Joseph Schorr
9b974f6b80
Add more build information to the events and have better messaging
...
Fixes #79
2015-06-16 23:16:36 -04:00
Joseph Schorr
48ee4671a7
Some additional fixes when testing this branch
2015-06-16 15:46:58 -04:00
Joseph Schorr
91c829bd14
Merge branch 'master' into gitfix
2015-06-16 15:18:24 -04:00
Jake Moshenko
860c7faf61
Merge pull request #127 from coreos-inc/vatotax
...
Add support for custom fields in billing invoices
2015-06-12 16:51:46 -04:00
Joseph Schorr
e7fa560787
Add support for custom fields in billing invoices
...
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.
Fixes #106
2015-06-12 16:45:01 -04:00
Joseph Schorr
da120a1ef2
Handle the case where GH auth fails on a trigger request
...
Fixes #124
2015-06-12 16:34:13 -04:00
Joseph Schorr
88aa5a0830
Switch BitBucket code to always use the latest commit
...
Before this change, we'd use the first commit, which could be incorrect if there are multiple commits in a single push
Fixes #99
2015-06-11 14:12:01 -04:00
Joseph Schorr
44f49a43dd
Fix creation of repositories when having a creator permission
...
This fixes the grants on a user's session when creating a repository with only the creator permission
Fixes #117
2015-06-10 16:12:42 -04:00
Jake Moshenko
e09d84b3c8
Merge pull request #55 from coreos-inc/oauthdeny
...
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-05 14:00:16 -04:00
Jake Moshenko
2a2414d6af
Merge pull request #60 from coreos-inc/jwtauthentication
...
Add support for an external JWT-based authentication system
2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e
Add support for an external JWT-based authentication system
...
This authentication system hits two HTTP endpoints to check and verify the existence of users:
Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
Returns 200 if the username/email exists, 4** otherwise
Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message
The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
josephschorr
63f289a8cb
Merge pull request #59 from jzelinskie/custom-git-fix
...
triggers: metadata.commit_sha -> metadata.commit
2015-06-02 16:10:26 -04:00
Joseph Schorr
477a3fdcdc
Add a test to verify that all important blueprints have all their methods decorated
...
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0
triggers: metadata.commit_sha -> metadata.commit
...
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031
Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository
...
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
2015-06-02 15:16:22 -04:00
Joseph Schorr
c0e995c1d4
Merge branch 'master' into nolurk
2015-06-02 13:55:16 -04:00
Jake Moshenko
42da017d69
Merge pull request #48 from coreos-inc/nobots
...
Change API calls that expect non-robots to explicitly filter
2015-06-02 12:31:19 -04:00
Joseph Schorr
5516911de9
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-02 12:25:59 -04:00
Joseph Schorr
25ee46f5a2
Fix bitbucket triggers when the branch tag filter removes all branches
2015-06-01 15:35:59 -04:00
Joseph Schorr
fdd43e2490
Change API calls that expect non-robots to explicitly filter
...
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
2015-05-26 17:47:33 -04:00
Joseph Schorr
b3ea4ecaa2
Remove unneeded mime type set; jsonify does this for us
2015-05-26 17:30:10 -04:00
Joseph Schorr
9888c3ad9b
Add an endpoint for downloading the logs of a build.
2015-05-26 17:24:18 -04:00
Joseph Schorr
ecabf086ea
Add missing newline at end of decorators.py
2015-05-26 16:48:59 -04:00
Joseph Schorr
374d1d7e89
Fix case where the auth token was not written properly for BitBucket
2015-05-26 13:40:21 -04:00
Joseph Schorr
855f3a3e4d
Have the verifyUser endpoint use the same confirm_existing_user method
...
This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP
2015-05-22 16:26:26 -04:00
Joseph Schorr
b0d763b5ff
Fix encrypted password generator to use the LDAP username, not the Quay username.
...
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-20 16:37:09 -04:00
Jimmy Zelinskie
7bed404302
Merge pull request #33 from coreos-inc/branchregex
...
Add some more debug logging around bitbucket triggers and add some te…
2015-05-20 14:22:33 -04:00
Joseph Schorr
eb773e40a2
Add some more debug logging around bitbucket triggers and add some tests to verify we properly handle trigger branch filters
2015-05-20 14:18:12 -04:00
Jimmy Zelinskie
fe3f0dc10b
custom-git: accept commit SHAs 7+ chars in length
2015-05-20 12:53:43 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
2379af71f8
Parse the client secret properly
2015-05-18 15:01:37 -04:00
Joseph Schorr
fb8e718c44
Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header
2015-05-18 12:38:39 -04:00
Joseph Schorr
28bd9af4ff
Fix tutorial
2015-05-13 14:55:39 -04:00
Joseph Schorr
0e86fc80ca
Fix bitbucket trigger to use the specified branch name before the default branch
2015-05-13 13:55:44 -04:00
Joseph Schorr
3e1abba284
Add ability for super users to rename and delete organizations
2015-05-11 18:03:25 -04:00
Joseph Schorr
1c41d34b7c
Add ability for superusers to change user emails
2015-05-11 14:38:10 -04:00
Joseph Schorr
de6267700e
Fix bugs with the custom git trigger and make error reporting better
2015-05-10 13:38:47 -04:00
Joseph Schorr
f858caf6cd
Only return the team and repo permissions when listing robots when we absolutely need them.
2015-05-08 16:43:07 -04:00
Joseph Schorr
c767aafcd6
Make the repository API faster by only checking the log entries table once for each kind of entry, rather than twice. We make use of a special subquery-like syntax, which allows us to count those entries that are both 30 days only and 1 day old in the same query. This was tested successfully on MySQL, Postgres and Sqlite.
2015-05-07 22:49:11 -04:00
Joseph Schorr
3627de103c
Minimize the queries used when retrieve builds. Previously, we'd call out to SQL extra times per build.
2015-05-07 21:11:15 -04:00
Joseph Schorr
8eb9c376cd
Add constructors for the QuayDeferredPermissionUser so that we can avoid extraneous DB lookups of the user whenever we already have the object
2015-05-07 15:04:12 -04:00
Joseph Schorr
a46d367276
Remove unneeded repo filter
2015-05-06 20:55:17 -04:00
Joseph Schorr
e647d91e8b
Switch the repos page to use a single API call, rather than one per namespace + one for star repos
2015-05-06 19:15:03 -04:00
Joseph Schorr
2d83e5c7e7
Change to using the SSH url; git urls cannot be used with private repos on GitHub
2015-05-06 12:23:46 -07:00
Joseph Schorr
65d0332176
Skip bitbucket trigger if there is no commit branch and no commit tag
2015-05-05 09:40:23 -07:00
Joseph Schorr
df2883bfb6
Fix variable access error
2015-05-03 18:15:11 -07:00
Joseph Schorr
ff89cc9f1d
Fix key issue in gitlab
2015-05-03 18:08:14 -07:00
Jimmy Zelinskie
b3bf947af5
gitlab: consistent commit for _prepare_build
2015-05-03 17:58:30 -07:00
Joseph Schorr
0b990677a0
More code cleanup and fix bug around can_admin in the trigger_view
2015-05-03 11:02:05 -07:00
Joseph Schorr
d07f9f04e9
UI and code improvements to make working with the multiple SCMs easier
2015-05-03 10:38:11 -07:00