Evan Cordell
eac9927414
Add FEATURE_SIGNING flag and refactor nginx_conf_create.sh
2017-02-23 14:38:16 -05:00
Evan Cordell
9affe193db
Add support for tuf metadata endpoints
2017-02-23 14:38:16 -05:00
Jimmy Zelinskie
e81926fcba
util.secscan.api: init read-only failover
2017-02-03 19:20:13 -05:00
Joseph Schorr
3eb17b7caa
Add support for recaptcha during the create account flow
...
If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed.
2017-01-09 11:08:21 -05:00
Jimmy Zelinskie
00eafff747
Merge pull request #2204 from jzelinskie/429builds
...
add rate limiting to build queues
2016-12-07 15:03:31 -05:00
Jimmy Zelinskie
57770493fa
build rate limiting: use a rate
2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
7877c6ab94
add rate limiting to build queues
2016-12-06 16:30:12 -05:00
Jake Moshenko
709edd7eb6
Reduce the update period on queue worker metrics.
2016-12-05 18:12:14 -05:00
Joseph Schorr
66e09b2a95
Switch landing page to read template from S3 bucket
...
This change uses CORS to make the Angular template request to a defined S3 bucket, falling back to the compiled login template if the bucket is not available.
Fixes #1313
2016-11-30 14:00:07 -05:00
Charlton Austin
2fe74e4057
Adding in UI for cancel anytime.
2016-11-21 10:58:32 -05:00
Joseph Schorr
5f99448adc
Add a chunk cleanup queue for async GC of empty chunks
...
Instead of having the Swift storage engine try to delete the empty chunk(s) synchronously, we simply queue them and have a worker come along after 30s to delete the empty chunks. This has a few key benefits: it is async (doesn't slow down the push code), helps deal with Swift's eventual consistency (less retries necessary) and is generic for other storage engines if/when they need this as well
2016-11-15 15:07:41 -05:00
josephschorr
45b1148118
Merge pull request #2086 from coreos-inc/user-info
...
Add collection of user metadata: name and company
2016-11-09 13:15:07 -05:00
Joseph Schorr
7e78406112
Add a defined timeout on all HTTP calls in notification methods
2016-11-08 18:28:06 -05:00
Joseph Schorr
0f2eb61f4a
Add collection of user metadata: name and company
2016-11-08 16:15:02 -05:00
Jimmy Zelinskie
3cafa5721d
config: fix staggered workers config name
2016-11-01 12:31:12 -04:00
josephschorr
129d2851f7
Merge pull request #1961 from coreos-inc/session-cookies
...
Enable permanent sessions
2016-10-31 13:58:26 -04:00
Joseph Schorr
3a473cad2a
Enable permanent sessions
...
Fixes #1955
2016-10-31 13:52:09 -04:00
Jimmy Zelinskie
a30b358709
add staggered worker startup
...
Fixes #787
2016-10-28 17:12:39 -04:00
Jake Moshenko
f04b018805
Write our users to Marketo as leads.
2016-10-14 16:29:11 -04:00
charltonaustin
df4e58f3e4
Fixing some pylint stuff (was trying to get it to work and stumbled on this guy).
2016-10-06 11:41:51 -04:00
Joseph Schorr
6ea51afa66
Add a configurable prometheus namespace for all metrics
...
Fixes #1918
2016-10-05 10:33:35 +03:00
josephschorr
684ace3b5a
Merge pull request #1761 from coreos-inc/nginx-direct-download
...
Add feature flag to force all direct download URLs to be proxied
2016-09-29 22:46:57 +02:00
Joseph Schorr
dd2e086a20
Add feature flag to force all direct download URLs to be proxied
...
Fixes #1667
2016-09-29 11:13:41 +02:00
Joseph Schorr
310eded8e6
Add a configuration flag for external TLS termination
...
This is necessary to ensure that we use the correct scheme when conducting health checks, setting cookies, etc.
Fixes #1865
2016-09-22 18:28:57 -04:00
Joseph Schorr
25ed99f9ef
Add feature flag to turn off requirement for team invitations
...
Fixes #1804
2016-09-20 16:45:00 -04:00
Joseph Schorr
608ffd9663
Basic labels support
...
Adds basic labels support to the registry code (V2), and the API. Note that this does not yet add any UI related support.
2016-08-26 15:24:26 -04:00
Joseph Schorr
75e8af47e5
Switch Olark to Chatlio
2016-08-08 18:18:35 -04:00
Joseph Schorr
a1009af61c
Move aggregator into its own repo and add it to the image
2016-07-05 15:39:51 -04:00
Joseph Schorr
9158fe38ee
Add Marketo munchkin tracking via angulartics
2016-06-20 16:22:30 -04:00
Joseph Schorr
8887f09ba8
Use the instance service key for registry JWT signing
2016-06-07 11:58:10 -04:00
Joseph Schorr
7933aecf25
Add support for direct granting of OAuth tokens and add tests
...
