vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
3963 commits 2 branches 62 tags 205 MiB
Commit graph

1138 commits

Author SHA1 Message Date
Joseph Schorr
4160b720f9 UI and API improvements for working with large repositories 
- Change the tag check bar to only select the current page (by default), but allow for selecting ALL tags
- Limit the number of tags compared in the visualization view to 10
- Fix the multiselect dropdown to limit itself to 10 items selected
- Remove saving the selected tags in the URL, as it is too slow and overloads the URLs in Chrome when there are 1000+ tags selected
- Change the images API to not return locations: By skipping the extra join and looping, it made the /images API call 10x faster (in hand tests)

Fixes #292
Fixes #293
 2015-07-31 16:31:29 -04:00
Joseph Schorr
a916177c16 Fix broken imports 2015-07-29 18:28:58 -04:00
Joseph Schorr
572d6ba53c Fix broken tests 2015-07-29 14:21:29 -04:00
Joseph Schorr
11c7994398 Fix 500 on logout 2015-07-28 15:47:04 -04:00
Joseph Schorr
80e2739b41 Manually load GHE org repos if none returned by default 
Fixes #276
 2015-07-28 14:01:22 -04:00
Joseph Schorr
5d243bb45f Fix potential NPE 2015-07-24 12:12:30 -04:00
Joseph Schorr
c3f269ee23 Add migration for BitBucket web hooks 
This needs to added only *after* we roll out #255
 2015-07-23 14:45:12 -04:00
Joseph Schorr
f6311b09fe Fix NPE in BitBucket V2 handling code 2015-07-23 14:06:35 -04:00
Jimmy Zelinskie
fee8bf8607 Merge pull request #255 from coreos-inc/betterbb 
Change to use the new BitBucket webhooks
 2015-07-23 13:36:07 -04:00
Joseph Schorr
3c6f13da56 Change to use the new BitBucket webhooks 
BitBucket has deprecated services (which will be removed in approx 6 months), and they don't even really work all that well anyway.

Fixes #251
 2015-07-23 12:09:17 -04:00
Jimmy Zelinskie
2c29dc048d Merge pull request #260 from coreos-inc/githubfix 
GitHub api now returns ALL the visible repositories for user
 2015-07-22 13:53:58 -04:00
Joseph Schorr
69ca34161c GitHub api now returns ALL the visible repositories for user 
Change the code to simply filter the single list returned, rather than reloading the org repos again
 2015-07-22 13:50:46 -04:00
Joseph Schorr
687bab1c05 Support invite codes for verification of email 
Also changes the system so we don't apply the invite until it is called explicitly from the frontend

Fixes #241
 2015-07-22 13:41:27 -04:00
Jake Moshenko
5d86fa80e7 Merge pull request #197 from coreos-inc/keystone 
Add Keystone Auth
 2015-07-22 13:38:47 -04:00
Joseph Schorr
38a6b3621c Automatically link the superuser account to federated service for auth 
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
 2015-07-22 13:37:23 -04:00
Joseph Schorr
a0c4e72f13 Clean up the repository list API and loads stars with it 
We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified)
 2015-07-22 13:05:02 -04:00
Joseph Schorr
a397bb7af6 Update to new-style format 2015-07-21 15:39:23 -04:00
Joseph Schorr
60b05a0493 Fix string concats 
Issue found here: https://app.getsentry.com/quayio/production/group/72831901/
 2015-07-21 15:04:50 -04:00
Joseph Schorr
5f2729f41f Fix logic bug in param check 2015-07-20 17:04:06 -04:00
Jake Moshenko
679044574a Merge pull request #231 from coreos-inc/smallfix 
Small API fixes
 2015-07-20 13:45:24 -04:00
Joseph Schorr
33b54218cc Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass 2015-07-20 11:39:59 -04:00
Jake Moshenko
f2508fb48a Have the auth realm url computed based on the request url. 2015-07-17 11:56:15 -04:00
Jake Moshenko
bc29561f8f Fix and templatize the logic for external JWT AuthN and registry v2 Auth. 
Make it explicit that the registry-v2 stuff is not ready for prime time.
 2015-07-17 11:56:15 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Jake Moshenko
bea8b9ac53 More changes for registry-v2 in python. 
Implement the minimal changes to the local filesystem storage driver and feed them through the distributed storage driver.
Create a digest package which contains digest_tools and checksums.
Fix the tests to use the new v1 endpoint locations.
Fix repository.delete_instance to properly filter the generated queries to avoid most subquery deletes, but still generate them when not explicitly filtered.
 2015-07-17 11:50:41 -04:00
Jake Moshenko
acbcc2e206 Start of a v2 API. 2015-07-17 11:50:41 -04:00
Joseph Schorr
7a548ea101 Fix queries for repository list popularity and action count 
Before this change, we used extremely inefficient outer joins as part of a single query of lookup, which was spiking our CPU usage to nearly 100% on the query. We now issue two separate queries for popularity and action account, by doing a lookup of the previously found IDs. Interestingly enough, because of the way the queries are now written, MySQL can actually do both queries *directly from the indicies*, which means they each occur in approx 20ms!

