vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
4901 commits 2 branches 62 tags 205 MiB
Commit graph

416 commits

Author SHA1 Message Date
Joseph Schorr
6c59161527 Add V2 storage methods to Swift storage engine 
Fixes #508
 2015-09-28 16:46:19 -04:00
Silas Sewell
9000169b53 Revert "Merge pull request #491 from jakedt/migratebackp2" 
This reverts commit 7ad2522dbe, reversing
changes made to a0b191ffa1.
 2015-09-28 16:09:22 -04:00
Jimmy Zelinskie
c5aa3ca4f0 make registry v2 tests pass for GCS 
Fixes #509.
 2015-09-28 15:42:48 -04:00
josephschorr
7ad2522dbe Merge pull request #491 from jakedt/migratebackp2 
Migrate image data back phase 2
 2015-09-26 15:11:46 -04:00
Joseph Schorr
a283c8d8ec Add a check to ensure repository names are valid according to an extended set of rules. 
Fixes #534
 2015-09-24 11:55:08 -04:00
Joseph Schorr
40f3b7137d Fix dict wrapper access to not raise an exception 2015-09-22 14:18:37 -04:00
Joseph Schorr
bf578420f0 Fix import of Github migration 2015-09-21 16:52:56 -04:00
Joseph Schorr
49b575afb6 Start refactoring of the trigger system: 
- Move each trigger handler into its own file
- Add dictionary helper classes for easier reading and writing of dict-based data
- Extract the web hook payload -> internal representation building for each trigger system
- Add tests for this transformation
- Remove support for Github archived-based building
 2015-09-21 16:36:48 -04:00
Joseph Schorr
1c6933a28d Fix Github build trigger migration 2015-09-19 14:34:46 -04:00
Jake Moshenko
26cea9a07c Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-17 16:16:27 -04:00
Jake Moshenko
a887125c3f Fixes for backfill_aggregate_size script. 2015-09-17 15:47:18 -04:00
Jake Moshenko
8baacd2741 Migrate old data to new locations, read only new. 2015-09-17 15:47:13 -04:00
Joseph Schorr
eff9ff7a66 Migrate all GitHub build triggers to use deploy keys 2015-09-16 17:55:51 -04:00
Joseph Schorr
6f2271d0ae Add support for direct download in Swift storage engine 
Fixes #483
 2015-09-14 18:00:03 -04:00
josephschorr
57329b6c78 Merge pull request #475 from coreos-inc/seofix 
Use a proper HTML parser with BS and catch exceptions
 2015-09-14 15:56:03 -04:00
Joseph Schorr
6ca33ca108 Use a proper HTML parser with BS and catch exceptions 
Fixes #473
 2015-09-10 16:14:29 -04:00
Jake Moshenko
9c3ddf846f Some fixes and tests for v2 auth 
Fixes #395
 2015-09-10 15:38:57 -04:00
Joseph Schorr
fd3a21fba9 Add Kubernetes configuration provider which writes config to a secret 
Fixes #145
 2015-09-10 12:19:59 -04:00
Joseph Schorr
88a04441de Extract the config provider into its own sub-module 2015-09-10 12:19:59 -04:00
Joseph Schorr
c2fe751d15 Despite being disabled, OAuth config is still read, so switch to .get 2015-09-10 12:09:01 -04:00
Joseph Schorr
c0286d1ac3 Add support for Dex to Quay 
Fixes #306

- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
 2015-09-04 17:05:06 -04:00
Jake Moshenko
210ed7cf02 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-04 16:32:01 -04:00
Jake Moshenko
82efc746b3 Make our JWT checking more strict. 2015-09-04 15:18:57 -04:00
Jake Moshenko
8269d4ac90 Checkpoint implementing PATCH according to Docker 2015-09-03 16:26:02 -04:00
Joseph Schorr
b7f487da42 Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior 2015-09-02 13:32:11 -04:00
josephschorr
c693afca6a Merge pull request #426 from coreos-inc/unicodefix 
Fix Dockerfile parsing for unicode and add testing
 2015-08-31 15:03:01 -04:00
Joseph Schorr
fb86b4bf2c Fix Dockerfile parsing for unicode and add testing 
Fixes #423
 2015-08-31 14:32:26 -04:00
josephschorr
adc66a2894 Merge pull request #422 from coreos-inc/logsgzipfix 
Change build logs load to using streaming Gzip
 2015-08-31 12:15:30 -04:00
Joseph Schorr
c0c1da3232 Change build logs load to using streaming Gzip 2015-08-28 14:08:13 -04:00
Joseph Schorr
43e77a7a14 Add missing tell() method to GeneratorFile and add tests 2015-08-28 12:10:03 -04:00
Matt Jibson
4aa5ab88dd Use real cloudwatch limit 
Although cloudwatch allows 40KB of data, it may be from no more than 20
different metrics. Until we can do that, limit the total points to 20.
