Commit graph

1155 commits

Author SHA1 Message Date
Jake Moshenko
ba067048d8 Merge pull request #203 from coreos-inc/encpass
Add encrypted password output in the superuser API
2015-07-01 12:40:05 -04:00
Joseph Schorr
b535e222b8 Have the fetch tag dialog show a warning for robot accounts without access
Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.
2015-07-01 19:37:52 +03:00
Joseph Schorr
b91b60e83d Add encrypted password output in the superuser API
When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along
2015-07-01 19:29:42 +03:00
Joseph Schorr
f06fed32b8 Fix build ID key on build queued event 2015-07-01 17:48:43 +03:00
josephschorr
7aeaf2344e Merge pull request #200 from coreos-inc/tagapilimit
Add pagination support to tag history API
2015-06-30 22:09:09 +03:00
Jake Moshenko
411ddceee0 Merge pull request #195 from coreos-inc/tidy
Delete all the old UI code and branches for new UI
2015-06-30 14:34:43 -04:00
Joseph Schorr
f7f10f4a6d Add pagination support to tag history API
Fixes #198
2015-06-30 19:44:43 +03:00
Joseph Schorr
87efcb9e3d Delegated superuser API access
Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users.
2015-06-30 11:08:26 +03:00
Joseph Schorr
81bb76d3df Fix spelling mistakes 2015-06-29 21:38:01 +03:00
Joseph Schorr
2b1bbcb579 Add a table view to the repos list page
Fixes #104
2015-06-29 21:12:53 +03:00
Jimmy Zelinskie
756d6784ca Merge pull request #192 from coreos-inc/sqlssl
Allow SSL cert for the database to be configured
2015-06-29 13:33:31 -04:00
Jake Moshenko
6e6b3c675f Merge pull request #28 from coreos-inc/swagger2
Switch to Swagger v2
2015-06-29 12:18:10 -04:00
Joseph Schorr
dc5af7496c Allow superusers to disable user accounts 2015-06-29 18:40:52 +03:00
Jimmy Zelinskie
442cbed087 Merge pull request #186 from coreos-inc/changelog
Remove container usage tab and replace with changlog view
2015-06-29 10:06:07 -04:00
Joseph Schorr
33039e9bc4 New layout cleanup: Remove second GH trigger path 2015-06-29 12:18:21 +03:00
Joseph Schorr
b8c74bbb17 Remove container usage tab and replace with changlog view
Fixes #179
2015-06-29 11:07:46 +03:00
Joseph Schorr
bb07d0965f Allow SSL cert for the database to be configured
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
2015-06-29 08:08:10 +03:00
Joseph Schorr
cd5cb4b767 NPE fix 2015-06-28 10:44:58 +03:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Jake Moshenko
ccebba8f51 Clean up headers and whitespace. 2015-06-23 17:10:03 -04:00
Joseph Schorr
9887c9c163 Remove ability to create Quay users from the Docker CLI 2015-06-22 17:12:05 -04:00
Jimmy Zelinskie
66450d4810 Merge pull request #152 from coreos-inc/branchtag
Allow manual triggering of both branches and tags
2015-06-22 15:37:03 -04:00
Joseph Schorr
ce6474c6b5 Robots API for users should not be internal-only 2015-06-22 15:14:10 -04:00
Joseph Schorr
3fb2a33ee7 Fix the API service to use the new Swagger description form 2015-06-22 15:13:26 -04:00
Joseph Schorr
143036be9c Allow manual triggering of both branches and tags
Fixes #100
2015-06-19 14:38:26 -04:00
Joseph Schorr
2c46665415 Optimize the generate_headers check to skip the permissions load when we don't need it 2015-06-19 14:02:51 -04:00
Joseph Schorr
ec22bc0662 Raise a proper deactivation exception on bad credentials 2015-06-19 13:05:42 -04:00
Jimmy Zelinskie
82287926ab Merge pull request #140 from coreos-inc/eventinfo
Add more build information to the events and have better messaging
2015-06-17 16:49:59 -04:00
Jake Moshenko
34c06b0932 Merge pull request #133 from coreos-inc/alembichealth
Add health check endpoint to verify that the locally running DB revis…
2015-06-17 15:04:19 -04:00
Joseph Schorr
fe70139daa Allow GitHub triggers to be removed if OAuth token is invalid 2015-06-17 13:25:01 -04:00
Joseph Schorr
9b974f6b80 Add more build information to the events and have better messaging
Fixes #79
2015-06-16 23:16:36 -04:00
Joseph Schorr
7b94e37c95 Clarify why we use features.BILLING as the feature flag on the route 2015-06-16 17:43:02 -04:00
Joseph Schorr
48ee4671a7 Some additional fixes when testing this branch 2015-06-16 15:46:58 -04:00
Joseph Schorr
91c829bd14 Merge branch 'master' into gitfix 2015-06-16 15:18:24 -04:00
Joseph Schorr
33b31a2451 Fix logs view in superuser panel
This seems to have been broken ever since we moved to syslog
2015-06-15 20:55:23 -04:00
Joseph Schorr
6e0dc1df08 Add health check endpoint to verify that the locally running DB revision matches that of the database
Fixes #132
2015-06-15 15:55:30 -04:00
Jake Moshenko
860c7faf61 Merge pull request #127 from coreos-inc/vatotax
Add support for custom fields in billing invoices
2015-06-12 16:51:46 -04:00
Joseph Schorr
e7fa560787 Add support for custom fields in billing invoices
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.

