vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
9186 commits 2 branches 62 tags 205 MiB
Commit graph

1688 commits

Author SHA1 Message Date
Joseph Schorr
861e81cccd Allow team syncing if user creation is disabled 
Before this change, if user creation was disabled, team sync would fail to sync over users that had not yet been invited/logged in, because their accounts could not be created. Following this change, team syncing of users not yet in the system will create those user accounts, allowing users to be "auto invited" via team sync.

Fixes https://jira.coreos.com/browse/QUAY-910
 2018-05-22 14:09:40 -04:00
Joseph Schorr
a007332d4c Temporarily change to storing logs in a new LogEntry2 table 
This will prevent us from running out of auto-incrementing ID values until such time as we can upgrade to peewee 3 and change the field type to a BigInt

Fixes https://jira.coreos.com/browse/QUAY-943
 2018-05-18 20:15:16 -04:00
Joseph Schorr
f5fafc480f Notifications can target robots, but the model did not reflect that 
This fixes a breakage when deleting robots that have notifications targeting them.
 2018-05-15 16:19:46 -04:00
josephschorr
58612955d6
Merge pull request #3079 from quay/joseph.schorr/QUAY-927/robots-limit 
Limit robots displayed in entity search
 2018-05-15 13:59:48 -04:00
josephschorr
6780a1f06b
Merge pull request #3077 from quay/joseph.schorr/QUAY-931/log-slowdown 
Logs slowdown fixes
 2018-05-15 13:28:05 -04:00
Joseph Schorr
5c50161d85 Limit robots displayed in entity search 
Before, we'd load *all* the robots, which can be a huge issue in namespaces with a large number of robots. Now, we only load the top-20 robots (as per recency in login), and we also limit the information returned to the entity search to save some bandwidth.

Fixes https://jira.coreos.com/browse/QUAY-927
 2018-05-15 11:00:57 -04:00
Joseph Schorr
b98c65b3a3 Filter out deleted users and organizations from the superuser list 
Superusers were getting confused because the users/orgs were being disabled and renamed, but still appeared in the list until they were GCed by the background worker. Now we just hide them.

Fixes https://jira.coreos.com/browse/QUAY-936
 2018-05-15 10:42:41 -04:00
Joseph Schorr
e3248bde47 Small fixes to make loading of logs faster 
Removes filtering of log types where not necessary, removes filtering based on namespace when filtering based on repository (superfluous check that was causing issues in MySQL preventing the use of the correct index) and fix some other small issues around the API

Fixes https://jira.coreos.com/browse/QUAY-931
 2018-05-14 11:41:49 -04:00
Joseph Schorr
29058201e5 Fix bug in modelutil pagination that caused us to load far more results than necessary 
Also adds tests for the modelutil pagination
 2018-05-14 11:40:31 -04:00
Joseph Schorr
49699fe251 Fix MySQL bug in full text search 
Fixes https://jira.coreos.com/browse/QUAY-937
 2018-05-14 08:41:40 -04:00
Joseph Schorr
f06eec8a35 Fix issue where we didn't delete robots immediately under a namespace 
This could result in "hanging" robot accounts, although that would only leak the names of said accounts. Now we delete them immediately AND we proactively delete them before replacing the namespace (just to be sure)
 2018-05-09 17:53:30 +03:00
Joseph Schorr
178c8e7cb0 Fix bug in in-memory data cache 
Previously, if we didn't find a key, we'd empty the entire cache, making it essentially a single-key cache. We skip clearing now, although this does mean we won't GC expired entries (not a problem for tests, though)
 2018-05-01 13:28:24 +03:00
Joseph Schorr
3309daa32e Add support for reduced initial build count for new possible abusing users 
If configured, we now check the IP address of the user signing up and, if they are a possible threat, we further reduce their number of allowed maximum builds to the configured value.
 2018-04-20 18:46:32 +03:00
Joseph Schorr
4418772745 Postgres requires defaults for non-nullable cols, even integer ones 
Fixes https://jira.coreos.com/browse/QUAY-912
 2018-04-08 18:54:23 -04:00
Brad Ison
8e5c67e207
Use get_or_create in place of create_or_get 
Peewee v2.9.0 removes the create_or_get method.
 2018-04-04 14:21:16 -04:00
Joseph Schorr
82da2042fd Add tests for image model, fix a small bug and remove an unused function 2018-04-04 13:13:52 -04:00
Joseph Schorr
8146646761 Simplifying queries around images and placements 
Only verbs needs to load placements for multiple images, so we can vastly simplify and optimize most queries by making it two-step, and having the rest of the image loads not worry about placements
 2018-04-03 16:23:49 -04:00
Joseph Schorr
f6b647bd61 Default for robot account metadata should be an empty dict, not a string 2018-03-27 17:29:55 -04:00
josephschorr
b897d896d7
Merge pull request #2876 from coreos-inc/blocking-logs-fix 
Decrease redis timeouts to within the WAMP message window
 2018-03-22 21:40:47 -04:00
josephschorr
6c43b7ff0d
Merge pull request #3024 from coreos-inc/manageable-robots 
Manageable robots epic
 2018-03-21 18:50:17 -04:00
Joseph Schorr
2ea13e86a0 Add last_accessed information to User and expose for robot accounts 
Fixes https://jira.coreos.com/browse/QUAY-848
 2018-03-21 15:28:34 -04:00
Joseph Schorr
c4debe011c Fix team add/invite logic around when an invite is required 
We were accidentally skipping the invite if the user was a member of *any* organization, rather than the specific organization (as intended)

