Antoine Legrand
9c68cbd6e8
Fix no search result for apps
2017-06-05 23:03:47 +02:00
Charlton Austin
52750e74ee
fix(add notification number): add explicit default
...
there is a possibility that this will not work with postgres
Issue: https://www.pivotaltracker.com/story/show/144646649
- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-05-22 09:55:40 -04:00
Charlton Austin
a71f60a9c1
Merge pull request #2652 from charltonaustin/failing_repository_notifications_to_be_disabled_after_n_failures_in_a_row_144646649
...
Failing repository notifications to be disabled after n failures in a row 144646649
2017-05-22 09:30:53 -04:00
Charlton Austin
993f2a174c
feat(full-stack): disable notifications after 3 failures
...
This stops notifications from firing over and over again if they are repeatedly failing.
[TESTING -> locally with docker compose, DATABASE MIGRATION -> there is a single migration]
Issue: https://www.pivotaltracker.com/story/show/b144646649n
- [ ] It works!
- [ ] Comments provide sufficient explanations for the next contributor
- [ ] Tests cover changes and corner cases
- [ ] Follows Quay syntax patterns and format
2017-05-19 16:58:46 -04:00
Joseph Schorr
065e327190
Make sure catalog always returns public repositories
2017-05-19 16:24:08 -04:00
Jimmy Zelinskie
702cdf59ff
Merge pull request #2637 from jzelinskie/audit-apps
...
Audit Logs for Apps
2017-05-16 17:06:25 -04:00
Jimmy Zelinskie
4db789b656
add audit logging to app registry endpoints
2017-05-16 15:54:02 -04:00
josephschorr
1dafddd7bf
Merge pull request #2623 from coreos-inc/ldap-user-creation
...
Disable federated login for new users if user creation is disabled
2017-05-15 15:07:52 -04:00
Joseph Schorr
b3d7577473
Disable federated login for new users if user creation is disabled
...
Fixes https://www.pivotaltracker.com/story/show/144821585
2017-05-15 15:07:08 -04:00
Joseph Schorr
db767b3610
Optimize lookup of org membership on prototype and perms APIs
...
Fixes a major slowdown when working with permissions under organizations with a lot of members
Fixes https://www.pivotaltracker.com/story/show/144076113
2017-05-08 14:03:59 -04:00
Joseph Schorr
9d97e053b3
Make sure to re-sort the filtered repositories in search
...
The filtering breaks the ordered we expected, so we need to re-sort
2017-05-03 18:38:46 -04:00
Joseph Schorr
0164b48a24
Switch repository search to order matches in repo names higher
...
Helps push better results to the top of the results list
2017-05-03 17:02:24 -04:00
josephschorr
19f67bfa1b
Merge pull request #2607 from coreos-inc/faster-security-notify
...
Batch the tag lookups in the security notification worker in an attempt to significant reduce load
2017-05-03 13:49:13 -04:00
Joseph Schorr
68d473bff4
Clarify comment and make pairs code a little nicer
2017-05-03 11:41:39 -04:00
Joseph Schorr
977bbc20a2
Add filtering onto the images query in get_matching_tags_for_images
...
Should make the query even faster in the security notification case
2017-05-02 18:29:14 -04:00
josephschorr
5a9a231754
Merge pull request #2529 from coreos-inc/search-ui
...
Implement new search UI
2017-05-02 15:56:59 -04:00
Joseph Schorr
d77463cc8b
Add sharing to the images lookup in get_matching_tags_for_images
...
Should prevent an issue if we ever get a request with thousands and thousands of images where we would exceed the DB's max packet size
2017-05-02 15:50:31 -04:00
Joseph Schorr
74dd0ef8e8
Add a batch get_matching_tags_for_images
method
...
This will be used in the security notification worker to retrieving the tags needed in a set of batch calls, rather than multiple calls per image
2017-05-02 15:38:25 -04:00
Joseph Schorr
b67113e848
Move LDAP controls init into the inner loop
...
We cannot use it across different DNs, so we need to move it down
2017-05-01 16:04:33 -04:00
Joseph Schorr
30a681343f
Make sure to escape LDAP queries
...
Fixes an issue in team sync around group names that contain *s
Fixes https://www.pivotaltracker.com/story/show/144628235
2017-05-01 14:00:54 -04:00
Joseph Schorr
e583be3914
Remove inner query for ancestors lookup on get_matching_tags
2017-04-28 20:10:54 -04:00
Joseph Schorr
8b2e4d3bcf
Add a test for get_matching_tags
2017-04-28 19:57:24 -04:00
Joseph Schorr
e9ffe0e27b
Implement new search UI
...