Fixes #106
2015-06-12 16:45:01 -04:00
Joseph Schorr
da120a1ef2 Handle the case where GH auth fails on a trigger request
Fixes #124
2015-06-12 16:34:13 -04:00
Joseph Schorr
88aa5a0830 Switch BitBucket code to always use the latest commit
Before this change, we'd use the first commit, which could be incorrect if there are multiple commits in a single push

Fixes #99
2015-06-11 14:12:01 -04:00
Joseph Schorr
44f49a43dd Fix creation of repositories when having a creator permission
This fixes the grants on a user's session when creating a repository with only the creator permission

Fixes #117
2015-06-10 16:12:42 -04:00
Jake Moshenko
e09d84b3c8 Merge pull request #55 from coreos-inc/oauthdeny
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-05 14:00:16 -04:00
Jake Moshenko
2a2414d6af Merge pull request #60 from coreos-inc/jwtauthentication
Add support for an external JWT-based authentication system
2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
josephschorr
63f289a8cb Merge pull request #59 from jzelinskie/custom-git-fix
triggers: metadata.commit_sha -> metadata.commit
2015-06-02 16:10:26 -04:00
Joseph Schorr
477a3fdcdc Add a test to verify that all important blueprints have all their methods decorated
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0 triggers: metadata.commit_sha -> metadata.commit
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031 Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
2015-06-02 15:16:22 -04:00
Joseph Schorr
c0e995c1d4 Merge branch 'master' into nolurk 2015-06-02 13:55:16 -04:00
Jake Moshenko
42da017d69 Merge pull request #48 from coreos-inc/nobots
Change API calls that expect non-robots to explicitly filter
2015-06-02 12:31:19 -04:00
Joseph Schorr
5516911de9 Fix OAuth redirect for denial action when generating for internal tokens 2015-06-02 12:25:59 -04:00
Joseph Schorr
25ee46f5a2 Fix bitbucket triggers when the branch tag filter removes all branches 2015-06-01 15:35:59 -04:00
Joseph Schorr
fdd43e2490 Change API calls that expect non-robots to explicitly filter
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
2015-05-26 17:47:33 -04:00
Joseph Schorr
b3ea4ecaa2 Remove unneeded mime type set; jsonify does this for us 2015-05-26 17:30:10 -04:00
Joseph Schorr
9888c3ad9b Add an endpoint for downloading the logs of a build. 2015-05-26 17:24:18 -04:00
Joseph Schorr
ecabf086ea Add missing newline at end of decorators.py 2015-05-26 16:48:59 -04:00
Joseph Schorr
374d1d7e89 Fix case where the auth token was not written properly for BitBucket 2015-05-26 13:40:21 -04:00
Joseph Schorr
855f3a3e4d Have the verifyUser endpoint use the same confirm_existing_user method
This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP
2015-05-22 16:26:26 -04:00
Joseph Schorr
b0d763b5ff Fix encrypted password generator to use the LDAP username, not the Quay username.
