Joseph Schorr
4f63a50a17
Change account-less logs to use a user and not null
...
This allows us to skip the migration
2016-04-29 14:09:37 -04:00
Joseph Schorr
522cf68c5d
Lots of smaller fixes:
...
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
c0ab45d335
key server: derive audience from host and scheme
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
d277fe6741
add final service key config
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
4079dba167
service keys: do all the right stuff
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
cca95ac583
add GITLAB_TRIGGER_CONFIG to config.py
...
We were already using this in production in our config.yml. We just
didn't have a default value for it inside of config.py.
2016-03-18 14:56:09 -04:00
Quentin Machu
d36528a77a
Increase POST timeout in secscan API
2016-03-04 11:59:00 -05:00
Quentin Machu
888f976e8d
Use a feature flag to toggle security notifications
2016-03-01 15:54:18 -05:00
Joseph Schorr
f498e92d58
Implement against new Clair paginated notification system
2016-02-25 15:58:42 -05:00
Joseph Schorr
1940fd9939
Add UI to the setup tool for enabling ACI conversion
...
Fixes #1211
2016-02-17 12:05:48 -05:00
Jimmy Zelinskie
e18dacd26b
extend torrent webseed lifetime to an hour
2016-02-08 17:57:28 -05:00
Joseph Schorr
b4bddacedb
Switch to Fernet crypto as per gtank's recommendation
2016-01-26 12:50:48 -05:00
Joseph Schorr
bd0a098282
Add ID-based pagination to logs using new decorators and an encrypted token
...
Fixes #599
2016-01-26 12:50:48 -05:00
Jimmy Zelinskie
85ae1a2a0a
Merge pull request #1161 from jzelinskie/torrenthmac
...
misc torrent changes
2016-01-22 23:02:44 -05:00
Joseph Schorr
e4ffaff869
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
...
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Jimmy Zelinskie
e54b86c6eb
s/TORRENT/BITTORRENT
2016-01-22 15:52:28 -05:00
Jake Moshenko
1ae101c917
Address torrent feature review comments.
2016-01-08 16:38:21 -05:00
Jimmy Zelinskie
087c6828ad
add feature.BITTORRENT and jwk set URI
2016-01-07 19:07:23 -05:00
Jimmy Zelinskie
a0e5de8f29
add torrent options to config
2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796
Hash and track layer file chunks for torrenting
2016-01-04 16:17:51 -05:00
Joseph Schorr
ab166c4448
Delete the image diff feature
...
Fixes #1077
2015-12-23 13:08:01 -05:00
Jimmy Zelinskie
f439ad7804
Merge pull request #618 from jzelinskie/logsworker
...
add a log rotation worker
2015-12-16 17:25:50 -05:00
Jimmy Zelinskie
e1f955a3f6
add a log rotation worker
...
Fixes #609 .
2015-12-16 17:22:28 -05:00
Joseph Schorr
c888a8b3be
Make GC timeout configurable
2015-12-16 15:45:02 -05:00
Jake Moshenko
766d60493f
Add the ability to blacklist v2 for specific versions
2015-12-15 18:27:10 -05:00
Jake Moshenko
0459c3bc54
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-16 14:22:54 -05:00
Joseph Schorr
7816b0c657
Merge master into vulnerability-tool
2015-11-12 21:52:47 -05:00
Jimmy Zelinskie
7fd53d6783
update IRC channel
2015-11-11 15:42:36 -05:00
Jimmy Zelinskie
dc476470fe
add secscan notification queue
2015-11-10 15:22:30 -05:00
Joseph Schorr
75dfec7875
Fix endpoint
2015-11-09 12:50:39 -05:00
Jake Moshenko
c2fcf8bead
Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2
2015-11-06 18:18:29 -05:00
Jimmy Zelinskie
f3c3e684a1
prepare branch to be merged into phase1-11-07-2015
...
This removes the checksum backfill, removes the migration that runs the
backfills, and defaults the security scan feature off.
2015-11-06 15:22:18 -05:00
Joseph Schorr
cfa03951e1
Add a SecScanEndpoint class and move all the cert and config handling in there
2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0
Add vulnerabilities and packages API to Quay
...
Fixes #564
2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea
Add a vulnerability_found event for notice when we detect a vuln
...