We now have both autocomplete-based searching for quick results, as well as a full search page for a full listing of results
2017-04-28 13:57:28 -04:00
Charlton Austin
f1d6a7284d
Merge pull request #2483 from charltonaustin/phase_four_config
...
feat(data): remove subdir
2017-04-28 13:24:22 -04:00
Charlton Austin
c79711b6dc
feat(data): remove subdir
...
### Description of Changes
This is the last step in the four phase migration of the config
2017-04-28 13:23:51 -04:00
josephschorr
8b148bf1d4
Merge pull request #2576 from coreos-inc/full-db-tests-tox
...
Reenable full database testing locally and in concourse
2017-04-27 18:09:15 -04:00
Joseph Schorr
dd1addee29
LDAP Team sync improvements
...
- Add a large amount of additional logging
- Handle NO_SUCH_OBJECT in AD searches
- Only check if *a* record exists when adding syncing, as opposed to loading the entire search set
2017-04-26 20:26:12 -04:00
EvB
fddcd0a395
fix(data.archivedlogs): update endpoint name
2017-04-26 17:31:44 -04:00
josephschorr
5c4f7d50c6
Merge pull request #2580 from coreos-inc/team-sync-email-fix
...
Fix handling of team sync when a user already exists with the email address
2017-04-26 14:19:23 -04:00
EvB
5e995fae20
refactor(archivedlogs): move archivelog handler to endpoints
2017-04-26 11:41:55 -04:00
Joseph Schorr
36f2272fe2
Fix handling of team sync when a user already exists with the email address
2017-04-25 17:42:35 -04:00
Joseph Schorr
d7f3ef96ce
Small fixes found by running full db tests
2017-04-24 16:45:15 -04:00
Joseph Schorr
7debd44b54
Switch fixture imports to wildcard in prep for full db test fixes
2017-04-24 16:45:14 -04:00
Jake Moshenko
a159bd3e77
Resolve race condition between multiple log archivers
2017-04-24 13:41:08 -04:00
Antoine Legrand
8499612c4c
Merge pull request #2538 from coreos-inc/enable-robot-cnr
...
Enable robot cnr
2017-04-24 17:32:46 +02:00
josephschorr
cc88cfb6ad
Merge pull request #2568 from coreos-inc/fix-postgres-search
...
Fix search in postgres
2017-04-21 17:22:59 -04:00
Joseph Schorr
e46e668cc5
Fix search in postgres
...
Stupid missing group_by again
2017-04-21 17:21:17 -04:00
Erica
fc5c255965
Merge pull request #2565 from coreos-inc/HOTFIX-2.3.1
...
fix(migration): bring hotfix from v2.3.0 into master
2017-04-21 17:12:51 -04:00
Joseph Schorr
5bba018009
Add tests for user files endpoint and add regex filter
2017-04-21 16:13:18 -04:00
Joseph Schorr
4bb725dce0
Add fix for relative paths in user files lookup and add test
2017-04-21 15:54:15 -04:00
Joseph Schorr
3413fc3d8a
Add missing logging for IOError issue in archived logs
2017-04-21 14:40:09 -04:00
EvB
c5b411b704
fix(migrations): fix column additional w/ boolean default
2017-04-21 11:56:13 -04:00
Joseph Schorr
3dcbe3c631
If enabled, allow users and orgs to set their time machine expiration
...
Fixes https://www.pivotaltracker.com/story/show/142881203
2017-04-21 11:32:45 -04:00
Joseph Schorr
c5bb9abf11
Fix deleting repos when sec scan or signing is disabled
...
Make sure we don't invoke the APIs to non-existent endpoints
2017-04-19 16:57:36 -04:00
Charlton Austin
38d4af0d8b
Merge pull request #2479 from charltonaustin/phase_three_config
...
feat(data): remove writing of old config
2017-04-18 10:25:50 -04:00
Antoine Legrand
599ce0de54
code-stye Yapf: 5 files updated
...
data/interfaces/appr.py endpoints/appr/cnr_backend.py endpoints/appr/registry.py endpoints/appr/test/test_api.py endpoints/appr/test/test_registry.py
2017-04-18 14:02:48 +02:00
Antoine Legrand
578f87f94c
Fix login with robot to quay-appr
2017-04-18 13:59:21 +02:00
Evan Cordell
2661db7485
Add flag to enable trust per repo ( #2541 )
...