Fixes https://jira.coreos.com/browse/QUAY-880
 2018-03-16 17:13:27 -04:00
Joseph Schorr
254cdfe43a Add support for metadata on robot accounts 
Fixes https://jira.coreos.com/browse/QUAY-847
Fixes https://jira.coreos.com/browse/QUAY-816
 2018-03-12 20:32:05 -04:00
Joseph Schorr
a693771345 Add creation date information to robots API and UI 
Fixes https://jira.coreos.com/browse/QUAY-846
 2018-03-09 13:55:19 -05:00
Joseph Schorr
c4a6273e00 Add creation date to User table 2018-03-09 13:31:29 -05:00
Joseph Schorr
2d34b89203 Decrease redis timeouts to within the WAMP message window 
This ensures that if the builder sends a heartbeat, but redis is down, we don't time out the build while waiting to connect or receive. Since Redis data is ephemeral anyway, this should give us more stability in builds if/when redis is down
 2018-03-02 16:53:37 -05:00
Joseph Schorr
24b77bbc10 Fix serialization of blobs to/from the cache 
Also makes sure the test checks that serialization
 2018-03-02 14:22:55 -05:00
Joseph Schorr
ff1773bd28 Change name field back to a normal string 
Our prod MySQL does not support an index on a UTF8 field of this size; thankfully, we don't need UTF8 here
 2018-03-02 13:23:30 -05:00
Joseph Schorr
4db4a44491 Add missing server_default on enabled col in repositorybuildtrigger 
Without it, we'll default all existing triggers to disabled
 2018-03-02 13:13:32 -05:00
Joseph Schorr
ed84835d23 Changes for code review 2018-03-01 16:49:52 -05:00
Joseph Schorr
3837a7c2ed Add datetime of when a trigger was disabled 2018-03-01 16:49:51 -05:00
Joseph Schorr
93d79e777e Automatically disable build triggers with successive failures or internal errors 
We allow users to reenable them manually once disabled
 2018-03-01 16:49:51 -05:00
Joseph Schorr
c35eec0615 Add ability for triggers to be disabled 
Will be used in the followup commit to automatically disable broken triggers
 2018-03-01 16:49:28 -05:00
Joseph Schorr
ab0172d2fd Switch Quay to using an in-container memcached for data model caching 2018-02-27 16:55:22 -05:00
Joseph Schorr
8bc55a5676 Make namespace deletion asynchronous 
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.

Fixes https://jira.coreos.com/browse/QUAY-838
 2018-02-27 13:12:51 -05:00
Brad Ison
f89a16a64d Make byte_count on BlobUpload table not nullable 
The byte_count field on the BlobUpload model is marked as not
nullable, but the migration to make the field a big integer removed
that restriction (#2388 :: 76de324) in the database.  It's still in
the model though, which means they are out of sync.  This adds a
migration to mark the field as not nullable in the database again.
 2018-02-26 11:36:56 -05:00
Brad Ison
5bd826e7b5 Drop checksum from ImageStorage table 
The checksum field was removed from the ImageStorage model in #815,
but was never dropped from the database.  This adds a migration to
drop the unused column.
 2018-02-24 17:00:07 -05:00
Joseph Schorr
e446eb5757 Switch build queue limiter query to use total number of alive jobs 
This is slightly more accurate and, not being based on time, will work better under MySQL
 2018-02-21 14:04:40 -05:00
josephschorr
d77aa9228f
Merge pull request #3002 from coreos-inc/joseph.schorr/QUAY-822/gc-app-tokens 
Add a worker to automatically GC expired app specific tokens
 2018-02-20 17:21:48 -05:00
Joseph Schorr
9a452ace11 Add configurable limits for number of builds allowed under a namespace 
We also support that limit being increased automatically once a successful billing charge has gone through
 2018-02-20 16:54:22 -05:00
Brad Ison
62971b7f20
Merge pull request #2999 from bison/user-location 
Add user location metadata filed
 2018-02-20 16:48:37 -05:00
Joseph Schorr
e220b50543 Refactor auth code to be cleaner and more extensible 
We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc).
 2018-02-14 15:35:27 -05:00
Joseph Schorr
e1a3857de9 Make sure to filtered already-expired tokens from the "expiring soon" tokens 2018-02-12 17:07:50 -05:00
Joseph Schorr
d45161b120 Add a worker to automatically GC expired app specific tokens 
Fixes https://jira.coreos.com/browse/QUAY-822
 2018-02-12 14:56:01 -05:00
Brad Ison
3de6b4a646 Add location metadata field for users 2018-02-06 16:06:17 -05:00
Joseph Schorr
da0fa2e0d2 Make sure to add primary repo permissions under a transaction 
Should prevent a repository from being created under a user's namespace without a corresponding admin permission

Fixes https://jira.coreos.com/browse/QUAY-826
 2018-02-06 11:20:40 -05:00
Joseph Schorr
6228ab5a51 We cannot cache the full expiration for an app specific token, as it would include the datetime when the cache is created, rather than now 
Fixes https://jira.coreos.com/browse/QUAY-819
 2018-02-02 16:11:59 -05:00
Joseph Schorr
bbdf9e074c Add metrics for tracking when instance key renewal succeeds and fails, as well as when instance key *lookup* fails 2018-02-02 11:14:42 -05:00
josephschorr
fd1237cff9
Merge pull request #2974 from coreos-inc/joseph.schorr/QS-118/manifest-write-query 
Audit the number of SQL queries we make in writing manifests, and significantly reduce in the common case
 2018-01-31 11:08:33 -05:00
Joseph Schorr
182c4594e7 Remove unsupported DB connection arguments for non-pooled DB handler 2018-01-26 13:37:08 -05:00
Joseph Schorr
9e16a989f5 Audit the number of SQL queries we make in writing manifests, and significantly reduce in the common case 
Instead of 41 queries now for the simple manifest, we are down to 14.

