vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
5045 commits 2 branches 62 tags 205 MiB
Commit graph

465 commits

Author SHA1 Message Date
Joseph Schorr
db1fae4cfc Fix security scan endpoint status 2015-11-13 01:06:18 -05:00
Joseph Schorr
b7206a8cfc Remove file added accidentally by merge 2015-11-12 22:03:13 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Joseph Schorr
3b3f101ea6 Vulnerability UI part 2 
Fixes #860
Fixes #855
 2015-11-12 16:59:36 -05:00
Joseph Schorr
76ce63895f New Quay Sec UI and fix some small bugs 
Fixes #855
 2015-11-11 18:15:58 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00
Joseph Schorr
ca7d736db2 Only send vulnerability events if the minimum priority is gte to that specified 
Fixes #770
 2015-11-10 16:05:55 -05:00
Joseph Schorr
888ec17538 Recover by email needs to allow anon access to its endpoints 2015-11-10 15:41:19 -05:00
Jimmy Zelinskie
8e2868737b rename secscan_endpoint and move db close to API 2015-11-10 15:22:31 -05:00
Silas Sewell
e826b14ca4 Merge pull request #725 from coreos-inc/setup-tool-georeplication 
superuser: add storage replication config
 2015-11-09 17:43:38 -05:00
Silas Sewell
5000b1621c superuser: add storage replication config 2015-11-09 17:34:22 -05:00
Joseph Schorr
a69c9e12fd Update quay sec code to fix problems identified in previous review 
- Change get_repository_images_recursive to operate over a single docker image and storage uuid
- Move endpoints/sec to endpoints/secscan
- Change notification system to work with new Quay-sec format

Fixes #768
 2015-11-09 17:14:35 -05:00
Quentin Machu
16c364a90c Rename secscan_endpoint where required, fix index and indentation 2015-11-09 15:18:42 -05:00
Matt Jibson
5d9999d1f7 Merge pull request #791 from mjibson/clear-repo-notifications 
Remove error notification when user deletes repos
 2015-11-09 14:46:51 -05:00
Joseph Schorr
b408cfd2cc Ready for demo 2015-11-09 12:51:05 -05:00
Joseph Schorr
fb3d0fa27d Add a SecEndpoint class and move all the cert and config handling in there 2015-11-09 12:49:19 -05:00
Joseph Schorr
87c56d1caa Add vulnerabilities and packages API to Quay 
Fixes #564
 2015-11-09 12:49:19 -05:00
Jake Moshenko
7efa6265bf Merge branch 'newchanges' into python-registry-v2 2015-11-06 18:24:32 -05:00
Jake Moshenko
4314882fa0 Reverse the order of get_parent_images 2015-11-06 17:47:08 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0 Add vulnerabilities and packages API to Quay 
Fixes #564
 2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea Add a vulnerability_found event for notice when we detect a vuln 
Fixes #637

Note: This PR does *not* actually raise the event; it merely adds support for it
 2015-11-06 15:22:18 -05:00
josephschorr
11be448d75 Merge pull request #773 from coreos-inc/imageload 
Never load the full repo image list
 2015-11-04 16:29:20 -05:00
Matt Jibson
4d81567a0c Remove error notification when user deletes repos 
Also prevent duplicate notifications of that type.

fixes #493
 2015-11-04 16:11:15 -05:00
Joseph Schorr
4f41f79fa8 Never load the full repo image list 
Always make smaller queries per tag to ensure we scale better