* Add flag to enable trust per repo
* Add api for enabling/disabling trust
* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api
* Add `set_trust` method to repository
* Expose new logkind to UI
* Fix registry tests
* Rebase migrations and regen test.db
* Raise downstreamissue if trust metadata can't be removed
* Refactor change_repo_trust
* Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00
Joseph Schorr
626f306283
Add tests for list_active_tags
2017-04-14 17:53:31 -04:00
Joseph Schorr
4a1fad7520
Make sure to filter hidden tags from the active tags query
2017-04-13 19:29:38 -04:00
Joseph Schorr
ab2f044331
Switch get repo API to use a single list tags query
...
Should make things faster since the join occurs on the database side
2017-04-13 18:06:58 -04:00
Charlton Austin
40906afdd8
feat(data): remove writing of old config
...
### Description of Changes
Phase three of config data model change.
2017-04-13 13:25:36 -04:00
Joseph Schorr
68331859b0
Add backfill for repository search score table
2017-04-13 12:30:44 -04:00
josephschorr
c78ec89305
Merge pull request #2531 from coreos-inc/repo-score
...
Switch to using RepositorySearchScore table for search ranking
2017-04-13 11:51:59 -04:00
Evan Cordell
ec63e495fc
Add repo purge callbacks and register TUF metadata deletion as one
2017-04-12 17:33:51 -04:00
Joseph Schorr
80693d6b8c
Fix NPE bug in RAC worker
...
We need to return `None`, not `0` if there are no additional repositories to measure
2017-04-11 15:42:11 -04:00
Joseph Schorr
e5a009a777
Switch to using RepositorySearchScore table for search ranking
...
Should make search queries much, much faster as it contains the denormalized RAC data
2017-04-11 14:55:20 -04:00
josephschorr
928b9915ed
Merge pull request #2441 from coreos-inc/repo-score-denormalization
...
Add a RepositorySearchScore table and calculation to the RAC worker
2017-04-10 16:31:09 -04:00
Joseph Schorr
df3f47c79a
Add a RepositorySearchScore table and calculation to the RAC worker
...
This will be used in a followup PR to order search results instead of the RAC join. Currently, the join with the RAC table in search results in a lookup of ~600K rows, which causes searching to take ~6s. This PR denormalizes the data we need, as well as allowing us to score based on a wider band (6 months vs the current 1 week).
2017-04-10 14:29:02 -04:00
Erica
3f79422a52
Merge pull request #2306 from coreos-inc/QUAY-2842-audit-log-strict-config-option
...
feat(config.py): add setting for audit log strictness
2017-04-07 13:43:11 -04:00
EvB
20c4d971c4
refactor(model/log): pull allowed action types into constant
2017-04-07 11:39:54 -04:00
Jake Moshenko
a8ec7865a7
Merge pull request #2511 from jakedt/fixwarnings
...
Fixwarnings
2017-04-06 16:12:19 -04:00
Jake Moshenko
c7241911a5
Fix old-style flask imports to silence deprecation warnings.
2017-04-06 13:15:48 -04:00
Joseph Schorr
f9e6110f73
Add basic user interface for application repos
...
Adds support for creating app repos, viewing app repos and seeing the list of app repos in the Quay UI.
2017-04-05 11:30:09 -04:00
EvB
d0aaaaa1ef
test(data/model/log): add more log_action tests
...
temp
2017-04-05 11:26:10 -04:00
EvB
ea740d15ba
fix(model/log): log exception on swallowed db errors
2017-04-05 11:26:10 -04:00
EvB
625bd66b42
test(data/model): test action logging
2017-04-05 11:26:10 -04:00
EvB
6916d82e0d
feat(endpoints/trackhelper): wrap log op for silent fails
2017-04-05 11:26:10 -04:00
Joseph Schorr
b10608e277
Change teamsync config to be a UTF8 field
2017-04-03 14:16:34 -04:00
Joseph Schorr
bdd07d4f39
Fix flakiness in team sync tests
2017-04-03 11:36:42 -04:00
Joseph Schorr
bd22fb255e
Rename get_federated_user to get_and_link_federated_user_info
...
Better to be explicit wherever possible
2017-04-03 11:36:42 -04:00
Joseph Schorr
1a31d98c44
Clarify variable name in Keystone auth
2017-04-03 11:36:41 -04:00
Joseph Schorr
8c07f733eb
Add pagination tests for LDAP
2017-04-03 11:36:41 -04:00
Joseph Schorr
541aa722c2
Add sleeps to make test non-flaky
...