Fixes #637
Note: This PR does *not* actually raise the event; it merely adds support for it
2015-11-06 15:22:18 -05:00
Joseph Schorr
2d1df267dd
Add security config
2015-11-06 15:22:18 -05:00
Joseph Schorr
f6a53f7cc5
Change all Quay.io references to Quay, fix tour and change logo
...
Fixes #741
2015-11-02 14:37:48 -05:00
Jake Moshenko
fc55730db8
Add a feature flag to advertise v2 endpoints
2015-10-26 14:20:51 -04:00
Jake Moshenko
26cea9a07c
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-17 16:16:27 -04:00
Jake Moshenko
9c3ddf846f
Some fixes and tests for v2 auth
...
Fixes #395
2015-09-10 15:38:57 -04:00
Joseph Schorr
c0286d1ac3
Add support for Dex to Quay
...
Fixes #306
- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
2015-09-04 17:05:06 -04:00
Jake Moshenko
210ed7cf02
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-04 16:32:01 -04:00
Joseph Schorr
0a91a1d9d8
Redirect to the /setup page automatically in the ER when not fully setup
2015-09-02 14:59:54 -04:00
Joseph Schorr
724b1607d7
Add automatic storage replication
...
Adds a worker to automatically replicate data between storages and update the database accordingly
2015-09-01 14:53:32 -04:00
Jake Moshenko
e1b3e9e6ae
Another huge batch of registry v2 changes
...
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
2015-08-12 16:41:12 -04:00
Joseph Schorr
e53c3e23be
Change docs to load from HTTPS
2015-08-05 14:34:11 -04:00
Joseph Schorr
8a8955d234
Add documentation search to the main search bar
2015-08-03 17:15:53 -04:00
Joseph Schorr
70de107268
Make GC of repositories fully async for whitelisted namespaces
...
This change adds a worker to conduct GC on repositories with garbage every 10s.
Fixes #144
2015-07-28 15:30:04 -04:00
Jake Moshenko
bc29561f8f
Fix and templatize the logic for external JWT AuthN and registry v2 Auth.
...
Make it explicit that the registry-v2 stuff is not ready for prime time.
2015-07-17 11:56:15 -04:00
Joseph Schorr
33b31a2451
Fix logs view in superuser panel
...
This seems to have been broken ever since we moved to syslog
2015-06-15 20:55:23 -04:00
Jake Moshenko
e09d84b3c8
Merge pull request #55 from coreos-inc/oauthdeny
...
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-05 14:00:16 -04:00
Joseph Schorr
5516911de9
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-02 12:25:59 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
ba0fafc857
Add missing default for the gitlab feature flag
2015-05-04 19:04:27 -07:00
Joseph Schorr
c480fb2105
Work in progress: bitbucket support
2015-04-24 15:13:08 -04:00
Joseph Schorr
5cd500257d
Merge branch 'master' into orgview
2015-04-01 13:56:49 -04:00
Joseph Schorr
27a9b84587
Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists
2015-03-30 17:55:04 -04:00
Joseph Schorr
e4b659f107
Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords
2015-03-25 18:43:12 -04:00
Jake Moshenko
78c8354174
Switch our temporary token lookups for signed grants which will not require DB access.
2015-02-19 16:54:23 -05:00
Jake Moshenko
ec01373240
Rename the config variable for temp tag expiration per the pull request feedback.
2015-02-18 17:06:41 -05:00
Jake Moshenko
41108a0856
Allow tags to be marked as hidden. Create a hidden tag on every image during a push to prevent them from getting GCed.
2015-02-18 17:05:16 -05:00
Joseph Schorr
3cae6609a7
Remove old services from the blacklist
2015-02-18 16:34:42 -05:00
Joseph Schorr
0d2c42ad03
Fix tests
2015-01-09 17:11:51 -05:00
Joseph Schorr
40d2b1748f
Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py).
2015-01-05 12:31:02 -05:00
Joseph Schorr
1bf25f25c1
WIP
2015-01-04 14:38:41 -05:00
Joseph Schorr
4ca877c1d4
Add ability to download system logs
2014-12-23 14:01:00 -05:00
Jimmy Zelinskie
f3259c862b
Merge branch 'koh'
...