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-20 16:37:09 -04:00
Jimmy Zelinskie
7bed404302 Merge pull request #33 from coreos-inc/branchregex
Add some more debug logging around bitbucket triggers and add some te…
2015-05-20 14:22:33 -04:00
Joseph Schorr
eb773e40a2 Add some more debug logging around bitbucket triggers and add some tests to verify we properly handle trigger branch filters 2015-05-20 14:18:12 -04:00
Jimmy Zelinskie
fe3f0dc10b custom-git: accept commit SHAs 7+ chars in length 2015-05-20 12:53:43 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
2379af71f8 Parse the client secret properly 2015-05-18 15:01:37 -04:00
Joseph Schorr
fb8e718c44 Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header 2015-05-18 12:38:39 -04:00
Joseph Schorr
0bc1c29dff Switch the Python side to Swagger v2 2015-05-14 16:47:38 -04:00
Joseph Schorr
28bd9af4ff Fix tutorial 2015-05-13 14:55:39 -04:00
Joseph Schorr
0e86fc80ca Fix bitbucket trigger to use the specified branch name before the default branch 2015-05-13 13:55:44 -04:00
Joseph Schorr
3e1abba284 Add ability for super users to rename and delete organizations 2015-05-11 18:03:25 -04:00
Joseph Schorr
1c41d34b7c Add ability for superusers to change user emails 2015-05-11 14:38:10 -04:00
Joseph Schorr
de6267700e Fix bugs with the custom git trigger and make error reporting better 2015-05-10 13:38:47 -04:00
Joseph Schorr
f858caf6cd Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 16:43:07 -04:00
Joseph Schorr
c767aafcd6 Make the repository API faster by only checking the log entries table once for each kind of entry, rather than twice. We make use of a special subquery-like syntax, which allows us to count those entries that are both 30 days only and 1 day old in the same query. This was tested successfully on MySQL, Postgres and Sqlite. 2015-05-07 22:49:11 -04:00
Joseph Schorr
3627de103c Minimize the queries used when retrieve builds. Previously, we'd call out to SQL extra times per build. 2015-05-07 21:11:15 -04:00
Joseph Schorr
8eb9c376cd Add constructors for the QuayDeferredPermissionUser so that we can avoid extraneous DB lookups of the user whenever we already have the object 2015-05-07 15:04:12 -04:00
Joseph Schorr
a46d367276 Remove unneeded repo filter 2015-05-06 20:55:17 -04:00
Joseph Schorr
e647d91e8b Switch the repos page to use a single API call, rather than one per namespace + one for star repos 2015-05-06 19:15:03 -04:00
Joseph Schorr
2d83e5c7e7 Change to using the SSH url; git urls cannot be used with private repos on GitHub 2015-05-06 12:23:46 -07:00
Joseph Schorr
65d0332176 Skip bitbucket trigger if there is no commit branch and no commit tag 2015-05-05 09:40:23 -07:00
Joseph Schorr
df2883bfb6 Fix variable access error 2015-05-03 18:15:11 -07:00
Joseph Schorr
ff89cc9f1d Fix key issue in gitlab 2015-05-03 18:08:14 -07:00
Jimmy Zelinskie
b3bf947af5 gitlab: consistent commit for _prepare_build 2015-05-03 17:58:30 -07:00
Joseph Schorr
0b990677a0 More code cleanup and fix bug around can_admin in the trigger_view 2015-05-03 11:02:05 -07:00
Joseph Schorr
d07f9f04e9 UI and code improvements to make working with the multiple SCMs easier 2015-05-03 10:38:11 -07:00
Joseph Schorr
f091aaa07e Get basic support for GitLab working in the UI 2015-05-03 09:58:48 -07:00
Joseph Schorr
e3aededcbc Merge branch 'master' into gitlab 2015-05-03 12:13:09 -04:00
Jimmy Zelinskie
3ac884beb4 gitlab oauth 2015-05-02 17:54:48 -04:00
Jimmy Zelinskie
7426a540dd initial gitlab angular stuff 2015-05-02 13:31:54 -04:00
Jimmy Zelinskie
d21fbb1204 endpoints.trigger: address gitlab PR comments 2015-05-01 23:35:54 -04:00
Jimmy Zelinskie
ae83da75ce endpoints.trigger: initial gitlab handler 2015-05-01 20:30:55 -04:00
Joseph Schorr
b8785dfc04 Fix github login to use the github auth endpoint 2015-05-01 12:58:50 -04:00
Joseph Schorr
c14368fc66 Fix typo 2015-04-30 16:47:16 -04:00
Joseph Schorr
b96e35b28c Merge master into bitbucket 2015-04-30 15:52:08 -04:00
Joseph Schorr
b7317f894b UI fixes for all the new trigger stuff 2015-04-30 15:33:19 -04:00
Jimmy Zelinskie
ded28f6b30 redirect ac-discovery=1 to the index
This is a temp fix because rkt doesn't follow redirects.
