Joseph Schorr
8ee98c1c48
Show starred public repositories in the starred repos list
...
We forgot to check if the repository was public in the filter
Fixes https://jira.coreos.com/browse/QUAY-857
2018-05-31 17:34:17 -04:00
Joseph Schorr
f86c087b3b
Prevent registry operations against disabled namespaces
...
Allows admins to completely wall off a namespace by disabling it
Fixes https://jira.coreos.com/browse/QUAY-869
2018-05-22 18:36:04 -04:00
Joseph Schorr
6ffafe44d3
Merge pull request #3059 from quay/joseph.schorr/QUAY-906/reg-tests
...
Move registry integration tests to py.test
2018-05-22 17:09:11 -04:00
Joseph Schorr
5509dd350c
Switch to use the new registry tests suite
2018-05-22 17:06:41 -04:00
Joseph Schorr
a007332d4c
Temporarily change to storing logs in a new LogEntry2 table
...
This will prevent us from running out of auto-incrementing ID values until such time as we can upgrade to peewee 3 and change the field type to a BigInt
Fixes https://jira.coreos.com/browse/QUAY-943
2018-05-18 20:15:16 -04:00
Joseph Schorr
22a39c3007
Fix bug with missing & in authorization URL for OIDC
...
Also adds testing to ensure we don't break this again
2018-05-15 14:52:00 -04:00
Joseph Schorr
8c1b0e673c
Implement the remaining registry tests in the new py.test format
2018-05-01 13:28:24 +03:00
Joseph Schorr
23c19bcbc1
Implement support for registry integration tests via py.test
...
This change implements support for registry integration tests using the new py.test-based live server test fixture. We can now parametrize the protocols we use (in prep for V2_2), and it makes the code *much* cleaner and less hacky.
Note that moving the vast majority of the tests over from the existing impl will come as a followup PR
2018-05-01 13:28:24 +03:00
Joseph Schorr
85496b8195
Translate LiveServerTestCase into a py.test-compatible liveserver fixture
...
This allow us to super-easily instantiate a live, running Flask server with the test app, as well as interact with it, without any of the crazy boilerplate we previously used
2018-05-01 13:28:24 +03:00
Sam Chow
1afedafcbb
Configurable options for search, info when at max
...
includes the options for maximum search results per page, and the
maximum number of pages available before help text is shown, and
the next page button is disabled
2018-04-25 11:12:09 -04:00
Brad Ison
e90da9f2c0
Fix API team membership test
2018-04-04 14:22:11 -04:00
Joseph Schorr
8146646761
Simplifying queries around images and placements
...
Only verbs needs to load placements for multiple images, so we can vastly simplify and optimize most queries by making it two-step, and having the rest of the image loads not worry about placements
2018-04-03 16:23:49 -04:00
josephschorr
323eb63747
Merge pull request #3032 from coreos-inc/joseph.schorr/QUAY-885/squashed-sym
...
Retarget broken hard links in squashed images
2018-03-26 17:59:52 -04:00
Joseph Schorr
110366f656
Retarget hard links pointing to deleted files by emitting the deleted file contents under the first hard link instance. This fixes a breakage in the squashed TAR where we were pointing hard links to missing data.
...
Fixes https://jira.coreos.com/browse/QUAY-885
2018-03-23 14:00:46 -04:00
josephschorr
6c43b7ff0d
Merge pull request #3024 from coreos-inc/manageable-robots
...
Manageable robots epic
2018-03-21 18:50:17 -04:00
Joseph Schorr
2ea13e86a0
Add last_accessed information to User and expose for robot accounts
...
Fixes https://jira.coreos.com/browse/QUAY-848
2018-03-21 15:28:34 -04:00
Joseph Schorr
3586955669
Remove license code in Quay
...
No longer needed under Red Hat rules \o/
Fixes https://jira.coreos.com/browse/QUAY-883
2018-03-20 17:03:35 -04:00
Joseph Schorr
ed84835d23
Changes for code review
2018-03-01 16:49:52 -05:00
Joseph Schorr
c35eec0615
Add ability for triggers to be disabled
...
Will be used in the followup commit to automatically disable broken triggers
2018-03-01 16:49:28 -05:00
Joseph Schorr
ab0172d2fd
Switch Quay to using an in-container memcached for data model caching
2018-02-27 16:55:22 -05:00
Joseph Schorr
8bc55a5676
Make namespace deletion asynchronous
...
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.
Fixes https://jira.coreos.com/browse/QUAY-838
2018-02-27 13:12:51 -05:00
Brad Ison
f89a16a64d
Make byte_count on BlobUpload table not nullable
...
