Commit graph

154 commits

Author SHA1 Message Date
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Joseph Schorr
ca7d736db2 Only send vulnerability events if the minimum priority is gte to that specified
Fixes #770
2015-11-10 16:05:55 -05:00
Matt Jibson
4d81567a0c Remove error notification when user deletes repos
Also prevent duplicate notifications of that type.

fixes #493
2015-11-04 16:11:15 -05:00
Joseph Schorr
8a8955d234 Add documentation search to the main search bar 2015-08-03 17:15:53 -04:00
Joseph Schorr
5f2729f41f Fix logic bug in param check 2015-07-20 17:04:06 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Jake Moshenko
f5ee7a6697 Make the scopes dynamic based on app config. 2015-07-15 18:13:15 -04:00
Joseph Schorr
fb8e718c44 Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header 2015-05-18 12:38:39 -04:00
Joseph Schorr
8eb9c376cd Add constructors for the QuayDeferredPermissionUser so that we can avoid extraneous DB lookups of the user whenever we already have the object 2015-05-07 15:04:12 -04:00
Joseph Schorr
d5c70878c5 Get build preparation working for bitbucket and do a lot of code cleanup around this process across all the triggers. Note: tests are not yet updated. 2015-04-29 17:04:52 -04:00
Joseph Schorr
333e0acd6d Add the builds tab 2015-03-13 15:34:28 -07:00
Joseph Schorr
43ab838998 Merge branch 'newbuildview' 2015-03-05 16:17:29 -05:00
Joseph Schorr
e227d7e526 Start on the new build view 2015-02-26 17:45:28 -05:00
Joseph Schorr
5f605b7cc8 Fix queue handling to remove the dependency from repobuild, and have a cancel method 2015-02-23 13:38:01 -05:00
Joseph Schorr
7c81d90cda Start recording the commit sha and other metadata about github triggered builds. We'll eventually show this information in the UI 2015-02-18 14:12:59 -05:00
Joseph Schorr
83e05d2342 Add tracking of the kind of temporary access tokens, so we can display if a pull/push by token is for a build worker 2015-02-17 12:35:16 -05:00
Joseph Schorr
f84d1bad45 Handle internal errors in a better fashion: If a build would be marked as internal error, only do so if there are retries remaining. Otherwise, we mark it as failed (since it won't be rebuilt anyway) 2015-02-12 16:19:44 -05:00
Jake Moshenko
0f3d87466e Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger. 2015-02-11 14:15:18 -05:00
Joseph Schorr
09a10b6153 Have cache busting hashes be generated as part of the build process. 2015-02-06 17:52:09 -05:00
Joseph Schorr
cf774e23df Merge branch 'master' into v2 2015-02-05 15:37:14 -05:00
Joseph Schorr
a1938593a9 Better handling of retries on build errors 2015-02-03 16:29:47 -05:00
Jake Moshenko
432da28b42 Reduce the retry count to 2. 2015-02-02 15:28:51 -05:00
Jake Moshenko
84f5780c1d Up the number of retries available for builds. 2015-01-29 11:52:42 -05:00
Joseph Schorr
2a89accc49 Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked 2015-01-16 22:41:54 -05:00
Joseph Schorr
b89ba61286 Change to only run the cloud watch reporter in the gunicorn_web 2015-01-16 13:44:29 -05:00
Joseph Schorr
5bbf1d0c14 Make sure the ac-discovery URL is generated properly from config values 2015-01-13 18:00:01 -05:00
Jimmy Zelinskie
f3259c862b Merge branch 'koh'
Conflicts:
	auth/scopes.py
	requirements-nover.txt
	requirements.txt
	static/css/quay.css
	static/directives/namespace-selector.html
	static/js/app.js
	static/partials/manage-application.html
	templates/oauthorize.html
2014-12-01 12:30:09 -08:00
Joseph Schorr
3a935822fc Fix PhantomJS by always using the local copy of CDN files, and making sure to specify TLS (instead of the default SSLv3, which is now deprecated) 2014-11-25 15:32:10 -05:00
Joseph Schorr
7bf96c506f Merge branch 'bees' into koh 2014-11-24 19:25:53 -05:00
Jimmy Zelinskie
dee4c389a8 Base sessions on UUIDs.