2015-04-30 13:03:50 -04:00
Joseph Schorr
60036927c9 Really disallow usage of the same account for an org as the one being converted. Before, you could do so via email. 2015-04-29 20:30:37 -04:00
Joseph Schorr
d5c70878c5 Get build preparation working for bitbucket and do a lot of code cleanup around this process across all the triggers. Note: tests are not yet updated. 2015-04-29 17:04:52 -04:00
Jimmy Zelinskie
edd0ba4cdb endpoints.verbs: 202 for unfinished aci sigs 2015-04-29 15:33:20 -04:00
Joseph Schorr
6479f8ddc9 Work In Progress!
Get the full activation and deactivation cycle working for bitbucket.
2015-04-28 18:15:12 -04:00
Joseph Schorr
5cc91ed202 Work in progress: bitbucket support 2015-04-24 18:36:48 -04:00
Joseph Schorr
01698e8d16 Fix OAuth 500 error 2015-04-24 16:42:31 -04:00
Joseph Schorr
c480fb2105 Work in progress: bitbucket support 2015-04-24 15:13:08 -04:00
Jimmy Zelinskie
852aa33101 endpoints.trigger: activate: ret private config 2015-04-23 18:16:09 -04:00
Jimmy Zelinskie
2a13eade80 Merge pull request #22 from coreos-inc/git
git's a pretty cool guy
2015-04-23 17:33:36 -04:00
Jimmy Zelinskie
aa1658f0c7 endpoints.trigger: more logical comment blocks 2015-04-23 14:02:05 -04:00
Jimmy Zelinskie
07b730c7ad generic trigger credentials 2015-04-22 17:07:16 -04:00
Joseph Schorr
d6a1493d52 Fix build logs on Safari by having the client JS handle the redirect manually, rather than the browser itself; Safari doesn't support 302 redirects to another domain inside an XHR. 2015-04-22 15:16:59 -04:00
Jimmy Zelinskie
cfcd636cc0 only send build config to admins 2015-04-22 14:30:06 -04:00
Jimmy Zelinskie
9703850e8f enforce short SHAs throughout build pipeline 2015-04-22 13:22:04 -04:00
Jimmy Zelinskie
133ed7190e trigger: validate that the commit is a short SHA 2015-04-22 11:24:04 -04:00
Jimmy Zelinskie
02498d72ba almost all PR discussion fixes 2015-04-21 18:04:25 -04:00
Joseph Schorr
f1ea20315a Finish mobilification of org view 2015-04-20 14:00:10 -04:00
Joseph Schorr
62770674d4 Switch to a 0.5 modifier 2015-04-20 13:00:56 -04:00
Joseph Schorr
ae55b8dd0e Make the search action not return scores of zero if there is no character matching 2015-04-20 13:00:38 -04:00
Joseph Schorr
16e05e83b1 Score based on the robot short name 2015-04-20 12:51:47 -04:00
Jimmy Zelinskie
93cd459460 Merge branch 'master' into git 2015-04-20 10:58:49 -04:00
Joseph Schorr
d1e2d072ea Add unit tests and a stronger restriction on the revert API call 2015-04-19 15:43:16 -04:00
josephschorr
56b5d7ddfb Merge pull request #21 from coreos-inc/greatscott
Working time machine
2015-04-19 15:16:09 -04:00
Jimmy Zelinskie
ba2cb08904 Merge branch 'master' into git 2015-04-16 17:38:35 -04:00
Joseph Schorr
f19d2f684e Add ability to revert tags via time machine 2015-04-16 17:18:00 -04:00
Joseph Schorr
3cd11c8f45 GitHub login fixes:
- Allow for case insensitivity in the org name list
  - Remove the check for verified email addresses when under Enterprise; it isn't supported there.