The byte_count field on the BlobUpload model is marked as not
nullable, but the migration to make the field a big integer removed
that restriction (#2388 :: 76de324
) in the database. It's still in
the model though, which means they are out of sync. This adds a
migration to mark the field as not nullable in the database again.
2018-02-26 11:36:56 -05:00
Brad Ison
5bd826e7b5
Drop checksum from ImageStorage table
...
The checksum field was removed from the ImageStorage model in #815 ,
but was never dropped from the database. This adds a migration to
drop the unused column.
2018-02-24 17:00:07 -05:00
Joseph Schorr
9a452ace11
Add configurable limits for number of builds allowed under a namespace
...
We also support that limit being increased automatically once a successful billing charge has gone through
2018-02-20 16:54:22 -05:00
Brad Ison
62971b7f20
Merge pull request #2999 from bison/user-location
...
Add user location metadata filed
2018-02-20 16:48:37 -05:00
Joseph Schorr
188ea98441
Add new decorator to prevent reflected text attacks
...
Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend.
2018-02-20 11:33:45 -05:00
Joseph Schorr
b342111edb
Add registry tests for pushing and pulling previously bad repo names
2018-02-20 11:31:36 -05:00
Brad Ison
3de6b4a646
Add location metadata field for users
2018-02-06 16:06:17 -05:00
Joseph Schorr
bbdf9e074c
Add metrics for tracking when instance key renewal succeeds and fails, as well as when instance key *lookup* fails
2018-02-02 11:14:42 -05:00
Joseph Schorr
ede3a81c68
Disallow dots in repository names to fix reflected text "attack"
...
Fixes https://jira.coreos.com/browse/QS-125
2018-01-18 13:19:37 -05:00
Joseph Schorr
c887aa543b
Change superuser API errors to be more descriptive
...
Fixes https://jira.coreos.com/browse/QS-103
2018-01-05 17:09:26 -05:00
josephschorr
13b738c43c
Merge pull request #2954 from coreos-inc/joseph.schorr/QS-102/user-api-filter
...
Add ability to filter users list to enabled users
2018-01-05 15:40:50 -05:00
Joseph Schorr
5b4f5f9859
Regenerate test DB for token changes
2018-01-04 15:27:41 -05:00
Joseph Schorr
524d77f527
Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password
2018-01-04 15:27:41 -05:00
Joseph Schorr
8e473b9779
Add filter for disabled users to superuser user list API
...
Fixes https://jira.coreos.com/browse/QS-102
2017-12-22 16:45:49 -05:00
Joseph Schorr
3ce9d68a3e
Fix broken registry test
...
Flask now returns a 404 error, rather than redirecting like it used to do
2017-12-20 11:43:55 -05:00
Joseph Schorr
f9bd7ef42b
Add validation of Docker V2_1 schemas and add a test for PUTing an invalid schema
2017-12-20 11:43:03 -05:00
Joseph Schorr
11e3724919
Return an http 415 (manifest version not supported) for OCI manifest content types
...
This was breaking skopeo, as it first tries to send the *OCI* manifest type, which we didn't say we didn't support, thus breaking the tool
2017-12-20 11:02:34 -05:00
josephschorr
024c183f67
Merge pull request #2944 from coreos-inc/joseph.schorr/QS-91/v2-caching
...
V2 registry blob caching
2017-12-18 14:42:02 -05:00
Joseph Schorr
097cbbeaae
Add new Quay pricing plans
2017-12-18 13:12:16 -05:00
Joseph Schorr
b2485934ed
Enable caching of blobs in V2 registry protocol, to avoid DB connections after the cache has been loaded
...
This should help for bursty pull traffic, as it will avoid DB connections on a huge % of requests
2017-12-14 13:38:24 -05:00
Joseph Schorr
a706d99849
Add additional logs and an additional test for verbs
2017-12-07 15:22:20 -05:00
Joseph Schorr
1d1c6f0606
Invalidate all session tokens when a user signs out
...
Fixes https://jira.coreos.com/browse/QS-85
2017-12-07 13:03:11 -05:00
Joseph Schorr
927d469db0
In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address)
2017-12-06 14:07:38 -05:00
Joseph Schorr
2677720577
Fix exception raised for certain non-JSON strings given to is_json
...
This is breaking pushes in production for certain manifests
Fixes https://jira.prod.coreos.systems/browse/QS-60
2017-11-14 13:46:06 -05:00
Joseph Schorr
9f804de23d
Fix bug in deletion of repos with OCI-style linked tags
...
MySQL does not allow rows in the same table referencing other rows to be deleted in a single statement. We now do a two-pass deletion, and add a test to make sure.
