vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
6912 commits 2 branches 62 tags 205 MiB
Commit graph

652 commits

Author SHA1 Message Date
Joseph Schorr
7c1bb886db Security scanner ordered tuplize bug fix 
If only the old list is present, we still need to tuplize the entries.

Fixes https://sentry.io/coreos/backend-production/issues/207196561/
 2017-01-24 13:16:44 -05:00
Joseph Schorr
19f7acf575 Lay foundation for truly dynamic external logins 
Moves all the external login services into a set of classes that share as much code as possible. These services are then registered on both the client and server, allowing us in the followup change to dynamically register new handlers
 2017-01-20 15:21:08 -05:00
Joseph Schorr
4755d08677 Refactor and rename the standard OAuth services 2017-01-19 15:23:15 -05:00
Joseph Schorr
bee2551dc2 Temporarily remove Dex login support 
This will be added back in later in this PR as part of proper generic OIDC support
 2017-01-19 14:51:12 -05:00
Joseph Schorr
7c7a07fb5a Allow namespaces to be between 2 and 255 characters in length 
[Delivers #137924329]
 2017-01-19 13:10:26 -05:00
Joseph Schorr
462f47924e More detailed namespace validation 
Fixes namespace validation to use the proper regex for checking length, as well as showing the proper messaging if the entered namespace is invalid

[Delivers #137830461]
 2017-01-17 17:31:59 -05:00
josephschorr
aafcb592a6 Merge pull request #2257 from coreos-inc/clair-gc-take2 
feat(gc): Garbage collection for security scanning
 2017-01-17 14:49:36 -05:00
josephschorr
eb2cafacd4 Merge pull request #2249 from coreos-inc/notifier-fixes 
Security notification pagination fix
 2017-01-17 11:33:25 -05:00
josephschorr
ac8cddc5a9 Merge pull request #2274 from coreos-inc/custom-cert-management 
Custom SSL certificates config panel
 2017-01-13 16:24:47 -05:00
josephschorr
6539fa3b20 Merge pull request #2259 from coreos-inc/delete-abuse-tool 
Add tool for handling abusing users
 2017-01-13 16:22:15 -05:00
Joseph Schorr
1cbacbbb63 Add tool for handling abusing users 2017-01-13 14:42:03 -05:00
Joseph Schorr
7e0fbeb625 Custom SSL certificates config panel 
Adds a new panel to the superuser config tool, for managing custom SSL certificates in the config bundle

[Delivers #135586525]
 2017-01-13 14:34:35 -05:00
Joseph Schorr
3a24871422 Add SSL certificate utility and tests 2017-01-10 17:06:13 -05:00
Joseph Schorr
f1c9965edf Add more volume file operations and cleanup k8s provider code 2017-01-10 17:06:13 -05:00
Joseph Schorr
29d6abddb5 Linter fixes 2017-01-10 17:06:13 -05:00
EvB
a7122db250 fix(cloudwatch): randomize sleep interval 2017-01-05 11:41:12 -05:00
Jake Moshenko
6c84b9330b Merge pull request #2251 from jakedt/fixaci 
Fix port mapping for ACI conversion from newer Docker manifests.
 2016-12-27 14:13:03 -05:00
Joseph Schorr
d609e6a1c4 Security scanner garbage collection support 
Adds support for calling GC in the security scanner for any layers+storage removed by GC on the Quay side
 2016-12-22 14:55:26 -05:00
Joseph Schorr
9413e25123 Change georeplication queuing to use new batch system 2016-12-21 17:44:30 -05:00
Jake Moshenko
d58a1ca35a Fix port mapping for ACI conversion from newer Docker manifests. 2016-12-20 14:01:06 -05:00
Joseph Schorr
5b3212ea0e Change security notification code to use the new stream diff reporters 
This ensures that even if security scanner pagination sends Old and New layer IDs on different pages, they will properly be handled across the entire notification.