Now that a backfill has been applied, sessions can now be based on UUIDs
because all users will have one.
2014-11-20 18:44:36 -05:00
Jake Moshenko
2b8c246476 Temporarily put user rename behind a feature flag. Switch queue names back to using the username for namespace while we figure out a real migration strategy. 2014-11-20 15:36:39 -05:00
Jimmy Zelinskie
12ff4b107c Undo sessions being driven by UUID.
Basing sessions on UUIDs must be done in phases. First all users
must obtain an UUID. Once a backfill has given all previous users
UUIDs and new users are being generated with UUIDs, then we can
actually change the session to be based on that value.
2014-11-20 12:57:17 -05:00
Jimmy Zelinskie
9d677b8eb3 Add UUID to User model and use in cookie. 2014-11-19 13:28:16 -05:00
Jake Moshenko
f4681f2c18 Merge branch 'master' into nomenclature
Conflicts:
	test/data/test.db
2014-11-17 17:59:59 -05:00
Joseph Schorr
58ca76239b Add ability to one-click generate an authorization access token in the applications panel 2014-11-17 14:54:07 -05:00
Joseph Schorr
9d1b6d829a Make sure the external login link for GHE links to the enterprise GitHub and not the hosted version 2014-11-06 20:35:52 -05:00
Joseph Schorr
3e79379942 - Make the OAuth config system centralized
- Add support for Github Enterprise login
2014-11-05 16:43:37 -05:00
Joseph Schorr
6adf4644b4 Remove unneeded extra logging call 2014-11-03 17:17:05 -05:00
Joseph Schorr
79e4864eb2 Move the the track_and_log code into its own module. This breaks a dependency chain between index -> common -> api -> subscribe -> common again. 2014-10-30 12:49:51 -04:00
Joseph Schorr
c1398c6d2b - Add a log entry for repo verb handling and make the container usage calculation take it into account
- Move all the repo push/pull/verb logging into a central track_and_log method
- Readd images accidentally deleted in the last CL
- Make the uncompressed size migration script better handle exceptions
2014-10-29 15:42:44 -04:00
Joseph Schorr
93cd7de0e0 Handle email errors in a better manner 2014-10-28 12:10:44 -04:00
Jake Moshenko
1461310ab8 Merge remote-tracking branch 'origin/master' into nomenclature
Conflicts:
	endpoints/common.py
	endpoints/notificationhelper.py
	test/data/test.db
	workers/dockerfilebuild.py
2014-10-23 13:25:37 -04:00
Joseph Schorr
208c97776f Make sure builds are queued under a transaction. This should prevent a queue item from existing without its repository build object (or vice versa). 2014-10-22 15:20:53 -04:00
Joseph Schorr
8b331b453e Make the contact page dynamic so that enterprise customers can configure it however they like 2014-10-22 14:49:33 -04:00
Jake Moshenko
e8b3d1cc4a Phase 4 of the namespace to user migration: actually remove the column from the db and remove the dependence on serialized namespaces in the workers and queues 2014-10-01 14:23:46 -04:00
Jake Moshenko
03190efde3 Phase 2 of migrating repo namespaces to referencing user objects, backfilling the rows without a value for namespace_user, and changing all accesses to go through the namespace_user object. All tests are passing, manual testing still required. 2014-09-24 18:01:35 -04:00
Jake Moshenko
3259cda000 The new strategy is to do a three phase migration. This is the first phase: getting the namespace user in the db and written for all new repositories. 2014-09-22 17:27:02 -04:00
Jake Moshenko
8626d1cd70 Initial changes to move repositories from using a namespace string to referencing a user object. Also stores the user id in the cookie rather than the username, to allow users to be renamed. This commit must not be used unmodified because the database migration is too aggressive for live migration. 2014-09-19 10:17:23 -04:00
Joseph Schorr
e783df31e0 Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again. 2014-09-04 14:24:20 -04:00
