Joseph Schorr
524d77f527
Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password
2018-01-04 15:27:41 -05:00
Joseph Schorr
72bfebdb60
Add license validation to the config validation check
...
Should prevent a customer from accidentally saving a config that violates their license
Fixes https://jira.coreos.com/browse/QS-97
2017-12-19 13:44:08 -05:00
IvanCherepov
c383ac1f9d
Add config validation on startup ( #2903 )
...
* WIP
* Finish schema
Add three sections: security scanning, bittorrent support and feature flags.
2017-12-01 10:46:39 -05:00
Joseph Schorr
c168413a8e
Fix bug when running ipresolver under Gitlab CI
...
Since the container does contain IP data, this would fail
2017-11-30 10:23:58 -05:00
Joseph Schorr
400a5db719
Add additional metrics on executor start and failure
...
This will allow us to register a pager if one of the executors starts failing consistently
2017-11-27 11:52:37 +02:00
Ivan Cherapau
a0adc1b0ec
Fix typo in metrics
2017-11-14 23:16:25 -05:00
Joseph Schorr
2677720577
Fix exception raised for certain non-JSON strings given to is_json
...
This is breaking pushes in production for certain manifests
Fixes https://jira.prod.coreos.systems/browse/QS-60
2017-11-14 13:46:06 -05:00
Joseph Schorr
74f99ba94a
Ensure encrypted passwords are not enabled with OIDC auth
...
Fixes https://jira.prod.coreos.systems/browse/QS-49
2017-10-31 16:03:28 -04:00
Joseph Schorr
8194f5cf72
Switch ipresolver to always be defined in the storage context
...
We now use a no-op IP resolver instead of an IF check
Fixes https://jira.prod.coreos.systems/browse/QS-38
2017-10-17 14:29:40 -04:00
josephschorr
3bef21253d
Merge pull request #2695 from coreos-inc/oidc-internal-auth
...
OIDC internal auth support
2017-10-02 16:51:17 -04:00
Joseph Schorr
f51a863158
Remove access_token from user_info
2017-10-02 16:51:09 -04:00
Joseph Schorr
05b4a7d457
Add worker to update ipresolver data files every few hours
2017-09-28 14:40:59 -04:00
Joseph Schorr
52927de7f6
Add resolved IP information to track_and_log
2017-09-28 14:40:58 -04:00
Joseph Schorr
010dda2c52
Add CloudFrontedS3Storage, which redirects to CloudFront for non-S3 ips
2017-09-28 14:40:58 -04:00
Joseph Schorr
2d522764f7
Add IP resolver utility that returns whether an IP is under AWS
2017-09-26 16:11:16 -04:00
josephschorr
c44cc072fa
Merge pull request #2864 from coreos-inc/partial-autocomplete
...
Partial autocomplete
2017-09-13 11:26:11 -04:00
Joseph Schorr
54a4476cbb
Make missing log more descriptive
2017-09-12 16:19:55 -04:00
Joseph Schorr
c105123ad4
Add superuser config for prefix autocomplete setting
2017-09-12 15:57:57 -04:00
Joseph Schorr
bc82edb2d1
Add ability to configure OIDC internal auth engine via superuser panel
2017-09-12 12:23:52 -04:00
Joseph Schorr
783799c227
Make team sync timeout config actually configurable
2017-09-06 14:08:30 -04:00
Joseph Schorr
751598056e
Enable support in OIDC for endpoints without user info support
...
The user info endpoint is apparently optional.
2017-08-01 13:24:27 -04:00
Antoine Legrand
2d60ad71b6
Print only first line of s3 error message
2017-07-27 18:05:06 +02:00
Joseph Schorr
e7dbc4ee91
Move notification helper code into the root module
2017-07-25 17:00:07 -04:00
Joseph Schorr
ce56031846
Move notifications into its own package
2017-07-25 17:00:06 -04:00
Jake Moshenko
3b79955c8c
Fix the relative path problem when running quay from non-root
2017-07-13 15:30:50 -04:00
Joseph Schorr
e00437c227
Add support for disabling an entire namespace, including its team members
2017-07-13 12:25:19 +03:00
Joseph Schorr
7910dc4b2a
Fix reference error
2017-07-13 12:25:19 +03:00
Joseph Schorr
2814d2d5eb
Add support for organizations to disableabuser
2017-07-13 12:25:19 +03:00
josephschorr
96d1fd128d
Merge pull request #2757 from coreos-inc/joseph.schorr/QUAY-606/logarchive-georep
...