The biggest changes:
  - Only synthesize the V1 image rows if we haven't already found them in the database
  - Thread the repository object through to the other model method calls, and use it instead of loading again and again
 2018-01-25 11:10:43 -05:00
Joseph Schorr
208dc38d25 Allow expired app specific tokens to be deleted 2018-01-23 11:40:51 -05:00
Joseph Schorr
3bc5840496 Extend our logs about whether we are using connection pooling for a DB 2018-01-11 16:43:46 -05:00
josephschorr
b17c05fbd5
Merge pull request #2968 from coreos-inc/joseph.schorr/QS-110/user-login-lock 
Reduce lock contention on invalid user login calls
 2018-01-09 12:41:00 -05:00
Joseph Schorr
81be47486c Reduce lock contention on invalid user login calls 
Fixes https://jira.coreos.com/browse/QS-110
 2018-01-08 16:57:50 -05:00
josephschorr
13b738c43c
Merge pull request #2954 from coreos-inc/joseph.schorr/QS-102/user-api-filter 
Add ability to filter users list to enabled users
 2018-01-05 15:40:50 -05:00
josephschorr
d8fde005d8
Merge pull request #2961 from coreos-inc/joseph.schorr/QS-107/create-repo-opt 
Small optimizations around create repository code
 2018-01-05 15:40:30 -05:00
Joseph Schorr
6a876a6b73 Change title to be UTF8 2018-01-04 15:27:42 -05:00
Joseph Schorr
888b564a9b Add a banner to the Quay UI when an app specific token is about to expire 2018-01-04 15:27:42 -05:00
Joseph Schorr
2214a2c7ad Disable fresh login check in auth engines that won't support it 2018-01-04 15:27:41 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
3f99e864e1 Reduce the number of DB queries for creating a repo 2018-01-04 14:32:39 -05:00
Joseph Schorr
1e1bec0afe Remove extra update call on create repo 2018-01-04 13:42:05 -05:00
Joseph Schorr
8e473b9779 Add filter for disabled users to superuser user list API 
Fixes https://jira.coreos.com/browse/QS-102
 2017-12-22 16:45:49 -05:00
josephschorr
024c183f67
Merge pull request #2944 from coreos-inc/joseph.schorr/QS-91/v2-caching 
V2 registry blob caching
 2017-12-18 14:42:02 -05:00
Joseph Schorr
9e16596854 Add a bunch of logging to the data model caching mechanism 
Should help us debug any potential issues
 2017-12-18 14:18:37 -05:00
Joseph Schorr
097cbbeaae Add new Quay pricing plans 2017-12-18 13:12:16 -05:00
Joseph Schorr
60bc655695 Fix flakiness in a test when comparing date times 2017-12-14 14:00:20 -05:00
Joseph Schorr
3c72e9878d Add the concept of a data model cache, for caching of Namedtuple objects from the data model 
Will be used to cache blobs, thus removing the need to hit the database in most blob requests
 2017-12-14 13:36:51 -05:00
Joseph Schorr
51e67ab7f5 Fix get_blob_path to not make any database calls and add a test 
This will be supported by caching, hopefully removing the need to hit the database when the blob object is cached
 2017-12-13 16:27:46 -05:00
josephschorr
b2db266747
Merge pull request #2935 from coreos-inc/joseph.schorr/QS-80/password-reset-expire 
Add maximum lifetime of 30m on password recovery tokens
 2017-12-07 14:21:32 -05:00
josephschorr
1861d7dee9
Merge pull request #2938 from coreos-inc/joseph.schorr/QS-85/signout-all 
Invalidate all session tokens when a user signs out
 2017-12-07 13:25:00 -05:00
Joseph Schorr
1d1c6f0606 Invalidate all session tokens when a user signs out 
Fixes https://jira.coreos.com/browse/QS-85
 2017-12-07 13:03:11 -05:00
Joseph Schorr
d38a1fc851 Ensure user files are always sent with the Content-Disposition header 
This prevents them from being executed in the browser directly

Fixes https://jira.coreos.com/browse/QS-84
 2017-12-06 17:12:00 -05:00
Joseph Schorr
5dd95038cf Add maximum lifetime of 30m on password recovery tokens 
Fixes https://jira.coreos.com/browse/QS-80
 2017-12-06 17:06:03 -05:00
josephschorr
8d7381336a
Merge pull request #2910 from coreos-inc/joseph.schorr/QS-58/oidc-auth-bug 
Don't add a "password required" notification for non-database auth via OIDC
 2017-12-06 14:19:49 -05:00
Joseph Schorr
32255f122b Simplify and further optimize handling of unfiltered search results 
Using the DB-side limit is much faster
 2017-11-30 16:56:01 -05:00
Joseph Schorr
eea026be52 Fix bug around search pagination with non-filtered searches 
Also further optimizes the queries
 2017-11-30 16:13:42 -05:00
Joseph Schorr
0440cca3ef Fix typo in how we order search results 
`.desc()` needs to be on the field
 2017-11-30 14:53:23 -05:00
Joseph Schorr
c767c88b82 Optimize searching of repositories when there is no query 2017-11-30 14:10:22 -05:00
Joseph Schorr
2ced523313 Add Explore tab and query-less searching 
Allows for exploration of all visible repositories, in paginated form.

This change also fixes the layout of the header on different viewport sizes to be consistently a single line in height.

Fixes https://jira.coreos.com/browse/QS-63
 2017-11-28 16:50:23 +02:00
Joseph Schorr
503cff8f0c Don't add a "password required" notification for non-database auth via OIDC 2017-11-13 16:17:36 -05:00
Joseph Schorr
2e28976d7c Change exception to debug on expected RAC integrity error 
Fixes https://jira.prod.coreos.systems/browse/QS-44
 2017-10-30 12:55:24 -04:00
Joseph Schorr
9f804de23d Fix bug in deletion of repos with OCI-style linked tags 
MySQL does not allow rows in the same table referencing other rows to be deleted in a single statement. We now do a two-pass deletion, and add a test to make sure.