Verified by local tests, postgres tests, and testing on staging with monitoring of our CPU usage during lookup
 2015-07-17 00:08:27 +03:00
Jake Moshenko
c64e490059 Merge pull request #136 from coreos-inc/syslogviewfix 
Fix logs view in superuser panel
 2015-07-15 18:22:23 -04:00
Jake Moshenko
f5ee7a6697 Make the scopes dynamic based on app config. 2015-07-15 18:13:15 -04:00
Joseph Schorr
f6a9afce90 Change abort to NotFound so it is properly formatted into JSON 2015-07-14 11:34:45 +03:00
Joseph Schorr
e04c22867c Switch logs to use a single comprehension 2015-07-13 12:45:08 +03:00
Joseph Schorr
3a59c99b08 Add a secondary tab to Teams for managing org members 
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click

Fixes #212
 2015-07-02 17:06:36 +03:00
josephschorr
cb238f8764 Merge pull request #207 from coreos-inc/squashperm 
Have the fetch tag dialog show a warning for robot accounts without access
 2015-07-02 10:23:14 +03:00
Jake Moshenko
ba067048d8 Merge pull request #203 from coreos-inc/encpass 
Add encrypted password output in the superuser API
 2015-07-01 12:40:05 -04:00
Joseph Schorr
b535e222b8 Have the fetch tag dialog show a warning for robot accounts without access 
Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.
 2015-07-01 19:37:52 +03:00
Joseph Schorr
b91b60e83d Add encrypted password output in the superuser API 
When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along
 2015-07-01 19:29:42 +03:00
Joseph Schorr
f06fed32b8 Fix build ID key on build queued event 2015-07-01 17:48:43 +03:00
josephschorr
7aeaf2344e Merge pull request #200 from coreos-inc/tagapilimit 
Add pagination support to tag history API
 2015-06-30 22:09:09 +03:00
Jake Moshenko
411ddceee0 Merge pull request #195 from coreos-inc/tidy 
Delete all the old UI code and branches for new UI
 2015-06-30 14:34:43 -04:00
Joseph Schorr
f7f10f4a6d Add pagination support to tag history API 
Fixes #198
 2015-06-30 19:44:43 +03:00
Joseph Schorr
87efcb9e3d Delegated superuser API access 
Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users.
 2015-06-30 11:08:26 +03:00
Joseph Schorr
81bb76d3df Fix spelling mistakes 2015-06-29 21:38:01 +03:00
Joseph Schorr
2b1bbcb579 Add a table view to the repos list page 
Fixes #104
 2015-06-29 21:12:53 +03:00
Jimmy Zelinskie
756d6784ca Merge pull request #192 from coreos-inc/sqlssl 
Allow SSL cert for the database to be configured
 2015-06-29 13:33:31 -04:00
Jake Moshenko
6e6b3c675f Merge pull request #28 from coreos-inc/swagger2 
Switch to Swagger v2
 2015-06-29 12:18:10 -04:00
Joseph Schorr
dc5af7496c Allow superusers to disable user accounts 2015-06-29 18:40:52 +03:00
Jimmy Zelinskie
442cbed087 Merge pull request #186 from coreos-inc/changelog 
Remove container usage tab and replace with changlog view
 2015-06-29 10:06:07 -04:00
Joseph Schorr
33039e9bc4 New layout cleanup: Remove second GH trigger path 2015-06-29 12:18:21 +03:00
