vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
7762 commits 2 branches 62 tags 205 MiB
Commit graph

98 commits

Author SHA1 Message Date
Evan Cordell
9dad44e93d Don't use repository object anywhere in endpoints/api/repositorynotification 
Also adds support for audit logging with repo name only
 2017-07-17 17:55:00 -04:00
Evan Cordell
047722b295 add data interface and pre oci impelementation for repo notifications 2017-07-17 17:53:08 -04:00
Charlton Austin
131acde317 refactor(data+endpoints): code review changes 
this puts the view logic on the object and adds a parameter for logging

[TESTING->locally with docker compose]

Issue: https://coreosdev.atlassian.net/browse/QUAY-632

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
 2017-07-12 14:10:21 -04:00
Evan Cordell
b6d423a50d Merge pull request #2687 from ecordell/enable-builds-trust 
Re-enable builds and tag modification when signing is enabled
 2017-06-13 11:20:04 -04:00
Evan Cordell
2e30c47045 Re-enable builds and tag modification when signing is enabled 2017-06-07 10:01:37 -04:00
Antoine Legrand
3c99928a27 Add log JSON formatter 2017-06-07 00:02:52 +02:00
Joseph Schorr
3e8bc07b6c Fix show_if ordering and add a check that fails if misordered 
Before this change, these endpoints still existed even if the flag was off
 2017-05-01 13:14:20 -04:00
Joseph Schorr
9601fd44f6 Small fixes to signing related APIs 2017-04-17 18:04:06 -04:00
Joseph Schorr
6f722e4585 Disable certain APIs and build triggers when trust is enabled 
Since trust will break if Quay makes changes, disable all Quay tag-change APIs and build APIs+webhooks when trust is enabled on a repository. Once we get Quay signing things itself, we can revisit this.
 2017-04-17 13:04:51 -04:00
Jake Moshenko
8d279c8cc4 Unify app and api exception handling 
Move some confi to an immutable section
Make ApiExceptions real werkzeug exceptions
 2017-04-14 11:18:01 -04:00
Joseph Schorr
b465a34e8f Temporary fix for additional exception classes handled in Flask 
The recent change to Flask-restful broke the other registered exception handlers, so this temporarily handles the decorated cases as well, until we put in place a proper registration model for Flask and Flask-restful handled exceptions
 2017-04-11 23:02:26 -04:00
Jake Moshenko
e371ed69bb Fix for flask-restful >0.3 error handling 2017-04-07 10:22:50 -04:00
Joseph Schorr
1bd4422da9 Move auth decorators into a decorators module 
The non-decorators will be broken out in the followup change
 2017-03-23 15:42:45 -04:00
Joseph Schorr
30b532254c Disallow non-apps-supported APIs for application repositories 2017-03-22 15:51:19 -04:00
Joseph Schorr
ff52fde8a5 Have Quay always use an OAuth-specific CSRF token 
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.

Fixes https://www.pivotaltracker.com/story/show/135803615
 2016-12-08 16:11:57 -05:00
Joseph Schorr
b7fc7999c3 Delete old "license" checking code arounds user counts 
This is legacy code that doesn't actually do anything of value
 2016-10-20 14:58:35 -04:00
Charlton Austin
8e5dc8d3db Moving the messages endpoint to something more generic, and making the get visible all the time. 2016-10-17 16:23:48 -04:00
Jimmy Zelinskie
31b77cf232 rename auth.auth to auth.process 
This fixes some ambiguity around imports.
 2016-09-29 15:24:57 -04:00
Jimmy Zelinskie
fc7301be0d *: fix legacy imports 
This change reorganizes imports and renames the legacy flask extensions.
 2016-09-28 20:17:14 -04:00
Joseph Schorr
608ffd9663 Basic labels support 
Adds basic labels support to the registry code (V2), and the API. Note that this does not yet add any UI related support.
 2016-08-26 15:24:26 -04:00
Joseph Schorr
a1009af61c Move aggregator into its own repo and add it to the image 2016-07-05 15:39:51 -04:00
Evan Cordell
9a1d97216b Switch error mimetype back to application/json 2016-04-18 17:42:08 -05:00
Evan Cordell
4d7843580f Fix superuser page 2016-04-15 16:50:01 -04:00
Evan Cordell
7b44beb1fd Fix WWW-Authenticate header on 401 2016-04-13 09:01:42 -04:00
Evan Cordell
b5db41920f Address review comments 2016-04-11 16:34:40 -04:00
Evan Cordell
eba75494d9 Use new error format for auth errors (factor exceptions into module) 2016-04-11 16:22:26 -04:00
Evan Cordell
9c08717173 Return application/problem+json format errors and provide error endpoint 
to dereference error codes.
 2016-04-11 14:57:24 -04:00
josephschorr
e8faa9f843 Merge pull request #939 from coreos-inc/user-admin 
Add user admin scope
 2016-02-16 16:42:29 -05:00
Joseph Schorr
db0eab0461 Fix V2 catalog and tag pagination 2016-02-10 00:25:33 +02:00
Jake Moshenko
018bf8c5ad Refactor how parsed_args are passed to methods 2016-01-26 16:27:36 -05:00
Joseph Schorr
335c8eb3a9 Add 2 day TTL to page tokens 2016-01-26 14:04:03 -05:00
Joseph Schorr
b4bddacedb Switch to Fernet crypto as per gtank's recommendation 2016-01-26 12:50:48 -05:00
Joseph Schorr
bd0a098282 Add ID-based pagination to logs using new decorators and an encrypted token 
Fixes #599
 2016-01-26 12:50:48 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. 
This support is placed behind a feature flag.
 2016-01-22 15:54:06 -05:00
Matt Jibson
f02bb3caee Add user admin scope 
Also remove unused scope decorator.

fixes #890
 2015-11-18 12:01:40 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0 Add vulnerabilities and packages API to Quay 
Fixes #564
 2015-11-06 15:22:18 -05:00
Joseph Schorr
5e1cd2b2ad Move decorator for TooManyLoginAttempts into general decorated module 
Currently, this is missing in gunicorn_registry which causes 500s when user logins become throttled
 2015-11-03 12:16:01 -05:00
Jimmy Zelinskie
7c1547221d raise a 520 for any GitLab timeouts 2015-10-13 17:34:08 -04:00
Matt Jibson
b483209862 Wrap API and registry requests with common metric timings 
Record response times, codes, and rollup non-2XX responses.
 2015-08-12 12:16:00 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Joseph Schorr
87efcb9e3d Delegated superuser API access 
Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users.
 2015-06-30 11:08:26 +03:00
Joseph Schorr
477a3fdcdc Add a test to verify that all important blueprints have all their methods decorated 
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
 2015-06-02 15:56:44 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
a5ff765f3b Validate that we have a valid JSON body 2015-02-18 15:57:05 -05:00
Joseph Schorr
7933bd44fd Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 12:53:36 -05:00
Joseph Schorr
1bf25f25c1 WIP 2015-01-04 14:38:41 -05:00
Jimmy Zelinskie
182c87b983 Remove unused imports. 2014-11-26 10:53:51 -05:00
Jimmy Zelinskie
d9f0d36dfe Add missing InvalidResponse class. 2014-11-25 16:08:01 -05:00
Joseph Schorr
ccc16fd6f4 Merge branch 'master' into bees 2014-11-17 13:14:27 -05:00