Fixes https://jira.prod.coreos.systems/browse/QS-18
 2017-10-18 17:03:27 -04:00
Joseph Schorr
c2a56ae828 Add a test for ping in OIDC auth 2017-10-12 16:49:06 -04:00
Joseph Schorr
c1ce84822d Fix tuple for health check 2017-10-12 16:25:31 -04:00
Joseph Schorr
7e63184ab4 Add missing ping method 2017-10-12 16:25:21 -04:00
Joseph Schorr
2ce4e49711 Build job does not have a request context when calling get_file_url 
We therefore need to specify some sort of IP or get_file_url will attempt to get it from context
 2017-10-06 12:57:02 -04:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth 
OIDC internal auth support
 2017-10-02 16:51:17 -04:00
Joseph Schorr
f51a863158 Remove access_token from user_info 2017-10-02 16:51:09 -04:00
Joseph Schorr
56fbbcf7cf Add request IP to get_direct_download_url method 2017-09-25 17:14:28 -04:00
Joseph Schorr
804d3c46c3 Add feature flag to allow users to be created only if invited to join a team 
Allows for open user creation, but only if extended an invitation by someone who already has access
 2017-09-14 16:28:39 -04:00
Joseph Schorr
c6aad5fef0 Add option to disable partial autocompletion of users 2017-09-12 15:55:37 -04:00
Evan Cordell
1d246784dd Include invalid oidc token in the error message for debugging 2017-09-12 12:26:42 -04:00
Joseph Schorr
ed897c7cb0 Change OIDC engine to not be federated 
We don't need linking, just the ability to perform lookup
 2017-09-12 12:26:41 -04:00
Joseph Schorr
bc82edb2d1 Add ability to configure OIDC internal auth engine via superuser panel 2017-09-12 12:23:52 -04:00
Joseph Schorr
e724125459 Add support for using OIDC tokens via the Docker CLI 2017-09-12 12:23:22 -04:00
Jimmy Zelinskie
9e09612851 Revert "Merge pull request #2844 from coreos-inc/alegrand/use_latest_appr_server_code" 
This reverts commit 646fafb2fd, reversing
changes made to 5c1b635439.
 2017-08-09 20:45:46 -04:00
Antoine Legrand
646fafb2fd Merge pull request #2844 from coreos-inc/alegrand/use_latest_appr_server_code 
Migrate from cnr -> appr
 2017-08-09 00:01:25 +02:00
Antoine Legrand
6336a4a971 Migrate from cnr -> appr 2017-08-08 11:48:59 +02:00
Charlton Austin
6c29ec873a refactor(endpoints/api/superuser*): refactored code behind db model 
this moves all the db model code behind an interface in prep for v2-2

Issue: https://coreosdev.atlassian.net/browse/QUAY-750

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
 2017-08-01 11:27:55 -04:00
josephschorr
6ce06942f0 Merge pull request #2791 from coreos-inc/purge-repo-optimization 
Optimize purging of a repository by skipping the unreferenced check
 2017-07-31 18:02:28 -04:00
Jimmy Zelinskie
fe6760749a Merge pull request #2826 from jzelinskie/appr-v22 
endpoints.appr: move to new v22 format
 2017-07-31 07:36:40 -07:00
Joseph Schorr
dfe371286a Optimize purging of a repository by skipping the unreferenced check 2017-07-28 13:41:14 -04:00
Joseph Schorr
6043bf45b4 Add configurable stale_timeout and max_connections on pool 2017-07-27 15:26:26 -04:00
Joseph Schorr
f79542fefb Enable connection pooling in the registry 2017-07-27 14:00:23 -04:00
Jake Moshenko
e9a5fdbad1 Use a more pro-active approach to identify an uninitialized db proxy. 2017-07-26 18:23:05 -04:00
Joseph Schorr
50c144a7c4 Remove the configure call in UseThenDisconnect 
This hopefully avoids us creating secondary connections
 2017-07-26 14:14:52 -04:00
Jimmy Zelinskie
155cb65f7d endpoints.appr: move to new v22 format 2017-07-26 11:02:44 -07:00
Jake Moshenko
0011ddda16 Release database connections after updating build statuses. 2017-07-26 12:29:51 -04:00
Joseph Schorr
9febb539a7 Close the database connection after operations in buildman 
Also adds a *temporary* hack to prevent this from breaking tests
 2017-07-26 12:10:48 -04:00
Charlton Austin
be206a8b88 Merge pull request #2814 from charltonaustin/create_data_interface_for_subsystem_api/repository_633 
refactor(endpoints/api/repository*): added in pre_oci_model abstraction
 2017-07-25 13:59:52 -04:00
josephschorr
074b4e4981 Merge pull request #2810 from coreos-inc/joseph.schorr/QUAY-747/common-data-interface 
Convert endpoints/common into using a data interface
 2017-07-24 15:59:13 -04:00
Charlton Austin
8f1200b00d style(data, endpoints, test): ran yapf against changed files 
### Description of Changes

Issue: https://coreosdev.atlassian.net/browse/QUAY-633

## Reviewer Checklist

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
 2017-07-24 11:05:15 -04:00
Joseph Schorr
aecec02b6c Change common_login to take in a user uuid, instead of a user DB object 2017-07-20 16:01:39 -04:00
Jimmy Zelinskie
d7b094f65c Merge pull request #2801 from jzelinskie/keyserver-update 
endpoints.keyserver: new fs org for data interface
 2017-07-20 14:48:57 -04:00
Joseph Schorr
7d4fed6892 Change error message when trying to pull a deleted or expired tag 
Will let the users know they can recover the tag via time machine