Jake Moshenko
5d4a6fc279 Add support for GA at least for the initial page load. 2014-08-07 20:44:59 -04:00
Jake Moshenko
0372013f70 Merge remote-tracking branch 'origin/redalert'
Conflicts:
	app.py
2014-08-04 16:56:34 -04:00
Joseph Schorr
b12d63ce9a Make sure to always return the same cache busting string on prod, so that reloads of the page can still use the same cached resources 2014-07-29 20:54:16 -04:00
Joseph Schorr
7de1dd7dc0 Merge branch 'master' into redalert 2014-07-28 18:35:39 -04:00
Jake Moshenko
b39b847c98 Add messaging around required params for oauth. Style fixes. 2014-07-21 15:09:31 -04:00
Joseph Schorr
752efb9e0f Fix the spawn_notification to work in all cases and clean up some of the remaining code 2014-07-18 16:34:52 -04:00
Joseph Schorr
af31bde997 Add support for the remaining events to the frontend and the backend 2014-07-18 15:58:18 -04:00
Joseph Schorr
205362bc7b Add UI for handling the case when an enterprise has reached its maximum seat count 2014-05-28 15:22:36 -04:00
Jake Moshenko
f6726bd0a4 Merge branch 'ldapper'
Conflicts:
	Dockerfile
	app.py
	data/database.py
	endpoints/index.py
	test/data/test.db
2014-05-22 12:13:41 -04:00
Jake Moshenko
d14798de1d Add a queue capacity reporter plugin to the queue. Move the queue definitions to app. Add a cloudwatch reporter to the dockerfile build queue. 2014-05-21 19:50:37 -04:00
Joseph Schorr
08ccad7fe4 Add support for not using CDN-based resources. When USE_CDN = False, all CDN-based resources will instead be used from the local system. 2014-05-09 18:49:33 -04:00
Jake Moshenko
fe665118bb Add sentry exception monitoring. 2014-04-28 18:59:22 -04:00
jakedt
31aab09be5 Sort the files before we send them to the template renderer. Remove a stack symlink if present to avoid interfering with the volume. 2014-04-16 14:23:22 -04:00
Joseph Schorr
ede8ed21f4 Enable DEBUGGING mode, which loads the individual script files rather than the minimized bundles created by grunt 2014-04-15 16:35:15 -04:00
Joseph Schorr
5fa4733a2f - Enable minification for the frontend JS bundle
- Make sure we are pegged to version 3.3.3 of D3
2014-04-15 15:58:00 -04:00
Joseph Schorr
7aab6a9fdd Get basic grunt-ified CSS and JS working. Note that this currently uses the dist bundles for both prod and debug. 2014-04-15 15:51:32 -04:00
jakedt
dcc993a20e Fix the cache buster. 2014-04-15 14:27:00 -04:00
jakedt
61a6db236f Finish the implementation of local userfiles. Strip charsets from mimetypes in the build worker. Add canonical name ordering to the build queue. Port all queues to the canonical naming version. 2014-04-11 18:34:47 -04:00
Joseph Schorr
3a3758654c - Move all quay.io domain references to config and add new methods for easy construction of URLs
- Make the Olark chat live behind a feature flag
2014-04-08 20:33:20 -04:00
Joseph Schorr
da859203f7 - Add a config whitelist
- Send the config values to the frontend
- Add a service class for exposing the config values
- Change the directives to inject both Features and Config
- Change directive users to make use of the new scope
2014-04-08 19:14:24 -04:00
Joseph Schorr
c374e8146a - Add code for placing the features information on the frontend
- Add a Features service for examining feature flags on the frontend
- Add a directive (quay-requires) that matches feature flags and, if any one does not match, removes the element from the DOM
- Add a directive (quay-show) that injects the features into the scope so that expressions of the form "Features.BILLING || something" work out of the box to show/hide the element
- Add a directive (quay-classes) that allows for setting of CSS classes on an element based on feature expression(s) such as {"!BILLING": "active"} (e.g. the BILLING flag is set to false, add the class "active".