 2015-08-26 16:48:48 -04:00
Joseph Schorr
84458811d5 Rename wrap_with_hash to a more generic wrap_with_handler 2015-08-25 15:53:13 -04:00
Joseph Schorr
c07dec4d39 File reader fixes for verbs 
- Fix local file reader to always read in chunks
- Have gzip stream raise an exception if the full data is requested
 2015-08-25 13:49:21 -04:00
Joseph Schorr
84276ee945 Better notifications UI 
Fixes #369
 2015-08-17 17:08:58 -04:00
Joseph Schorr
4625ecf273 Fix tests in response to breakage in #351 2015-08-17 16:26:20 -04:00
Matt Jibson
9a7e5bb35e Batch cloudwatch puts 2015-08-17 12:03:49 -04:00
Jake Moshenko
e1b3e9e6ae Another huge batch of registry v2 changes 
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
 2015-08-12 16:41:12 -04:00
Matt Jibson
7c3b555ee9 Code review 2015-08-12 16:31:01 -04:00
Matt Jibson
f043bc1379 Don't enable the metric queue if there's no Cloudwatch 2015-08-12 15:14:09 -04:00
Matt Jibson
b483209862 Wrap API and registry requests with common metric timings 
Record response times, codes, and rollup non-2XX responses.
 2015-08-12 12:16:00 -04:00
Matt Jibson
b04c190ca0 Prevent the metric queue from growing unbounded 2015-08-12 12:16:00 -04:00
Matt Jibson
cfb6e884f2 Refactor metric collection 
This change adds a generic queue onto which metrics can be pushed. A
separate module removes metrics from the queue and adds them to Cloudwatch.
Since these are now separate ideas, we can easily change the consumer from
Cloudwatch to anything else.

This change maintains near feature parity (the only change is there is now
just one queue instead of two - not a big deal).
 2015-08-12 12:15:52 -04:00
Jake Moshenko
74d838697f Fix tarfile to support non-unicode pax fields 2015-08-07 11:56:38 -04:00
Jake Moshenko
18100be481 Refactor the util directory to use subpackages. 2015-08-03 16:04:19 -04:00
Joseph Schorr
26ae629189 Prevent local storage setup on non-mounted paths 
Fixes #269
 2015-07-27 14:32:02 -04:00
Joseph Schorr
52d833b3c6 Fix spacing 2015-07-23 16:00:36 -04:00
Joseph Schorr
c3f269ee23 Add migration for BitBucket web hooks 
This needs to added only *after* we roll out #255
 2015-07-23 14:45:12 -04:00
Joseph Schorr
38a6b3621c Automatically link the superuser account to federated service for auth 
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
 2015-07-22 13:37:23 -04:00
Joseph Schorr
33b54218cc Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass 2015-07-20 11:39:59 -04:00
Joseph Schorr
066637f496 Basic Keystone Auth support 
Note: This has been verified as working by the end customer
 2015-07-20 10:55:21 -04:00
Jake Moshenko
bc29561f8f Fix and templatize the logic for external JWT AuthN and registry v2 Auth. 
Make it explicit that the registry-v2 stuff is not ready for prime time.
 2015-07-17 11:56:15 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Jake Moshenko
bea8b9ac53 More changes for registry-v2 in python. 
Implement the minimal changes to the local filesystem storage driver and feed them through the distributed storage driver.
Create a digest package which contains digest_tools and checksums.
Fix the tests to use the new v1 endpoint locations.
Fix repository.delete_instance to properly filter the generated queries to avoid most subquery deletes, but still generate them when not explicitly filtered.
 2015-07-17 11:50:41 -04:00
Joseph Schorr
4726559322 The database SSL name needs to be in its own list 
FIxes #243
 2015-07-16 00:49:07 +03:00
Joseph Schorr
4333bb9e14 Implement stream_read_file for the Swift storage engine 
Note that Swift doesn't seem to have a file-like interface, so we need to wrap the generator we get back from it.