Sucks, but MySQL only has second-level timing, so we need this to be sure
2017-04-03 11:36:41 -04:00
Joseph Schorr
103186f5e8
Small renames to make team syncing code more clear
2017-04-03 11:36:41 -04:00
Joseph Schorr
7f0aa19292
Code cleanup and style improvements in team sync
2017-04-03 11:36:41 -04:00
Joseph Schorr
84e37b68ee
Change if statement to be more readable
2017-04-03 11:31:30 -04:00
Joseph Schorr
71d52d45ba
Add a test for same user returned twice in team sync
2017-04-03 11:31:30 -04:00
Joseph Schorr
d7825c6720
Add group iteration and syncing support to Keystone auth
2017-04-03 11:31:30 -04:00
Joseph Schorr
47278cc559
Cleanup test fixtures
2017-04-03 11:31:30 -04:00
Joseph Schorr
df603462b8
Add database migration for TeamSync
2017-04-03 11:31:29 -04:00
Joseph Schorr
96b9d6b0cd
Add end-to-end test for team sync
2017-04-03 11:31:29 -04:00
Joseph Schorr
4055158fc4
Fix indentation
2017-04-03 11:31:29 -04:00
Joseph Schorr
938730c076
Move sync team into its own module and add tests
2017-04-03 11:31:29 -04:00
Joseph Schorr
eeadeb9383
Initial interfaces and support for team syncing worker
2017-04-03 11:31:29 -04:00
Joseph Schorr
94b07e6de9
Allow nulls in last_updated field to accurately report the last updated time to users for newly sync teams
2017-04-03 11:31:29 -04:00
Joseph Schorr
8ea3977140
Add ability to enable, disable and view team syncing in UI and API
...
Also extracts out some common testing infrastructure to make testing APIs easier now using pytest
2017-04-03 11:31:29 -04:00
Joseph Schorr
bb20422260
Fix pagination disabling in LDAP with mockldap
...
Since mockldap doesn't support pagination, just disable it globally
2017-04-03 11:31:28 -04:00
Joseph Schorr
ecfac81721
Add check_group_lookup_args and service_metadata to auth providers
2017-04-03 11:31:28 -04:00
Joseph Schorr
1cfc4a8341
Change max size of LDAP pages and add filtering to reduce attributes returned
2017-04-03 11:31:28 -04:00
Joseph Schorr
f5a854c189
Add TeamSync database and API support
...
Teams can now have a TeamSync entry in the database, indicating how they are synced via an external group. If found, then the user membership of the team cannot be changed via the API.
2017-04-03 11:31:28 -04:00
Joseph Schorr
d718829f5d
Initial LDAP group member iteration support
...
Add interface for group member iteration on internal auth providers and implement support in the LDAP interface.
2017-04-03 11:31:28 -04:00
Charlton Austin
9ff189b16e
fix(migration merge issue): missing .save() on migration
2017-03-28 15:17:51 -04:00
Charlton Austin
d559dc7b3e
Fixing the migration path so we don't have incorrect branches.
2017-03-28 14:54:21 -04:00
Charlton Austin
ca99535774
Merge pull request #2449 from charltonaustin/phase_two_config
...
feat(build runner): added in context, dockerfile_location
2017-03-28 14:14:36 -04:00
Charlton Austin
e6d201e0b0
feat(build runner): added in context, dockerfile_location
...
this is a new feature meant to allow people to use any file as
a dockerfile and any folder as a context directory
2017-03-28 13:55:31 -04:00
Antoine Legrand
d2ed37e158
Fix force push causing duplicated entries
2017-03-27 15:39:57 +02:00
Antoine Legrand
22c1a29892
fix strip_sha256
2017-03-24 19:49:52 +01:00
Antoine Legrand
bbd74eabd1
Allow force push for app
2017-03-23 22:50:07 +01:00
Joseph Schorr
ac4a79ae01
Update PR for rebase
2017-03-23 15:57:49 -04:00
Joseph Schorr
651666b60b
Refactor our auth handling code to be cleaner
...
Breaks out the validation code from the auth context modification calls, makes decorators easier to define and adds testing for each individual piece. Will be the basis of better error messaging in the following change.
2017-03-23 15:42:45 -04:00
Joseph Schorr
dd9e4bf3e7
Remove transaction around OCI blobs
...
Fixes https://www.pivotaltracker.com/story/show/142341399
2017-03-23 14:51:37 -04:00
Jimmy Zelinskie
9c0cbbf57c
data.oci_model: sloppily rewrite digest format
...
