vbatts/quay - Git - Batts Cloud

Archived

Author	SHA1	Message	Date
Evan Cordell	ac54dd6f5d	fix(secscan): don't use slash_join, it discards the root	2017-07-11 14:12:57 -04:00
Evan Cordell	b9581e0baf	fix(secscan): fix mitm cert path calculation	2017-07-11 13:26:19 -04:00
Antoine Legrand	cdb3722c17	Use $QUAYPATH and $QUAYDIR in conf and init files	2017-07-05 16:23:54 +02:00
Jimmy Zelinskie	46087d5e64	util.secscan.api: more robust API failures cases Addresses QUAY-672 by handling all status codes that are not 404 and 5xx and moving response decoding inside the try/except block to ensure that the response object is in scope.	2017-06-26 17:13:51 -04:00
Joseph Schorr	f296599162	Add additional logging around secscan analyze	2017-04-21 16:52:47 -04:00
Joseph Schorr	c5bb9abf11	Fix deleting repos when sec scan or signing is disabled Make sure we don't invoke the APIs to non-existent endpoints	2017-04-19 16:57:36 -04:00
Jimmy Zelinskie	65a17dc155	Merge pull request #2473 from coreos-inc/certs-fixes Fixes and improvements around custom certificate handling	2017-03-27 15:08:36 -04:00
Evan Cordell	6ad107709c	Change build_context_and_subject to take kwargs	2017-03-27 11:37:17 -04:00
Evan Cordell	43dd974dca	Determine which TUF root to show based on actual access, not requested access	2017-03-27 11:37:17 -04:00
Joseph Schorr	b017133cc6	Make QSS validation errors more descriptive	2017-03-24 17:28:16 -04:00
Jimmy Zelinskie	cbb2fff0e2	util.secscan.api: raise exception for !200 status	2017-03-01 00:40:47 -05:00
Jimmy Zelinskie	c8034deab4	util.secscan.api: failover connection failures	2017-02-23 15:01:32 -05:00
Jimmy Zelinskie	3286566478	util.secscan.api: reorg try/catch	2017-02-14 15:21:17 -05:00
Jimmy Zelinskie	d2909c0e4d	failover: store result in FailoverException	2017-02-14 14:36:36 -05:00
Jimmy Zelinskie	e81926fcba	util.secscan.api: init read-only failover	2017-02-03 19:20:13 -05:00
Joseph Schorr	d609e6a1c4	Security scanner garbage collection support Adds support for calling GC in the security scanner for any layers+storage removed by GC on the Quay side	2016-12-22 14:55:26 -05:00
Joseph Schorr	405eca074c	Security scanner flow changes and auto-retry Changes the security scanner code to raise exceptions now for non-successful operations. One of the new exceptions raised is MissingParentLayerException, which, when raised, will cause the security worker to perform a full rescan of all parent images for the current layer, before trying once more to scan the current layer. This should allow the system to be "self-healing" in the case where the security scanner engine somehow loses or corrupts a parent layer.	2016-12-16 15:38:09 -05:00
Joseph Schorr	15041ac5ed	Add a fake security scanner class for easier testing The FakeSecurityScanner mocks out all calls that Quay is expected to make to the security scanner API, and returns faked data that can be adjusted by the calling test case	2016-12-14 17:11:45 -05:00
Evan Cordell	5686c80af1	Revert "Add GC of layers in Clair" This reverts `49872838ab`	2016-12-13 18:40:58 -05:00
Joseph Schorr	49872838ab	Add GC of layers in Clair Fixes https://www.pivotaltracker.com/story/show/135583207	2016-12-06 19:52:56 -05:00
Joseph Schorr	8887f09ba8	Use the instance service key for registry JWT signing	2016-06-07 11:58:10 -04:00
josephschorr	d572a45a57	Merge pull request #1441 from coreos-inc/fastesttests Make security scan testing much faster	2016-05-05 13:57:05 -04:00
Joseph Schorr	343a080833	Make security scan testing much faster	2016-05-05 13:55:24 -04:00
Jake Moshenko	75f5df6369	Add clair auth header in generalized interface	2016-05-05 13:28:06 -04:00
Joseph Schorr	232fa42897	Add testing of the new secscan-for-local endpoint and fix a bug	2016-05-04 21:47:03 -04:00
Jake Moshenko	9221a515de	Use the registry API for security scanning when the storage engine doesn't support direct download url	2016-05-04 18:04:06 -04:00
Joseph Schorr	2cbdecb043	Implement setup tool support for Clair Fixes #1387	2016-05-04 13:40:50 -04:00
Evan Cordell	0c2ecec9a9	Don't check for client certs when talking to clair	2016-04-29 14:10:33 -04:00
Evan Cordell	f30a9e56f3	Be really sure about proxy protocol	2016-04-29 14:10:33 -04:00
Evan Cordell	8595140f38	Use signer proxy for all http(s) requests	2016-04-29 14:10:33 -04:00
Evan Cordell	f4d2fae5d8	Separate jwtproxy signer config from secscan config	2016-04-29 14:10:33 -04:00
Evan Cordell	e499c4a8ef	Actually go through signer proxy	2016-04-29 14:10:33 -04:00
Evan Cordell	9e7a501dae	Authenticate in the other direction with jwtproxy	2016-04-29 14:10:33 -04:00
Joseph Schorr	aa5587c93c	Fixes and added tests for the security notification worker Fixes #1301 - Ensures that the worker uses pagination properly - Ensures that the worker handles failure as expected - Moves marking the notification as read to after the worker processes it - Increases the number of layers requested to 100	2016-03-18 20:28:06 -04:00
Quentin Machu	81fe315171	Add ability to use another Clair stack for batch tasks	2016-03-14 14:28:34 -04:00
Quentin Machu	d36528a77a	Increase POST timeout in secscan API	2016-03-04 11:59:00 -05:00
Quentin Machu	4f7a66ab0e	Repair secscan's analyze_layer API call	2016-03-02 16:05:11 -05:00
Quentin Machu	672168ce78	Close Clair API connections This forces every API calls to be load-balanced properly.	2016-02-29 14:52:38 -05:00
Joseph Schorr	f498e92d58	Implement against new Clair paginated notification system	2016-02-25 15:58:42 -05:00
Joseph Schorr	c0374d71c9	Refactor the security worker and API calls and add a bunch of tests	2016-02-25 12:29:41 -05:00
Joseph Schorr	25b8b7590f	Fix all the things!	2015-11-12 20:55:41 -05:00
Jimmy Zelinskie	37ce84f6af	tiny fixes to securityworker	2015-11-12 17:18:04 -05:00
Jimmy Zelinskie	e86a342868	create class for security config validation	2015-11-12 15:47:01 -05:00
Joseph Schorr	ca7d736db2	Only send vulnerability events if the minimum priority is gte to that specified Fixes #770	2015-11-10 16:05:55 -05:00
Jimmy Zelinskie	8e2868737b	rename secscan_endpoint and move db close to API	2015-11-10 15:22:31 -05:00

45 commits