Add support for QE customers to enable log rotation
2017-07-12 00:30:04 +03:00
Evan Cordell
ac54dd6f5d
fix(secscan): don't use slash_join, it discards the root
2017-07-11 14:12:57 -04:00
Evan Cordell
b9581e0baf
fix(secscan): fix mitm cert path calculation
2017-07-11 13:26:19 -04:00
Joseph Schorr
a13235c032
Fix typo
2017-07-10 18:35:51 +03:00
Evan Cordell
939ddfd1d7
Merge v2.4.0-release into cherrypick-2.4.0
2017-07-10 10:25:18 -04:00
Joseph Schorr
176c26e3f7
Add config validation for action log archiving
2017-07-10 13:09:33 +03:00
EvB
ccca0c9655
refactor(util/tufmetadata/test): move app test to gc suite
2017-07-07 15:14:14 -04:00
Antoine Legrand
cdb3722c17
Use $QUAYPATH and $QUAYDIR in conf and init files
2017-07-05 16:23:54 +02:00
Evan Cordell
d64b8b1fcf
Revert to old secret handling, fix license loading
2017-06-28 23:15:14 -04:00
Jimmy Zelinskie
1d2640e012
util.secscan.fake: add test for unexpected status
2017-06-28 13:40:04 -04:00
Evan Cordell
ef459a2d18
Update the expected response layout for kubernetes config
2017-06-28 07:28:57 -04:00
Jimmy Zelinskie
46087d5e64
util.secscan.api: more robust API failures cases
...
Addresses QUAY-672 by handling all status codes that are not 404 and 5xx
and moving response decoding inside the try/except block to ensure that
the response object is in scope.
2017-06-26 17:13:51 -04:00
Jimmy Zelinskie
e028e159c0
add app registry config to setup tool: default off
2017-06-16 15:44:00 -04:00
Jimmy Zelinskie
9df04a09d6
Merge pull request #2694 from jzelinskie/fix-torrent-config-validation
...
Fix torrent config validation
2017-06-09 13:39:01 -04:00
Jimmy Zelinskie
a16b469d9b
util.registry.torrent: stash kid in JWT headers
...
Upstream, chihaya reads this header in order to find the kid in the list
of maintained keys. A long time ago, it used to just iterate, but now it
needs to know the kid.
2017-06-09 13:31:38 -04:00
Jimmy Zelinskie
7d07c2ed07
util.config.validators: fix torrent validation
...
This code was mistaken the info dict with the params passed in an
announce request. Rather, now we expose a function for creating a jwt
from infohashes directly.
2017-06-09 13:31:38 -04:00
Antoine Legrand
f0dd2e348b
Merge pull request #2551 from coreos-inc/structured-logs
...
Add log formatter class
2017-06-07 08:22:18 -07:00
Antoine Legrand
3c99928a27
Add log JSON formatter
2017-06-07 00:02:52 +02:00
Kenny Lee Sin Cheong
1f76e9dc3b
Merge pull request #2661 from kleesc/securityworker_cpu
...
Raise an APIRequestFailure exception when security scanner is unavail…
2017-06-03 12:15:45 -04:00
Joseph Schorr
0ba54ed4fc
Simplify the caching of service keys to hopefully avoid the not found issue
...
Makes accesses simpler and reduces the number of dictionaries to one, in an effort to remove race conditions
2017-05-26 13:51:48 -04:00
josephschorr
2ec43483a8
Merge pull request #2662 from coreos-inc/direct-login
...
Enable toggling of the direct login feature in the superuser panel
2017-05-24 16:51:43 -04:00
Joseph Schorr
2b9873483a
Enable toggling of the direct login feature in the superuser panel
...
Allows superusers to disable login to the UI via credentials if at least one OIDC provider is configured
2017-05-24 12:57:55 -04:00