Fixes https://jira.prod.coreos.systems/browse/QS-18
2017-10-18 17:03:27 -04:00
Joseph Schorr
010dda2c52
Add CloudFrontedS3Storage, which redirects to CloudFront for non-S3 ips
2017-09-28 14:40:58 -04:00
Joseph Schorr
c6aad5fef0
Add option to disable partial autocompletion of users
2017-09-12 15:55:37 -04:00
Joseph Schorr
464bccb5a0
Fix permissions on accessing archived logs
2017-08-18 13:45:36 -04:00
Jimmy Zelinskie
9e09612851
Revert "Merge pull request #2844 from coreos-inc/alegrand/use_latest_appr_server_code"
...
This reverts commit 646fafb2fd
, reversing
changes made to 5c1b635439
.
2017-08-09 20:45:46 -04:00
Joseph Schorr
854155fe82
Fix missing to_dict and import in robots model
...
Also adds a test to catch this issue
2017-08-09 20:33:14 -04:00
Antoine Legrand
646fafb2fd
Merge pull request #2844 from coreos-inc/alegrand/use_latest_appr_server_code
...
Migrate from cnr -> appr
2017-08-09 00:01:25 +02:00
Antoine Legrand
6336a4a971
Migrate from cnr -> appr
2017-08-08 11:48:59 +02:00
Evan Cordell
66dc093639
Convert RepositoryUserTransitivePermission security tests to pytest
2017-08-01 11:34:31 -04:00
Evan Cordell
a68ec6966e
Add data interface for api-permissions for v2-2
2017-07-31 15:46:13 -04:00
Jake Moshenko
0011ddda16
Release database connections after updating build statuses.
2017-07-26 12:29:51 -04:00
Joseph Schorr
5739e2ef4d
Move notifications test into notifications package
2017-07-25 17:00:06 -04:00
Joseph Schorr
ce56031846
Move notifications into its own package
2017-07-25 17:00:06 -04:00
Charlton Austin
8f1200b00d
style(data, endpoints, test): ran yapf against changed files
...
### Description of Changes
Issue: https://coreosdev.atlassian.net/browse/QUAY-633
## Reviewer Checklist
- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-07-24 11:05:15 -04:00
Charlton Austin
9e1106f164
refactor(endpoints/api/repository*): added in pre_oci_model abstraction
...
this is a part of getting ready for oci stuff
[TESTING->using new PR stack]
Issue: https://coreosdev.atlassian.net/browse/QUAY-633
- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-07-24 11:03:03 -04:00
josephschorr
a6db05e8b5
Merge pull request #2718 from coreos-inc/tag-expiration
...
Formal tag expiration support
2017-07-19 17:48:11 -04:00
Joseph Schorr
7d4fed6892
Change error message when trying to pull a deleted or expired tag
...
Will let the users know they can recover the tag via time machine
Note: This was tested with the Docker protocol, but the new error code is *technically* out of spec; we should make sure its okay.
2017-07-19 17:13:48 -04:00
Joseph Schorr
c5d8b5f86b
Add support for tag expiration based on a quay.expires-after
label
2017-07-19 17:13:06 -04:00
josephschorr
460a9b7fe8
Merge pull request #2732 from coreos-inc/swift-etag
...
Make sure to etag check Swift uploads
2017-07-19 17:06:53 -04:00
Jimmy Zelinskie
9f4ffca736
Merge pull request #2751 from jzelinskie/registry-tests
...
test: convert registry auth test to pytest
2017-07-13 15:09:57 -04:00
Evan Cordell
4ec4b7c6e6
Merge pull request #2782 from ecordell/no-signing-whitelist
...
Revert "Only show signing UI when namespace is explicitly whitelisted"
2017-07-13 10:20:53 -04:00
Evan Cordell
45bf7efc84
Merge branch 'master' into no-signing-whitelist
2017-07-12 15:50:32 -04:00
Evan Cordell
75c1533aec
Revert "Only show signing UI when namespace is explicitly whitelisted"
...
85d382cd84
2017-07-12 15:48:35 -04:00
Jimmy Zelinskie
7d1bbbfe19
test: convert registry auth test to pytest
...
This also moves them into the auth package.
2017-07-12 15:14:12 -04:00
Joseph Schorr
b6f1782642
Change notificationworker to use a data interface
2017-07-12 17:40:45 +03:00
Joseph Schorr
50c2f1fde8
Move notification worker test under its own package
2017-07-12 17:35:09 +03:00
Evan Cordell
939ddfd1d7
Merge v2.4.0-release into cherrypick-2.4.0
2017-07-10 10:25:18 -04:00
Evan Cordell
d4ef594c13
Mark fields as required on globalmessages API so that they are
...
properly checked when the request comes in
2017-07-05 18:16:55 -04:00
josephschorr
89ab94ffbb
Merge pull request #2720 from coreos-inc/gc-opt
...
