Joseph Schorr
da8032fe61
Fix SSL custom certs installation file for bash shell scripting bug
...
The missing quotes caused the script to fail with a bash error
2017-03-24 16:39:28 -04:00
Jimmy Zelinskie
90b130fe16
Merge pull request #2472 from coreos-inc/fix_lstrip_digest
...
add test for strip_sha
2017-03-24 14:58:49 -04:00
Antoine Legrand
22c1a29892
fix strip_sha256
2017-03-24 19:49:52 +01:00
Antoine Legrand
35bebf9e99
Use 401 for bad or missing credentials, 403 for forbidden access
2017-03-24 18:46:13 +01:00
josephschorr
4a64ddc86e
Merge pull request #2468 from coreos-inc/fix-all-fixable-vulns
...
Fix all fixable vulnerabilities in the Quay image
2017-03-23 23:40:48 -04:00
Joseph Schorr
0897198e78
Fix all fixable vulnerabilities in the Quay image
...
There are now only 39 vulns, and none are fixable according to QSS
2017-03-23 22:50:38 -04:00
josephschorr
470ed6a99a
Merge pull request #2467 from coreos-inc/cnr-public-api-auth-tests
...
Add CNR API auth tests for public repos
2017-03-23 21:22:32 -04:00
Joseph Schorr
94c5eca286
Add CNR API auth tests for public repos
2017-03-23 21:19:56 -04:00
Jimmy Zelinskie
0ce68706ee
Merge pull request #2465 from coreos-inc/force_push
...
Allow force push for app
2017-03-23 21:05:08 -04:00
Jimmy Zelinskie
fee9e5b8ec
Merge pull request #2466 from coreos-inc/push_same_blob
...
test: push twice same blob from different package
2017-03-23 21:04:36 -04:00
Alec Merdler
e1eb383215
Merge pull request #2464 from alecmerdler/issue-2460
...
Fix Security Scan Status UI for Safari
2017-03-23 17:42:30 -07:00
Antoine Legrand
16f2479a96
test: push twice same blob from different package
2017-03-24 00:39:04 +01:00
Antoine Legrand
bbd74eabd1
Allow force push for app
2017-03-23 22:50:07 +01:00
josephschorr
3976735230
Merge pull request #2428 from coreos-inc/auth-cleanup-and-messaging
...
Auth cleanup and messaging
2017-03-23 15:58:08 -04:00
Joseph Schorr
ac4a79ae01
Update PR for rebase
2017-03-23 15:57:49 -04:00
Joseph Schorr
08673a03e2
Rename cookie header parameter to make it clear it is unused
...
The parameter is necessary to match the auth handler interface, but is unused inside the method
2017-03-23 15:42:45 -04:00
Joseph Schorr
95e1cf6673
Make V2 login errors more descriptive
...
If login fails, we now call validate again to get the reason for the failure, and then surface it to the user of the CLI. This allows for more actionable responses, such as:
$ docker login 10.0.2.2:5000
Username (devtable): devtable
Password:
Error response from daemon: Get http://10.0.2.2:5000/v2/ : unauthorized: Client login with unencrypted passwords is disabled. Please generate an encrypted password in the user admin panel for use here.
2017-03-23 15:42:45 -04:00
Joseph Schorr
651666b60b
Refactor our auth handling code to be cleaner
...
Breaks out the validation code from the auth context modification calls, makes decorators easier to define and adds testing for each individual piece. Will be the basis of better error messaging in the following change.
2017-03-23 15:42:45 -04:00
Joseph Schorr
1bd4422da9
Move auth decorators into a decorators module
...
The non-decorators will be broken out in the followup change
2017-03-23 15:42:45 -04:00
Joseph Schorr
abf179eb09
Move fixtures under test, since they are shared globally
2017-03-23 15:42:45 -04:00
josephschorr
295b09a201
Merge pull request #2462 from coreos-inc/cnr-login
...
Start validating login in CNR
2017-03-23 15:27:15 -04:00
alecmerdler
5805b80f1c
use flexbox to fix safari alignment issue
2017-03-23 12:21:38 -07:00
Joseph Schorr
c9a5ce6701
Start validating login in CNR
...
