vbatts/quay - Git - Batts Cloud

Archived

Author	SHA1	Message	Date
Brad Ison	c2ad6c5060	Check for null model objects As of v2.8.2, peewee will not create model objects with all null fields when an FK reference is null. We have to check the model instances for None. See: https://github.com/coleifer/peewee/issues/1012	2018-04-04 14:19:45 -04:00
Joseph Schorr	e7dbc4ee91	Move notification helper code into the root module	2017-07-25 17:00:07 -04:00
Joseph Schorr	ce56031846	Move notifications into its own package	2017-07-25 17:00:06 -04:00
Evan Cordell	ac54dd6f5d	fix(secscan): don't use slash_join, it discards the root	2017-07-11 14:12:57 -04:00
Evan Cordell	b9581e0baf	fix(secscan): fix mitm cert path calculation	2017-07-11 13:26:19 -04:00
Antoine Legrand	cdb3722c17	Use $QUAYPATH and $QUAYDIR in conf and init files	2017-07-05 16:23:54 +02:00
Jimmy Zelinskie	1d2640e012	util.secscan.fake: add test for unexpected status	2017-06-28 13:40:04 -04:00
Jimmy Zelinskie	46087d5e64	util.secscan.api: more robust API failures cases Addresses QUAY-672 by handling all status codes that are not 404 and 5xx and moving response decoding inside the try/except block to ensure that the response object is in scope.	2017-06-26 17:13:51 -04:00
Kenny Lee Sin Cheong	203c0b76e0	Raise an APIRequestFailure exception when security scanner is unavailable Put worker to sleep for the duration of the default indexing interval when an APIRequestFailure occurs, when the API request fails due to a connection error, timeout, or other ambiguous errors, from analyze_layer or get_layer_data .	2017-05-24 11:04:44 -04:00
Joseph Schorr	977bbc20a2	Add filtering onto the images query in get_matching_tags_for_images Should make the query even faster in the security notification case	2017-05-02 18:29:14 -04:00
Joseph Schorr	98fcae753b	Change the security notification system to use get_matching_tags_for_images This should vastly reduce the number of database calls we make, as instead of making 2-3 calls per image, we'll make two calls per ~100 images	2017-05-02 15:39:27 -04:00
Joseph Schorr	f296599162	Add additional logging around secscan analyze	2017-04-21 16:52:47 -04:00
Joseph Schorr	c5bb9abf11	Fix deleting repos when sec scan or signing is disabled Make sure we don't invoke the APIs to non-existent endpoints	2017-04-19 16:57:36 -04:00
Jimmy Zelinskie	65a17dc155	Merge pull request #2473 from coreos-inc/certs-fixes Fixes and improvements around custom certificate handling	2017-03-27 15:08:36 -04:00
Evan Cordell	6ad107709c	Change build_context_and_subject to take kwargs	2017-03-27 11:37:17 -04:00
Evan Cordell	43dd974dca	Determine which TUF root to show based on actual access, not requested access	2017-03-27 11:37:17 -04:00
Joseph Schorr	b017133cc6	Make QSS validation errors more descriptive	2017-03-24 17:28:16 -04:00
Joseph Schorr	eff1827d9d	Batch QSS notifications after initial scan	2017-03-01 15:42:49 -05:00
Jimmy Zelinskie	cbb2fff0e2	util.secscan.api: raise exception for !200 status	2017-03-01 00:40:47 -05:00
Joseph Schorr	3db4c15459	Pull out security scanner validation into validator class	2017-02-24 12:23:16 -05:00
Jimmy Zelinskie	c8034deab4	util.secscan.api: failover connection failures	2017-02-23 15:01:32 -05:00
Jimmy Zelinskie	1d6339e644	test.test_api_usage: fix secscan tests	2017-02-14 15:21:18 -05:00
Jimmy Zelinskie	3286566478	util.secscan.api: reorg try/catch	2017-02-14 15:21:17 -05:00
Jimmy Zelinskie	d2909c0e4d	failover: store result in FailoverException	2017-02-14 14:36:36 -05:00
Jimmy Zelinskie	c2c6bc1e90	test: add qss read failover case	2017-02-03 19:20:13 -05:00
Jimmy Zelinskie	1d59095460	utils.secscan: linter fixes	2017-02-03 19:20:13 -05:00
Jimmy Zelinskie	e81926fcba	util.secscan.api: init read-only failover	2017-02-03 19:20:13 -05:00
Joseph Schorr	7c1bb886db	Security scanner ordered tuplize bug fix If only the old list is present, we still need to tuplize the entries. Fixes https://sentry.io/coreos/backend-production/issues/207196561/	2017-01-24 13:16:44 -05:00