We expect digests to be in the form 'sha256:digest'
2017-03-23 12:37:32 -04:00
Joseph Schorr
7d66f30d52
Fix filtering of repositories in search
2017-03-23 11:35:17 -04:00
Joseph Schorr
917d5e2550
Fix typos in data model
2017-03-23 11:14:08 -04:00
Joseph Schorr
05ce571e3e
Add missing return statement
2017-03-23 11:11:21 -04:00
Jimmy Zelinskie
d20ff785e6
data.model.repository: add back search fields
2017-03-23 10:46:04 -04:00
Jimmy Zelinskie
2bdd3d4fa1
data.oci_model.tag: add missing import
2017-03-23 00:58:57 -04:00
Jimmy Zelinskie
e872c310d0
data.oci_model: fix imports
2017-03-23 00:21:21 -04:00
Joseph Schorr
bdda74d6df
Make sure GC checks new Blob table as well before deleting CAS storage
2017-03-22 23:53:21 -04:00
Jimmy Zelinskie
ddad957a56
data.model.repository: add app methods
2017-03-22 21:51:55 -04:00
Jimmy Zelinskie
650723430b
data.interfaces.appr: init
2017-03-22 21:51:41 -04:00
Jimmy Zelinskie
9f684fa73f
data.oci_model: init with app methods
2017-03-22 21:51:28 -04:00
Jimmy Zelinskie
3ccf3c5f33
Merge pull request #2447 from jzelinskie/cnr-step2
...
CNR Step 2
2017-03-22 18:45:51 -04:00
Joseph Schorr
df1e7f90e0
Add verb security tests and fix small issues
2017-03-22 18:29:53 -04:00
Jimmy Zelinskie
d5fa2ad0c0
endpoints.verbs: abort 405 for non-container repos
2017-03-22 17:50:58 -04:00
Jimmy Zelinskie
40b638a981
data.migrations: rebase to HEAD of migration tree
2017-03-22 17:26:59 -04:00
Jimmy Zelinskie
48ba59d615
endpoints.v2: only work on docker repositories
2017-03-22 17:26:59 -04:00
Jimmy Zelinskie
72751592a3
data.interfaces.v1: document types
2017-03-22 15:51:19 -04:00
Jimmy Zelinskie
45f14f220d
data.model.repository: optimize by using kind_id
2017-03-22 15:51:19 -04:00
Joseph Schorr
30b532254c
Disallow non-apps-supported APIs for application repositories
2017-03-22 15:51:19 -04:00
Joseph Schorr
c3402fff5a
Add test to ensure we cannot create repos with the same name but different kinds
2017-03-22 14:34:32 -04:00
Jimmy Zelinskie
a2bac7dabd
endpoints.v1: only work on docker repositories
2017-03-22 14:31:22 -04:00
Jimmy Zelinskie
f086eea754
data.interfaces.v1: explicitly use kwargs
...
This fixes the function from accidentally using the wrong arguments
positionally for the new `repo_kind` kwarg.
2017-03-22 13:58:50 -04:00
Jimmy Zelinskie
d2a4c9d05a
data.model.repository: audited for repo_kind usage
2017-03-22 13:58:50 -04:00
Jimmy Zelinskie
074c1bc4a8
data.model._basequery: audited for repo_kind usage
2017-03-22 13:58:49 -04:00
Jimmy Zelinskie
f842bc3a82
data.migrations.migration.sh: wait 25s for mysql
...
Without this, there are frequent race conditions wheres the client fails
to connect to the server when using Docker For Mac.
2017-03-21 15:38:39 -04:00
Jimmy Zelinskie
4492d2f210
data.migrations: add repository kind
2017-03-21 15:38:38 -04:00
Jimmy Zelinskie
5b362da8ac
data.database: add RepositoryKind
2017-03-21 15:38:38 -04:00
Joseph Schorr
ff7f78e990
Have blob uploads be checked against configurable max layer size
2017-03-21 13:16:55 -04:00
Joseph Schorr
76de324ca8
Change blob upload ints into bigints
2017-03-21 13:14:11 -04:00
Charlton Austin
3502d9f61c
Merge pull request #2438 from charltonaustin/phase_one_config
...
refactor(data): add in new config for builder
2017-03-21 10:16:51 -04:00
Jimmy Zelinskie
6a538647e4
data.database: beta classes skip transitive delete
2017-03-20 18:41:39 -04:00
josephschorr
27aa12de7a
Merge pull request #2439 from coreos-inc/remove_redis_log_expiration
...