Note: This was tested with the Docker protocol, but the new error code is *technically* out of spec; we should make sure its okay.
 2017-07-19 17:13:48 -04:00
Joseph Schorr
99d7fde8ee Add UI for viewing and changing the expiration of tags 2017-07-19 17:13:48 -04:00
Joseph Schorr
4663bf4194 Add additional test for tag expiration 2017-07-19 17:13:06 -04:00
Joseph Schorr
4ad3682b9c Make health check failures report their reasons 
Note that we add a new block with expanded service info, to avoid breaking compatibility with existing callers of the health endpoint
 2017-07-19 16:17:02 +03:00
Joseph Schorr
0dfb6806e3 Add ping method to auth engines to determine if they are reachable 2017-07-19 16:16:41 +03:00
Jimmy Zelinskie
42869cb00a endpoints.keyserver: new fs org for data interface 2017-07-17 14:25:18 -04:00
josephschorr
fdb21aa5dc Merge pull request #2777 from coreos-inc/joseph.schorr/QUAY-618/notificationworker-data-interface 
Change notificationworker to use data interface
 2017-07-13 00:23:15 +03:00
josephschorr
d00c7d299c Merge pull request #2778 from coreos-inc/gc-long-chain-test 
Add a long-chain test for GC
 2017-07-13 00:23:03 +03:00
Charlton Austin
82488c9102 Merge pull request #2753 from charltonaustin/api_tag_v22 
refactor(endpoints/api/tag): refactor code for v22
 2017-07-12 15:51:48 -04:00
Charlton Austin
131acde317 refactor(data+endpoints): code review changes 
this puts the view logic on the object and adds a parameter for logging

[TESTING->locally with docker compose]

Issue: https://coreosdev.atlassian.net/browse/QUAY-632

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
 2017-07-12 14:10:21 -04:00
Joseph Schorr
2b51265b48 Add a long-chain test for GC 2017-07-12 18:03:27 +03:00
Joseph Schorr
b6f1782642 Change notificationworker to use a data interface 2017-07-12 17:40:45 +03:00
Joseph Schorr
bdab367285 Change blobuploadcleanupworker to use a data interface 2017-07-11 16:58:09 +03:00
Charlton Austin
897a091692 style(data+endpoints): ran yapf 
### Description of Changes

ran yapf for the branch

[TESTING->locally using docker compose]

Issue: https://coreosdev.atlassian.net/browse/QUAY-632

## Reviewer Checklist

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
 2017-07-10 09:46:02 -04:00
Charlton Austin
fc4b3642d3 refactor(endpoints/api/tag): refactor code for v22 
this decouples the database models from the api

[TESTING->locally with docker compose]

Issue: https://coreosdev.atlassian.net/browse/QUAY-632

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
 2017-07-10 09:40:33 -04:00
EvB
ccca0c9655 refactor(util/tufmetadata/test): move app test to gc suite 2017-07-07 15:14:14 -04:00
josephschorr
89ab94ffbb Merge pull request #2720 from coreos-inc/gc-opt 
GC optimizations
 2017-06-29 20:55:14 +03:00
Jimmy Zelinskie
ecd5996386 endpoints.v2: new fs layout for data interface 
Fixes QUAY-656
 2017-06-29 13:19:53 -04:00
josephschorr
0e702c72f2 Merge pull request #2739 from coreos-inc/joseph.schorr/QUAY-664/verbs-interface-refactor 
Refactor Verbs model definitions to match new style
 2017-06-29 10:07:36 +03:00
Jimmy Zelinskie
80c9b611a4 Merge pull request #2730 from jzelinskie/v2-interface 
endpoints.v2: new fs layout for data interface
 2017-06-28 13:51:43 -04:00
Joseph Schorr
8b4958dbcc Move verbs model into new file structure 2017-06-28 13:05:02 +03:00
Joseph Schorr
8dcea30d58 Fix build by pre-calling the caches 
They were being called in a test-dependent order, which caused any tests which relied on query count to fail
 2017-06-27 18:11:46 +03:00
Joseph Schorr
cdd7cb9321 Remove directly referenced images from the candidate set before starting GC iteration 
Makes the lookup query underneath the transaction smaller if there are a lot of images referenced directly by tag. We still must do the direct referenced check within the transaction, but this should reduce the scope of the search space a bit.
 2017-06-27 17:33:58 +03:00
Joseph Schorr
45c7008078 Change Repo GC to be iterative 
This prevents us from creating a massive join when there are a large number of tags in the repository, which can result in locking the entire DB for long periods of time. Instead of the join, we just iteratively lookup any images found to be directly referenced by a tag or found as a parent of another image, both of which should be indexed lookups. Once done, we only remove those images and then iterate until the working set stops changing.
 2017-06-27 17:33:58 +03:00
Joseph Schorr
e9a95874ee Move GC tests into pytest 2017-06-27 17:33:58 +03:00
Joseph Schorr
11659f73bf Fix log for reenabling a notification 
We forgot to log the event and method names
 2017-06-27 15:26:40 +03:00
Jimmy Zelinskie
0e26a03f7e endpoints.v2: new fs layout for data interface 
Fixes QUAY-658
 2017-06-26 18:21:35 -04:00
Charlton Austin
5e6aa6648b fix(endpoints): added in proper error handling 
before we would return a 400 without a message because the errors were not being caught

Issue: https://www.pivotaltracker.com/story/show/145459707

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
 2017-06-21 16:59:48 -04:00
josephschorr
b269cb84a3 Merge pull request #2688 from coreos-inc/build-badge-query 
Remove expensive call in build badge
 2017-06-12 15:06:13 -04:00
Joseph Schorr
a949a44cb2 Remove expensive call in build badge 
We don't need to list all the tags to determine if any exist, and showing the repo is ready when it is empty is probably correct behavior anyway
 2017-06-12 14:53:54 -04:00
Joseph Schorr
d68b65d90c Optimize GC query join a bit by reducing the surface 
We remove the directly referenced images from the join across ancestors, as they will be covered by the first part of the union clause. For some large repositories, this will result in a significantly reduced set of images that have to be joined NxM.
 2017-06-12 12:55:32 -04:00
Antoine Legrand
9c68cbd6e8 Fix no search result for apps 2017-06-05 23:03:47 +02:00
Charlton Austin
52750e74ee fix(add notification number): add explicit default 
there is a possibility that this will not work with postgres

Issue: https://www.pivotaltracker.com/story/show/144646649

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
 2017-05-22 09:55:40 -04:00
Charlton Austin
a71f60a9c1 Merge pull request #2652 from charltonaustin/failing_repository_notifications_to_be_disabled_after_n_failures_in_a_row_144646649 
Failing repository notifications to be disabled after n failures in a row 144646649
 2017-05-22 09:30:53 -04:00
Charlton Austin
993f2a174c feat(full-stack): disable notifications after 3 failures 
This stops notifications from firing over and over again if they are repeatedly failing.