This allows a client (when authorized in a whitelist) to send direct credentials via a Basic auth header and therefore bypass the OAuth approval UI for that user.
2016-05-23 17:17:06 -04:00
Jimmy Zelinskie
5568cc77b8
remove all default keys ( #1485 )
...
This change:
- Generates a new BitTorrent pepper by default
- Generates a new pagination key by default
- Changes the pagination key format to base64
- Removes selfsigned JWT certs
- Moves test keys to test/data
2016-05-23 16:00:48 -04:00
Jake Moshenko
17536e66dc
Change our jwt signing key to actually be self signed.
2016-05-23 15:07:33 -04:00
Joseph Schorr
4aab834156
Move to Angular 1.5
...
This has been reasonably well tested, but further testing should be done on staging.
Also optimizes avatar handling to use a constant size and not 404.
Fixes #1434
2016-05-17 16:32:08 -04:00
Joseph Schorr
2cbdecb043
Implement setup tool support for Clair
...
Fixes #1387
2016-05-04 13:40:50 -04:00
Jimmy Zelinskie
f842545b3e
rename config values to remove "Quay" ( #1431 )
2016-05-03 13:11:21 -04:00
Jimmy Zelinskie
437ec84c9f
torrent: use quay.pem to mint JWT ( #1425 )
2016-05-02 18:10:16 -04:00
Evan Cordell
a6f6a114c2
service key worker to refresh automatic keys
2016-04-29 14:10:33 -04:00
Evan Cordell
c766727d1d
address review comments
...
- more inline documentation
- don't explicitly specify audience
- approver is optional in `generate_key`
- ADD -> RUN for better caching of jwtproxy
2016-04-29 14:10:33 -04:00
Evan Cordell
d2aa4be29e
Explicitly set jwtproxy audience
2016-04-29 14:10:33 -04:00
Evan Cordell
f30a9e56f3
Be really sure about proxy protocol
2016-04-29 14:10:33 -04:00
Evan Cordell
f4d2fae5d8
Separate jwtproxy signer config from secscan config
2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd
Generate private key on startup
2016-04-29 14:10:33 -04:00
Evan Cordell
9e7a501dae
Authenticate in the other direction with jwtproxy
2016-04-29 14:10:33 -04:00
Joseph Schorr
4f63a50a17
Change account-less logs to use a user and not null
...
This allows us to skip the migration
2016-04-29 14:09:37 -04:00
Joseph Schorr
522cf68c5d
Lots of smaller fixes:
...
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
c0ab45d335
key server: derive audience from host and scheme
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
d277fe6741
add final service key config
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
4079dba167
service keys: do all the right stuff
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
cca95ac583
add GITLAB_TRIGGER_CONFIG to config.py
...
We were already using this in production in our config.yml. We just
didn't have a default value for it inside of config.py.
2016-03-18 14:56:09 -04:00
Quentin Machu
d36528a77a
Increase POST timeout in secscan API
2016-03-04 11:59:00 -05:00
Quentin Machu
888f976e8d
Use a feature flag to toggle security notifications
2016-03-01 15:54:18 -05:00
Joseph Schorr
f498e92d58
Implement against new Clair paginated notification system
2016-02-25 15:58:42 -05:00
Joseph Schorr
1940fd9939
Add UI to the setup tool for enabling ACI conversion
...
Fixes #1211
2016-02-17 12:05:48 -05:00
Jimmy Zelinskie
e18dacd26b
extend torrent webseed lifetime to an hour
2016-02-08 17:57:28 -05:00
Joseph Schorr
b4bddacedb
Switch to Fernet crypto as per gtank's recommendation
2016-01-26 12:50:48 -05:00
Joseph Schorr
bd0a098282
Add ID-based pagination to logs using new decorators and an encrypted token
...
Fixes #599
2016-01-26 12:50:48 -05:00
Jimmy Zelinskie
85ae1a2a0a
Merge pull request #1161 from jzelinskie/torrenthmac
...
misc torrent changes
2016-01-22 23:02:44 -05:00
Joseph Schorr
e4ffaff869
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
...
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Jimmy Zelinskie
e54b86c6eb
s/TORRENT/BITTORRENT
2016-01-22 15:52:28 -05:00
Jake Moshenko
1ae101c917
Address torrent feature review comments.
2016-01-08 16:38:21 -05:00
Jimmy Zelinskie
087c6828ad
add feature.BITTORRENT and jwk set URI
2016-01-07 19:07:23 -05:00
Jimmy Zelinskie
a0e5de8f29
add torrent options to config
2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796
Hash and track layer file chunks for torrenting
2016-01-04 16:17:51 -05:00
Joseph Schorr
ab166c4448
Delete the image diff feature
...