Joseph Schorr
b8c74bbb17 Remove container usage tab and replace with changlog view 
Fixes #179
 2015-06-29 11:07:46 +03:00
Joseph Schorr
bb07d0965f Allow SSL cert for the database to be configured 
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
 2015-06-29 08:08:10 +03:00
Joseph Schorr
cd5cb4b767 NPE fix 2015-06-28 10:44:58 +03:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Jake Moshenko
ccebba8f51 Clean up headers and whitespace. 2015-06-23 17:10:03 -04:00
Joseph Schorr
9887c9c163 Remove ability to create Quay users from the Docker CLI 2015-06-22 17:12:05 -04:00
Jimmy Zelinskie
66450d4810 Merge pull request #152 from coreos-inc/branchtag 
Allow manual triggering of both branches and tags
 2015-06-22 15:37:03 -04:00
Joseph Schorr
ce6474c6b5 Robots API for users should not be internal-only 2015-06-22 15:14:10 -04:00
Joseph Schorr
3fb2a33ee7 Fix the API service to use the new Swagger description form 2015-06-22 15:13:26 -04:00
Joseph Schorr
143036be9c Allow manual triggering of both branches and tags 
Fixes #100
 2015-06-19 14:38:26 -04:00
Joseph Schorr
2c46665415 Optimize the generate_headers check to skip the permissions load when we don't need it 2015-06-19 14:02:51 -04:00
Joseph Schorr
ec22bc0662 Raise a proper deactivation exception on bad credentials 2015-06-19 13:05:42 -04:00
Jimmy Zelinskie
82287926ab Merge pull request #140 from coreos-inc/eventinfo 
Add more build information to the events and have better messaging
 2015-06-17 16:49:59 -04:00
Jake Moshenko
34c06b0932 Merge pull request #133 from coreos-inc/alembichealth 
Add health check endpoint to verify that the locally running DB revis…
 2015-06-17 15:04:19 -04:00
Joseph Schorr
fe70139daa Allow GitHub triggers to be removed if OAuth token is invalid 2015-06-17 13:25:01 -04:00
Joseph Schorr
9b974f6b80 Add more build information to the events and have better messaging 
Fixes #79
 2015-06-16 23:16:36 -04:00
Joseph Schorr
7b94e37c95 Clarify why we use features.BILLING as the feature flag on the route 2015-06-16 17:43:02 -04:00
Joseph Schorr
48ee4671a7 Some additional fixes when testing this branch 2015-06-16 15:46:58 -04:00
Joseph Schorr
91c829bd14 Merge branch 'master' into gitfix 2015-06-16 15:18:24 -04:00
Joseph Schorr
33b31a2451 Fix logs view in superuser panel 
This seems to have been broken ever since we moved to syslog
 2015-06-15 20:55:23 -04:00
Joseph Schorr
6e0dc1df08 Add health check endpoint to verify that the locally running DB revision matches that of the database 
Fixes #132
 2015-06-15 15:55:30 -04:00
Jake Moshenko
860c7faf61 Merge pull request #127 from coreos-inc/vatotax 
Add support for custom fields in billing invoices
 2015-06-12 16:51:46 -04:00
Joseph Schorr
e7fa560787 Add support for custom fields in billing invoices 
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.

