vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
4703 commits 2 branches 62 tags 205 MiB
Commit graph

1311 commits

Author SHA1 Message Date
Silas Sewell
664a2951cc Don't send content-length when redirecting v2 blob 
Fixes #1012
 2015-12-02 21:28:11 -05:00
Quentin Machu
8a539c4bc1 Fix security notification perform condition 
As defined in util/secscan/api.py, Critical < High < Medium < Low < Negligible < Unknown. We have to send the notification if the expected level is higher than the vulnerability level, not the opposite.
 2015-11-30 13:54:34 -05:00
josephschorr
dc1f6c2d87 Merge pull request #974 from coreos-inc/derivedfix 
Derived image fixes
 2015-11-25 11:57:16 -05:00
Joseph Schorr
6ed705be15 Make manifest generation safe for multiple callers 
Fixes #985
 2015-11-24 18:38:29 -05:00
josephschorr
0dbd19a236 Merge pull request #976 from coreos-inc/incidentaltests 
Add login tests and fix scope security issue
 2015-11-24 13:42:06 -05:00
Joseph Schorr
75a91f0f92 Add login tests and fix scope security issue 2015-11-24 13:39:16 -05:00
Joseph Schorr
762cd56e64 Change derived storage to be based on image 
Fixes #971
 2015-11-24 12:44:07 -05:00
josephschorr
1eb019cd16 Merge pull request #970 from coreos-inc/disableverbcaching 
Disable derived image storage entirely until we fix it to be by image…
 2015-11-23 23:56:51 -05:00
Joseph Schorr
5d3aa2a2b9 Disable derived image storage entirely until we fix it to be by image, not storage 2015-11-23 23:49:46 -05:00
Joseph Schorr
a0e597f957 Send Docker-Content-Digest headers on GET requests 
Fixes #955
 2015-11-23 13:56:34 -05:00
Joseph Schorr
5c8eea2728 Log when pulls occur in V2 
Fixes #958
 2015-11-20 21:30:03 -05:00
Jake Moshenko
0c44949017 Return a 401 when doing a login with bad credentials 2015-11-20 18:37:52 -05:00
Joseph Schorr
b49435bfee Fix track_and_log for grant-ed users 2015-11-19 17:41:27 -05:00
Jake Moshenko
b564492ea7 Improve the performance of fetching manifest blobs by checksum. 2015-11-19 11:01:47 -05:00
Jake Moshenko
e01f5ce06e Re-enable squashed caching 2015-11-18 22:05:07 -05:00
Jake Moshenko
39d799b1aa Fix anonymous repository pulls 2015-11-18 20:11:06 -05:00
Jake Moshenko
c27f91f7cf Fix token pushes for v2 auth, tokens have no user 2015-11-18 19:18:12 -05:00
Silas Sewell
f3dafd50e4 Fix squash pull after v2 merge 2015-11-17 18:25:43 -05:00
Jake Moshenko
7205bf5e7f Merge pull request #885 from jakedt/python-registry-v2 
Python registry v2 mega merge
 2015-11-16 16:15:40 -05:00
Matt Jibson
d5fb8cafd4 Don't expose unnamed API operations 
fixes #861
 2015-11-16 15:40:33 -05:00
Jake Moshenko
4cc619f4ca Clean up v2 branch to no longer warn about readiness 2015-11-16 14:42:43 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Jake Moshenko
52125bbfed Fix gc by using the v1/v2 storage location helper everywhere 2015-11-16 14:13:37 -05:00
Joseph Schorr
32a799a067 Remove code that adds images to the image diff queue 2015-11-13 12:42:43 -05:00
Joseph Schorr
db1fae4cfc Fix security scan endpoint status 2015-11-13 01:06:18 -05:00
Joseph Schorr
b7206a8cfc Remove file added accidentally by merge 2015-11-12 22:03:13 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Joseph Schorr
3b3f101ea6 Vulnerability UI part 2 
Fixes #860
Fixes #855
 2015-11-12 16:59:36 -05:00
Jake Moshenko
44d06b0c2e Fix v1 backward compatibility 2015-11-12 16:22:19 -05:00
Joseph Schorr
76ce63895f New Quay Sec UI and fix some small bugs 
Fixes #855
 2015-11-11 18:15:58 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00
Jake Moshenko
a1ccd860e7 Merge pull request #823 from coreos-inc/phase3-11-07-2015 
Phase3 11 07 2015
 2015-11-11 14:22:19 -05:00
Joseph Schorr
ca7d736db2 Only send vulnerability events if the minimum priority is gte to that specified 
Fixes #770
 2015-11-10 16:05:55 -05:00
Joseph Schorr
888ec17538 Recover by email needs to allow anon access to its endpoints 2015-11-10 15:41:19 -05:00
Jimmy Zelinskie
8e2868737b rename secscan_endpoint and move db close to API 2015-11-10 15:22:31 -05:00
Jimmy Zelinskie
d651ea4b48 initial security notification worker 2015-11-10 15:22:30 -05:00
Silas Sewell
e826b14ca4 Merge pull request #725 from coreos-inc/setup-tool-georeplication 
superuser: add storage replication config
 2015-11-09 17:43:38 -05:00
Silas Sewell
5000b1621c superuser: add storage replication config 2015-11-09 17:34:22 -05:00
Joseph Schorr
a69c9e12fd Update quay sec code to fix problems identified in previous review 
- Change get_repository_images_recursive to operate over a single docker image and storage uuid
- Move endpoints/sec to endpoints/secscan
- Change notification system to work with new Quay-sec format