2015-04-16 12:17:39 -04:00
Jimmy Zelinskie
2236270741 add webhook URL to custom trigger dialog 2015-04-16 12:06:48 -04:00
Jimmy Zelinskie
0c3becd204 endpoints.api.trigger: clarify token->write_token 2015-04-16 12:06:05 -04:00
Jimmy Zelinskie
3798c5f377 trigger: return non-json metadata 2015-04-15 17:02:53 -04:00
Jimmy Zelinskie
bd57c6a8fb trigger: custom git payload JSON schema 2015-04-15 16:52:46 -04:00
Joseph Schorr
f8c80f7d11 Add a history view to the tags page. Next step will add the ability to revert back in time 2015-04-15 15:21:09 -04:00
Joseph Schorr
703f48f194 Add auto-redirect to user and org pages for the new layout 2015-04-10 15:35:23 -04:00
Joseph Schorr
1df025b57e Change search to use a set of queries for repo lookup rather than a single monolithic query, in the hopes that this will make things significantly faster and actually useable. The individual queries have been tested by hand on MySQL, but the real test will be staging 2015-04-10 15:27:37 -04:00
Joseph Schorr
0be0aed17d Move the repo sorting by pull count into the main matching query, to both make it more accurate and make the search faster 2015-04-09 14:41:59 -04:00
Joseph Schorr
396cba64e6 Fix search to return better results by searching for robots and namespaces in different queries. 2015-04-09 12:57:20 -04:00
Joseph Schorr
4f4bb05621 Fix search SQL issues 2015-04-08 17:41:08 -04:00
Jimmy Zelinskie
ed88e76843 custom trigger: tag with git sha 2015-04-08 16:56:47 -04:00
Joseph Schorr
19e25ac340 Merge branch 'master' into bing 2015-04-08 15:23:36 -04:00
Joseph Schorr
d09f2f6e22 Get the new context-sensitive new menu working 2015-04-07 18:33:43 -04:00
Joseph Schorr
40a6892a49 Add search tests 2015-04-07 14:05:12 -04:00
Joseph Schorr
1b56567268 Make sure also include teams from organizations that the user admins 2015-04-07 13:45:49 -04:00
Joseph Schorr
a34d56045f Add scoring based on the string distance 2015-04-07 12:32:23 -04:00
Joseph Schorr
951b0cbab8 Start on new interactive search 2015-04-06 19:17:18 -04:00
Jimmy Zelinskie
c8b931609e unsupported alert for robot selection 2015-04-06 14:53:54 -04:00
Jimmy Zelinskie
d0f5808a62 trigger: fix custom tags 2015-04-03 17:20:30 -04:00
Jimmy Zelinskie
f782764ba5 trigger: add commit_sha to json schema 2015-04-03 17:20:30 -04:00
Joseph Schorr
4cb7921c3a Make sure to show public repos on the user and orgs pages 2015-04-03 14:55:09 -04:00
Joseph Schorr
094f91fb8b Fix the tutorial's user events 2015-04-03 12:13:33 -04:00
Joseph Schorr
036c8e56e0 Add proper error handling when the config volume is mounted in a read-only state. 2015-04-02 18:54:09 -04:00
Joseph Schorr
f67eeee8c8 Start conversion of the user admin/view 2015-04-02 16:34:41 -04:00
Joseph Schorr
5fc8e632d6 Redo the permissions table to have different sections for users and robot accounts 2015-04-01 14:23:39 -04:00
Joseph Schorr
5cd500257d Merge branch 'master' into orgview 2015-04-01 13:56:49 -04:00
Joseph Schorr
fde9666647 Add the team membership to the robots view 2015-04-01 13:56:30 -04:00
Joseph Schorr
1f5e6df678 - Fix tests
- Add new endpoints for retrieving the repo permissions for a robot account
- Have the robots list return the number of repositories for which there are permissions
- Other UI fixes
2015-03-31 18:50:43 -04:00
Joseph Schorr
9018cf14eb Better UI for the permissions table in the repository, as well as fix some other avatar issues 2015-03-31 14:36:09 -04:00