GC optimizations
2017-06-29 20:55:14 +03:00
josephschorr
0e702c72f2
Merge pull request #2739 from coreos-inc/joseph.schorr/QUAY-664/verbs-interface-refactor
...
Refactor Verbs model definitions to match new style
2017-06-29 10:07:36 +03:00
Jimmy Zelinskie
5a651544bc
Merge pull request #2716 from jzelinskie/secscan-catch-all
...
util.secscan.api: add catch all for API failures
2017-06-28 13:42:33 -04:00
Jimmy Zelinskie
1d2640e012
util.secscan.fake: add test for unexpected status
2017-06-28 13:40:04 -04:00
Joseph Schorr
8ac20edfb2
Move verbs security tests into pytest style
2017-06-28 12:48:02 +03:00
Joseph Schorr
8dcea30d58
Fix build by pre-calling the caches
...
They were being called in a test-dependent order, which caused any tests which relied on query count to fail
2017-06-27 18:11:46 +03:00
Joseph Schorr
e9a95874ee
Move GC tests into pytest
2017-06-27 17:33:58 +03:00
Joseph Schorr
6b272cf7e6
Move Swift tests to pytest
2017-06-27 16:05:32 +03:00
Charlton Austin
0841d2bfb9
Merge pull request #2715 from charltonaustin/fix_endpoint_error
...
fix(endpoints): added in proper error handling
2017-06-21 17:00:38 -04:00
Charlton Austin
5e6aa6648b
fix(endpoints): added in proper error handling
...
before we would return a 400 without a message because the errors were not being caught
Issue: https://www.pivotaltracker.com/story/show/145459707
- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-06-21 16:59:48 -04:00
Joseph Schorr
a20d758642
Add a zero chunk test to cloud storage
2017-06-16 13:38:38 -04:00
josephschorr
4fd2047e30
Merge pull request #2693 from coreos-inc/gc-query-opt
...
Optimize GC query join a bit by reducing the surface
2017-06-12 13:37:55 -04:00
Joseph Schorr
d68b65d90c
Optimize GC query join a bit by reducing the surface
...
We remove the directly referenced images from the join across ancestors, as they will be covered by the first part of the union clause. For some large repositories, this will result in a significantly reduced set of images that have to be joined NxM.
2017-06-12 12:55:32 -04:00
josephschorr
51a952d50c
Merge pull request #2680 from coreos-inc/catalog-fixes
...
Various small catalog fixes
2017-06-09 13:43:11 -04:00
Kenny Lee Sin Cheong
1f76e9dc3b
Merge pull request #2661 from kleesc/securityworker_cpu
...
Raise an APIRequestFailure exception when security scanner is unavail…
2017-06-03 12:15:45 -04:00
alecmerdler
9da1487bbc
improve cor-tabs architecture
2017-06-02 18:03:30 -07:00
Joseph Schorr
555041876d
Make public catalog only enabled via a feature flag
2017-06-02 15:30:51 -07:00
Kenny Lee Sin Cheong
203c0b76e0
Raise an APIRequestFailure exception when security scanner is unavailable
...
Put worker to sleep for the duration of the default indexing interval
when an APIRequestFailure occurs, when the API request fails due to a
connection error, timeout, or other ambiguous errors, from
analyze_layer or get_layer_data .
2017-05-24 11:04:44 -04:00
Charlton Austin
a71f60a9c1
Merge pull request #2652 from charltonaustin/failing_repository_notifications_to_be_disabled_after_n_failures_in_a_row_144646649
...
Failing repository notifications to be disabled after n failures in a row 144646649
2017-05-22 09:30:53 -04:00
Charlton Austin
993f2a174c
feat(full-stack): disable notifications after 3 failures
...
This stops notifications from firing over and over again if they are repeatedly failing.
[TESTING -> locally with docker compose, DATABASE MIGRATION -> there is a single migration]
Issue: https://www.pivotaltracker.com/story/show/b144646649n
- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-05-19 16:58:46 -04:00
Joseph Schorr
065e327190
Make sure catalog always returns public repositories
2017-05-19 16:24:08 -04:00
Jimmy Zelinskie
e2c25ce9bc
registry tests: assert audit log metadata
2017-05-16 17:05:31 -04:00
Evan Cordell
85d382cd84
Only show signing UI when namespace is explicitly whitelisted
2017-05-08 13:50:07 -04:00
Joseph Schorr
30a681343f
Make sure to escape LDAP queries
...