Fixes #210
 2015-07-02 17:52:43 +03:00
Jimmy Zelinskie
756d6784ca Merge pull request #192 from coreos-inc/sqlssl 
Allow SSL cert for the database to be configured
 2015-06-29 13:33:31 -04:00
Joseph Schorr
dc5af7496c Allow superusers to disable user accounts 2015-06-29 18:40:52 +03:00
Joseph Schorr
bb07d0965f Allow SSL cert for the database to be configured 
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
 2015-06-29 08:08:10 +03:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Joseph Schorr
331c300893 Refactor JWT auth to not import app locally 2015-06-17 15:53:21 -04:00
Joseph Schorr
e7fa560787 Add support for custom fields in billing invoices 
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.

Fixes #106
 2015-06-12 16:45:01 -04:00
Joseph Schorr
90b4f0a2ed Fix default log archive location for ER 
Before this change, the ER was using the default of 'local_us' from the base config, which is incorrect, and caused no logs to be archived.
 2015-06-11 13:43:29 -04:00
Joseph Schorr
457ee7306e Parenthesis fix on the JWT auth error message 2015-06-10 16:00:25 -04:00
Jake Moshenko
2a2414d6af Merge pull request #60 from coreos-inc/jwtauthentication 
Add support for an external JWT-based authentication system
 2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system 
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
 2015-06-05 13:20:10 -04:00
Joseph Schorr
c0e995c1d4 Merge branch 'master' into nolurk 2015-06-02 13:55:16 -04:00
Joseph Schorr
dd28a845db Fix NPE in cache control decorator 2015-05-28 13:22:42 -04:00
Joseph Schorr
ac239ec4ee Make sure to only split into two parts max 2015-05-20 14:54:41 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
2379af71f8 Parse the client secret properly 2015-05-18 15:01:37 -04:00
Joseph Schorr
fb8e718c44 Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header 2015-05-18 12:38:39 -04:00
Joseph Schorr
4f2a1b3734 Add setup UI for the new trigger types (bitbucket and gitlab) and add validation 2015-05-03 11:50:26 -07:00
Joseph Schorr
d07f9f04e9 UI and code improvements to make working with the multiple SCMs easier 2015-05-03 10:38:11 -07:00
Jimmy Zelinskie
3ac884beb4 gitlab oauth 2015-05-02 17:54:48 -04:00
Joseph Schorr
c480fb2105 Work in progress: bitbucket support 2015-04-24 15:13:08 -04:00
Jimmy Zelinskie
ba2cb08904 Merge branch 'master' into git 2015-04-16 17:38:35 -04:00
Joseph Schorr
3cd11c8f45 GitHub login fixes: 
- Allow for case insensitivity in the org name list
  - Remove the check for verified email addresses when under Enterprise; it isn't supported there.
 2015-04-16 12:17:39 -04:00
Joseph Schorr
036c8e56e0 Add proper error handling when the config volume is mounted in a read-only state. 2015-04-02 18:54:09 -04:00
Joseph Schorr
5cd500257d Merge branch 'master' into orgview 2015-04-01 13:56:49 -04:00
Joseph Schorr
27a9b84587 Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists 2015-03-30 17:55:04 -04:00
Joseph Schorr
aaf1b23e98 Address CL concerns and switch to a real encryption system 2015-03-26 15:10:58 -04:00
Joseph Schorr
85d6500daa Merge resistanceisfutile into master 2015-03-23 15:39:08 -04:00
Jimmy Zelinskie
f6f93e9079 consolidate everything into one GitHub trigger 2015-03-19 17:12:27 -04:00
Jimmy Zelinskie
5a29218c5c Merge branch 'master' into git 2015-03-19 12:10:34 -04:00
Jimmy Zelinskie
288f847e9a util.ssh: reorder return args 2015-03-18 17:32:59 -04:00
Joseph Schorr
b8d88c0f4e Add aggregate size column and a migration to backfill it 2015-03-16 18:03:17 -04:00
Joseph Schorr
360aa69d92 Fix LDAP error and url handling to be more clear for the end user 2015-03-16 14:33:53 -04:00
Jimmy Zelinskie
c9d955e432 util.ssh: generate ssh key method 2015-03-16 13:37:27 -04:00
Jimmy Zelinskie