Fixes https://www.pivotaltracker.com/story/show/136133657
 2016-12-20 12:50:19 -05:00
Joseph Schorr
ced0149520 Implement helper classes for tracking streaming diffs, both indexed and non-indexed 
These classes will be used to handle the Layer ID paginated diffs from Clair.
 2016-12-20 12:50:18 -05:00
Joseph Schorr
405eca074c Security scanner flow changes and auto-retry 
Changes the security scanner code to raise exceptions now for non-successful operations. One of the new exceptions raised is MissingParentLayerException, which, when raised, will cause the security worker to perform a full rescan of all parent images for the current layer, before trying once more to scan the current layer. This should allow the system to be "self-healing" in the case where the security scanner engine somehow loses or corrupts a parent layer.
 2016-12-16 15:38:09 -05:00
josephschorr
9fa16679f8 Merge pull request #2238 from coreos-inc/fake-clair 
Add a fake security scanner class for easier testing
 2016-12-15 20:51:24 -05:00
Brad Ison
2730c26b2e Merge pull request #2237 from coreos-inc/metrics-labels 
Don't record size in chunk upload metrics
 2016-12-15 14:20:34 -05:00
Brad Ison
df7366eace Add chunk size metric 2016-12-15 13:20:16 -05:00
Joseph Schorr
15041ac5ed Add a fake security scanner class for easier testing 
The FakeSecurityScanner mocks out all calls that Quay is expected to make to the security scanner API, and returns faked data that can be adjusted by the calling test case
 2016-12-14 17:11:45 -05:00
Brad Ison
8f59ac1251 Don't record size in chunk upload metrics 2016-12-14 12:16:02 -05:00
Joseph Schorr
6871eb95b1 Send notifications for previously unscannable layers in QSS 
Following this change, if an image was previously indexed unsuccessfully, then we will send notifications once successfully indexed
 2016-12-14 11:25:45 -05:00
Joseph Schorr
624b2a8385 Have security scanner analyze only send notifications for *new* layers 
Following this change, anytime a layer is indexed by the security scanner, we only send notifications out if the layer previously had a security_indexed_engine value of `-1`, thus ensuring it has *never* been indexed previously. This will allow us to change to version of the security scanner upwards, and have all the images be re-indexed, without firing off notifications in a spammy manner.
 2016-12-13 23:17:11 -05:00
Evan Cordell
5686c80af1 Revert "Add GC of layers in Clair" 
This reverts 49872838ab
 2016-12-13 18:40:58 -05:00
Evan Cordell
dd5f7cbe6c Fix the ephemeral build metrics 2016-12-13 18:28:04 -05:00
Joseph Schorr
1e5b97318a Fix loading of public keys for OIDC under Linux 
Python's crypto lib under Linux has issues with loading PEM-encoded keys, so we just load it as a DER here and give PyJWT the key *instance* to use directly.
 2016-12-09 14:26:56 -05:00
Joseph Schorr
dbdcb802b1 Add end-to-end OAuth login and attach tests 2016-12-08 18:35:42 -05:00
Joseph Schorr
49872838ab Add GC of layers in Clair 
Fixes https://www.pivotaltracker.com/story/show/135583207
 2016-12-06 19:52:56 -05:00
Jake Moshenko
21e3001446 Add a bulk insert for queue and notifications. 
Use it for Clair spawned notifications.
 2016-12-06 14:00:16 -05:00
Charlton Austin
edd9dcd7f6 Adding in some metrics around clair sec scan. 2016-12-01 16:50:02 -05:00
Joseph Schorr
236655adb4 Fix config validator for storage and add a test suite 
Note that the test suite doesn't fully verify that each validation succeeds; rather, it ensures that the proper system (storage, security scanning, etc) is called with the configuration and returns at all (usually with an expected error). This should prevent us from forgetting to update these code paths when we change config-based systems. Longer term, we might want to have these tests stand up fake/mock versions of the endpoint services as well, for end-to-end testing.
 2016-11-30 11:58:41 -05:00
Joseph Schorr
1a61ef4e04 Report the user's name and company to Marketo 
Also fixes the API to report the other changes (username and email) as well
 2016-11-14 17:34:50 -05:00
josephschorr
74e54bdbbb Merge pull request #1872 from coreos-inc/qe-torrent 
Add QE setup tool support for BitTorrent downloads
 2016-11-11 13:56:22 -05:00
Jake Moshenko
b5834a8a66 Collapse all migrations prior to 2.0.0 into one. 2016-11-10 17:31:00 -05:00
Joseph Schorr
74c3346562 Add a warning bar when the license will become invalid in a week 2016-11-08 14:24:55 -05:00
Joseph Schorr
4b926ae189 Add new metrics as requested by some customers 
Note that the `status` field on the pull and push metrics will eventually be set to False for failed pulls and pushes in a followup PR
 2016-11-03 15:28:40 -04:00
Joseph Schorr
681f975df5 Add QE setup tool support for BitTorrent downloads 
Fixes #1871
 2016-11-02 17:32:12 -04:00
josephschorr
840ea4e768 Merge pull request #2047 from coreos-inc/external-auth-email-optional 
Make email addresses optional in external auth if email feature is turned off
 2016-10-31 14:16:33 -04:00
Joseph Schorr
3a473cad2a Enable permanent sessions 
Fixes #1955
 2016-10-31 13:52:09 -04:00
Joseph Schorr
d7f56350a4 Make email addresses optional in external auth if email feature is turned off 
Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
 2016-10-31 13:50:24 -04:00
josephschorr
934cdecbd6 Merge pull request #1905 from coreos-inc/external-auth-search 
Add support for entity search against external auth users not yet linked
 2016-10-27 16:06:42 -04:00
Joseph Schorr
b3d1d7227c Add support to Keystone Auth for external user linking 
Also adds Keystone V3 support
 2016-10-27 15:42:03 -04:00
Joseph Schorr
fbb524e34e Add support to ExternalJWT Auth for external user linking 2016-10-27 15:42:03 -04:00
Jake Moshenko
45bacbabaa s/Regions/Deployments 2016-10-24 16:04:04 -04:00
josephschorr
67dde6e154 Merge pull request #1852 from coreos-inc/underscore_orgs 
Better handling of namespace validation to fix a number of issues
 2016-10-20 13:36:32 -04:00
Joseph Schorr
3a68740ff7 Better handling of namespace validation to fix a number of issues 
- Fixes a bug which allows for underscores at the beginning of namespaces: Fixes #1849
- Allows dots and dashes for newer Docker clients: Fixes #1188
- Has the UI display better messaging associated with namespace entry
 2016-10-20 13:32:22 -04:00
Joseph Schorr
213cc856e4 Fix UI for real license handling 
Following this change, the user gets detailed errors and entitlement information
 2016-10-19 17:49:15 -04:00
Joseph Schorr
2eabf1a291 Fix tests and test provider for real license format 2016-10-18 23:44:08 -04:00
Jake Moshenko
9f1c12e413 Refactor our license code to be entitlement centric. 2016-10-18 22:33:28 -04:00
Jake Moshenko
d90398e9ff Change the monthly license grace period to 11 months. 2016-10-18 18:46:40 -04:00
Joseph Schorr
67f828279d Switch the license validator to use config_provider and have a test license 
Fixes the broken tests currently which try (and fail) to read the license file
 2016-10-18 11:44:13 -04:00
Joseph Schorr
ee96693252 Add superuser config section for updating license 2016-10-17 21:44:25 -04:00
Jimmy Zelinskie
5fee4d6d19 *: misc formatting cleanup 2016-10-17 21:43:45 -04:00
Jimmy Zelinskie
a42eb09a3e util.license: make bp-modification a method 2016-10-17 21:43:45 -04:00
Jimmy Zelinskie
6eb26d7998 configproviders: pass filemode when opening volume 2016-10-17 21:43:45 -04:00
Jimmy Zelinskie
0c5400b7d1 enforce license across registry blueprints 2016-10-17 21:43:45 -04:00
Joseph Schorr
8fe29c5b89 Add license upload step to the setup flow 
Fixes #853
 2016-10-17 21:43:15 -04:00
Joseph Schorr
5211c407ff Add license checking to Quay 
Based off of mjibson's changes