Switch from expire to delete redis log_entries
2017-03-20 13:41:57 -04:00
Charlton Austin
f701677a8e
refactor(data): add in new config for builder
...
we are doing phase one of the four phase migration on the builder config
2017-03-20 13:03:41 -04:00
Jimmy Zelinskie
0ea600628b
Merge pull request #2436 from jzelinskie/cnr-step1
...
CNR - Step 1
2017-03-17 15:37:29 -04:00
Jimmy Zelinskie
ad029fb331
data.migrations: don't use UTF-8 for unique fields
...
Unique indexes must have less than 767 bytes and UTF-8 encoding with 255
chars is beyond this maximum. Since this is an internal identifier, we
can be confident that we will not require UTF-8 for it in the future.
2017-03-17 15:21:24 -04:00
Jimmy Zelinskie
c915a40531
data.database: rm tag_kind from Tag indexes
...
These shouldn't be necessary.
2017-03-17 11:35:16 -04:00
Jimmy Zelinskie
0e32e77e99
data.database: document all CNR/OCI models
2017-03-17 11:35:16 -04:00
Jimmy Zelinskie
2a117f2d24
data.migrations: change CNR mimetypes to v0
...
Our initial CNR support is of a pre-v1 implementation of the
specification.
2017-03-17 11:33:16 -04:00
Jimmy Zelinskie
1e9ce85af6
data.database/migrations: remove repo_id from db
...
This also manually organizes and removes broken parts of the migration.
2017-03-17 11:33:16 -04:00
Antoine Legrand
8f323154ce
data.migrations: add OCI/CNR models
2017-03-17 11:33:16 -04:00
Antoine Legrand
c61024586d
data.database: add CNR/OCI models
2017-03-17 11:33:16 -04:00
Antoine Legrand
718aeeead8
Fix search group_by clause for PG
2017-03-17 16:30:24 +01:00
Antoine Legrand
ec847ce613
Switch from expire to delete redis log_entries
2017-03-17 15:35:47 +01:00
Joseph Schorr
e25c989fef
Add a cleanup worker for blob uploads
2017-03-16 13:36:59 -04:00
Joseph Schorr
e90cab4d77
Change revert tag into restore tag and add manifest support
2017-03-14 11:34:42 -04:00
Joseph Schorr
af743b156b
Show manifest digests in place of V1 ids in the tag view when possible
2017-03-14 11:34:41 -04:00
Jimmy Zelinskie
123d003d4e
Merge pull request #2424 from jzelinskie/qss-image
...
workers.securityworker: revert to image querying
2017-03-10 17:38:02 -05:00
Jimmy Zelinskie
a780136337
workers.securityworker: revert to image querying
2017-03-10 17:37:40 -05:00
josephschorr
cbac673d58
Merge pull request #2404 from coreos-inc/cas-gc-fix
...
Fix GC handling around CAS paths
2017-03-10 17:34:21 -05:00
josephschorr
432b2d3fe8
Merge pull request #2392 from coreos-inc/search-optimization
...
Optimize repository search by changing our lookup strategy
2017-03-10 15:44:26 -05:00
Jimmy Zelinskie
53eb579459
data.model.tag: find min *alive* tag
2017-03-10 13:15:35 -05:00
Joseph Schorr
b5bb76cdea
Optimize repository search by changing our lookup strategy
...
Previous to this change, repositories were looked up unfiltered in six different queries, and then filtered using the permissions model, which issued a query per repository found, making search incredibly slow. Instead, we now lookup a chunk of repositories unfiltered and then filter them via a single query to the database. By layering the filtering on top of the lookup, each as queries, we can minimize the number of queries necessary, without (at the same time) using a super expensive join.
Other changes:
- Remove the 5 page pre-lookup on V1 search and simply return that there is one more page available, until there isn't. While technically not correct, it is much more efficient, and no one should be using pagination with V1 search anyway.
- Remove the lookup for repos without entries in the RAC table. Instead, we now add a new RAC entry when the repository is created for *the day before*, with count 0, so that it is immediately searchable
- Remove lookup of results with a matching namespace; these aren't very relevant anyway, and it overly complicates sorting
2017-03-09 19:47:55 -05:00
Joseph Schorr
62312e6461
Add warning when CAS paths are skipped and ensure we are under a transaction
2017-03-08 17:01:07 -05:00
Joseph Schorr
69e550d125
Fix GC handling around CAS paths
...
Adds code to ensure we never GC CAS paths that are shared amongst multiple ImageStorage rows, as well as an associated pair of tests to catch the positive and negative cases.