Fixes #768
 2015-11-09 17:14:35 -05:00
Quentin Machu
16c364a90c Rename secscan_endpoint where required, fix index and indentation 2015-11-09 15:18:42 -05:00
Matt Jibson
5d9999d1f7 Merge pull request #791 from mjibson/clear-repo-notifications 
Remove error notification when user deletes repos
 2015-11-09 14:46:51 -05:00
Joseph Schorr
02e2bef943 Fix hardcoded priority 2015-11-09 12:51:05 -05:00
Joseph Schorr
b408cfd2cc Ready for demo 2015-11-09 12:51:05 -05:00
Joseph Schorr
407eaae137 WIP: Towards sec demo 2015-11-09 12:50:39 -05:00
Joseph Schorr
fb3d0fa27d Add a SecEndpoint class and move all the cert and config handling in there 2015-11-09 12:49:19 -05:00
Joseph Schorr
87c56d1caa Add vulnerabilities and packages API to Quay 
Fixes #564
 2015-11-09 12:49:19 -05:00
Jake Moshenko
7efa6265bf Merge branch 'newchanges' into python-registry-v2 2015-11-06 18:24:32 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00
Jake Moshenko
4314882fa0 Reverse the order of get_parent_images 2015-11-06 17:47:08 -05:00
Jake Moshenko
ad93425ead Stop writing to v1 checksum on ImageStorage 2015-11-06 16:40:04 -05:00
Jake Moshenko
75f917f592 Stop reading the v1 checksums from storage 2015-11-06 16:17:12 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0 Add vulnerabilities and packages API to Quay 
Fixes #564
 2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea Add a vulnerability_found event for notice when we detect a vuln 
Fixes #637

Note: This PR does *not* actually raise the event; it merely adds support for it
 2015-11-06 15:22:18 -05:00
Jake Moshenko
3d0bcbaaeb Move v1 checksums to image and track v2 separately 2015-11-06 15:17:55 -05:00
Matt Jibson
f4b57eff96 Set and use ETag headers 
Also set no-cache exactly as github recommends. The removed @no_cache
decorater used "Cache-Control:no-cache, no-store, must-revalidate", but
just no-cache should be sufficient, and should certainly work correctly
with github.

See: https://github.com/github/markup/issues/224#issuecomment-48532178

fixes #712
 2015-11-06 12:15:15 -05:00
Quentin Machu
da1fe7d48b Merge pull request #790 from Quentin-M/set4O4 
Define nginx v2 vhost & properly set 404 status code
 2015-11-04 16:32:11 -05:00
josephschorr
11be448d75 Merge pull request #773 from coreos-inc/imageload 
Never load the full repo image list
 2015-11-04 16:29:20 -05:00
Matt Jibson
4d81567a0c Remove error notification when user deletes repos 
Also prevent duplicate notifications of that type.

fixes #493
 2015-11-04 16:11:15 -05:00
Joseph Schorr
4f41f79fa8 Never load the full repo image list 
Always make smaller queries per tag to ensure we scale better