Fixes #499
 2016-10-17 21:43:15 -04:00
josephschorr
78f87d96bc Merge pull request #1986 from coreos-inc/external-tls 
Add option to properly handle external TLS
 2016-10-15 16:05:28 -04:00
Jake Moshenko
f04b018805 Write our users to Marketo as leads. 2016-10-14 16:29:11 -04:00
Jake Moshenko
013e27f7d5 Clean up mixpanel analytics a bit. 2016-10-13 15:03:04 -04:00
Joseph Schorr
5a8200f17a Add option to properly handle external TLS 
Fixes #1984
 2016-10-13 14:49:29 -04:00
Joseph Schorr
6ea51afa66 Add a configurable prometheus namespace for all metrics 
Fixes #1918
 2016-10-05 10:33:35 +03:00
josephschorr
684ace3b5a Merge pull request #1761 from coreos-inc/nginx-direct-download 
Add feature flag to force all direct download URLs to be proxied
 2016-09-29 22:46:57 +02:00
Evan Cordell
832ee89923 Add duration metric collector decorator (#1885) 
Track time-to-start for builders
Track time-to-build for builders
Track ec2 builder fallbacks
Track build time
 2016-09-29 15:44:06 -04:00
Joseph Schorr
6ae3faf7fc Add explicit config parameter to the JWT auth methods 2016-09-29 11:15:20 +02:00
Joseph Schorr
dd2e086a20 Add feature flag to force all direct download URLs to be proxied 
Fixes #1667
 2016-09-29 11:13:41 +02:00
Jimmy Zelinskie
fc7301be0d *: fix legacy imports 
This change reorganizes imports and renames the legacy flask extensions.
 2016-09-28 20:17:14 -04:00
Jimmy Zelinskie
ae16d24fd1 license: validate via key instance rather than PEM 2016-09-28 15:44:28 -04:00
josephschorr
e1771abe58 Merge pull request #739 from coreos-inc/license 
Add license checking to Quay
 2016-09-27 16:52:08 +02:00
Joseph Schorr
476576bb70 Add license checking to Quay 
Based off of mjibson's changes

