Commit graph

8218 commits

Author SHA1 Message Date
Joseph Schorr
1e1bec0afe Remove extra update call on create repo 2018-01-04 13:42:05 -05:00
josephschorr
da3f047486
Merge pull request #2958 from coreos-inc/joseph.schorr/QS-106/log-trimming
A bit of cleanup of our logging
2018-01-04 13:28:24 -05:00
Joseph Schorr
d2476c9187 Have builder follow the logging configuration
Also fixes a few lint errors
2018-01-04 13:09:26 -05:00
Joseph Schorr
c1cff32c1e Fix log levels in registry 2018-01-04 13:07:11 -05:00
Joseph Schorr
f05982dc7c Fix app registry logging 2018-01-04 13:05:50 -05:00
Joseph Schorr
a1a6df7914 Fix log level on build manager logs 2018-01-04 13:03:45 -05:00
Joseph Schorr
1ba3c24fe5 Fix log level on expired OAuth log 2018-01-04 12:59:21 -05:00
Joseph Schorr
b54ebacdfb Remove request-start and request-end info logs
They aren't useful and take up a lot of logs space
2018-01-04 12:58:30 -05:00
josephschorr
db0b28eadb
Merge pull request #2957 from coreos-inc/joseph.schorr/QS-104/time-display-bug
Remove single bind on time-ago component
2018-01-04 11:20:38 -05:00
Joseph Schorr
c9fd579b06 Remove single bind on time-ago component
The component is occasionally used for date times that change, so we cannot single bind

Fixes https://jira.coreos.com/browse/QS-104
2018-01-04 11:17:44 -05:00
IvanCherepov
6abfa24ad4
Replaced account.tectonic.com with account.coreos.com (#2956)
Fixed an outdated message on how to get Raw Quay Enteprise license during the setup
2018-01-03 09:32:01 -05:00
Joseph Schorr
8e473b9779 Add filter for disabled users to superuser user list API
Fixes https://jira.coreos.com/browse/QS-102
2017-12-22 16:45:49 -05:00
Joseph Schorr
1d3a93efcb Linter fixes for superuser API file 2017-12-22 16:18:58 -05:00
Joseph Schorr
6b42e3e4ca Allow anonymous access to the discovery endpoint
Fixes https://jira.coreos.com/browse/QS-101
2017-12-22 16:13:23 -05:00
josephschorr
ef42124085
Merge pull request #2951 from coreos-inc/joseph.schorr/QS-100/revert-tag
Change tag history revert operation to apply to the *current* entry, rather than the "next"
2017-12-20 16:25:35 -05:00
Joseph Schorr
d95a9e3c59 Change tag history revert operation to apply to the *current* entry, rather than the "next"
Before this change, the restore operation next to a history entry would bring the tag back to the state *at that entry*, rather than *before that entry*, which is neither the expected behavior, nor allowed for an immediate restore when moving a tag. This fixes the problem.

Fixes https://jira.coreos.com/browse/QS-100
2017-12-20 16:23:17 -05:00
josephschorr
b4df9fb805
Merge pull request #2950 from coreos-inc/joseph.schorr/QS-99/fix-oci
Prevent 500s when receiving bad manifests or OCI manifests
2017-12-20 13:11:15 -05:00
Joseph Schorr
3ce9d68a3e Fix broken registry test
Flask now returns a 404 error, rather than redirecting like it used to do
2017-12-20 11:43:55 -05:00
Joseph Schorr
f9bd7ef42b Add validation of Docker V2_1 schemas and add a test for PUTing an invalid schema 2017-12-20 11:43:03 -05:00
Joseph Schorr
11e3724919 Return an http 415 (manifest version not supported) for OCI manifest content types
This was breaking skopeo, as it first tries to send the *OCI* manifest type, which we didn't say we didn't support, thus breaking the tool
2017-12-20 11:02:34 -05:00
josephschorr
db3e0307b7
Merge pull request #2948 from coreos-inc/joseph.schorr/QS-97/license-validator
Add license validation to the config validation check
2017-12-19 13:59:26 -05:00
Joseph Schorr
72bfebdb60 Add license validation to the config validation check
Should prevent a customer from accidentally saving a config that violates their license