Fixes #754
 2015-11-04 15:53:00 -05:00
Joseph Schorr
5e1cd2b2ad Move decorator for TooManyLoginAttempts into general decorated module 
Currently, this is missing in gunicorn_registry which causes 500s when user logins become throttled
 2015-11-03 12:16:01 -05:00
Joseph Schorr
f6a53f7cc5 Change all Quay.io references to Quay, fix tour and change logo 
Fixes #741
 2015-11-02 14:37:48 -05:00
josephschorr
4ae940aede Merge pull request #660 from coreos-inc/superuser 
Superuser Panel Improvements
 2015-10-30 14:32:16 -04:00
Jimmy Zelinskie
e973289397 Revert "Revert "Merge pull request #682 from jzelinskie/revertrevert"" 
This reverts commit 278bc736e3.
 2015-10-23 15:26:33 -04:00
Jimmy Zelinskie
278bc736e3 Revert "Merge pull request #682 from jzelinskie/revertrevert" 
This reverts commit 627ad25c9c, reversing
changes made to 31c392fecc.
 2015-10-22 16:02:07 -04:00
josephschorr
5dae970787 Merge pull request #681 from coreos-inc/userorg 
Return user orgs when making a call via OAuth
 2015-10-21 16:41:43 -04:00
Joseph Schorr
5d8121e060 Return user orgs when making a call via OAuth 
Fixes #673
 2015-10-21 16:40:31 -04:00
Jimmy Zelinskie
39cfe77d42 Revert "Merge pull request #557 from coreos-inc/revert-migration" 
This reverts commit c4f938898a, reversing
changes made to 7ad2522dbe.
 2015-10-21 15:29:57 -04:00
Joseph Schorr
147b7b26b4 Fix is_public in repo list 
Fixes #678
 2015-10-21 14:13:39 -04:00
Joseph Schorr
5941f3937c Enable async GC for all 
Fixes #569
 2015-10-19 14:22:41 -04:00
Joseph Schorr
d464af4cce Add ability to update superusers via the UI 
Fixes #634
 2015-10-16 15:41:18 -04:00
Joseph Schorr
a37b9394d9 Add org email address to orgs list 2015-10-16 15:17:51 -04:00
Joseph Schorr
ad5beab3ef Disable superuser functions around users when not using DB auth 2015-10-16 15:14:49 -04:00
josephschorr
24b54f1e34 Merge pull request #615 from coreos-inc/queriesunite 
Unionize the mega query - It needed more performance-based benefits
 2015-10-15 13:17:01 -04:00
Joseph Schorr
c9daf7d8a9 Add additional tests for repo visibility and further simplify the query for perf 2015-10-15 12:12:57 -04:00
Jimmy Zelinskie
7c1547221d raise a 520 for any GitLab timeouts 2015-10-13 17:34:08 -04:00
Jimmy Zelinskie
9818481b08 limit logs to a maximum number of pages 2015-10-06 14:13:23 -04:00
josephschorr
3e7a95407b Merge pull request #598 from coreos-inc/limitbadquery 
Prevent unlimited insane query from running and fix tests
 2015-10-05 21:29:35 -04:00
Silas Sewell
c6da322ec1 Merge pull request #597 from coreos-inc/tag-validation 
Update tag validation
 2015-10-05 21:10:55 -04:00
Silas Sewell
dd3d939b31 Update tag validation 
Fixes #536
 2015-10-05 19:32:10 -04:00
Joseph Schorr
dd804816ba Prevent unlimited insane query from running and fix tests 
Fixes #591
 2015-10-05 17:11:49 -04:00
Joseph Schorr
8ca92d6828 Remove old search API and switch V1 search to use the new search system 2015-10-05 14:36:43 -04:00
Silas Sewell
9000169b53 Revert "Merge pull request #491 from jakedt/migratebackp2" 
This reverts commit 7ad2522dbe, reversing
changes made to a0b191ffa1.
 2015-09-28 16:09:22 -04:00
josephschorr
7ad2522dbe Merge pull request #491 from jakedt/migratebackp2 
Migrate image data back phase 2
 2015-09-26 15:11:46 -04:00
Joseph Schorr
a283c8d8ec Add a check to ensure repository names are valid according to an extended set of rules. 
Fixes #534
 2015-09-24 11:55:08 -04:00
Joseph Schorr
49b575afb6 Start refactoring of the trigger system: 
- Move each trigger handler into its own file
- Add dictionary helper classes for easier reading and writing of dict-based data
- Extract the web hook payload -> internal representation building for each trigger system
- Add tests for this transformation
- Remove support for Github archived-based building
 2015-09-21 16:36:48 -04:00
Jake Moshenko
8baacd2741 Migrate old data to new locations, read only new. 2015-09-17 15:47:13 -04:00
Joseph Schorr
fbfe7fdb54 Make change repo visibility and create repo raise a 402 when applicable 
We now check the user or org's subscription plan and raise a 402 if the user attempts to create/make a repo private over their limit
 2015-09-15 14:33:35 -04:00
Joseph Schorr
fd3a21fba9 Add Kubernetes configuration provider which writes config to a secret 
Fixes #145
 2015-09-10 12:19:59 -04:00
Joseph Schorr
88a04441de Extract the config provider into its own sub-module 2015-09-10 12:19:59 -04:00
josephschorr
edef283697 Merge pull request #447 from coreos-inc/ronon 
Add support for Dex to Quay
 2015-09-10 11:42:01 -04:00
Jimmy Zelinskie
d55ab78fbe fix pagination of tags in API 
Fixes #461.
 2015-09-09 15:52:21 -04:00
Joseph Schorr
c0286d1ac3 Add support for Dex to Quay 
Fixes #306

- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
 2015-09-04 17:05:06 -04:00
Joseph Schorr
48cf33a8c1 Add missing superuser aggregate logs endpoint 
Reference: d47d28ea4e/Screen-Shot-2015-09-04-at-11-04-41.png
 2015-09-04 16:48:32 -04:00
Joseph Schorr
51c507d02d Add back the ability to retrieve information for an org member directly 
Fixes #427
 2015-08-31 16:45:24 -04:00
Joseph Schorr
b6502d9302 Limit the number of branches and tags loaded to 30 
Fixes #380
 2015-08-21 14:07:20 -04:00
Jimmy Zelinskie
523dc912f7 Merge pull request #372 from coreos-inc/notifyui 
Better notifications UI
 2015-08-17 17:13:24 -04:00
Jimmy Zelinskie
239f76d39f Merge pull request #368 from coreos-inc/buildarchive 
Allow builds to be started with an external archive URL
 2015-08-17 17:09:14 -04:00
Joseph Schorr
84276ee945 Better notifications UI 
Fixes #369
 2015-08-17 17:08:58 -04:00
Joseph Schorr
f092c00621 Allow builds to be started with an external archive URL 
Fixes #114
 2015-08-17 17:01:49 -04:00
Matt Jibson
b483209862 Wrap API and registry requests with common metric timings 
Record response times, codes, and rollup non-2XX responses.
 2015-08-12 12:16:00 -04:00
Joseph Schorr
09bb98f161 Really fix the build trigger schema and add a test for it 2015-08-11 17:17:18 -04:00
Jimmy Zelinskie
7d6c6ba8e8 Merge pull request #316 from jzelinskie/read-tags 
tag history requires READ instead of WRITE
 2015-08-07 13:26:04 -04:00
Joseph Schorr
7ea4c7d17e Add missing JSON schema for 'refs' and 'branch_name' 
Fixes #325
 2015-08-07 13:01:49 -04:00
Joseph Schorr
aab8866345 Fix accidental rename of key 2015-08-06 13:21:52 -04:00
Joseph Schorr
ea25538646 MySQL and Postgres complain about the group by, so calculate dates ourselves 2015-08-06 12:52:55 -04:00
Joseph Schorr
d34afde954 Fix logs view and API 
- We needed to use an engine-agnostic way to extract the days
- Joining with the LogEntryKind table has *horrible* performance in MySQL, so do it ourselves
- Limit to 50 logs per page
 2015-08-05 17:47:03 -04:00
Jimmy Zelinskie
411d4e7abb tag history requires READ instead of WRITE 
Fixes #315.
 2015-08-05 17:09:34 -04:00
Jake Moshenko
65f982577d Merge pull request #289 from coreos-inc/swaggerfix 
Fix swagger errors
 2015-08-04 10:23:05 -04:00
Jimmy Zelinskie
8e6a0fbbee Merge pull request #294 from coreos-inc/logsload 
Switch to using an aggregated logs query and infinite scrolling
 2015-08-03 14:52:04 -04:00
Joseph Schorr
5c1d195a19 Fix swagger errors 
Fixes #287
 2015-08-03 14:10:15 -04:00
Joseph Schorr
3d6c92901c Switch to using an aggregated logs query and infinite scrolling 
This should allow users to work with large logs set.