josephschorr	aafcb592a6	Merge pull request #2257 from coreos-inc/clair-gc-take2 feat(gc): Garbage collection for security scanning	2017-01-17 14:49:36 -05:00
Joseph Schorr	d609e6a1c4	Security scanner garbage collection support Adds support for calling GC in the security scanner for any layers+storage removed by GC on the Quay side	2016-12-22 14:55:26 -05:00
Joseph Schorr	5b3212ea0e	Change security notification code to use the new stream diff reporters This ensures that even if security scanner pagination sends Old and New layer IDs on different pages, they will properly be handled across the entire notification. Fixes https://www.pivotaltracker.com/story/show/136133657	2016-12-20 12:50:19 -05:00
Joseph Schorr	ced0149520	Implement helper classes for tracking streaming diffs, both indexed and non-indexed These classes will be used to handle the Layer ID paginated diffs from Clair.	2016-12-20 12:50:18 -05:00
Joseph Schorr	405eca074c	Security scanner flow changes and auto-retry Changes the security scanner code to raise exceptions now for non-successful operations. One of the new exceptions raised is MissingParentLayerException, which, when raised, will cause the security worker to perform a full rescan of all parent images for the current layer, before trying once more to scan the current layer. This should allow the system to be "self-healing" in the case where the security scanner engine somehow loses or corrupts a parent layer.	2016-12-16 15:38:09 -05:00
Joseph Schorr	15041ac5ed	Add a fake security scanner class for easier testing The FakeSecurityScanner mocks out all calls that Quay is expected to make to the security scanner API, and returns faked data that can be adjusted by the calling test case	2016-12-14 17:11:45 -05:00
Joseph Schorr	6871eb95b1	Send notifications for previously unscannable layers in QSS Following this change, if an image was previously indexed unsuccessfully, then we will send notifications once successfully indexed	2016-12-14 11:25:45 -05:00
Joseph Schorr	624b2a8385	Have security scanner analyze only send notifications for new layers Following this change, anytime a layer is indexed by the security scanner, we only send notifications out if the layer previously had a security_indexed_engine value of `-1`, thus ensuring it has never been indexed previously. This will allow us to change to version of the security scanner upwards, and have all the images be re-indexed, without firing off notifications in a spammy manner.	2016-12-13 23:17:11 -05:00
Evan Cordell	5686c80af1	Revert "Add GC of layers in Clair" This reverts `49872838ab`	2016-12-13 18:40:58 -05:00
Joseph Schorr	49872838ab	Add GC of layers in Clair Fixes https://www.pivotaltracker.com/story/show/135583207	2016-12-06 19:52:56 -05:00
Jake Moshenko	21e3001446	Add a bulk insert for queue and notifications. Use it for Clair spawned notifications.	2016-12-06 14:00:16 -05:00
Joseph Schorr	3c8b87e086	Fix verbs in manifestlist All registry_tests now pass	2016-09-26 14:49:58 -04:00
Joseph Schorr	541764d87b	Fix `get_priority_for_index` method for non-int values Fixes #1607	2016-07-11 15:04:50 -04:00
Joseph Schorr	8887f09ba8	Use the instance service key for registry JWT signing	2016-06-07 11:58:10 -04:00
josephschorr	d572a45a57	Merge pull request #1441 from coreos-inc/fastesttests Make security scan testing much faster	2016-05-05 13:57:05 -04:00
Joseph Schorr	343a080833	Make security scan testing much faster	2016-05-05 13:55:24 -04:00
Jake Moshenko	75f5df6369	Add clair auth header in generalized interface	2016-05-05 13:28:06 -04:00
Joseph Schorr	232fa42897	Add testing of the new secscan-for-local endpoint and fix a bug	2016-05-04 21:47:03 -04:00
Jake Moshenko	9221a515de	Use the registry API for security scanning when the storage engine doesn't support direct download url	2016-05-04 18:04:06 -04:00
Joseph Schorr	2cbdecb043	Implement setup tool support for Clair Fixes #1387	2016-05-04 13:40:50 -04:00
Evan Cordell	0c2ecec9a9	Don't check for client certs when talking to clair	2016-04-29 14:10:33 -04:00
Evan Cordell	f30a9e56f3	Be really sure about proxy protocol	2016-04-29 14:10:33 -04:00

1 2

77 commits