Fixes an issue in team sync around group names that contain *s
Fixes https://www.pivotaltracker.com/story/show/144628235
2017-05-01 14:00:54 -04:00
Joseph Schorr
de6352ef73
Make sure we don't allow anonymous binding in LDAP auth
...
We already prevented it, but let's make sure we never allow it by adding some tests
2017-04-28 17:09:47 -04:00
josephschorr
8b148bf1d4
Merge pull request #2576 from coreos-inc/full-db-tests-tox
...
Reenable full database testing locally and in concourse
2017-04-27 18:09:15 -04:00
EvB
b216290e31
test(endpoints/web): test buildlogs endpoint
2017-04-26 18:16:26 -04:00
josephschorr
5c4f7d50c6
Merge pull request #2580 from coreos-inc/team-sync-email-fix
...
Fix handling of team sync when a user already exists with the email address
2017-04-26 14:19:23 -04:00
EvB
5e995fae20
refactor(archivedlogs): move archivelog handler to endpoints
2017-04-26 11:41:55 -04:00
Joseph Schorr
36f2272fe2
Fix handling of team sync when a user already exists with the email address
2017-04-25 17:42:35 -04:00
Joseph Schorr
d895b4d5ff
Fix appr tests to use the shared test fixtures
2017-04-24 23:08:28 -04:00
Joseph Schorr
d7f3ef96ce
Small fixes found by running full db tests
2017-04-24 16:45:15 -04:00
Joseph Schorr
a1a4b68306
Change fulldbtests to use py.test
2017-04-24 16:45:15 -04:00
Joseph Schorr
6ba7ed4cd6
Prep test fixtures for supporting non-SQLite database
2017-04-24 16:45:14 -04:00
Joseph Schorr
3dcbe3c631
If enabled, allow users and orgs to set their time machine expiration
...
Fixes https://www.pivotaltracker.com/story/show/142881203
2017-04-21 11:32:45 -04:00
Joseph Schorr
95e9cdaccc
Disable tag and build operations in repos when trust is enabled
2017-04-17 14:34:43 -04:00
Evan Cordell
2661db7485
Add flag to enable trust per repo ( #2541 )
...
* Add flag to enable trust per repo
* Add api for enabling/disabling trust
* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api
* Add `set_trust` method to repository
* Expose new logkind to UI
* Fix registry tests
* Rebase migrations and regen test.db
* Raise downstreamissue if trust metadata can't be removed
* Refactor change_repo_trust
* Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00
Alec Merdler
581d7c67a7
Fix Trigger Setup Robot Permissions for Private Base ( #2543 )
2017-04-14 12:10:00 -07:00
Joseph Schorr
ab2f044331
Switch get repo API to use a single list tags query
...
Should make things faster since the join occurs on the database side
2017-04-13 18:06:58 -04:00
josephschorr
928b9915ed
Merge pull request #2441 from coreos-inc/repo-score-denormalization
...
Add a RepositorySearchScore table and calculation to the RAC worker
2017-04-10 16:31:09 -04:00
Joseph Schorr
df3f47c79a
Add a RepositorySearchScore table and calculation to the RAC worker
...
This will be used in a followup PR to order search results instead of the RAC join. Currently, the join with the RAC table in search results in a lookup of ~600K rows, which causes searching to take ~6s. This PR denormalizes the data we need, as well as allowing us to score based on a wider band (6 months vs the current 1 week).
2017-04-10 14:29:02 -04:00
josephschorr
2bc619137a
Merge pull request #2512 from ecordell/tufmetadata
...
Add tufmetadata endpoint
2017-04-07 17:16:11 -04:00
Jake Moshenko
a8ec7865a7
Merge pull request #2511 from jakedt/fixwarnings
...
Fixwarnings
2017-04-06 16:12:19 -04:00
Jake Moshenko
c7241911a5
Fix old-style flask imports to silence deprecation warnings.
2017-04-06 13:15:48 -04:00
Evan Cordell
1a78722521
Update tests
2017-04-05 13:57:16 -04:00
Joseph Schorr
f9e6110f73
Add basic user interface for application repos
...
Adds support for creating app repos, viewing app repos and seeing the list of app repos in the Quay UI.