Fixes #1077
2015-12-23 13:08:01 -05:00
Jimmy Zelinskie
f439ad7804
Merge pull request #618 from jzelinskie/logsworker
...
add a log rotation worker
2015-12-16 17:25:50 -05:00
Jimmy Zelinskie
e1f955a3f6
add a log rotation worker
...
Fixes #609 .
2015-12-16 17:22:28 -05:00
Joseph Schorr
c888a8b3be
Make GC timeout configurable
2015-12-16 15:45:02 -05:00
Jake Moshenko
766d60493f
Add the ability to blacklist v2 for specific versions
2015-12-15 18:27:10 -05:00
Jake Moshenko
0459c3bc54
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-16 14:22:54 -05:00
Joseph Schorr
7816b0c657
Merge master into vulnerability-tool
2015-11-12 21:52:47 -05:00
Jimmy Zelinskie
7fd53d6783
update IRC channel
2015-11-11 15:42:36 -05:00
Jimmy Zelinskie
dc476470fe
add secscan notification queue
2015-11-10 15:22:30 -05:00
Joseph Schorr
75dfec7875
Fix endpoint
2015-11-09 12:50:39 -05:00
Jake Moshenko
c2fcf8bead
Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2
2015-11-06 18:18:29 -05:00
Jimmy Zelinskie
f3c3e684a1
prepare branch to be merged into phase1-11-07-2015
...
This removes the checksum backfill, removes the migration that runs the
backfills, and defaults the security scan feature off.
2015-11-06 15:22:18 -05:00
Joseph Schorr
cfa03951e1
Add a SecScanEndpoint class and move all the cert and config handling in there
2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0
Add vulnerabilities and packages API to Quay
...
Fixes #564
2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea
Add a vulnerability_found event for notice when we detect a vuln
...
Fixes #637
Note: This PR does *not* actually raise the event; it merely adds support for it
2015-11-06 15:22:18 -05:00
Joseph Schorr
2d1df267dd
Add security config
2015-11-06 15:22:18 -05:00
Joseph Schorr
f6a53f7cc5
Change all Quay.io references to Quay, fix tour and change logo
...
Fixes #741
2015-11-02 14:37:48 -05:00
Jake Moshenko
fc55730db8
Add a feature flag to advertise v2 endpoints
2015-10-26 14:20:51 -04:00
Jake Moshenko
26cea9a07c
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-17 16:16:27 -04:00
Jake Moshenko
9c3ddf846f
Some fixes and tests for v2 auth
...
Fixes #395
2015-09-10 15:38:57 -04:00
Joseph Schorr
c0286d1ac3
Add support for Dex to Quay
...
Fixes #306
- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
2015-09-04 17:05:06 -04:00
Jake Moshenko
210ed7cf02
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-04 16:32:01 -04:00
Joseph Schorr
0a91a1d9d8
Redirect to the /setup page automatically in the ER when not fully setup
2015-09-02 14:59:54 -04:00
Joseph Schorr
724b1607d7
Add automatic storage replication
...
Adds a worker to automatically replicate data between storages and update the database accordingly
2015-09-01 14:53:32 -04:00
Jake Moshenko
e1b3e9e6ae
Another huge batch of registry v2 changes
...
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
2015-08-12 16:41:12 -04:00
Joseph Schorr
e53c3e23be
Change docs to load from HTTPS
2015-08-05 14:34:11 -04:00
Joseph Schorr
8a8955d234
Add documentation search to the main search bar
2015-08-03 17:15:53 -04:00
Joseph Schorr
70de107268
Make GC of repositories fully async for whitelisted namespaces
...
This change adds a worker to conduct GC on repositories with garbage every 10s.
Fixes #144
2015-07-28 15:30:04 -04:00
Jake Moshenko
bc29561f8f
Fix and templatize the logic for external JWT AuthN and registry v2 Auth.
...
Make it explicit that the registry-v2 stuff is not ready for prime time.
2015-07-17 11:56:15 -04:00
Joseph Schorr
33b31a2451
Fix logs view in superuser panel
...
This seems to have been broken ever since we moved to syslog
2015-06-15 20:55:23 -04:00
Jake Moshenko
e09d84b3c8
Merge pull request #55 from coreos-inc/oauthdeny
...
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-05 14:00:16 -04:00
Joseph Schorr
5516911de9
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-02 12:25:59 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
ba0fafc857
Add missing default for the gitlab feature flag
2015-05-04 19:04:27 -07:00
Joseph Schorr
c480fb2105
Work in progress: bitbucket support
2015-04-24 15:13:08 -04:00
Joseph Schorr
5cd500257d
Merge branch 'master' into orgview
2015-04-01 13:56:49 -04:00