Charlton Austin
3fd8c8a60d
feature(app.py): adding queue_metrics to queues
...
publishing queue metrics for SRE
[none]
2017-02-14 16:01:28 -05:00
Jimmy Zelinskie
1d6339e644
test.test_api_usage: fix secscan tests
2017-02-14 15:21:18 -05:00
Jimmy Zelinskie
3286566478
util.secscan.api: reorg try/catch
2017-02-14 15:21:17 -05:00
Jimmy Zelinskie
d2909c0e4d
failover: store result in FailoverException
2017-02-14 14:36:36 -05:00
Jimmy Zelinskie
c2c6bc1e90
test: add qss read failover case
2017-02-03 19:20:13 -05:00
Jimmy Zelinskie
1d59095460
utils.secscan: linter fixes
2017-02-03 19:20:13 -05:00
Jimmy Zelinskie
e81926fcba
util.secscan.api: init read-only failover
2017-02-03 19:20:13 -05:00
Jimmy Zelinskie
b4efa7e45b
util.failover: init
2017-02-03 19:20:13 -05:00
Joseph Schorr
c9bb132339
Increase cloudwatch send timeout to reduce how often we hit the API
2017-02-01 13:09:00 -05:00
Joseph Schorr
b407f88a26
Remove unnecessary CloudWatch metrics
...
They are spamming the API and costing us a lot of money
2017-02-01 13:08:21 -05:00
josephschorr
01ec22b362
Merge pull request #2300 from coreos-inc/openid-connect
...
OpenID Connect support and OAuth login refactoring
2017-01-31 18:14:44 -05:00
Joseph Schorr
f5dbc350f8
Fix missed tests and revert conftest change (breaks docker build)
2017-01-30 17:28:25 -05:00
Joseph Schorr
d63cca025a
DNS name check got reversed; breaks wildcards
2017-01-29 11:51:37 -05:00
Joseph Schorr
d9003d1375
Make sure the parent dir of a file path exists before writing the file
...
Fixes when the `extra_ca_certs` directory doesn't exist when using the new custom certs tool
2017-01-26 15:15:40 -05:00
Joseph Schorr
7c1bb886db
Security scanner ordered tuplize bug fix
...
If only the old list is present, we still need to tuplize the entries.
Fixes https://sentry.io/coreos/backend-production/issues/207196561/
2017-01-24 13:16:44 -05:00
Joseph Schorr
19f7acf575
Lay foundation for truly dynamic external logins
...
Moves all the external login services into a set of classes that share as much code as possible. These services are then registered on both the client and server, allowing us in the followup change to dynamically register new handlers
2017-01-20 15:21:08 -05:00
Joseph Schorr
4755d08677
Refactor and rename the standard OAuth services
2017-01-19 15:23:15 -05:00
Joseph Schorr
bee2551dc2
Temporarily remove Dex login support
...
This will be added back in later in this PR as part of proper generic OIDC support
2017-01-19 14:51:12 -05:00
Joseph Schorr
7c7a07fb5a
Allow namespaces to be between 2 and 255 characters in length
...
[Delivers #137924329 ]
2017-01-19 13:10:26 -05:00
Joseph Schorr
462f47924e
More detailed namespace validation
...
Fixes namespace validation to use the proper regex for checking length, as well as showing the proper messaging if the entered namespace is invalid
[Delivers #137830461 ]
2017-01-17 17:31:59 -05:00
josephschorr
aafcb592a6
Merge pull request #2257 from coreos-inc/clair-gc-take2
...
feat(gc): Garbage collection for security scanning
2017-01-17 14:49:36 -05:00
josephschorr
eb2cafacd4
Merge pull request #2249 from coreos-inc/notifier-fixes
...
Security notification pagination fix
2017-01-17 11:33:25 -05:00
josephschorr
ac8cddc5a9
Merge pull request #2274 from coreos-inc/custom-cert-management
...
Custom SSL certificates config panel
2017-01-13 16:24:47 -05:00
josephschorr
6539fa3b20
Merge pull request #2259 from coreos-inc/delete-abuse-tool
...
Add tool for handling abusing users
2017-01-13 16:22:15 -05:00
Joseph Schorr
1cbacbbb63
Add tool for handling abusing users
2017-01-13 14:42:03 -05:00
Joseph Schorr
7e0fbeb625
Custom SSL certificates config panel
...