2017-04-05 11:30:09 -04:00
Evan Cordell
9515f18fb6
Add tufmetadata endpoint
2017-04-05 10:03:27 -04:00
Joseph Schorr
b26bd3c9c5
Regenerate test.db after merge
2017-04-03 11:36:42 -04:00
Joseph Schorr
8c07f733eb
Add pagination tests for LDAP
2017-04-03 11:36:41 -04:00
Joseph Schorr
d7825c6720
Add group iteration and syncing support to Keystone auth
2017-04-03 11:31:30 -04:00
Joseph Schorr
04225f2d25
Add feature flag for team syncing
2017-04-03 11:31:29 -04:00
Joseph Schorr
96b9d6b0cd
Add end-to-end test for team sync
2017-04-03 11:31:29 -04:00
Joseph Schorr
b683088f87
Update tests for teams API
2017-04-03 11:31:29 -04:00
Joseph Schorr
a17b637032
Fix ordering in LDAP test
2017-04-03 11:31:28 -04:00
Joseph Schorr
bb20422260
Fix pagination disabling in LDAP with mockldap
...
Since mockldap doesn't support pagination, just disable it globally
2017-04-03 11:31:28 -04:00
Joseph Schorr
ecfac81721
Add check_group_lookup_args and service_metadata to auth providers
2017-04-03 11:31:28 -04:00
Joseph Schorr
f5a854c189
Add TeamSync database and API support
...
Teams can now have a TeamSync entry in the database, indicating how they are synced via an external group. If found, then the user membership of the team cannot be changed via the API.
2017-04-03 11:31:28 -04:00
Joseph Schorr
d718829f5d
Initial LDAP group member iteration support
...
Add interface for group member iteration on internal auth providers and implement support in the LDAP interface.
2017-04-03 11:31:28 -04:00
Charlton Austin
ca99535774
Merge pull request #2449 from charltonaustin/phase_two_config
...
feat(build runner): added in context, dockerfile_location
2017-03-28 14:14:36 -04:00
Charlton Austin
e6d201e0b0
feat(build runner): added in context, dockerfile_location
...
this is a new feature meant to allow people to use any file as
a dockerfile and any folder as a context directory
2017-03-28 13:55:31 -04:00
Jimmy Zelinskie
65a17dc155
Merge pull request #2473 from coreos-inc/certs-fixes
...
Fixes and improvements around custom certificate handling
2017-03-27 15:08:36 -04:00
Evan Cordell
4c94d2c760
Fix xAuth test
2017-03-27 11:37:17 -04:00
Evan Cordell
6ad107709c
Change build_context_and_subject to take kwargs
2017-03-27 11:37:17 -04:00
Evan Cordell
43dd974dca
Determine which TUF root to show based on actual access, not requested
...
access
2017-03-27 11:37:17 -04:00
Joseph Schorr
e509eb4cba
Better custom cert handling in the superuser tool
...
We now only allow certificates ending in .crt to be uploaded and we automatically install the certificate once it has been validated
2017-03-24 17:15:26 -04:00
Joseph Schorr
651666b60b
Refactor our auth handling code to be cleaner
...
Breaks out the validation code from the auth context modification calls, makes decorators easier to define and adds testing for each individual piece. Will be the basis of better error messaging in the following change.
2017-03-23 15:42:45 -04:00
Joseph Schorr
abf179eb09
Move fixtures under test, since they are shared globally
2017-03-23 15:42:45 -04:00
Joseph Schorr
e204f7784c
Make app registry off by default
2017-03-23 12:01:59 -04:00
Joseph Schorr
bdda74d6df
Make sure GC checks new Blob table as well before deleting CAS storage
2017-03-22 23:53:21 -04:00
Jimmy Zelinskie
3ccf3c5f33
Merge pull request #2447 from jzelinskie/cnr-step2
...
CNR Step 2
2017-03-22 18:45:51 -04:00
Joseph Schorr
df1e7f90e0
Add verb security tests and fix small issues
2017-03-22 18:29:53 -04:00
Joseph Schorr
dcb970b783
Add registry app repository failure test
2017-03-22 17:26:59 -04:00
Joseph Schorr
30b532254c
Disallow non-apps-supported APIs for application repositories
2017-03-22 15:51:19 -04:00
Jimmy Zelinskie
dae2cc8c3a
initdb: add beta class data
2017-03-22 13:58:50 -04:00
Joseph Schorr
a047257656
Transitive query checks need to be for updates, not just deletes
...
MySQL doesn't support transitive updates either, so we need to extend the testing to prevent the recent breakage from occurring again
2017-03-20 21:06:37 -04:00
Joseph Schorr
6476488221
Skip bitbucket pushes without any commits
...
Fixes https://sentry.io/coreos/backend-production/issues/178220183/
2017-03-20 18:23:21 -04:00
josephschorr
4bee4dbfff
Merge pull request #2443 from coreos-inc/build-webhook-tests
...
