vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
9044 commits 2 branches 62 tags 205 MiB
Commit graph

258 commits

Author SHA1 Message Date
josephschorr
45b1148118 Merge pull request #2086 from coreos-inc/user-info 
Add collection of user metadata: name and company
 2016-11-09 13:15:07 -05:00
Joseph Schorr
bf2804bd4d Add a test for deleting a user with a user prompt 2016-11-08 18:27:12 -05:00
Joseph Schorr
0f2eb61f4a Add collection of user metadata: name and company 2016-11-08 16:15:02 -05:00
Joseph Schorr
1e3b354201 Add support for temp usernames and an interstitial to confirm username 
When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username.

Addresses most of the user issues around #74
 2016-11-03 15:59:14 -04:00
charltonaustin
14eb3005b6 Some fixes for code review. 2016-10-10 12:55:00 -04:00
charltonaustin
1e733ddffb Adding in a new message data model and the corresponding methods to in the API. 2016-10-07 15:56:58 -04:00
Joseph Schorr
608ffd9663 Basic labels support 
Adds basic labels support to the registry code (V2), and the API. Note that this does not yet add any UI related support.
 2016-08-26 15:24:26 -04:00
Jake Moshenko
a1cf12e460 Add a sitemap.txt for popular public repos 
and reference it from the robots.txt
 2016-06-17 14:34:20 -04:00
Joseph Schorr
20816804e5 Add ability for super users to take ownership of namespaces 
Fixes #1395
 2016-06-13 16:22:52 -04:00
Joseph Schorr
8887f09ba8 Use the instance service key for registry JWT signing 2016-06-07 11:58:10 -04:00
Joseph Schorr
6091db983b Hide expired keys outside of their staleness window 2016-04-29 14:10:33 -04:00
Joseph Schorr
bc08ac2749 Fix timeouts in the JWT endpoint tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
522cf68c5d Lots of smaller fixes: 
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
370ac3ecd0 service keys: add rotation_duration field 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d19eb16b45 keyserver: add generate key function 
The superuser API, initdb, and tests will all need this functionality.
 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
b0dac1d27e initdb: add unapproved service key 2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59 keys ui WIP 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
4079dba167 service keys: do all the right stuff 2016-04-29 13:38:25 -04:00
Joseph Schorr
c0374d71c9 Refactor the security worker and API calls and add a bunch of tests 2016-02-25 12:29:41 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. 
This support is placed behind a feature flag.
 2016-01-22 15:54:06 -05:00
Jake Moshenko
fe2bdeb6cb Require some data from all models in initdb 2016-01-19 15:30:27 -05:00
Jake Moshenko
8f80d7064b Hash v1 uploads for torrent chunks 2016-01-05 14:43:40 -05:00
Joseph Schorr
ab166c4448 Delete the image diff feature 
Fixes #1077
 2015-12-23 13:08:01 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00
Joseph Schorr
daa74b5132 Fix test issue with initdb 
Non-sqlite DBs don't like maxvalue for Integer
 2015-11-09 14:41:53 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Quentin Machu
a4c78ba99a Add support for Quay's vulnerability tool 2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea Add a vulnerability_found event for notice when we detect a vuln 
Fixes #637

Note: This PR does *not* actually raise the event; it merely adds support for it
 2015-11-06 15:22:18 -05:00
Quentin Machu
f59e35cc81 Add support for Quay's vulnerability tool 2015-11-06 15:22:18 -05:00
Jake Moshenko
3d0bcbaaeb Move v1 checksums to image and track v2 separately 2015-11-06 15:17:55 -05:00
Jake Moshenko
9da64f3aba Stop writing to deprecated columns for image data. 2015-10-24 14:45:15 -04:00
Jake Moshenko
e7a6176594 Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2 2015-10-22 16:59:28 -04:00
Jake Moshenko
ce94931540 Stop writing to deprecated columns for image data. 2015-10-22 12:14:39 -04:00
Joseph Schorr
803a983126 Fix deletion of repos and users with V2 stuff 
Fixes #674
 2015-10-22 11:58:52 -04:00
Joseph Schorr
d870ae4ec4 Fix initdb to put proper JSON into the v1_metadata 2015-09-28 15:56:24 -04:00
Jake Moshenko
26cea9a07c Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-17 16:16:27 -04:00
Jake Moshenko
b56de3355c Migrate data back to Image in preparation for v2 2015-09-15 11:53:31 -04:00
Joseph Schorr
c0286d1ac3 Add support for Dex to Quay 
Fixes #306

- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
 2015-09-04 17:05:06 -04:00
Jake Moshenko
210ed7cf02 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-04 16:32:01 -04:00
Joseph Schorr
724b1607d7 Add automatic storage replication 
Adds a worker to automatically replicate data between storages and update the database accordingly
 2015-09-01 14:53:32 -04:00
Jake Moshenko
e1b3e9e6ae Another huge batch of registry v2 changes 
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
 2015-08-12 16:41:12 -04:00
Jake Moshenko
5d86fa80e7 Merge pull request #197 from coreos-inc/keystone 
Add Keystone Auth
 2015-07-22 13:38:47 -04:00
Joseph Schorr
a0c4e72f13 Clean up the repository list API and loads stars with it 
We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified)
 2015-07-22 13:05:02 -04:00
Joseph Schorr
066637f496 Basic Keystone Auth support 
Note: This has been verified as working by the end customer
 2015-07-20 10:55:21 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Joseph Schorr
dc5af7496c Allow superusers to disable user accounts 2015-06-29 18:40:52 +03:00
Joseph Schorr
44f49a43dd Fix creation of repositories when having a creator permission 
This fixes the grants on a user's session when creating a repository with only the creator permission

Fixes #117
 2015-06-10 16:12:42 -04:00
Jake Moshenko
2a2414d6af Merge pull request #60 from coreos-inc/jwtauthentication 
Add support for an external JWT-based authentication system
 2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system 
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
 2015-06-05 13:20:10 -04:00
Jimmy Zelinskie
e01bdd4ab0 triggers: metadata.commit_sha -> metadata.commit 
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
 2015-06-02 15:32:28 -04:00
Jimmy Zelinskie
3ac884beb4 gitlab oauth 2015-05-02 17:54:48 -04:00
Joseph Schorr
c480fb2105 Work in progress: bitbucket support 2015-04-24 15:13:08 -04:00
Jimmy Zelinskie
02498d72ba almost all PR discussion fixes 2015-04-21 18:04:25 -04:00
Jimmy Zelinskie
93cd459460 Merge branch 'master' into git 2015-04-20 10:58:49 -04:00
Joseph Schorr
2815ea2723 Merge branch 'master' of github.com:coreos-inc/quay 2015-04-19 15:16:39 -04:00
Joseph Schorr
8714eb207a Merge branch 'actioncount' 2015-04-19 15:12:44 -04:00
Jimmy Zelinskie
ba2cb08904 Merge branch 'master' into git 2015-04-16 17:38:35 -04:00
Joseph Schorr
f19d2f684e Add ability to revert tags via time machine 2015-04-16 17:18:00 -04:00
Joseph Schorr
f8c80f7d11 Add a history view to the tags page. Next step will add the ability to revert back in time 2015-04-15 15:21:09 -04:00
Joseph Schorr
3f1e8f3c27 Add a RepositoryActionCount table so we can use it (instead of LogEntry) when scoring repo search results 2015-04-13 13:31:07 -04:00
Jimmy Zelinskie
c5272f3545 initdb: add custom trigger and refresh test.db 2015-03-27 11:23:49 -04:00
Jake Moshenko
201943ed1c Fix deadlocks with tags and garbage collection. 2015-03-24 18:00:04 -04:00
Jimmy Zelinskie
f6f93e9079 consolidate everything into one GitHub trigger 2015-03-19 17:12:27 -04:00
Jimmy Zelinskie
5a29218c5c Merge branch 'master' into git 2015-03-19 12:10:34 -04:00
Jimmy Zelinskie
46d7fce8d2 initdb: add new github trigger service to database 2015-03-18 17:34:40 -04:00
Joseph Schorr
afc8e95e19 Start on new tag view 2015-03-09 22:03:39 -07:00
Joseph Schorr
43ab838998 Merge branch 'newbuildview' 2015-03-05 16:17:29 -05:00
Joseph Schorr
5d81d9d287 Add a time machine test repo 2015-03-04 16:03:00 -05:00
Joseph Schorr
e227d7e526 Start on the new build view 2015-02-26 17:45:28 -05:00
Joseph Schorr
83e05d2342 Add tracking of the kind of temporary access tokens, so we can display if a pull/push by token is for a build worker 2015-02-17 12:35:16 -05:00
Joseph Schorr
bfb0784abc Add signing to the ACI converter 2015-02-04 15:29:24 -05:00
Joseph Schorr
6ed28930b2 Work in progress: Docker -> ACI conversion 2015-01-13 17:46:11 -05:00
Jimmy Zelinskie
716d7a737b Strip whitespace from ALL the things. 2014-11-24 16:07:38 -05:00
Joseph Schorr
d73747ce1d - Fix some other group_by clauses 
- Fix garbage_collect for an empty list (fixes a test)