[TESTING -> locally with docker compose, DATABASE MIGRATION -> there is a single migration]

Issue: https://www.pivotaltracker.com/story/show/b144646649n

- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
 2017-05-19 16:58:46 -04:00
Joseph Schorr
065e327190 Make sure catalog always returns public repositories 2017-05-19 16:24:08 -04:00
Jimmy Zelinskie
702cdf59ff Merge pull request #2637 from jzelinskie/audit-apps 
Audit Logs for Apps
 2017-05-16 17:06:25 -04:00
Jimmy Zelinskie
4db789b656 add audit logging to app registry endpoints 2017-05-16 15:54:02 -04:00
josephschorr
1dafddd7bf Merge pull request #2623 from coreos-inc/ldap-user-creation 
Disable federated login for new users if user creation is disabled
 2017-05-15 15:07:52 -04:00
Joseph Schorr
b3d7577473 Disable federated login for new users if user creation is disabled 
Fixes https://www.pivotaltracker.com/story/show/144821585
 2017-05-15 15:07:08 -04:00
Joseph Schorr
db767b3610 Optimize lookup of org membership on prototype and perms APIs 
Fixes a major slowdown when working with permissions under organizations with a lot of members

Fixes https://www.pivotaltracker.com/story/show/144076113
 2017-05-08 14:03:59 -04:00
Joseph Schorr
9d97e053b3 Make sure to re-sort the filtered repositories in search 
The filtering breaks the ordered we expected, so we need to re-sort
 2017-05-03 18:38:46 -04:00
Joseph Schorr
0164b48a24 Switch repository search to order matches in repo names higher 
Helps push better results to the top of the results list
 2017-05-03 17:02:24 -04:00
josephschorr
19f67bfa1b Merge pull request #2607 from coreos-inc/faster-security-notify 
Batch the tag lookups in the security notification worker in an attempt to significant reduce load
 2017-05-03 13:49:13 -04:00
Joseph Schorr
68d473bff4 Clarify comment and make pairs code a little nicer 2017-05-03 11:41:39 -04:00
Joseph Schorr
977bbc20a2 Add filtering onto the images query in get_matching_tags_for_images 
Should make the query even faster in the security notification case
 2017-05-02 18:29:14 -04:00
josephschorr
5a9a231754 Merge pull request #2529 from coreos-inc/search-ui 
Implement new search UI
 2017-05-02 15:56:59 -04:00
Joseph Schorr
d77463cc8b Add sharing to the images lookup in get_matching_tags_for_images 
Should prevent an issue if we ever get a request with thousands and thousands of images where we would exceed the DB's max packet size
 2017-05-02 15:50:31 -04:00
Joseph Schorr
74dd0ef8e8 Add a batch get_matching_tags_for_images method 
This will be used in the security notification worker to retrieving the tags needed in a set of batch calls, rather than multiple calls per image
 2017-05-02 15:38:25 -04:00
Joseph Schorr
b67113e848 Move LDAP controls init into the inner loop 
We cannot use it across different DNs, so we need to move it down
 2017-05-01 16:04:33 -04:00
Joseph Schorr
30a681343f Make sure to escape LDAP queries 
Fixes an issue in team sync around group names that contain *s

