 16:48:08 -04:00
Joseph Schorr
dd61f56e89 Fix registry tests 2015-09-17 16:27:05 -04:00
Jake Moshenko
26cea9a07c Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-17 16:16:27 -04:00
josephschorr
c801965626 Merge pull request #492 from coreos-inc/nofreelunch
UI and API fixes for disallowing private repo count abuse
2015-09-16 17:53:11 -04:00
Joseph Schorr
30379a2dd8 Fix interleaved repo delete with RAC via a transaction
The RepositoryActionCount table can have entries added while a repository deletion is in progress. We now perform the repository deletion under a transaction and explicitly test for RAC entries in the deletion unit test (which doesn't test interleaving, but it was missing this check).

Fixes #494
2015-09-16 15:34:32 -04:00
Joseph Schorr
fbfe7fdb54 Make change repo visibility and create repo raise a 402 when applicable
We now check the user or org's subscription plan and raise a 402 if the user attempts to create/make a repo private over their limit
2015-09-15 14:33:35 -04:00
Jake Moshenko
b56de3355c Migrate data back to Image in preparation for v2 2015-09-15 11:53:31 -04:00
Jake Moshenko
9c3ddf846f Some fixes and tests for v2 auth
Fixes #395
2015-09-10 15:38:57 -04:00
Jake Moshenko
0e30d14bb4 Merge remote-tracking branch 'upstream/python-registry-v2' into mergemaster 2015-09-10 13:37:47 -04:00
Joseph Schorr
fd3a21fba9 Add Kubernetes configuration provider which writes config to a secret
Fixes #145
2015-09-10 12:19:59 -04:00
Joseph Schorr
88a04441de Extract the config provider into its own sub-module 2015-09-10 12:19:59 -04:00
Joseph Schorr
474fffd01f Select the full RepositoryBuild record
If we just return the ID, then peewee just fills in the other fields with defaults (such as UUID).
2015-09-09 21:43:48 -04:00
Jimmy Zelinskie
ece08f6e88 Merge pull request #463 from jzelinskie/fixpagination
fix pagination of tags in API
2015-09-09 15:53:55 -04:00
Jimmy Zelinskie
d55ab78fbe fix pagination of tags in API
Fixes #461.
2015-09-09 15:52:21 -04:00
Joseph Schorr
3ee4147117 Switch the build logs archiver to a more performant query
Fixes #459
2015-09-09 13:59:45 -04:00
Joseph Schorr
104bdef339 DEBUG flag is still broken on older version of Flask-Testing 2015-09-08 12:51:23 -04:00
Joseph Schorr
8b4d99adcf Have registry tests use a copy of the database
This makes the test suite much faster
2015-09-08 12:35:03 -04:00
Joseph Schorr
47eec8fa06 Add V1->V2 and V2->V1 tests
Fixes #401
2015-09-08 11:58:21 -04:00
Joseph Schorr
d0e22e5afb Use a different port number for each live server test case in the registry tests 2015-09-08 10:40:10 -04:00
josephschorr
b73c4135db Merge pull request #453 from coreos-inc/robotregex
Robot accounts allow underscores
2015-09-08 10:13:06 -04:00
Joseph Schorr
386fcfd50e Robot accounts allow underscores
Fixes #451
2015-09-08 10:10:00 -04:00
Joseph Schorr
48cf33a8c1 Add missing superuser aggregate logs endpoint
Reference: d47d28ea4e/Screen-Shot-2015-09-04-at-11-04-41.png
2015-09-04 16:48:32 -04:00
Jake Moshenko
2c9d85a55a Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-04 16:34:51 -04:00
Jake Moshenko
210ed7cf02 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-04 16:32:01 -04:00
Joseph Schorr
039768f17b Fix JWT auth test 2015-09-04 16:31:37 -04:00
Jake Moshenko
193436f945 Fix the registry tests to run without debug. 2015-09-03 16:26:07 -04:00
Joseph Schorr
42dba8655c Fix auth and add V2 tests! 2015-09-03 12:21:21 -04:00
josephschorr
62ea4a6cf4 Merge pull request #191 from coreos-inc/carmen
Add automatic storage replication
2015-09-01 15:04:36 -04:00
Joseph Schorr
724b1607d7 Add automatic storage replication
Adds a worker to automatically replicate data between storages and update the database accordingly
2015-09-01 14:53:32 -04:00
Joseph Schorr
51c507d02d Add back the ability to retrieve information for an org member directly
Fixes #427
2015-08-31 16:45:24 -04:00
Joseph Schorr
fb86b4bf2c Fix Dockerfile parsing for unicode and add testing
Fixes #423
2015-08-31 14:32:26 -04:00
Joseph Schorr
43e77a7a14 Add missing tell() method to GeneratorFile and add tests 2015-08-28 12:10:03 -04:00
Jake Moshenko
398202e6fc Implement some new methods on the storage engines. 2015-08-27 11:29:19 -04:00
Jake Moshenko
3bfec1d7a9 Style fixes. 2015-08-24 11:59:46 -04:00
Jake Moshenko
b998eca8e5 Fix the tests for registry v2 changes. 2015-08-24 11:59:12 -04:00
Joseph Schorr
36a2beab98 Fix test by adding missing param 2015-08-21 15:07:26 -04:00