Adds a new panel to the superuser config tool, for managing custom SSL certificates in the config bundle
[Delivers #135586525 ]
2017-01-13 14:34:35 -05:00
Joseph Schorr
3a24871422
Add SSL certificate utility and tests
2017-01-10 17:06:13 -05:00
Joseph Schorr
f1c9965edf
Add more volume file operations and cleanup k8s provider code
2017-01-10 17:06:13 -05:00
Joseph Schorr
29d6abddb5
Linter fixes
2017-01-10 17:06:13 -05:00
EvB
a7122db250
fix(cloudwatch): randomize sleep interval
2017-01-05 11:41:12 -05:00
Jake Moshenko
6c84b9330b
Merge pull request #2251 from jakedt/fixaci
...
Fix port mapping for ACI conversion from newer Docker manifests.
2016-12-27 14:13:03 -05:00
Joseph Schorr
d609e6a1c4
Security scanner garbage collection support
...
Adds support for calling GC in the security scanner for any layers+storage removed by GC on the Quay side
2016-12-22 14:55:26 -05:00
Joseph Schorr
9413e25123
Change georeplication queuing to use new batch system
2016-12-21 17:44:30 -05:00
Jake Moshenko
d58a1ca35a
Fix port mapping for ACI conversion from newer Docker manifests.
2016-12-20 14:01:06 -05:00
Joseph Schorr
5b3212ea0e
Change security notification code to use the new stream diff reporters
...
This ensures that even if security scanner pagination sends Old and New layer IDs on different pages, they will properly be handled across the entire notification.
Fixes https://www.pivotaltracker.com/story/show/136133657
2016-12-20 12:50:19 -05:00
Joseph Schorr
ced0149520
Implement helper classes for tracking streaming diffs, both indexed and non-indexed
...
These classes will be used to handle the Layer ID paginated diffs from Clair.
2016-12-20 12:50:18 -05:00
Joseph Schorr
405eca074c
Security scanner flow changes and auto-retry
...
Changes the security scanner code to raise exceptions now for non-successful operations. One of the new exceptions raised is MissingParentLayerException, which, when raised, will cause the security worker to perform a full rescan of all parent images for the current layer, before trying once more to scan the current layer. This should allow the system to be "self-healing" in the case where the security scanner engine somehow loses or corrupts a parent layer.
2016-12-16 15:38:09 -05:00
josephschorr
9fa16679f8
Merge pull request #2238 from coreos-inc/fake-clair
...
Add a fake security scanner class for easier testing
2016-12-15 20:51:24 -05:00
Brad Ison
2730c26b2e
Merge pull request #2237 from coreos-inc/metrics-labels
...
Don't record size in chunk upload metrics
2016-12-15 14:20:34 -05:00
Brad Ison
df7366eace
Add chunk size metric
2016-12-15 13:20:16 -05:00
Joseph Schorr
15041ac5ed
Add a fake security scanner class for easier testing
...
The FakeSecurityScanner mocks out all calls that Quay is expected to make to the security scanner API, and returns faked data that can be adjusted by the calling test case
2016-12-14 17:11:45 -05:00
Brad Ison
8f59ac1251
Don't record size in chunk upload metrics
2016-12-14 12:16:02 -05:00
Joseph Schorr
6871eb95b1
Send notifications for previously unscannable layers in QSS
...
Following this change, if an image was previously indexed unsuccessfully, then we will send notifications once successfully indexed
2016-12-14 11:25:45 -05:00
Joseph Schorr
624b2a8385
Have security scanner analyze only send notifications for *new* layers
...
Following this change, anytime a layer is indexed by the security scanner, we only send notifications out if the layer previously had a security_indexed_engine value of `-1`, thus ensuring it has *never* been indexed previously. This will allow us to change to version of the security scanner upwards, and have all the images be re-indexed, without firing off notifications in a spammy manner.
2016-12-13 23:17:11 -05:00
Evan Cordell
5686c80af1
Revert "Add GC of layers in Clair"
...
This reverts 49872838ab
2016-12-13 18:40:58 -05:00
Evan Cordell
dd5f7cbe6c
Fix the ephemeral build metrics
2016-12-13 18:28:04 -05:00
Joseph Schorr
1e5b97318a
Fix loading of public keys for OIDC under Linux
...
Python's crypto lib under Linux has issues with loading PEM-encoded keys, so we just load it as a DER here and give PyJWT the key *instance* to use directly.
2016-12-09 14:26:56 -05:00
Joseph Schorr
dbdcb802b1
Add end-to-end OAuth login and attach tests
2016-12-08 18:35:42 -05:00
Joseph Schorr
49872838ab
Add GC of layers in Clair
...
Fixes https://www.pivotaltracker.com/story/show/135583207
2016-12-06 19:52:56 -05:00
Jake Moshenko
21e3001446
Add a bulk insert for queue and notifications.
...
Use it for Clair spawned notifications.
2016-12-06 14:00:16 -05:00