Fixes https://www.pivotaltracker.com/story/show/144628235
 2017-05-01 14:00:54 -04:00
Joseph Schorr
e583be3914 Remove inner query for ancestors lookup on get_matching_tags 2017-04-28 20:10:54 -04:00
Joseph Schorr
8b2e4d3bcf Add a test for get_matching_tags 2017-04-28 19:57:24 -04:00
Joseph Schorr
e9ffe0e27b Implement new search UI 
We now have both autocomplete-based searching for quick results, as well as a full search page for a full listing of results
 2017-04-28 13:57:28 -04:00
Charlton Austin
f1d6a7284d Merge pull request #2483 from charltonaustin/phase_four_config 
feat(data): remove subdir
 2017-04-28 13:24:22 -04:00
Charlton Austin
c79711b6dc feat(data): remove subdir 
### Description of Changes
  This is the last step in the four phase migration of the config
 2017-04-28 13:23:51 -04:00
josephschorr
8b148bf1d4 Merge pull request #2576 from coreos-inc/full-db-tests-tox 
Reenable full database testing locally and in concourse
 2017-04-27 18:09:15 -04:00
Joseph Schorr
dd1addee29 LDAP Team sync improvements 
- Add a large amount of additional logging
- Handle NO_SUCH_OBJECT in AD searches
- Only check if *a* record exists when adding syncing, as opposed to loading the entire search set
 2017-04-26 20:26:12 -04:00
EvB
fddcd0a395 fix(data.archivedlogs): update endpoint name 2017-04-26 17:31:44 -04:00
josephschorr
5c4f7d50c6 Merge pull request #2580 from coreos-inc/team-sync-email-fix 
Fix handling of team sync when a user already exists with the email address
 2017-04-26 14:19:23 -04:00
EvB
5e995fae20 refactor(archivedlogs): move archivelog handler to endpoints 2017-04-26 11:41:55 -04:00
Joseph Schorr
36f2272fe2 Fix handling of team sync when a user already exists with the email address 2017-04-25 17:42:35 -04:00
Joseph Schorr
d7f3ef96ce Small fixes found by running full db tests 2017-04-24 16:45:15 -04:00
Joseph Schorr
7debd44b54 Switch fixture imports to wildcard in prep for full db test fixes 2017-04-24 16:45:14 -04:00
Jake Moshenko
a159bd3e77 Resolve race condition between multiple log archivers 2017-04-24 13:41:08 -04:00
Antoine Legrand
8499612c4c Merge pull request #2538 from coreos-inc/enable-robot-cnr 
Enable robot cnr
 2017-04-24 17:32:46 +02:00
josephschorr
cc88cfb6ad Merge pull request #2568 from coreos-inc/fix-postgres-search 
Fix search in postgres
 2017-04-21 17:22:59 -04:00
Joseph Schorr
e46e668cc5 Fix search in postgres 
Stupid missing group_by again
 2017-04-21 17:21:17 -04:00
Erica
fc5c255965 Merge pull request #2565 from coreos-inc/HOTFIX-2.3.1 
fix(migration): bring hotfix from v2.3.0 into master
 2017-04-21 17:12:51 -04:00
Joseph Schorr
5bba018009 Add tests for user files endpoint and add regex filter 2017-04-21 16:13:18 -04:00
Joseph Schorr
4bb725dce0 Add fix for relative paths in user files lookup and add test 2017-04-21 15:54:15 -04:00
Joseph Schorr
3413fc3d8a Add missing logging for IOError issue in archived logs 2017-04-21 14:40:09 -04:00
EvB
c5b411b704 fix(migrations): fix column additional w/ boolean default 2017-04-21 11:56:13 -04:00
Joseph Schorr
3dcbe3c631 If enabled, allow users and orgs to set their time machine expiration 
Fixes https://www.pivotaltracker.com/story/show/142881203
 2017-04-21 11:32:45 -04:00
Joseph Schorr
c5bb9abf11 Fix deleting repos when sec scan or signing is disabled 
Make sure we don't invoke the APIs to non-existent endpoints
 2017-04-19 16:57:36 -04:00
Charlton Austin
38d4af0d8b Merge pull request #2479 from charltonaustin/phase_three_config 
feat(data): remove writing of old config
 2017-04-18 10:25:50 -04:00
Antoine Legrand
599ce0de54 code-stye Yapf: 5 files updated 
data/interfaces/appr.py endpoints/appr/cnr_backend.py endpoints/appr/registry.py endpoints/appr/test/test_api.py endpoints/appr/test/test_registry.py
 2017-04-18 14:02:48 +02:00
Antoine Legrand
578f87f94c Fix login with robot to quay-appr 2017-04-18 13:59:21 +02:00
Evan Cordell
2661db7485 Add flag to enable trust per repo (#2541) 
* Add flag to enable trust per repo