2017-03-07 13:48:07 -05:00
Jimmy Zelinskie
40636d4103
find work based on tag IDs rather than image IDs
2017-03-06 17:09:57 -05:00
Jimmy Zelinskie
2cead05f53
data.model.tag: filter hidden for scan eligibility
2017-03-06 15:44:01 -05:00
Jimmy Zelinskie
904b902295
workers.securityworker: find eligible tag images
2017-03-06 14:37:34 -05:00
Jimmy Zelinskie
b9ac2b7b3b
workers.securityworker: simplify min id
2017-03-03 14:51:18 -05:00
Jimmy Zelinskie
4ed0cdda14
securityscanner: add a min image id option
...
This will enable us to force some instances of the securityworker to
scan only new images.
2017-03-03 13:55:25 -05:00
Joseph Schorr
8e863b8cf5
Implement new create and manager trigger UI
...
Implements the new trigger setup user interface, which is now a linear workflow found on its own page, rather than a tiny modal dialog
Fixes #1187
2017-02-28 16:51:42 -05:00
Joseph Schorr
8ec6221ca2
Fix health check
2017-02-24 12:23:18 -05:00
Joseph Schorr
c0f7530b29
Pull out JWT auth validation into validator class
...
Also fixes a small bug in validation (yay tests!)
2017-02-24 12:23:16 -05:00
josephschorr
f7a7d30ec2
Merge pull request #2366 from coreos-inc/alert-spam-fixes
...
Small fixes for alert spam
2017-02-22 14:18:18 -05:00
Joseph Schorr
478b1642b2
Eat AttributeError in peewee close database call
...
Fixes https://sentry.io/coreos/backend-production/issues/104257892/
2017-02-22 13:21:12 -05:00
Joseph Schorr
d29d2da1ca
Handle IntegrityError in tag update code
...
Fixes https://sentry.io/coreos/backend-production/issues/173470565/events/4938537230/
2017-02-22 13:20:04 -05:00
Joseph Schorr
ef9cb3757d
Check for missing repository on GC call
...
Fixes https://sentry.io/coreos/backend-production/issues/192273882/
2017-02-22 13:18:23 -05:00
Joseph Schorr
89b7c13da5
Catch team member invite missing exception
...
Fixes https://sentry.io/coreos/backend-production/issues/195926082/
2017-02-22 13:18:22 -05:00
Jake Moshenko
27f5f14f90
Linter fixes
2017-02-22 11:45:38 -05:00
Jake Moshenko
add6b654ae
Move the total image count stat back to the prom stat worker
2017-02-22 11:45:38 -05:00
Jimmy Zelinskie
3d21af59fd
data.model.image: fake QSS progress metric
2017-02-21 17:48:40 -05:00
Joseph Schorr
eece782038
Prevent peewee from loading the visibility every time
...
By calling `visibility` instead of `visibility_id`, peewee was issuing a SQL Select statement for the repository, which removes the benefit of the optimization
2017-02-17 12:09:48 -05:00
Joseph Schorr
421c5d6012
Fix bug where the login service ID doesn't exist
2017-02-16 16:27:53 -05:00
josephschorr
2a7d1fbe57
Merge pull request #2358 from coreos-inc/better-logging
...
Log more information to the action logs and display the namespaces for superusers
2017-02-14 16:38:35 -05:00
Charlton Austin
3fd8c8a60d
feature(app.py): adding queue_metrics to queues
...
publishing queue metrics for SRE
[none]
2017-02-14 16:01:28 -05:00
Joseph Schorr
11c931f781
Log more information to the action logs and display the namespaces for superusers
...
This helps superusers understand better what, exactly, is going on in the registry
2017-02-14 14:55:24 -05:00
Charlton Austin
85bcb63439
update(security_test.py): moving tests to new framework
...
We should be moving tests over to pytest
[none]
2017-02-02 13:40:00 -05:00
Joseph Schorr
b407f88a26
Remove unnecessary CloudWatch metrics
...
They are spamming the API and costing us a lot of money
2017-02-01 13:08:21 -05:00
josephschorr
01ec22b362
Merge pull request #2300 from coreos-inc/openid-connect
...
OpenID Connect support and OAuth login refactoring
2017-01-31 18:14:44 -05:00
Joseph Schorr
3324743bff
Fix db migration revision
2017-01-31 11:38:31 -05:00
Joseph Schorr
973a110ac7
Full text search for repository name and description
...
Adds support for searching full text against the name and description of a repository
[Delivers #134867401 ]
2017-01-31 11:38:31 -05:00
Joseph Schorr
d65d32b284
Convert model to use moved prefix_search method
2017-01-31 11:38:31 -05:00
Joseph Schorr
d89c79b92d
Full text support in peewee
...