Fixes https://jira.coreos.com/browse/QS-97
2017-12-19 13:44:08 -05:00
josephschorr
024c183f67
Merge pull request #2944 from coreos-inc/joseph.schorr/QS-91/v2-caching
V2 registry blob caching
2017-12-18 14:42:02 -05:00
Joseph Schorr
9e16596854 Add a bunch of logging to the data model caching mechanism
Should help us debug any potential issues
2017-12-18 14:18:37 -05:00
josephschorr
a829260091
Merge pull request #2945 from coreos-inc/joseph.schorr/QS-53/new-pricing
New Quay.io pricing
2017-12-18 13:21:49 -05:00
Joseph Schorr
097cbbeaae Add new Quay pricing plans 2017-12-18 13:12:16 -05:00
josephschorr
a251373f11
Merge pull request #2946 from coreos-inc/fix-custom-cert-install
Fix the custom cert install process to install to the new certifi location, in addition to the old location
2017-12-18 11:45:37 -05:00
Joseph Schorr
0a176d0abe Fix plans manager display to be less confusing when we show deprecated plans 2017-12-18 11:45:15 -05:00
Joseph Schorr
6de96ee8a5 Fix the custom cert install process to install to the new certifi location, in addition to the old location
Also updates our requirements around requests
2017-12-15 17:26:44 -05:00
Joseph Schorr
60bc655695 Fix flakiness in a test when comparing date times 2017-12-14 14:00:20 -05:00
Joseph Schorr
b2485934ed Enable caching of blobs in V2 registry protocol, to avoid DB connections after the cache has been loaded
This should help for bursty pull traffic, as it will avoid DB connections on a huge % of requests
2017-12-14 13:38:24 -05:00
Joseph Schorr
db6007cb37 Change v2 registry auth code to not hit the database when we know we have permissions loaded
Avoids a DB call and, when used in conjunction with blob caching, will avoid a DB *connection*
2017-12-14 13:37:31 -05:00
Joseph Schorr
3c72e9878d Add the concept of a data model cache, for caching of Namedtuple objects from the data model
Will be used to cache blobs, thus removing the need to hit the database in most blob requests
2017-12-14 13:36:51 -05:00
Joseph Schorr
51e67ab7f5 Fix get_blob_path to not make any database calls and add a test
This will be supported by caching, hopefully removing the need to hit the database when the blob object is cached
2017-12-13 16:27:46 -05:00
Jimmy Zelinskie
e06a83faf9
Merge pull request #2941 from jzelinskie/reduce-rate-limit-simple
nginx: rate limit 1r/s
2017-12-13 13:16:16 -05:00
Jimmy Zelinskie
e36bf25a5e nginx: rate limit 1r/s
This reduces our rate limiting down to to 1 request per second.
2017-12-13 13:15:32 -05:00
josephschorr
7e27e7f7eb
Merge pull request #2943 from coreos-inc/rev-base
Revise our base image again
2017-12-13 12:03:52 -05:00
Joseph Schorr
56ff068637 Revise our base image again 2017-12-13 12:01:22 -05:00
josephschorr
44c77b4cbb
Merge pull request #2931 from coreos-inc/joseph.schorr/QS-76/oidc-scopes
Allow admins to configure the login scopes for OIDC login
2017-12-08 13:33:06 -05:00
josephschorr
c733c87312
Merge pull request #2940 from coreos-inc/verbs-logs
Add additional logs and an additional test for verbs
2017-12-07 15:42:31 -05:00
Joseph Schorr
a706d99849 Add additional logs and an additional test for verbs 2017-12-07 15:22:20 -05:00
josephschorr
b2db266747
Merge pull request #2935 from coreos-inc/joseph.schorr/QS-80/password-reset-expire
Add maximum lifetime of 30m on password recovery tokens
2017-12-07 14:21:32 -05:00
josephschorr
a21dad3e07
Merge pull request #2937 from coreos-inc/joseph.schorr/QS-83/hide-aws-metadata
Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1
2017-12-07 14:11:20 -05:00
Joseph Schorr
2ffdfa1434 Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1
While this isn't strictly a security issue, it *appears* to be and we got audited as such, so just turn it off

Fixes https://jira.coreos.com/browse/QS-83
2017-12-07 13:29:14 -05:00
josephschorr
6db2ecc19f
Merge pull request #2928 from coreos-inc/joseph.schorr/QS-74/fix-restart
Have Quay lookup the sbin/my_init PID to kill
2017-12-07 13:25:16 -05:00
josephschorr
1861d7dee9
Merge pull request #2938 from coreos-inc/joseph.schorr/QS-85/signout-all
Invalidate all session tokens when a user signs out
2017-12-07 13:25:00 -05:00
Joseph Schorr
1d1c6f0606 Invalidate all session tokens when a user signs out
Fixes https://jira.coreos.com/browse/QS-85
2017-12-07 13:03:11 -05:00
josephschorr
6c12cb8328
Merge pull request #2936 from coreos-inc/joseph.schorr/QS-84/content-disposition
Ensure user files are always sent with the Content-Disposition header
2017-12-07 11:42:10 -05:00
Joseph Schorr
d38a1fc851 Ensure user files are always sent with the Content-Disposition header
This prevents them from being executed in the browser directly

Fixes https://jira.coreos.com/browse/QS-84
2017-12-06 17:12:00 -05:00
Joseph Schorr
5dd95038cf Add maximum lifetime of 30m on password recovery tokens
Fixes https://jira.coreos.com/browse/QS-80
2017-12-06 17:06:03 -05:00