Fixes #106
 2015-06-12 16:45:01 -04:00
Joseph Schorr
da120a1ef2 Handle the case where GH auth fails on a trigger request 
Fixes #124
 2015-06-12 16:34:13 -04:00
Joseph Schorr
88aa5a0830 Switch BitBucket code to always use the latest commit 
Before this change, we'd use the first commit, which could be incorrect if there are multiple commits in a single push

Fixes #99
 2015-06-11 14:12:01 -04:00
Joseph Schorr
44f49a43dd Fix creation of repositories when having a creator permission 
This fixes the grants on a user's session when creating a repository with only the creator permission

Fixes #117
 2015-06-10 16:12:42 -04:00
Jake Moshenko
e09d84b3c8 Merge pull request #55 from coreos-inc/oauthdeny 
Fix OAuth redirect for denial action when generating for internal tokens
 2015-06-05 14:00:16 -04:00
Jake Moshenko
2a2414d6af Merge pull request #60 from coreos-inc/jwtauthentication 
Add support for an external JWT-based authentication system
 2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system 
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
 2015-06-05 13:20:10 -04:00
josephschorr
63f289a8cb Merge pull request #59 from jzelinskie/custom-git-fix 
triggers: metadata.commit_sha -> metadata.commit
 2015-06-02 16:10:26 -04:00
Joseph Schorr
477a3fdcdc Add a test to verify that all important blueprints have all their methods decorated 
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
 2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0 triggers: metadata.commit_sha -> metadata.commit 
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
 2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031 Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository 
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
 2015-06-02 15:16:22 -04:00
Joseph Schorr
c0e995c1d4 Merge branch 'master' into nolurk 2015-06-02 13:55:16 -04:00
Jake Moshenko
42da017d69 Merge pull request #48 from coreos-inc/nobots 
Change API calls that expect non-robots to explicitly filter
 2015-06-02 12:31:19 -04:00
Joseph Schorr
5516911de9 Fix OAuth redirect for denial action when generating for internal tokens 2015-06-02 12:25:59 -04:00
Joseph Schorr
25ee46f5a2 Fix bitbucket triggers when the branch tag filter removes all branches 2015-06-01 15:35:59 -04:00
Joseph Schorr
fdd43e2490 Change API calls that expect non-robots to explicitly filter 
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
 2015-05-26 17:47:33 -04:00
Joseph Schorr
b3ea4ecaa2 Remove unneeded mime type set; jsonify does this for us 2015-05-26 17:30:10 -04:00
Joseph Schorr
9888c3ad9b Add an endpoint for downloading the logs of a build. 2015-05-26 17:24:18 -04:00
Joseph Schorr
ecabf086ea Add missing newline at end of decorators.py 2015-05-26 16:48:59 -04:00
Joseph Schorr
374d1d7e89 Fix case where the auth token was not written properly for BitBucket 2015-05-26 13:40:21 -04:00
Joseph Schorr
855f3a3e4d Have the verifyUser endpoint use the same confirm_existing_user method 
This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP
 2015-05-22 16:26:26 -04:00
Joseph Schorr
b0d763b5ff Fix encrypted password generator to use the LDAP username, not the Quay username. 
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
 2015-05-20 16:37:09 -04:00
Jimmy Zelinskie
7bed404302 Merge pull request #33 from coreos-inc/branchregex 
Add some more debug logging around bitbucket triggers and add some te…
 2015-05-20 14:22:33 -04:00
Joseph Schorr
eb773e40a2 Add some more debug logging around bitbucket triggers and add some tests to verify we properly handle trigger branch filters 2015-05-20 14:18:12 -04:00
Jimmy Zelinskie
fe3f0dc10b custom-git: accept commit SHAs 7+ chars in length 2015-05-20 12:53:43 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
2379af71f8 Parse the client secret properly 2015-05-18 15:01:37 -04:00
Joseph Schorr
fb8e718c44 Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header 2015-05-18 12:38:39 -04:00
Joseph Schorr
0bc1c29dff Switch the Python side to Swagger v2 2015-05-14 16:47:38 -04:00
Joseph Schorr
28bd9af4ff Fix tutorial 2015-05-13 14:55:39 -04:00