* Add api for enabling/disabling trust

* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api

* Add `set_trust` method to repository

* Expose new logkind to UI

* Fix registry tests

* Rebase migrations and regen test.db

* Raise downstreamissue if trust metadata can't be removed

* Refactor change_repo_trust

* Add show_if to change_repo_trust endpoint
 2017-04-15 08:26:33 -04:00
Joseph Schorr
626f306283 Add tests for list_active_tags 2017-04-14 17:53:31 -04:00
Joseph Schorr
4a1fad7520 Make sure to filter hidden tags from the active tags query 2017-04-13 19:29:38 -04:00
Joseph Schorr
ab2f044331 Switch get repo API to use a single list tags query 
Should make things faster since the join occurs on the database side
 2017-04-13 18:06:58 -04:00
Charlton Austin
40906afdd8 feat(data): remove writing of old config 
### Description of Changes
  Phase three of config data model change.
 2017-04-13 13:25:36 -04:00
Joseph Schorr
68331859b0 Add backfill for repository search score table 2017-04-13 12:30:44 -04:00
josephschorr
c78ec89305 Merge pull request #2531 from coreos-inc/repo-score 
Switch to using RepositorySearchScore table for search ranking
 2017-04-13 11:51:59 -04:00
Evan Cordell
ec63e495fc Add repo purge callbacks and register TUF metadata deletion as one 2017-04-12 17:33:51 -04:00
Joseph Schorr
80693d6b8c Fix NPE bug in RAC worker 
We need to return `None`, not `0` if there are no additional repositories to measure
 2017-04-11 15:42:11 -04:00
Joseph Schorr
e5a009a777 Switch to using RepositorySearchScore table for search ranking 
Should make search queries much, much faster as it contains the denormalized RAC data
 2017-04-11 14:55:20 -04:00
josephschorr
928b9915ed Merge pull request #2441 from coreos-inc/repo-score-denormalization 
Add a RepositorySearchScore table and calculation to the RAC worker
 2017-04-10 16:31:09 -04:00
Joseph Schorr
df3f47c79a Add a RepositorySearchScore table and calculation to the RAC worker 
This will be used in a followup PR to order search results instead of the RAC join. Currently, the join with the RAC table in search results in a lookup of ~600K rows, which causes searching to take ~6s. This PR denormalizes the data we need, as well as allowing us to score based on a wider band (6 months vs the current 1 week).
 2017-04-10 14:29:02 -04:00
Erica
3f79422a52 Merge pull request #2306 from coreos-inc/QUAY-2842-audit-log-strict-config-option 
feat(config.py): add setting for audit log strictness
 2017-04-07 13:43:11 -04:00
EvB
20c4d971c4 refactor(model/log): pull allowed action types into constant 2017-04-07 11:39:54 -04:00
Jake Moshenko
a8ec7865a7 Merge pull request #2511 from jakedt/fixwarnings 
Fixwarnings
 2017-04-06 16:12:19 -04:00
Jake Moshenko
c7241911a5 Fix old-style flask imports to silence deprecation warnings. 2017-04-06 13:15:48 -04:00
Joseph Schorr
f9e6110f73 Add basic user interface for application repos 
Adds support for creating app repos, viewing app repos and seeing the list of app repos in the Quay UI.
 2017-04-05 11:30:09 -04:00
EvB
d0aaaaa1ef test(data/model/log): add more log_action tests 
temp
 2017-04-05 11:26:10 -04:00
EvB
ea740d15ba fix(model/log): log exception on swallowed db errors 2017-04-05 11:26:10 -04:00
EvB
625bd66b42 test(data/model): test action logging 2017-04-05 11:26:10 -04:00
EvB
6916d82e0d feat(endpoints/trackhelper): wrap log op for silent fails 2017-04-05 11:26:10 -04:00
Joseph Schorr
b10608e277 Change teamsync config to be a UTF8 field 2017-04-03 14:16:34 -04:00
Joseph Schorr
bdd07d4f39 Fix flakiness in team sync tests 2017-04-03 11:36:42 -04:00
Joseph Schorr
bd22fb255e Rename get_federated_user to get_and_link_federated_user_info 
Better to be explicit wherever possible
 2017-04-03 11:36:42 -04:00
Joseph Schorr
1a31d98c44 Clarify variable name in Keystone auth 2017-04-03 11:36:41 -04:00
Joseph Schorr
8c07f733eb Add pagination tests for LDAP 2017-04-03 11:36:41 -04:00
Joseph Schorr
541aa722c2 Add sleeps to make test non-flaky 
Sucks, but MySQL only has second-level timing, so we need this to be sure
 2017-04-03 11:36:41 -04:00
Joseph Schorr
103186f5e8 Small renames to make team syncing code more clear 2017-04-03 11:36:41 -04:00
Joseph Schorr
7f0aa19292 Code cleanup and style improvements in team sync 2017-04-03 11:36:41 -04:00
Joseph Schorr
84e37b68ee Change if statement to be more readable 2017-04-03 11:31:30 -04:00
Joseph Schorr
71d52d45ba Add a test for same user returned twice in team sync 2017-04-03 11:31:30 -04:00
Joseph Schorr
d7825c6720 Add group iteration and syncing support to Keystone auth 2017-04-03 11:31:30 -04:00
Joseph Schorr
47278cc559 Cleanup test fixtures 2017-04-03 11:31:30 -04:00
Joseph Schorr
df603462b8 Add database migration for TeamSync 2017-04-03 11:31:29 -04:00
Joseph Schorr
96b9d6b0cd Add end-to-end test for team sync 2017-04-03 11:31:29 -04:00
Joseph Schorr
4055158fc4 Fix indentation 2017-04-03 11:31:29 -04:00
Joseph Schorr
938730c076 Move sync team into its own module and add tests 2017-04-03 11:31:29 -04:00
Joseph Schorr
eeadeb9383 Initial interfaces and support for team syncing worker 2017-04-03 11:31:29 -04:00
Joseph Schorr
94b07e6de9 Allow nulls in last_updated field to accurately report the last updated time to users for newly sync teams 2017-04-03 11:31:29 -04:00
Joseph Schorr
8ea3977140 Add ability to enable, disable and view team syncing in UI and API 
Also extracts out some common testing infrastructure to make testing APIs easier now using pytest
 2017-04-03 11:31:29 -04:00
Joseph Schorr
bb20422260 Fix pagination disabling in LDAP with mockldap 
Since mockldap doesn't support pagination, just disable it globally
 2017-04-03 11:31:28 -04:00
Joseph Schorr
ecfac81721 Add check_group_lookup_args and service_metadata to auth providers 2017-04-03 11:31:28 -04:00
Joseph Schorr
1cfc4a8341 Change max size of LDAP pages and add filtering to reduce attributes returned 2017-04-03 11:31:28 -04:00
Joseph Schorr
f5a854c189 Add TeamSync database and API support 
Teams can now have a TeamSync entry in the database, indicating how they are synced via an external group. If found, then the user membership of the team cannot be changed via the API.
 2017-04-03 11:31:28 -04:00
Joseph Schorr
d718829f5d Initial LDAP group member iteration support 
Add interface for group member iteration on internal auth providers and implement support in the LDAP interface.
 2017-04-03 11:31:28 -04:00
Charlton Austin
9ff189b16e fix(migration merge issue): missing .save() on migration 2017-03-28 15:17:51 -04:00
Charlton Austin
d559dc7b3e Fixing the migration path so we don't have incorrect branches. 2017-03-28 14:54:21 -04:00
Charlton Austin
ca99535774 Merge pull request #2449 from charltonaustin/phase_two_config 
feat(build runner): added in context, dockerfile_location
 2017-03-28 14:14:36 -04:00
Charlton Austin
e6d201e0b0 feat(build runner): added in context, dockerfile_location 
this is a new feature meant to allow people to use any file as
  a dockerfile and any folder as a context directory
 2017-03-28 13:55:31 -04:00
Antoine Legrand
d2ed37e158 Fix force push causing duplicated entries 2017-03-27 15:39:57 +02:00
Antoine Legrand
22c1a29892 fix strip_sha256 2017-03-24 19:49:52 +01:00
Antoine Legrand
bbd74eabd1 Allow force push for app 2017-03-23 22:50:07 +01:00
Joseph Schorr
ac4a79ae01 Update PR for rebase 2017-03-23 15:57:49 -04:00
Joseph Schorr
651666b60b Refactor our auth handling code to be cleaner 
Breaks out the validation code from the auth context modification calls, makes decorators easier to define and adds testing for each individual piece. Will be the basis of better error messaging in the following change.
 2017-03-23 15:42:45 -04:00
Joseph Schorr
dd9e4bf3e7 Remove transaction around OCI blobs 
Fixes https://www.pivotaltracker.com/story/show/142341399
 2017-03-23 14:51:37 -04:00
Jimmy Zelinskie
9c0cbbf57c data.oci_model: sloppily rewrite digest format 
We expect digests to be in the form 'sha256:digest'
 2017-03-23 12:37:32 -04:00