Fixes #499
 2016-09-27 10:31:34 +02:00
Joseph Schorr
3c8b87e086 Fix verbs in manifestlist 
All registry_tests now pass
 2016-09-26 14:49:58 -04:00
Jimmy Zelinskie
59529569dc reorder imports 2016-09-26 14:48:05 -04:00
josephschorr
ad4efba802 Merge pull request #1830 from coreos-inc/superuser-dashboard 
Add prometheus stats to enable better dashboarding
 2016-09-26 17:19:22 +02:00
Joseph Schorr
25ed99f9ef Add feature flag to turn off requirement for team invitations 
Fixes #1804
 2016-09-20 16:45:00 -04:00
Joseph Schorr
c7beea2032 Fix handling of custom LDAP cert 
This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs

Fixes #1846
 2016-09-19 17:55:08 -04:00
Joseph Schorr
1571b2867a Add executor name to the build metric 2016-09-16 16:26:04 -04:00
Joseph Schorr
30af8aef1a Add a worker for reporting global stats to Prometheus 
Fixes #1789
 2016-09-12 16:19:19 -04:00
Joseph Schorr
818ea38dac Add repo-specific reporting of repository builds 2016-09-09 15:36:54 -04:00
Joseph Schorr
c8a1b8abab Add prom stats for repository push, pull and verb actions 2016-09-09 15:13:58 -04:00
Jake Moshenko
1d8b72235a Add a helper method to Image to parse ancestor string. 2016-09-07 10:48:58 -04:00
josephschorr
480d890442 Merge pull request #1771 from coreos-inc/kubernetes-save-error 
Make sure the Quay Enterprise Kubernetes namespace exists
 2016-08-30 12:59:00 -04:00
Joseph Schorr
3f9c82462f Make sure the Quay Enterprise Kubernetes namespace exists 
Prevents config from failing to save. Also clarifies any other errors that do occur.

Fixes #1449
 2016-08-30 12:58:39 -04:00
Joseph Schorr
aa7c87d765 Fix locking via RedLock 
Fixes #1777
 2016-08-29 16:06:26 -04:00
Joseph Schorr
608ffd9663 Basic labels support 
Adds basic labels support to the registry code (V2), and the API. Note that this does not yet add any UI related support.
 2016-08-26 15:24:26 -04:00
Joseph Schorr
193040a473 Fix tag links 
Fixes #1741
 2016-08-17 15:06:10 -04:00
Joseph Schorr
afc2705b1c Have email read the enterprise logo 2016-08-09 12:18:35 -04:00
Ben Spoon
b0e34692cf Merge pull request #1674 from coreos-inc/new-quay-emails 
New quay emails
 2016-08-09 09:12:54 -07:00
Ben Spoon
2b92fded68 emails: address review feedback 2016-08-08 13:29:47 -07:00
Ben Spoon
004b834c72 emails: only show quay footer if coming from hosted 2016-08-04 11:55:55 -07:00
Ben Spoon
46a720285a emails: update payment failure admin link 
addresses issue #1623
 2016-08-04 11:55:50 -07:00
Ben Spoon
5019ef0b6b emails: change the app_link_handler to return just a uri 
There is no need for an anchor tag any longer.
 2016-08-04 11:55:48 -07:00
Joseph Schorr
770ac0016e Change validate method to work for all storages 2016-08-02 15:01:37 -04:00