47675b88f5 analytics: fix misspelled class name 2015-03-06 12:02:13 -05:00
Joseph Schorr
2e840654d3 PR changes 2015-03-05 12:07:39 -05:00
Joseph Schorr
4f04ad2acd Change ImageTree to only use a single loop over the images when building. This should be slightly faster on large image sets 2015-03-04 16:53:22 -05:00
Joseph Schorr
4ca5d9b04b Add support for filtering github login by org 2015-03-03 19:58:42 -05:00
Joseph Schorr
2c662b7861 Make sure to specify a default mail sender when validating emails. Unfortunately for us, flask-mail by default uses the sender from the *global* app instance, rather than the one specified in the Mail(...) call. This was breaking validation. 2015-03-03 13:56:32 -05:00
Jake Moshenko
24ab0ae53a Fix some problems with off by one in the id condition when deleteing temporary access tokens. 2015-02-20 16:23:36 -05:00
Jake Moshenko
f7b5221391 Merge branch 'master' of github.com:coreos-inc/quay 2015-02-20 16:07:34 -05:00
Jake Moshenko
3bbe064291 Add a script for deleting the old temporary access tokens in small batches. 2015-02-20 16:07:31 -05:00
Jimmy Zelinskie
9c6b029f87 cloudwatch: update docs 2015-02-20 16:07:02 -05:00
Jimmy Zelinskie
47f8cb77c4 Merge pull request #11 from coreos-inc/nimbus 
CloudWatch for build job status
 2015-02-18 17:17:28 -05:00
Jimmy Zelinskie
9ab3554226 buildreporter: does not execute in a coroutine! 2015-02-18 17:11:45 -05:00
Jimmy Zelinskie
0d38e0b00b metrics: use config['name'] to get metric conf 2015-02-18 16:05:36 -05:00
Jimmy Zelinskie
f53dea46b7 buildman: address PR #11 comments 2015-02-18 14:13:36 -05:00
Joseph Schorr
c69aea1262 Fix invoice address 2015-02-18 11:57:13 -05:00
Jimmy Zelinskie
ef8d320c95 cloudwatch: global before reading queue 
Technically, it isn't necessary to use the global keyword before reading
a global value, only modifying it. However, in this case it leaves a
pretty annoying log line.
 2015-02-17 13:13:12 -05:00
Jimmy Zelinskie
6a1dd376c2 util: add cloudwatch package 
This isolates the CloudWatch sending thread to it's own package where it
can be shared among any other packages that want to asynchronously send
metrics to CloudWatch.
 2015-02-14 16:30:10 -05:00
Jake Moshenko
2ce6e76d9d Add the required migration for time machine tag lifetimes. 2015-02-13 14:41:08 -05:00
Joseph Schorr
7a199f63eb Various small fixes and add support for subjectAltName to the SSL cert check 2015-02-12 14:00:26 -05:00
Joseph Schorr
f107b50a46 Merge branch 'master' into ackbar 2015-02-12 12:04:45 -05:00
Joseph Schorr
893ae46dec Add an ImageTree class and change to searching *all applicable* branches when looking for the best cache tag. 2015-02-10 21:46:58 -05:00
Joseph Schorr
045614c6c8 Merge branch 'master' into ackbar 2015-02-09 17:16:42 -05:00
Joseph Schorr
cf774e23df Merge branch 'master' into v2 2015-02-05 15:37:14 -05:00
Joseph Schorr
555bd293ea Fix tar layer format comment 2015-02-05 14:40:02 -05:00
Joseph Schorr
400ffa73e6 Add SSL cert and key validation 2015-02-05 13:06:56 -05:00
Joseph Schorr
bfb0784abc Add signing to the ACI converter 2015-02-04 15:29:24 -05:00
Joseph Schorr
84e5c0644e Address comments 2015-02-02 14:07:32 -05:00
Joseph Schorr
30b895b795 Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar 2015-01-23 17:26:14 -05:00
Joseph Schorr
c8229b9c8a Implement new step-by-step setup 2015-01-23 17:19:15 -05:00
Joseph Schorr
28d319ad26 Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not). 2015-01-20 12:43:11 -05:00
Joseph Schorr
fa55169c35 - Fix bug in tarlayerformat when dealing with larger headers 
- Fix bug around entry points and config in the ACI converter
 2015-01-16 18:23:40 -05:00
Joseph Schorr
53e5fc6265 Have the config setup tool automatically prepare the S3 or GCS storage with CORS config 2015-01-16 16:10:40 -05:00