2014-04-04 23:26:10 -04:00
Joseph Schorr
4f4112b18d Add show_if and hide_if methods for routes and APIs, as well as proper comparison of feature values 2014-04-03 19:32:09 -04:00
jakedt
204fecc1f9 Restore the cache buster. 2014-04-02 12:22:32 -04:00
Joseph Schorr
9a79d1562a Change to store the pull robot on the repository build and only add the credentials to the queue item. This prevents the credentials from being exposed to the end user. Also fixes the restart build option 2014-04-01 21:49:06 -04:00
jakedt
3525e383df Merge remote-tracking branch 'origin/master' into pullinprivate
Conflicts:
	test/data/test.db
2014-04-01 18:28:48 -04:00
Joseph Schorr
35f69b9f5b Add support for .tar.gz build packs in the build package viewer 2014-04-01 00:23:53 -04:00
jakedt
d67a1cddc2 Merge remote-tracking branch 'origin/master' into pullinprivate
Conflicts:
	workers/dockerfilebuild.py
2014-03-31 18:10:34 -04:00
Joseph Schorr
2006917e03 Add support for pull credentials on builds and build triggers 2014-03-27 18:33:13 -04:00
jakedt
910fabe103 Disable that pesky browser cache in the ways that matter. 2014-03-26 18:36:59 -04:00
jakedt
f060fd6ae0 Fix and unify CSRF support across web and API endpoints. 2014-03-25 14:32:26 -04:00
jakedt
0992c8a47e Fix some permissions problems still around due to some usage of scopes as strings. 2014-03-19 18:21:58 -04:00
jakedt
c93c62600d Merge remote-tracking branch 'origin/master' into swaggerlikeus
Conflicts:
	data/database.py
	endpoints/api.py
	endpoints/common.py
	templates/base.html
	test/data/test.db
	test/specs.py
2014-03-19 15:39:44 -04:00
Joseph Schorr
807fa68fe4 Fix the remainder of the API usage tests. Note that this still fails when the blueprint is registered again, so each subset of tests has to be run on its own 2014-03-18 20:32:37 -04:00
jakedt
64071b9e8e Add a user info scope and thread it through the code. Protect the org modification API. 2014-03-18 19:21:27 -04:00
jakedt
3b3d71bfd7 Feed error messages through a cors wrapper so that people on other domains can see what's happening. 2014-03-17 16:57:35 -04:00
jakedt
5bb4008880 Fix cookie auth to work with oauth token auth. Make sure user loading is truly deferred to save DB connections. 2014-03-17 12:01:13 -04:00
Joseph Schorr
e759066ae0 Change ApiService to use the new swagger-backed discovery and the new /v1/ API endpoints. Also changes all other /api/ calls (the few that are still manually invoked) 2014-03-14 23:40:41 -04:00
Joseph Schorr
e5a461989f Add a check_repository_usage method which adds (or removes) a notification on the user/org when they go over their plan usage 2014-03-12 19:19:39 -04:00
Joseph Schorr
368a8da7db - Add data classes for notifications
- Add basic API for notifications
- Change the password required to be a notification
2014-03-12 00:49:03 -04:00
Joseph Schorr
c5fa12329c Update path matching regex to support dots 2014-03-11 14:42:53 -04:00
Joseph Schorr
e699739b23 Fix handling of repository names that match known endpoints (build, trigger, etc) and add tests to ensure it is fixed 2014-03-11 14:30:00 -04:00
jakedt
011490d36d Refactor a lot of the build create code out into a common method. Add an endpoint for manually starting triggers. 2014-02-25 19:39:43 -05:00
jakedt
b9580c1c29 Merge remote-tracking branch 'origin/master' into rustedbuilds 2014-02-25 17:19:15 -05:00
jakedt
9afd49e882 Leave ISEs as 400s, but log exceptions and have slightly improved error messages. 2014-02-25 17:19:02 -05:00
jakedt
de49ce151b Merge remote-tracking branch 'origin/master' into rustedbuilds 2014-02-25 17:00:38 -05:00
jakedt
fa4c925e4d Allow exception tracebacks to get logged to the log file. 2014-02-25 16:54:49 -05:00
jakedt
d5304f7db0 Merge remote-tracking branch 'origin/master' into rustedbuilds
Conflicts:
	data/database.py
	endpoints/api.py
	endpoints/common.py
	test/data/test.db
2014-02-21 14:52:40 -05:00
jakedt
b5d4919364 Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00
jakedt
e7064f1191 Fix the tests and the one bug that it highlighted. 2014-02-16 18:59:24 -05:00
Joseph Schorr
4ffb86314b Fix all non-test url_for’s 2014-01-30 17:23:21 -05:00
Joseph Schorr
310c98df50 Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00