- Add a script which runs the full test suite against mysql and postgres (note: QueueTest's are broken for MySQL, but they obviously work in production, so they need to be fixed)
 2014-11-13 12:51:37 -05:00
Joseph Schorr
158acd4f41 - Turn on foreign key constraint checking in the tests 
- Change all ForeignKeyField's that refer to users to use our custom class, and mark those that allow robots
- Change robot delete to only execute the subset of queries necessary to actually delete robots
 2014-11-07 12:05:21 -05:00
Joseph Schorr
c1398c6d2b - Add a log entry for repo verb handling and make the container usage calculation take it into account 
- Move all the repo push/pull/verb logging into a central track_and_log method
- Readd images accidentally deleted in the last CL
- Make the uncompressed size migration script better handle exceptions
 2014-10-29 15:42:44 -04:00
Jake Moshenko
8a37d63e35 Update the test db to use unique uuds for images storages. 2014-10-07 16:40:44 -04:00
Joseph Schorr
f38ce51943 Merge master into laffa 2014-10-07 14:03:17 -04:00
Jake Moshenko
5c18ffe67d Allow the namespace column to be null, and also non-unique. Fix the uncompressed size clobbering the size on the wire field. Add metadata constraints so that foreign key constraints get predictable names. Fix all downgrade migrations. 2014-10-02 10:46:20 -04:00
Joseph Schorr
039d53ea6c - Fix initdb 
- Add ability to specific custom fields for manual running of build triggers and add a "branch name" selector for running github builds
 2014-09-30 16:29:32 -04:00
Jake Moshenko
03190efde3 Phase 2 of migrating repo namespaces to referencing user objects, backfilling the rows without a value for namespace_user, and changing all accesses to go through the namespace_user object. All tests are passing, manual testing still required. 2014-09-24 18:01:35 -04:00
Joseph Schorr
ec484e3efc Move size and checksum updates into the metadata call 2014-09-23 15:49:28 -04:00
Jake Moshenko
11bb8e6448 Actually store the generated image storage in the database, and allow it to be garbage collected when the parent image storage is collected. 2014-09-18 17:26:40 -04:00
Jake Moshenko
c5ca46a14b Merge remote-tracking branch 'origin/master' into comewithmeifyouwanttowork 
Conflicts:
	data/model/legacy.py
	static/js/app.js
 2014-09-12 11:03:30 -04:00
Joseph Schorr
7c45aca405 Code review changes 2014-09-08 17:20:01 -04:00
Jake Moshenko
64480fd4ed Merge remote-tracking branch 'origin/master' into yellowalert 
Conflicts:
	data/migrations/versions/82297d834ad_add_us_west_location.py
	test/data/test.db
 2014-09-05 11:30:30 -04:00
Joseph Schorr
e028d4ae0a Merge master into branch 2014-09-04 18:08:18 -04:00
Joseph Schorr
3b72b26836 Merge branch 'master' into comewithmeifyouwanttowork 2014-08-28 20:50:13 -04:00
Joseph Schorr
6ec89bb179 Add Slack notification support 2014-08-26 22:09:56 -04:00
Joseph Schorr
a129aac94b Add ability to regenerate robot account credentials 2014-08-25 17:19:23 -04:00
Joseph Schorr
32ea1d194f Add support for the Hipchat room notification API 2014-08-19 17:40:36 -04:00
Joseph Schorr
35bd28a77e Add support for the Flowdock Team chat API: https://www.flowdock.com/api/push 2014-08-19 14:33:33 -04:00
Joseph Schorr
43b6695f9c Get team invite confirmation working and fully tested 2014-08-18 17:24:00 -04:00
Joseph Schorr
56d7a3524d Work in progress: Require invite acceptance to join an org 2014-08-15 17:47:43 -04:00
Joseph Schorr
2597bcef3f Add support for login with Google. Note that this CL is not complete 2014-08-11 15:47:44 -04:00
Joseph Schorr
7e8713171e - Change updated_tags into the expected dict, not a list 
- Update the event code on both sides to expect the dict
- Add filter support to the string builder
 2014-08-05 17:45:40 -04:00
Joseph Schorr
7de1dd7dc0 Merge branch 'master' into redalert 2014-07-28 18:35:39 -04:00
Joseph Schorr
34fc279092 Add e-mail authorization to the repository notification flow. Also validates the creation of the other notification methods. 2014-07-28 14:58:12 -04:00
Jake Moshenko
d4c41f2b11 Remove the insane repository. 2014-07-22 16:46:19 -04:00