Add tests for build web hooks endpoint
2017-03-20 16:26:57 -04:00
josephschorr
27aa12de7a
Merge pull request #2439 from coreos-inc/remove_redis_log_expiration
...
Switch from expire to delete redis log_entries
2017-03-20 13:41:57 -04:00
Joseph Schorr
6f567e0850
Add tests for build web hooks endpoint
2017-03-20 13:22:59 -04:00
Jimmy Zelinskie
f94d5c7684
initdb: skip data checks for beta classes & regen
2017-03-17 11:35:16 -04:00
Antoine Legrand
ec847ce613
Switch from expire to delete redis log_entries
2017-03-17 15:35:47 +01:00
Alec Merdler
cd61482ff1
Merge pull request #2426 from alecmerdler/frontend-refactoring
...
More Front-end TypeScript Refactoring
2017-03-16 14:19:13 -07:00
Joseph Schorr
e90cab4d77
Change revert tag into restore tag and add manifest support
2017-03-14 11:34:42 -04:00
Joseph Schorr
af743b156b
Show manifest digests in place of V1 ids in the tag view when possible
2017-03-14 11:34:41 -04:00
josephschorr
cbac673d58
Merge pull request #2404 from coreos-inc/cas-gc-fix
...
Fix GC handling around CAS paths
2017-03-10 17:34:21 -05:00
josephschorr
432b2d3fe8
Merge pull request #2392 from coreos-inc/search-optimization
...
Optimize repository search by changing our lookup strategy
2017-03-10 15:44:26 -05:00
Joseph Schorr
48db77b521
Fix bug in QSS notifications
2017-03-10 11:25:55 -05:00
Joseph Schorr
b5bb76cdea
Optimize repository search by changing our lookup strategy
...
Previous to this change, repositories were looked up unfiltered in six different queries, and then filtered using the permissions model, which issued a query per repository found, making search incredibly slow. Instead, we now lookup a chunk of repositories unfiltered and then filter them via a single query to the database. By layering the filtering on top of the lookup, each as queries, we can minimize the number of queries necessary, without (at the same time) using a super expensive join.
Other changes:
- Remove the 5 page pre-lookup on V1 search and simply return that there is one more page available, until there isn't. While technically not correct, it is much more efficient, and no one should be using pagination with V1 search anyway.
- Remove the lookup for repos without entries in the RAC table. Instead, we now add a new RAC entry when the repository is created for *the day before*, with count 0, so that it is immediately searchable
- Remove lookup of results with a matching namespace; these aren't very relevant anyway, and it overly complicates sorting
2017-03-09 19:47:55 -05:00
alecmerdler
4e913f106d
refactored DockerfileServiceImpl to return promise instead of callbacks
2017-03-09 01:26:19 -08:00
Joseph Schorr
0ab6388e30
Add support for null ref, as that can be the value if a default branch is not chosen
2017-03-07 20:39:42 -05:00
alecmerdler
80b3666eb7
refactoring DockerfileService
2017-03-07 11:25:18 -08:00
Joseph Schorr
69e550d125
Fix GC handling around CAS paths
...
Adds code to ensure we never GC CAS paths that are shared amongst multiple ImageStorage rows, as well as an associated pair of tests to catch the positive and negative cases.
2017-03-07 13:48:07 -05:00
Jimmy Zelinskie
b9ac2b7b3b
workers.securityworker: simplify min id
2017-03-03 14:51:18 -05:00
Jimmy Zelinskie
4ed0cdda14
securityscanner: add a min image id option
...
This will enable us to force some instances of the securityworker to
scan only new images.
2017-03-03 13:55:25 -05:00
josephschorr
aa2f88d321
Merge pull request #2337 from coreos-inc/new-trigger-ux
...
Implement new create and manager trigger UI
2017-03-02 18:15:32 -05:00
Joseph Schorr
9e6c368f7a
Make QSS multiple notification messaging nicer
2017-03-01 16:11:11 -05:00
Joseph Schorr
eff1827d9d
Batch QSS notifications after initial scan
2017-03-01 15:42:49 -05:00
alecmerdler
8fcd76c0be
removed old templates
2017-02-28 16:51:44 -05:00
alecmerdler
ea9d47ba75
ignore invalid linear workflow sections that are after the current section
2017-02-28 16:51:44 -05:00
alecmerdler
ff07533d80
added tests for linear workflow components
2017-02-28 16:51:44 -05:00
alecmerdler
e59d394491
refactoring linear workflow directives
2017-02-28 16:51:43 -05:00
alecmerdler
b1516193a5
converted ManageTriggerGithostComponent to TypeScript
2017-02-28 16:51:43 -05:00
alecmerdler
14222be9fe
working on ManageTriggerGithostComponent
2017-02-28 16:51:43 -05:00
alecmerdler
00b1f0e3cc
starting ManageTriggerCustomGitComponent
2017-02-28 16:51:43 -05:00
alecmerdler
389a4cb1c4
fixed tests
2017-02-28 16:51:42 -05:00
Joseph Schorr
8e863b8cf5
Implement new create and manager trigger UI
...