Fixes #754
 2015-11-04 15:53:00 -05:00
Quentin Machu
c1fa22d9b0 Define nginx v2 vhost & properly set 404 status code 
Fixes #777
 2015-11-04 14:56:18 -05:00
josephschorr
c3a4c36df7 Merge pull request #761 from coreos-inc/fixtoomanylogin 
Move decorator for TooManyLoginAttempts into general decorated module
 2015-11-04 12:29:01 -05:00
Joseph Schorr
d4646e459e Disable 404, as it is breaking V2 API checks 2015-11-04 02:47:33 -05:00
Joseph Schorr
95c47fe250 Fix layer ordering in verbs 2015-11-03 14:43:47 -05:00
Joseph Schorr
5e1cd2b2ad Move decorator for TooManyLoginAttempts into general decorated module 
Currently, this is missing in gunicorn_registry which causes 500s when user logins become throttled
 2015-11-03 12:16:01 -05:00
Joseph Schorr
f6a53f7cc5 Change all Quay.io references to Quay, fix tour and change logo 
Fixes #741
 2015-11-02 14:37:48 -05:00
josephschorr
4ae940aede Merge pull request #660 from coreos-inc/superuser 
Superuser Panel Improvements
 2015-10-30 14:32:16 -04:00
Quentin Machu
3f35265858 Merge pull request #683 from Quentin-M/whoops-404 
Add 404 page
 2015-10-30 14:30:20 -04:00
Jake Moshenko
1666ac50fe Filter down the signing key to only public portion 2015-10-26 16:40:19 -04:00
Jake Moshenko
2c10d28afc Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-10-26 14:44:16 -04:00
Jake Moshenko
fc55730db8 Add a feature flag to advertise v2 endpoints 2015-10-26 14:20:51 -04:00
Jake Moshenko
9da64f3aba Stop writing to deprecated columns for image data. 2015-10-24 14:45:15 -04:00
Joseph Schorr
7bac042954 Fix verbs for merged changes to image and image storage 
Fixes #698
 2015-10-23 15:49:31 -04:00
Jimmy Zelinskie
e973289397 Revert "Revert "Merge pull request #682 from jzelinskie/revertrevert"" 
This reverts commit 278bc736e3.
 2015-10-23 15:26:33 -04:00
Jake Moshenko
e7a6176594 Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2 2015-10-22 16:59:28 -04:00
Jimmy Zelinskie
278bc736e3 Revert "Merge pull request #682 from jzelinskie/revertrevert" 
This reverts commit 627ad25c9c, reversing
changes made to 31c392fecc.
 2015-10-22 16:02:07 -04:00
Jake Moshenko
ce94931540 Stop writing to deprecated columns for image data. 2015-10-22 12:14:39 -04:00
Quentin Machu
adb744089e Add 404 page 
Fixes coreos-inc/quay#677
 2015-10-21 18:40:15 -04:00
josephschorr
5dae970787 Merge pull request #681 from coreos-inc/userorg 
Return user orgs when making a call via OAuth
 2015-10-21 16:41:43 -04:00
Joseph Schorr
5d8121e060 Return user orgs when making a call via OAuth 
Fixes #673
 2015-10-21 16:40:31 -04:00
Jimmy Zelinskie
39cfe77d42 Revert "Merge pull request #557 from coreos-inc/revert-migration" 
This reverts commit c4f938898a, reversing
changes made to 7ad2522dbe.
 2015-10-21 15:29:57 -04:00
Joseph Schorr
147b7b26b4 Fix is_public in repo list 
Fixes #678
 2015-10-21 14:13:39 -04:00
Matt Jibson
b4554f4d14 Verify signed manifests 
fixes #394
 2015-10-20 02:08:45 -04:00
Joseph Schorr
5941f3937c Enable async GC for all 
Fixes #569
 2015-10-19 14:22:41 -04:00
Joseph Schorr
d464af4cce Add ability to update superusers via the UI 
Fixes #634
 2015-10-16 15:41:18 -04:00
Joseph Schorr
a37b9394d9 Add org email address to orgs list 2015-10-16 15:17:51 -04:00
Joseph Schorr
ad5beab3ef Disable superuser functions around users when not using DB auth 2015-10-16 15:14:49 -04:00
josephschorr
d3857e509f Merge pull request #643 from coreos-inc/nullimage 
Check and handle NULL image_size
 2015-10-15 13:26:13 -04:00
Joseph Schorr
fe79d5fb66 Check and handle NULL image_size 
Fixes #613
 2015-10-15 13:25:54 -04:00
josephschorr
24b54f1e34 Merge pull request #615 from coreos-inc/queriesunite 
Unionize the mega query - It needed more performance-based benefits
 2015-10-15 13:17:01 -04:00
Joseph Schorr
c9daf7d8a9 Add additional tests for repo visibility and further simplify the query for perf 2015-10-15 12:12:57 -04:00
Jimmy Zelinskie
7c1547221d raise a 520 for any GitLab timeouts 2015-10-13 17:34:08 -04:00
Jimmy Zelinskie
9818481b08 limit logs to a maximum number of pages 2015-10-06 14:13:23 -04:00
josephschorr
3e7a95407b Merge pull request #598 from coreos-inc/limitbadquery 
Prevent unlimited insane query from running and fix tests
 2015-10-05 21:29:35 -04:00
Silas Sewell
c6da322ec1 Merge pull request #597 from coreos-inc/tag-validation 
Update tag validation
 2015-10-05 21:10:55 -04:00
Silas Sewell
dd3d939b31 Update tag validation 
Fixes #536
 2015-10-05 19:32:10 -04:00
Joseph Schorr
dd804816ba Prevent unlimited insane query from running and fix tests 
Fixes #591
 2015-10-05 17:11:49 -04:00
Joseph Schorr
8ca92d6828 Remove old search API and switch V1 search to use the new search system 2015-10-05 14:36:43 -04:00
Joseph Schorr
f393236c9f Add repo name check to V2 
Fixes #592
 2015-10-05 14:19:52 -04:00
Joseph Schorr
d0dc8fe45d Add endpoint security tests for the V2 endpoints 
Fixes #581
 2015-10-02 14:01:12 -04:00