Jimmy Zelinskie
0da9c5826b Update MixPanel and use BufferedConsumer 2015-01-16 16:04:13 -05:00
Jimmy Zelinskie
f5138792ad Merge branch 'master' of github.com:coreos-inc/quay 2015-01-16 15:32:02 -05:00
Jimmy Zelinskie
fe9e19704b Try/Catch creating connection to CloudWatch 2015-01-16 15:31:40 -05:00
Jimmy Zelinskie
33088f742a Migrate queued metric from processes to threads 2015-01-16 15:30:58 -05:00
Joseph Schorr
1f9479a230 Merge branch 'boxer' 2015-01-16 14:57:22 -05:00
Joseph Schorr
e93544573f Add missing action 2015-01-16 14:57:09 -05:00
Joseph Schorr
5e9d9eb6cd Merge branch 'master' of https://github.com/coreos-inc/quay 2015-01-16 13:44:32 -05:00
Joseph Schorr
b89ba61286 Change to only run the cloud watch reporter in the gunicorn_web 2015-01-16 13:44:29 -05:00
Jimmy Zelinskie
07bb9be603 Some class docs added to queuemetrics classes 2015-01-16 12:14:57 -05:00
Jimmy Zelinskie
0122a6698f Wrap call to CloudWatch in try/catch block. 2015-01-16 12:14:11 -05:00
Joseph Schorr
87a5b17d20 Add inbox actions. Note that this isn't enabled because of issues around DKIM in Gmail with SES. 2015-01-15 17:11:05 -05:00
Joseph Schorr
6ed28930b2 Work in progress: Docker -> ACI conversion 2015-01-13 17:46:11 -05:00
Joseph Schorr
0d2c42ad03 Fix tests 2015-01-09 17:11:51 -05:00
Joseph Schorr
6d604a656a Move config handling into a provider class to make testing much easier 2015-01-09 16:23:31 -05:00
Joseph Schorr
bfd273d16f - Make validation a bit nicer: 
- Add timeout to the DB validation
  - Make DB validation exception handling a bit nicer
  - Move the DB validation error message

- Fix bug around RADOS config default for Is Secure
- Allow hiding of the validation box
 2015-01-08 15:27:49 -05:00
Joseph Schorr
47fb10b79f Merge branch 'master' into ackbar 2015-01-08 13:57:39 -05:00
Joseph Schorr
5ac2c4970a Add Google auth validation and fix the case where no config is specified at all for Google auth or Github auth 2015-01-08 13:56:17 -05:00
Joseph Schorr
5e0ce4eea9 Add validation of github to the config tool 2015-01-08 13:26:24 -05:00
Joseph Schorr
63504c87fb Get end-to-end configuration setup working, including verification (except for Github, which is in progress) 2015-01-07 16:20:51 -05:00
Jimmy Zelinskie
88a60d05b6 fix shadowed variable 
'tag' was being used for both a string value and a boolean value
 2015-01-05 14:51:00 -05:00
Joseph Schorr
219730c341 Better config defaults and remove some unneeded code 2015-01-05 13:01:32 -05:00
Joseph Schorr
40d2b1748f Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py). 2015-01-05 12:31:02 -05:00
Joseph Schorr
1bf25f25c1 WIP 2015-01-04 14:38:41 -05:00
Joseph Schorr
4ca877c1d4 Add ability to download system logs 2014-12-23 14:01:00 -05:00
Jimmy Zelinskie
6968c148f7 Allow redirects to specific tags 2014-12-18 16:01:59 -05:00
Jimmy Zelinskie
eeeb2e620c move slackwebhook migration from tools to util 
tools isn't shipped inside of the container because it contains private
keys
 2014-12-18 13:22:13 -05:00
Joseph Schorr
c8277b07d9 Merge branch 'master' of https://bitbucket.org/yackob03/quay 2014-12-01 16:19:24 -05:00
Joseph Schorr
1e993b04ef Add a time.sleep(0) to the tight loop in gzipstream to make sure we never use 100% of a machine CPU 2014-12-01 16:19:13 -05:00
Jimmy Zelinskie
f3259c862b Merge branch 'koh' 
Conflicts:
	auth/scopes.py
	requirements-nover.txt
	requirements.txt
	static/css/quay.css
	static/directives/namespace-selector.html
	static/js/app.js
	static/partials/manage-application.html
	templates/oauthorize.html
 2014-12-01 12:30:09 -08:00
Joseph Schorr
72d613614d Merge branch 'bagger' 2014-12-01 12:48:59 -05:00
Joseph Schorr
c266f35648 Fix bug in the changes library 2014-11-29 19:00:48 -05:00