vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
8264 commits 2 branches 62 tags 205 MiB
Commit graph

8264 commits

This branch
This branch
All branches
Author SHA1 Message Date
Joseph Schorr
f05982dc7c Fix app registry logging 2018-01-04 13:05:50 -05:00
Joseph Schorr
a1a6df7914 Fix log level on build manager logs 2018-01-04 13:03:45 -05:00
Joseph Schorr
1ba3c24fe5 Fix log level on expired OAuth log 2018-01-04 12:59:21 -05:00
Joseph Schorr
b54ebacdfb Remove request-start and request-end info logs 
They aren't useful and take up a lot of logs space
 2018-01-04 12:58:30 -05:00
josephschorr
db0b28eadb
Merge pull request #2957 from coreos-inc/joseph.schorr/QS-104/time-display-bug 
Remove single bind on time-ago component
 2018-01-04 11:20:38 -05:00
Joseph Schorr
c9fd579b06 Remove single bind on time-ago component 
The component is occasionally used for date times that change, so we cannot single bind

Fixes https://jira.coreos.com/browse/QS-104
 2018-01-04 11:17:44 -05:00
IvanCherepov
6abfa24ad4
Replaced account.tectonic.com with account.coreos.com (#2956) 
Fixed an outdated message on how to get Raw Quay Enteprise license during the setup
 2018-01-03 09:32:01 -05:00
Joseph Schorr
8e473b9779 Add filter for disabled users to superuser user list API 
Fixes https://jira.coreos.com/browse/QS-102
 2017-12-22 16:45:49 -05:00
Joseph Schorr
1d3a93efcb Linter fixes for superuser API file 2017-12-22 16:18:58 -05:00
Joseph Schorr
6b42e3e4ca Allow anonymous access to the discovery endpoint 
Fixes https://jira.coreos.com/browse/QS-101
 2017-12-22 16:13:23 -05:00
josephschorr
ef42124085
Merge pull request #2951 from coreos-inc/joseph.schorr/QS-100/revert-tag 
Change tag history revert operation to apply to the *current* entry, rather than the "next"
 2017-12-20 16:25:35 -05:00
Joseph Schorr
d95a9e3c59 Change tag history revert operation to apply to the *current* entry, rather than the "next" 
Before this change, the restore operation next to a history entry would bring the tag back to the state *at that entry*, rather than *before that entry*, which is neither the expected behavior, nor allowed for an immediate restore when moving a tag. This fixes the problem.

Fixes https://jira.coreos.com/browse/QS-100
 2017-12-20 16:23:17 -05:00
josephschorr
b4df9fb805
Merge pull request #2950 from coreos-inc/joseph.schorr/QS-99/fix-oci 
Prevent 500s when receiving bad manifests or OCI manifests
 2017-12-20 13:11:15 -05:00
Joseph Schorr
3ce9d68a3e Fix broken registry test 
Flask now returns a 404 error, rather than redirecting like it used to do
 2017-12-20 11:43:55 -05:00
Joseph Schorr
f9bd7ef42b Add validation of Docker V2_1 schemas and add a test for PUTing an invalid schema 2017-12-20 11:43:03 -05:00
Joseph Schorr
11e3724919 Return an http 415 (manifest version not supported) for OCI manifest content types 
This was breaking skopeo, as it first tries to send the *OCI* manifest type, which we didn't say we didn't support, thus breaking the tool
 2017-12-20 11:02:34 -05:00
josephschorr
db3e0307b7
Merge pull request #2948 from coreos-inc/joseph.schorr/QS-97/license-validator 
Add license validation to the config validation check
 2017-12-19 13:59:26 -05:00
Joseph Schorr
72bfebdb60 Add license validation to the config validation check 
Should prevent a customer from accidentally saving a config that violates their license