Fixes #294
 2015-07-31 16:38:02 -04:00
Joseph Schorr
4160b720f9 UI and API improvements for working with large repositories 
- Change the tag check bar to only select the current page (by default), but allow for selecting ALL tags
- Limit the number of tags compared in the visualization view to 10
- Fix the multiselect dropdown to limit itself to 10 items selected
- Remove saving the selected tags in the URL, as it is too slow and overloads the URLs in Chrome when there are 1000+ tags selected
- Change the images API to not return locations: By skipping the extra join and looping, it made the /images API call 10x faster (in hand tests)

Fixes #292
Fixes #293
 2015-07-31 16:31:29 -04:00
Joseph Schorr
11c7994398 Fix 500 on logout 2015-07-28 15:47:04 -04:00
Joseph Schorr
5d243bb45f Fix potential NPE 2015-07-24 12:12:30 -04:00
Joseph Schorr
687bab1c05 Support invite codes for verification of email 
Also changes the system so we don't apply the invite until it is called explicitly from the frontend

Fixes #241
 2015-07-22 13:41:27 -04:00
Jake Moshenko
5d86fa80e7 Merge pull request #197 from coreos-inc/keystone 
Add Keystone Auth
 2015-07-22 13:38:47 -04:00
Joseph Schorr
38a6b3621c Automatically link the superuser account to federated service for auth 
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
 2015-07-22 13:37:23 -04:00
Joseph Schorr
a0c4e72f13 Clean up the repository list API and loads stars with it 
We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified)
 2015-07-22 13:05:02 -04:00
Jake Moshenko
679044574a Merge pull request #231 from coreos-inc/smallfix 
Small API fixes
 2015-07-20 13:45:24 -04:00
Joseph Schorr
33b54218cc Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass 2015-07-20 11:39:59 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Joseph Schorr
7a548ea101 Fix queries for repository list popularity and action count 
Before this change, we used extremely inefficient outer joins as part of a single query of lookup, which was spiking our CPU usage to nearly 100% on the query. We now issue two separate queries for popularity and action account, by doing a lookup of the previously found IDs. Interestingly enough, because of the way the queries are now written, MySQL can actually do both queries *directly from the indicies*, which means they each occur in approx 20ms!

Verified by local tests, postgres tests, and testing on staging with monitoring of our CPU usage during lookup
 2015-07-17 00:08:27 +03:00
Jake Moshenko
c64e490059 Merge pull request #136 from coreos-inc/syslogviewfix 
Fix logs view in superuser panel
 2015-07-15 18:22:23 -04:00
Jake Moshenko
f5ee7a6697 Make the scopes dynamic based on app config. 2015-07-15 18:13:15 -04:00
Joseph Schorr
f6a9afce90 Change abort to NotFound so it is properly formatted into JSON 2015-07-14 11:34:45 +03:00
Joseph Schorr
e04c22867c Switch logs to use a single comprehension 2015-07-13 12:45:08 +03:00
Joseph Schorr
3a59c99b08 Add a secondary tab to Teams for managing org members 
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click

Fixes #212
 2015-07-02 17:06:36 +03:00
josephschorr
cb238f8764 Merge pull request #207 from coreos-inc/squashperm 
Have the fetch tag dialog show a warning for robot accounts without access
 2015-07-02 10:23:14 +03:00
Jake Moshenko
ba067048d8 Merge pull request #203 from coreos-inc/encpass 
Add encrypted password output in the superuser API
 2015-07-01 12:40:05 -04:00
Joseph Schorr
b535e222b8 Have the fetch tag dialog show a warning for robot accounts without access 
Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.
 2015-07-01 19:37:52 +03:00
Joseph Schorr
b91b60e83d Add encrypted password output in the superuser API 
When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along
 2015-07-01 19:29:42 +03:00
josephschorr
7aeaf2344e Merge pull request #200 from coreos-inc/tagapilimit 
Add pagination support to tag history API
 2015-06-30 22:09:09 +03:00
Joseph Schorr
f7f10f4a6d Add pagination support to tag history API 
Fixes #198
 2015-06-30 19:44:43 +03:00
Joseph Schorr
87efcb9e3d Delegated superuser API access 
Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users.
 2015-06-30 11:08:26 +03:00