Fixes https://www.pivotaltracker.com/story/show/142342305
2017-03-23 15:07:46 -04:00
josephschorr
71e27496db
Merge pull request #2461 from coreos-inc/oci-blob-fix
...
Remove transaction around OCI blobs
2017-03-23 15:04:57 -04:00
Joseph Schorr
dd9e4bf3e7
Remove transaction around OCI blobs
...
Fixes https://www.pivotaltracker.com/story/show/142341399
2017-03-23 14:51:37 -04:00
josephschorr
20306ef0f6
Merge pull request #2459 from coreos-inc/cnr-api-security-tests
...
Add very basic security tests for CNR APIs
2017-03-23 14:25:52 -04:00
Joseph Schorr
ef4569f2c5
Add very basic security tests for CNR APIs
2017-03-23 13:14:12 -04:00
Jimmy Zelinskie
63e38ba9e0
Merge pull request #2458 from jzelinskie/nginx
...
conf/nginx: add cnr path
2017-03-23 13:07:59 -04:00
Jimmy Zelinskie
f6a785c1b5
conf/nginx: add cnr path
2017-03-23 13:06:22 -04:00
Jimmy Zelinskie
f1dccc9554
Merge pull request #2456 from jzelinskie/digest-format
...
data.oci_model: sloppily rewrite digest format
2017-03-23 12:43:26 -04:00
josephschorr
14e5a6d8fb
Merge pull request #2457 from coreos-inc/cnr-auth-fix
...
Make sure blobs in CNR are auth checked
2017-03-23 12:43:13 -04:00
Joseph Schorr
b765836cfd
Make sure blobs in CNR are auth checked
2017-03-23 12:41:56 -04:00
Jimmy Zelinskie
9c0cbbf57c
data.oci_model: sloppily rewrite digest format
...
We expect digests to be in the form 'sha256:digest'
2017-03-23 12:37:32 -04:00
Jimmy Zelinskie
2c8930c912
Merge pull request #2455 from jzelinskie/cnr-step3
...
CNR Step 3
2017-03-23 12:05:38 -04:00
Joseph Schorr
e204f7784c
Make app registry off by default
2017-03-23 12:01:59 -04:00
Joseph Schorr
7d66f30d52
Fix filtering of repositories in search
2017-03-23 11:35:17 -04:00
Jimmy Zelinskie
77d2b9b290
endpoints.appr.test: mark failing db restore test
...
This test should fail as long as the CNR tests use 'v1' in the
mediatype.
2017-03-23 11:24:15 -04:00
Joseph Schorr
35b500aa2a
Fix test override
2017-03-23 11:17:05 -04:00
Joseph Schorr
917d5e2550
Fix typos in data model
2017-03-23 11:14:08 -04:00
Joseph Schorr
05ce571e3e
Add missing return statement
2017-03-23 11:11:21 -04:00
Jimmy Zelinskie
d20ff785e6
data.model.repository: add back search fields
2017-03-23 10:46:04 -04:00
Jimmy Zelinskie
2bdd3d4fa1
data.oci_model.tag: add missing import
2017-03-23 00:58:57 -04:00
Joseph Schorr
e7d7849937
Make sure channels and releases match the tag regex
2017-03-23 00:55:36 -04:00
Joseph Schorr
3277fe9b4e
Make sure repository names in APPR match regex
2017-03-23 00:51:54 -04:00
Joseph Schorr
1145651b7a
Work towards fixing tests
2017-03-23 00:37:39 -04:00
Jimmy Zelinskie
e872c310d0
data.oci_model: fix imports
2017-03-23 00:21:21 -04:00
Joseph Schorr
069208f2f1
Break out repo kind checking into its own decorator
...
We then use that decorator both in the API and in the permissions check decorator
2017-03-23 00:01:37 -04:00
Joseph Schorr
4c34b00b38
Prevent CNR methods from auth-ing on non-app repos
2017-03-22 23:56:34 -04:00
Joseph Schorr
bdda74d6df
Make sure GC checks new Blob table as well before deleting CAS storage
2017-03-22 23:53:21 -04:00
Jimmy Zelinskie
3d0e63d8e5
endpoints.appr.decorators: isolate appr decorators
2017-03-22 23:53:03 -04:00