Fixes https://jira.coreos.com/browse/QS-97
 2017-12-19 13:44:08 -05:00
josephschorr
024c183f67
Merge pull request #2944 from coreos-inc/joseph.schorr/QS-91/v2-caching 
V2 registry blob caching
 2017-12-18 14:42:02 -05:00
Joseph Schorr
9e16596854 Add a bunch of logging to the data model caching mechanism 
Should help us debug any potential issues
 2017-12-18 14:18:37 -05:00
josephschorr
a829260091
Merge pull request #2945 from coreos-inc/joseph.schorr/QS-53/new-pricing 
New Quay.io pricing
 2017-12-18 13:21:49 -05:00
Joseph Schorr
097cbbeaae Add new Quay pricing plans 2017-12-18 13:12:16 -05:00
josephschorr
a251373f11
Merge pull request #2946 from coreos-inc/fix-custom-cert-install 
Fix the custom cert install process to install to the new certifi location, in addition to the old location
 2017-12-18 11:45:37 -05:00
Joseph Schorr
0a176d0abe Fix plans manager display to be less confusing when we show deprecated plans 2017-12-18 11:45:15 -05:00
Joseph Schorr
6de96ee8a5 Fix the custom cert install process to install to the new certifi location, in addition to the old location 
Also updates our requirements around requests
 2017-12-15 17:26:44 -05:00
Joseph Schorr
60bc655695 Fix flakiness in a test when comparing date times 2017-12-14 14:00:20 -05:00
Joseph Schorr
b2485934ed Enable caching of blobs in V2 registry protocol, to avoid DB connections after the cache has been loaded 
This should help for bursty pull traffic, as it will avoid DB connections on a huge % of requests
 2017-12-14 13:38:24 -05:00
Joseph Schorr
db6007cb37 Change v2 registry auth code to not hit the database when we know we have permissions loaded 
Avoids a DB call and, when used in conjunction with blob caching, will avoid a DB *connection*
 2017-12-14 13:37:31 -05:00
Joseph Schorr
3c72e9878d Add the concept of a data model cache, for caching of Namedtuple objects from the data model 
Will be used to cache blobs, thus removing the need to hit the database in most blob requests
 2017-12-14 13:36:51 -05:00
Joseph Schorr
51e67ab7f5 Fix get_blob_path to not make any database calls and add a test 
This will be supported by caching, hopefully removing the need to hit the database when the blob object is cached
 2017-12-13 16:27:46 -05:00
Jimmy Zelinskie
e06a83faf9
Merge pull request #2941 from jzelinskie/reduce-rate-limit-simple 
nginx: rate limit 1r/s
 2017-12-13 13:16:16 -05:00
Jimmy Zelinskie
e36bf25a5e nginx: rate limit 1r/s 
This reduces our rate limiting down to to 1 request per second.
 2017-12-13 13:15:32 -05:00
josephschorr
7e27e7f7eb
Merge pull request #2943 from coreos-inc/rev-base 
Revise our base image again
 2017-12-13 12:03:52 -05:00
Joseph Schorr
56ff068637 Revise our base image again 2017-12-13 12:01:22 -05:00
josephschorr
44c77b4cbb
Merge pull request #2931 from coreos-inc/joseph.schorr/QS-76/oidc-scopes 
Allow admins to configure the login scopes for OIDC login
 2017-12-08 13:33:06 -05:00
josephschorr
c733c87312
Merge pull request #2940 from coreos-inc/verbs-logs 
Add additional logs and an additional test for verbs
 2017-12-07 15:42:31 -05:00
Joseph Schorr
a706d99849 Add additional logs and an additional test for verbs 2017-12-07 15:22:20 -05:00
josephschorr
b2db266747
Merge pull request #2935 from coreos-inc/joseph.schorr/QS-80/password-reset-expire 
Add maximum lifetime of 30m on password recovery tokens
 2017-12-07 14:21:32 -05:00
josephschorr
a21dad3e07
Merge pull request #2937 from coreos-inc/joseph.schorr/QS-83/hide-aws-metadata 
Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1
 2017-12-07 14:11:20 -05:00
Joseph Schorr
2ffdfa1434 Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1 
While this isn't strictly a security issue, it *appears* to be and we got audited as such, so just turn it off

Fixes https://jira.coreos.com/browse/QS-83
 2017-12-07 13:29:14 -05:00
josephschorr
6db2ecc19f
Merge pull request #2928 from coreos-inc/joseph.schorr/QS-74/fix-restart 
Have Quay lookup the sbin/my_init PID to kill
 2017-12-07 13:25:16 -05:00
josephschorr
1861d7dee9
Merge pull request #2938 from coreos-inc/joseph.schorr/QS-85/signout-all 
Invalidate all session tokens when a user signs out
 2017-12-07 13:25:00 -05:00
Joseph Schorr
1d1c6f0606 Invalidate all session tokens when a user signs out 
Fixes https://jira.coreos.com/browse/QS-85
 2017-12-07 13:03:11 -05:00
josephschorr
6c12cb8328
Merge pull request #2936 from coreos-inc/joseph.schorr/QS-84/content-disposition 
Ensure user files are always sent with the Content-Disposition header
 2017-12-07 11:42:10 -05:00
Joseph Schorr
d38a1fc851 Ensure user files are always sent with the Content-Disposition header 
This prevents them from being executed in the browser directly

Fixes https://jira.coreos.com/browse/QS-84
 2017-12-06 17:12:00 -05:00
Joseph Schorr
5dd95038cf Add maximum lifetime of 30m on password recovery tokens 
Fixes https://jira.coreos.com/browse/QS-80
 2017-12-06 17:06:03 -05:00
Joseph Schorr
c55ad59f1f Allow admins to configure the login scopes for OIDC login 
Some OIDC implementations return a larger set of scopes than is necessary, so we allow admins to override.
 2017-12-06 15:54:26 -05:00
josephschorr
d405f6f158
Merge pull request #2899 from coreos-inc/joseph.schorr/QS-36/appr-auth-improvement 
Allow app registry to use robots and tokens to login
 2017-12-06 15:04:22 -05:00
josephschorr
b9ad8bbb5d
Merge pull request #2934 from coreos-inc/joseph.schorr/QS-78/email-recovery 
Security fixes for password recovery
 2017-12-06 14:53:02 -05:00
Joseph Schorr
a204dc20fb Require CAPTCHA for password recovery 
https://jira.coreos.com/browse/QS-79
 2017-12-06 14:25:34 -05:00