Conflicts:
auth/scopes.py
requirements-nover.txt
requirements.txt
static/css/quay.css
static/directives/namespace-selector.html
static/js/app.js
static/partials/manage-application.html
templates/oauthorize.html
2014-12-01 12:30:09 -08:00
Joseph Schorr
72d613614d
Merge branch 'bagger'
2014-12-01 12:48:59 -05:00
Joseph Schorr
660a640de6
Better organize the source file structure of the build manager and change it to choose a lifecycle manager based on the config
2014-11-25 16:14:44 -05:00
Joseph Schorr
e9cac407df
Add a configurable avatar system and add an internal avatar system for enterprise
2014-11-24 19:25:13 -05:00
Jimmy Zelinskie
716d7a737b
Strip whitespace from ALL the things.
2014-11-24 16:07:38 -05:00
Jake Moshenko
8b3184a7cb
Change the default username and password for flask-mail to None instead of empty string.
2014-11-21 12:32:30 -05:00
Jake Moshenko
2b8c246476
Temporarily put user rename behind a feature flag. Switch queue names back to using the username for namespace while we figure out a real migration strategy.
2014-11-20 15:36:39 -05:00
Joseph Schorr
3e79379942
- Make the OAuth config system centralized
...
- Add support for Github Enterprise login
2014-11-05 16:43:37 -05:00
Joseph Schorr
98602a2d0c
Add a new configurable health check, to make sure production instances are not taken down by Redis or non-local DB issues
2014-11-02 15:06:17 -05:00
Joseph Schorr
4eedd54b66
- Make usage language more accurate by stating "repositories"
...
- Have usage counter be based on a 4 weeks TTL
- Add a simple usage counter breakage test
2014-10-30 13:26:02 -04:00
Joseph Schorr
c1398c6d2b
- Add a log entry for repo verb handling and make the container usage calculation take it into account
...
- Move all the repo push/pull/verb logging into a central track_and_log method
- Readd images accidentally deleted in the last CL
- Make the uncompressed size migration script better handle exceptions
2014-10-29 15:42:44 -04:00
Joseph Schorr
8b331b453e
Make the contact page dynamic so that enterprise customers can configure it however they like
2014-10-22 14:49:33 -04:00
Jake Moshenko
fa6a06502d
Change the default redis host to localhost. Fix some whitespace issues in the userevents module.
2014-10-14 14:37:02 -04:00
Jake Moshenko
44637dad96
Merge branch 'master' of bitbucket.org:yackob03/quay
2014-10-14 13:58:14 -04:00
Jake Moshenko
328db8b660
Split the app into separate backends, which can use different worker types and different timeouts.
2014-10-14 13:58:08 -04:00
Joseph Schorr
49f8629566
Make the default mail sender use the Flask mail config value
2014-10-10 13:14:33 -04:00
Joseph Schorr
c682899861
Add a feature flag to disable user creation
2014-10-02 14:49:18 -04:00
Joseph Schorr
2c5cc7990f
Allow for additional REDIS config such as password and port
2014-10-01 14:16:42 -04:00
Joseph Schorr
f3b03ebc34
Add a feature flag for disabling all emails
2014-09-22 19:11:48 -04:00
Jake Moshenko
2455c17f96
Merge remote-tracking branch 'origin/master' into waltermitty
...
Conflicts:
app.py
data/userfiles.py
2014-09-11 11:18:28 -04:00
Jake Moshenko
c9e1648781
Small fixes to bugs in the streaming handler for use with magic and radosgw.
2014-09-09 18:30:14 -04:00
Jake Moshenko
451e034ca1
Archived logs commit 1. Squash me.
2014-09-08 16:43:17 -04:00
Joseph Schorr
e028d4ae0a
Merge master into branch
2014-09-04 18:08:18 -04:00
Joseph Schorr
4140e115e5
Put building behind a feature flag
2014-08-22 18:03:22 -04:00
Joseph Schorr
2597bcef3f
Add support for login with Google. Note that this CL is not complete
2014-08-11 15:47:44 -04:00
Joseph Schorr
6f804c222a
Replace references seen in the enterprise version to "Quay.io" with a config-pulled value
2014-08-08 13:50:04 -04:00
Joseph Schorr
bcbea37fce
Change distributed config format to make it easier for the setup tool
2014-08-07 13:45:15 -04:00
Joseph Schorr
49801bc2c4
- Add web hook queue code back in. We'll remove it and turn it off after this CL goes to prod
...
- Make notification lookup always be by repo and its UUID, rather than the internal DB ID
- Add the init script for the notification worker
2014-07-31 13:30:54 -04:00
Joseph Schorr
8d7493cb86
Convert over to notifications system. Note this is incomplete
2014-07-17 22:51:58 -04:00
Jake Moshenko
6047f3759f
Remove the placement fallback since the DB has been fully backfilled.