Adds support for full text search in peewee with the creation of two new field types: `FullIndexedCharField` and `FullIndexedTextField`.
Note that this change depends upon https://github.com/zzzeek/sqlalchemy/pull/339
[Delivers #137453279 ]
[Delivers #137453317 ]
2017-01-31 11:38:31 -05:00
Joseph Schorr
fda203e4d7
Add proper and tested OIDC support on the server
...
Note that this will still not work on the client side; the followup CL for the client side is right after this one.
2017-01-23 17:53:34 -05:00
Evan Cordell
28813159e5
fix(userevent): ignore subscribe notifications in userevents
...
[Fixes #138007389 ]
2017-01-20 13:38:02 -05:00
Joseph Schorr
71ec23b550
Switch QueueItem state_id to be unique after a backfill
2017-01-18 17:43:41 -05:00
josephschorr
e2748fccd9
Merge pull request #2282 from coreos-inc/motd-updates
...
Severity and Markdown support in MOTD
2017-01-18 17:41:27 -05:00
Joseph Schorr
3106504f39
Severity and Markdown support in MOTD
...
[Delivers #133555165 ]
2017-01-18 16:55:32 -05:00
Joseph Schorr
af23d2bedd
Remove unique from queue item state_id
2017-01-18 15:04:26 -05:00
Joseph Schorr
3cf8f6c28a
Cleanup user event reporting and lower its timeout
2017-01-18 11:27:00 -05:00
Joseph Schorr
462f47924e
More detailed namespace validation
...
Fixes namespace validation to use the proper regex for checking length, as well as showing the proper messaging if the entered namespace is invalid
[Delivers #137830461 ]
2017-01-17 17:31:59 -05:00
josephschorr
aafcb592a6
Merge pull request #2257 from coreos-inc/clair-gc-take2
...
feat(gc): Garbage collection for security scanning
2017-01-17 14:49:36 -05:00
Joseph Schorr
8c4e86f48b
Change queue to use state-field for claiming items
...
Before this change, the queue code would check that none of the fields on the item to be claimed had changed between the time when the item was selected and the item is claimed. While this is a safe approach, it also causes quite a bit of lock contention in MySQL, because InnoDB will take a lock on *any* rows examined by the `where` clause of the `update`, even if they will ultimately thrown out due to other clauses (See: http://dev.mysql.com/doc/refman/5.7/en/innodb-locks-set.html : "A ..., an UPDATE, ... generally set record locks on every index record that is scanned in the processing of the SQL statement. It does not matter whether there are WHERE conditions in the statement that would exclude the row. InnoDB does not remember the exact WHERE condition, but only knows which index ranges were scanned").
As a result, we want to minimize the number of fields accessed in the `where` clause on an update to the QueueItem row. To do so, we introduce a new `state_id` column, which is updated on *every change* to the QueueItem rows with a unique, random value. We can then have the queue item claiming code simply check that the `state_id` column has not changed between the retrieval and claiming steps. This minimizes the number of columns being checked to two (`id` and `state_id`), and thus, should significantly reduce lock contention. Note that we can not (yet) reduce to just a single `state_id` column (which should work in theory), because we need to maintain backwards compatibility with existing items in the QueueItem table, which will be given empty `state_id` values when the migration in this change runs.
Also adds a number of tests for other queue operations that we want to make sure operate correctly following this change.
[Delivers #133632501 ]
2017-01-17 13:29:26 -05:00
Joseph Schorr
19cb64df5d
Remove unused class
2017-01-17 13:26:09 -05:00
Joseph Schorr
7f63cbd14f
Remove FOR UPDATE
in Queue cancel and complete
...
We have no need for them anymore and it should reduce lock contention a bit
Fixes #776
2017-01-17 13:26:09 -05:00
Charlton Austin
ca832df975
Adding in new indices for queueitem table.
2017-01-17 10:04:31 -05:00
Joseph Schorr
1cbacbbb63
Add tool for handling abusing users
2017-01-13 14:42:03 -05:00
Joseph Schorr
5225642850
Garbage collection image+storage callback support
...
Add support to GC to invoke a callback with the image+storages removed. Only images whose storage was also removed will be sent to the callback. This will be used by security scanning for its own GC in the followup change.
2016-12-22 14:27:42 -05:00
Joseph Schorr
e2efb6c458
Add default and configurable LDAP timeouts
...
Fixes https://www.pivotaltracker.com/story/show/135885019
2016-12-19 11:53:06 -05:00