Implements the new trigger setup user interface, which is now a linear workflow found on its own page, rather than a tiny modal dialog
Fixes #1187
2017-02-28 16:51:42 -05:00
Joseph Schorr
f8d74305e1
Remove old validator tests
2017-02-24 12:23:18 -05:00
Joseph Schorr
c0f7530b29
Pull out JWT auth validation into validator class
...
Also fixes a small bug in validation (yay tests!)
2017-02-24 12:23:16 -05:00
Joseph Schorr
b2afe68632
Pull out redis validation into validator class
2017-02-24 12:23:15 -05:00
Joseph Schorr
f933b3e295
Pull out database validation into validator class
2017-02-24 12:23:14 -05:00
Joseph Schorr
94be8731f3
Change Docker Version tests to pytest
2017-02-22 15:45:06 -05:00
josephschorr
f7a7d30ec2
Merge pull request #2366 from coreos-inc/alert-spam-fixes
...
Small fixes for alert spam
2017-02-22 14:18:18 -05:00
Joseph Schorr
7cc7e54945
Remove unicode before sending it to path parser
...
Fixes https://sentry.io/coreos/backend-production/issues/175929456/
2017-02-22 13:21:12 -05:00
Jake Moshenko
b03e03c389
Read the number of unscanned clair images from the block allocator
2017-02-21 19:13:51 -05:00
Joseph Schorr
198bdf88bc
Move OAuth login into its own endpoints module
2017-02-16 16:27:54 -05:00
Joseph Schorr
6736e69ebd
Add end-to-end OIDC binding test
2017-02-16 16:27:53 -05:00
josephschorr
c8e5eb5ad1
Merge pull request #2359 from coreos-inc/fix-gitlab-tag
...
Fix handling of gitlab web hooks when tagging
2017-02-16 15:56:56 -05:00
Joseph Schorr
a34d18b9ea
Fix handling of gitlab web hooks when tagging
...
Gitlab doesn't send any commit information for tagging events (because... reasons), and so we have to perform the lookup ourselves to have full metadata.
Fixes #1467
2017-02-16 15:40:37 -05:00
josephschorr
38e079ced2
Merge pull request #2344 from coreos-inc/v1-search-fix
...
Implement the full spec for the old Docker V1 registry search API
2017-02-16 15:08:33 -05:00
Joseph Schorr
a0bc0e9488
Implement the full spec for the old Docker V1 registry search API
...
This API is still (apparently) being used by the Docker CLI for `docker search` (why?!) and we therefore have customers expecting this to work the same way as the DockerHub.
2017-02-16 14:45:33 -05:00
josephschorr
8f01cb959a
Merge pull request #2354 from coreos-inc/license-sorting
...
Change entitlement sorting to sort *valid* entitlements by reverse expiration time
2017-02-15 16:24:51 -05:00
Joseph Schorr
d506279892
Change entitlement sorting to sort *valid* entitlements by reverse expiration time
...
With this change, if all entitlements are valid, we sort to show the entitlement that will expire the farthest in the future, as that defines the point at which the user must act before the license becomes invalid.
2017-02-15 14:31:24 -05:00
Jimmy Zelinskie
ab941607d4
test.test_api_usage: add AppConfigChange ctxmgr
2017-02-14 15:27:22 -05:00
Jimmy Zelinskie
1d6339e644
test.test_api_usage: fix secscan tests
2017-02-14 15:21:18 -05:00
Jimmy Zelinskie
8a1b48dd8c
move ConfigProvider ctxmgr back to su tests
2017-02-14 14:36:36 -05:00
Joseph Schorr
2f4487c184
Fix flaky OAuth tests under tor
...
The `> 0` check fails if the code was found first in the query string, which can occasionally happen under tox due to the `PYTHONHASHSEED` var changing. We simply change to use a proper parse and check to avoid this issue entirely.
2017-02-14 13:51:58 -05:00
Joseph Schorr
8d96d8b682
Add tests for missing logs APIs
2017-02-08 16:52:17 -08:00