Commit graph

600 commits

Author SHA1 Message Date
Joseph Schorr
af743b156b Show manifest digests in place of V1 ids in the tag view when possible 2017-03-14 11:34:41 -04:00
josephschorr
432b2d3fe8 Merge pull request #2392 from coreos-inc/search-optimization
Optimize repository search by changing our lookup strategy
2017-03-10 15:44:26 -05:00
Joseph Schorr
d42ec4e585 Abstract out constant scores into constants 2017-03-10 14:06:39 -05:00
Joseph Schorr
b5bb76cdea Optimize repository search by changing our lookup strategy
Previous to this change, repositories were looked up unfiltered in six different queries, and then filtered using the permissions model, which issued a query per repository found, making search incredibly slow. Instead, we now lookup a chunk of repositories unfiltered and then filter them via a single query to the database. By layering the filtering on top of the lookup, each as queries, we can minimize the number of queries necessary, without (at the same time) using a super expensive join.

Other changes:
- Remove the 5 page pre-lookup on V1 search and simply return that there is one more page available, until there isn't. While technically not correct, it is much more efficient, and no one should be using pagination with V1 search anyway.
- Remove the lookup for repos without entries in the RAC table. Instead, we now add a new RAC entry when the repository is created for *the day before*, with count 0, so that it is immediately searchable
- Remove lookup of results with a matching namespace; these aren't very relevant anyway, and it overly complicates sorting
2017-03-09 19:47:55 -05:00
Jimmy Zelinskie
850c32ebfb Merge pull request #2298 from jzelinskie/maintainers
MAINTAINERS: init owners to subpkgs
2017-03-09 17:30:38 -05:00
Joseph Schorr
0ab6388e30 Add support for null ref, as that can be the value if a default branch is not chosen 2017-03-07 20:39:42 -05:00
Joseph Schorr
8e863b8cf5 Implement new create and manager trigger UI
Implements the new trigger setup user interface, which is now a linear workflow found on its own page, rather than a tiny modal dialog

Fixes #1187
2017-02-28 16:51:42 -05:00
Joseph Schorr
3f1d394e14 Catch IOErrors when starting builds
Fixes https://sentry.io/coreos/backend-production/issues/207144068/
2017-02-22 13:20:04 -05:00
Joseph Schorr
89b7c13da5 Catch team member invite missing exception
Fixes https://sentry.io/coreos/backend-production/issues/195926082/
2017-02-22 13:18:22 -05:00
Joseph Schorr
0167e1e7bf Style fixes 2017-02-16 16:27:54 -05:00
Joseph Schorr
7b386e9d63 Move endpoint test fixtures to a non-conftest file 2017-02-16 16:27:53 -05:00
Joseph Schorr
2c35383724 Allow OAuth and OIDC login engines to bind to fields in internal auth
This feature is subtle but very important: Currently, when a user logs in via an "external" auth system (such as Github), they are either logged into an existing bound account or a new account is created for them in the database. While this normally works jut fine, it hits a roadblock when the *internal* auth system configured is not the database, but instead something like LDAP. In that case, *most* Enterprise customers will prefer that logging in via external auth (like OIDC) will also *automatically* bind the newly created account to the backing *internal* auth account. For example, login via PingFederate OIDC (backed by LDAP) should also bind the new QE account to the associated LDAP account, via either username or email. This change allows for this binding field to be specified, and thereafter will perform the proper lookups and bindings.
2017-02-16 16:27:53 -05:00
Joseph Schorr
11c931f781 Log more information to the action logs and display the namespaces for superusers
This helps superusers understand better what, exactly, is going on in the registry
2017-02-14 14:55:24 -05:00
Joseph Schorr
8d96d8b682 Add tests for missing logs APIs 2017-02-08 16:52:17 -08:00
Charlton Austin
5a06530b43 Merge pull request #2314 from charltonaustin/move_tests_over_to_pytest_no_story
update(security_test.py): moving tests to new framework
2017-02-03 16:21:03 -05:00
Joseph Schorr
cf539487a1 Add API endpoint for retrieving security status by *manifest*, rather than Docker V1 image ID 2017-02-02 17:51:18 -05:00
Charlton Austin
85bcb63439 update(security_test.py): moving tests to new framework
We should be moving tests over to pytest

[none]
2017-02-02 13:40:00 -05:00
josephschorr
01ec22b362 Merge pull request #2300 from coreos-inc/openid-connect
OpenID Connect support and OAuth login refactoring
2017-01-31 18:14:44 -05:00
Charlton Austin
2dfae9e892 Merge pull request #2303 from charltonaustin/view_build_logs_as_superuser_137910387
feature(superuser panel): ability to view logs
2017-01-27 12:32:31 -05:00
Charlton Austin
dae93dce78 feature(superuser panel): ability to view logs
users would like the ability to view build logs in the superuser panel