2014-06-24 17:01:23 -04:00
Jake Moshenko
cf2ba9f0b6
Fix a typo in the config for the backfill location.
2014-06-23 11:25:14 -04:00
Jake Moshenko
0a62f7f725
Add the ability to look up images which do not have a placement yet.
2014-06-18 12:40:23 -04:00
Jake Moshenko
bf98575feb
Add the basics of geographic data distribution and get the tests to work.
2014-06-17 16:03:43 -04:00
Jake Moshenko
0057ced98c
Move GitHub build trigger behind a feature flag.
2014-05-30 18:28:18 -04:00
Jake Moshenko
d1f4fbdacc
Split out the redis hostname for user events and build logs as a string config. Modularize the user events and fix all callers.
2014-05-30 14:25:29 -04:00
Joseph Schorr
69be86be97
Add extra seat check in the user API call and turn off user->org conversion when authentication is LDAP
2014-05-28 15:53:53 -04:00
Jake Moshenko
f6726bd0a4
Merge branch 'ldapper'
...
Conflicts:
Dockerfile
app.py
data/database.py
endpoints/index.py
test/data/test.db
2014-05-22 12:13:41 -04:00
Jake Moshenko
d14798de1d
Add a queue capacity reporter plugin to the queue. Move the queue definitions to app. Add a cloudwatch reporter to the dockerfile build queue.
2014-05-21 19:50:37 -04:00
Jake Moshenko
11c6c5fa52
Merge remote-tracking branch 'origin/master' into ldapper
...
Conflicts:
app.py
2014-05-13 16:55:02 -04:00
Joseph Schorr
08ccad7fe4
Add support for not using CDN-based resources. When USE_CDN = False, all CDN-based resources will instead be used from the local system.
2014-05-09 18:49:33 -04:00
Jake Moshenko
bcb993a914
Set up the build logs to use our fake build logs on test and local.
2014-05-09 18:45:11 -04:00
Jake Moshenko
027ada1f5c
First stab at LDAP integration.
2014-05-09 17:39:43 -04:00
Jake Moshenko
fe2eb079b7
Remove unused import.
2014-05-01 21:38:02 -04:00
Jake Moshenko
a5a61576ae
Revamp the logging a bit. Not quite done yet.
2014-05-01 19:44:28 -04:00
Jake Moshenko
fe665118bb
Add sentry exception monitoring.
2014-04-28 18:59:22 -04:00
Joseph Schorr
91c1342ffb
Switch to having GitHub login off in the default config, since the keys are empty anyway
2014-04-16 22:51:56 -04:00
jakedt
4b8217d4ad
Add config to allow for setting the queue names at runtime. Fix a bug in the data model.
2014-04-11 19:23:57 -04:00
jakedt
61a6db236f
Finish the implementation of local userfiles. Strip charsets from mimetypes in the build worker. Add canonical name ordering to the build queue. Port all queues to the canonical naming version.
2014-04-11 18:34:47 -04:00
jakedt
14fba3ae7c
Rename SERVER_NAME to SERVER_HOSTNAME to fix the subdomain routing problems.
2014-04-11 11:17:45 -04:00
jakedt
0fd5da172e
Fix the super user default config. Slight style tweaks to the super user permission implementation.
2014-04-10 15:51:39 -04:00
jakedt
73f23f155c
Merge branch 'ncc1701' of ssh://bitbucket.org/yackob03/quay into ncc1701
2014-04-10 15:20:26 -04:00
jakedt
d39f3cc5d4
Fix the tests and implement a fake stripe.
2014-04-10 15:20:16 -04:00
Joseph Schorr
bdf2b02c1a
Merge branch 'ncc1701' of https://bitbucket.org/yackob03/quay into ncc1701
2014-04-10 00:27:51 -04:00
Joseph Schorr
0e320c964f
- Add support for super users
...
- Add a super user API
- Add a super user interface
2014-04-10 00:26:55 -04:00
jakedt
fc7756a3c2
Add alembic plumbing for database schema migrations.
2014-04-09 19:11:33 -04:00
jakedt
4d4f3b1c18
Add the olark feature flag to the default config and fix the usage of flask modules.
2014-04-08 23:05:45 -04:00
Joseph Schorr
da859203f7
- Add a config whitelist
...