[None]
2017-01-26 13:54:03 -05:00
Joseph Schorr
05e9e31941 Fix small lookup bug under MySQL 2017-01-25 12:55:56 -05:00
Joseph Schorr
a9791ea419 Have external login always make an API request to get the authorization URL
This makes the OIDC lookup lazy, ensuring that the rest of the registry and app continues working even if one OIDC provider goes down.
2017-01-23 19:06:19 -05:00
Jimmy Zelinskie
64421db0a3 MAINTAINERS: init owners to subpkgs 2017-01-23 17:46:34 -05:00
Joseph Schorr
19f7acf575 Lay foundation for truly dynamic external logins
Moves all the external login services into a set of classes that share as much code as possible. These services are then registered on both the client and server, allowing us in the followup change to dynamically register new handlers
2017-01-20 15:21:08 -05:00
Joseph Schorr
3106504f39 Severity and Markdown support in MOTD
[Delivers #133555165]
2017-01-18 16:55:32 -05:00
josephschorr
9b65b37011 Merge pull request #2245 from coreos-inc/recaptcha
Add support for recaptcha during the create account flow
2017-01-17 11:34:23 -05:00
josephschorr
ac8cddc5a9 Merge pull request #2274 from coreos-inc/custom-cert-management
Custom SSL certificates config panel
2017-01-13 16:24:47 -05:00
Joseph Schorr
efdedba2ae Superuser config tool warnings
Adds warnings displayed in the superuser config tool that the changes made will only be applied to the local instance (in non-k8s case) or that a deployment is required (in the k8s case)

[Delivers #137537413]
2017-01-13 15:50:50 -05:00
Joseph Schorr
7e0fbeb625 Custom SSL certificates config panel
Adds a new panel to the superuser config tool, for managing custom SSL certificates in the config bundle

[Delivers #135586525]
2017-01-13 14:34:35 -05:00
Joseph Schorr
3eb17b7caa Add support for recaptcha during the create account flow
If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed.
2017-01-09 11:08:21 -05:00
Joseph Schorr
f4f5a065df Add check for None repository in start build API
Fixes #2244
2016-12-19 11:40:24 -05:00
EvB
43aed7c6f4 fix(endpoints/api): return empty 204 resp
Return an empty body on API requests with status code 204, which
means "No content". Incorrect 'Deleted' responses were being
returned after successful DELETE operations despite the "No Content"
definition of 204.
2016-12-14 16:22:39 -05:00
Joseph Schorr
ff52fde8a5 Have Quay always use an OAuth-specific CSRF token
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.

Fixes https://www.pivotaltracker.com/story/show/135803615
2016-12-08 16:11:57 -05:00
josephschorr
111b7b0788 Merge pull request #2206 from coreos-inc/ldap-user-search-fix
Fix external auth returns for query_user calls
2016-12-07 17:53:04 -05:00
Jimmy Zelinskie
00eafff747 Merge pull request #2204 from jzelinskie/429builds
add rate limiting to build queues
2016-12-07 15:03:31 -05:00
Joseph Schorr
3203fd6de1 Fix external auth returns for query_user calls
Adds the missing field on the query_user calls, updates the external auth tests to ensure it is returned properly, and adds new end-to-end tests which call the external auth engines via the *API*, to ensure this doesn't break again
2016-12-07 14:28:42 -05:00
Joseph Schorr
d349e1639a Fix doc comment on security scan API endpoint
Fixes #2216
2016-12-07 11:50:22 -05:00
Jimmy Zelinskie
c41de8ded6 build queue rate limiting: address PR comments 2016-12-06 20:40:54 -05:00
Jimmy Zelinskie
7877c6ab94 add rate limiting to build queues 2016-12-06 16:30:12 -05:00
Joseph Schorr
cf61c29671 Move SETUP_COMPLETE check up to allow users to add license
Somehow this change got lost.
2016-12-05 13:22:14 -05:00
Joseph Schorr
402ad25690 Change team invitation acceptance to join all invited teams under the org
Fixes #1989
2016-11-28 18:39:28 -05:00
Charlton Austin
2fe74e4057 Adding in UI for cancel anytime. 2016-11-21 10:58:32 -05:00
Joseph Schorr
0b549125d9 Fix 500 on get label endpoint and add a test
Fixes #2133
2016-11-17 14:55:14 -05:00
Joseph Schorr
1a61ef4e04 Report the user's name and company to Marketo
Also fixes the API to report the other changes (username and email) as well
2016-11-14 17:34:50 -05:00
Joseph Schorr
aa2704acc7 Add a test for operation name collisions and fix the one additional collision found 2016-11-10 15:38:27 -05:00
Joseph Schorr
932fa56227 Fix name collision between the two organization delete calls
Fixes #2104

The collision was causing the frontend to try to call the *superuser* method (in local, where superuser is enabled), but on prod (where it isn't), it was calling the normal method, which takes a different parameter name
2016-11-10 15:28:20 -05:00
Joseph Schorr
0f2eb61f4a Add collection of user metadata: name and company 2016-11-08 16:15:02 -05:00
Joseph Schorr
1e3b354201 Add support for temp usernames and an interstitial to confirm username
When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username.

Addresses most of the user issues around #74
2016-11-03 15:59:14 -04:00
josephschorr
840ea4e768 Merge pull request #2047 from coreos-inc/external-auth-email-optional
Make email addresses optional in external auth if email feature is turned off
2016-10-31 14:16:33 -04:00
Joseph Schorr
3a473cad2a Enable permanent sessions
Fixes #1955
2016-10-31 13:52:09 -04:00