- Send the config values to the frontend
- Add a service class for exposing the config values
- Change the directives to inject both Features and Config
- Change directive users to make use of the new scope
2014-04-08 19:14:24 -04:00
jakedt
265fa5070a
Fix support for multiple stack configurations and move most secrets into the quay-config project.
2014-04-07 16:59:22 -04:00
jakedt
8e9faf6121
Toward running quay in a docker container.
2014-04-07 01:20:09 -04:00
Joseph Schorr
6e2b8d96b8
Add a simplified landing page for the case where billing is disabled
2014-04-06 14:48:58 -04:00
Joseph Schorr
c374e8146a
- Add code for placing the features information on the frontend
...
- Add a Features service for examining feature flags on the frontend
- Add a directive (quay-requires) that matches feature flags and, if any one does not match, removes the element from the DOM
- Add a directive (quay-show) that injects the features into the scope so that expressions of the form "Features.BILLING || something" work out of the box to show/hide the element
- Add a directive (quay-classes) that allows for setting of CSS classes on an element based on feature expression(s) such as {"!BILLING": "active"} (e.g. the BILLING flag is set to false, add the class "active".
2014-04-04 23:26:10 -04:00
jakedt
0abbf042dd
Add a features modules that process the flask dict.
2014-04-03 18:47:17 -04:00
jakedt
173f8d9b9a
Remove the invalid import.
2014-04-03 17:45:44 -04:00
jakedt
e87ffa20cf
First attempt at making config loadable through string config overrides in an env variable.
2014-04-03 17:31:46 -04:00
jakedt
f8a1535e78
Fix the trigger delete code and enable peewee autorollback.
2014-03-06 14:47:02 -05:00
jakedt
638dbb3d8d
Cache the status tags and fix the tag for images that were pushed from a build.
2014-03-05 14:35:11 -05:00
jakedt
2ea59c8555
Allow for special config for staging.
2014-03-04 19:40:29 -05:00
jakedt
86e93a2c0f
Write triggers are successfully installing on GitHub, noice!
2014-02-21 17:09:56 -05:00
jakedt
d5304f7db0
Merge remote-tracking branch 'origin/master' into rustedbuilds
...
Conflicts:
data/database.py
endpoints/api.py
endpoints/common.py
test/data/test.db
2014-02-21 14:52:40 -05:00
jakedt
f60f9eb62a
Properly connect the github push webhook with the build worker. Still need to resolve the archive format.
2014-02-18 18:09:14 -05:00
jakedt
e7064f1191
Fix the tests and the one bug that it highlighted.
2014-02-16 18:59:24 -05:00
jakedt
8794547593
Fix the build logs merge error.
2014-02-13 19:58:06 -05:00
yackob03
ade20952e2
Merge branch 'master' into tutorial
...
Conflicts:
config.py
static/js/app.js
test/data/test.db
2014-02-13 14:35:20 -05:00
yackob03
8f6cdabde3
Merge branch 'bobthe'
...
Conflicts:
test/data/test.db
2014-02-13 12:47:59 -05:00
yackob03
daec74bc25
Get the testlogs to correlate properly.
2014-02-11 12:09:59 -05:00
yackob03
6fd343741b
Change to the new paging format with the commands available at the top.
2014-02-10 19:12:43 -05:00
Joseph Schorr
98e57b9d2b
Merge branch 'master' into tutorial
...
Conflicts:
endpoints/index.py
static/css/quay.css
static/js/app.js
static/js/controllers.js
test/data/test.db
2014-02-06 21:23:27 -05:00
Joseph Schorr
fa1bf94af1
Get the basic tutorial working completely, including reacting to server-side events
2014-02-06 20:58:26 -05:00
Joseph Schorr
732ce83795
Move JSON pretty print config flag to the proper place
2014-02-05 17:05:06 -05:00
yackob03
72c380d9a1
Merge branch 'master' into bobthe
2014-02-04 19:29:32 -05:00
yackob03
a6f98570a1
Send everything in production through the gunicorn logger (allows rotation using USR1). Add a gunicorn logger that emits the logstash format. Move the gunicorn config to the conf subdir. Update the postrotate script to hopefully work.
2014-02-04 15:08:49 -05:00
yackob03
5270066d6d
Switch to the redis backed build logs and status.
2014-02-03 19:08:37 -05:00
yackob03
c13654bb52
First attempt at emitting logstash style logs.
2014-01-30 13:32:06 -05:00
yackob03
7ee5780bc3
Mark session cookies as secure only.
2014-01-27 17:46:21 -05:00