Commit graph

88 commits

Author SHA1 Message Date
Joseph Schorr
693e47e063 Add additional assertions and further checks in storage code 2019-02-20 12:12:56 -05:00
Joseph Schorr
2cebf828a2
Merge pull request #3368 from quay/security-scan-set-opt
Change the security scan update query to only change the indexed row
2019-02-18 11:59:45 -05:00
Joseph Schorr
59e4896dbf Make absolutely sure we don't overwrite an existing storage checksum
Old V1 code would occasionally do so, which was never correct, but we never hit it because we didn't (practically) share storage rows before. Now that we explicitly do, we were occasionally de-checksum-ing storage rows on V1 pushes (which are extremely rare as-is). This change makes sure we don't do that, and makes sure we always set a proper digest and checksum on storage rows.
2019-02-16 12:40:53 -05:00
Joseph Schorr
10ee6be442 Change the security scan update query to only change the indexed row
This will mean we try to re-index other similar rows, but that's a no-op on the Clair side, and this update query is extremely heavy and easily interleaving locks
2019-02-15 18:13:42 -05:00
Joseph Schorr
0b706bc7c4 Make sure images in the process of being uploaded are not scanned by Clair 2019-02-08 16:20:44 -05:00
Joseph Schorr
bbaee0d3f2 Add additional logging for missing parent images 2019-02-06 17:34:18 -05:00
Joseph Schorr
65d5be23c7 Implement a manifest builder, to allow for easier management of state around constructing manifests 2018-09-28 15:52:43 -04:00
Joseph Schorr
6c5c2f1a75 Add new methods to registry data model interface in prep for moving verbs to using it 2018-08-29 16:38:54 -04:00
Joseph Schorr
a96c5a7f64 Optimize the new registry data model to avoid unnecessary queries 2018-08-24 11:25:24 -04:00
Brad Ison
d3d9cca182 Upgrade Peewee to latest 3.x
This requires a number of small changes in the data model code, as well as additional testing.
2018-07-23 12:43:23 -04:00
Joseph Schorr
7604e9842b Change repo filtering for users to use a user ID reference, rather than the username
While this means we need an additional query for initial lookup, it makes the *filtering* query (which is the heavy part) require far fewer joins, thus making it more efficient.

Also adds a new unit test to verify that our filter filters to the correct set of repositories.
2018-06-19 10:51:30 -04:00
Joseph Schorr
82da2042fd Add tests for image model, fix a small bug and remove an unused function 2018-04-04 13:13:52 -04:00
Joseph Schorr
8146646761 Simplifying queries around images and placements
Only verbs needs to load placements for multiple images, so we can vastly simplify and optimize most queries by making it two-step, and having the rest of the image loads not worry about placements
2018-04-03 16:23:49 -04:00
Joseph Schorr
9e16a989f5 Audit the number of SQL queries we make in writing manifests, and significantly reduce in the common case
Instead of 41 queries now for the simple manifest, we are down to 14.

The biggest changes:
  - Only synthesize the V1 image rows if we haven't already found them in the database
  - Thread the repository object through to the other model method calls, and use it instead of loading again and again
2018-01-25 11:10:43 -05:00
Joseph Schorr
e583be3914 Remove inner query for ancestors lookup on get_matching_tags 2017-04-28 20:10:54 -04:00
Jimmy Zelinskie
a780136337 workers.securityworker: revert to image querying 2017-03-10 17:37:40 -05:00
Jimmy Zelinskie
b9ac2b7b3b workers.securityworker: simplify min id 2017-03-03 14:51:18 -05:00
Jimmy Zelinskie
4ed0cdda14 securityscanner: add a min image id option
This will enable us to force some instances of the securityworker to
scan only new images.
2017-03-03 13:55:25 -05:00
Jake Moshenko
27f5f14f90 Linter fixes 2017-02-22 11:45:38 -05:00
Jake Moshenko
add6b654ae Move the total image count stat back to the prom stat worker 2017-02-22 11:45:38 -05:00
Jimmy Zelinskie
3d21af59fd data.model.image: fake QSS progress metric 2017-02-21 17:48:40 -05:00
Charlton Austin
edd9dcd7f6 Adding in some metrics around clair sec scan. 2016-12-01 16:50:02 -05:00
Joseph Schorr
3c8b87e086 Fix verbs in manifestlist
All registry_tests now pass
2016-09-26 14:49:58 -04:00
Joseph Schorr
ea18790dfe Get V1 registry code working with new model methods 2016-09-26 14:47:06 -04:00
Joseph Schorr
3d542b5e93 Handle KeyError nicer in _get_parent_image
Fixes #1810
2016-09-09 13:34:56 -04:00
Jake Moshenko
1d8b72235a Add a helper method to Image to parse ancestor string. 2016-09-07 10:48:58 -04:00
Joseph Schorr
34d49e2d44 Fix duplicate derived storage cache creation issue
Fixes #1699
2016-08-10 16:18:52 -04:00
josephschorr
9e6a264f5f Merge pull request #1523 from coreos-inc/verb-tag-cache-fix
Add a uniqueness hash to derived image storage to break caching over …
2016-06-20 16:38:25 -04:00
Joseph Schorr
a43b741f1b Add a uniqueness hash to derived image storage to break caching over tags
This allows converted ACIs and squashed images to be unique based on the specified tag.

Fixes #92
2016-06-20 16:34:52 -04:00
Joseph Schorr
894b5fed6f Remove TODO since we always need storage 2016-06-03 13:45:13 -04:00
Joseph Schorr
9a747ca6a0 Have get_parent_images not join on placements
The only case that needs the placements is in verbs, for which we use a new method
2016-06-03 13:33:15 -04:00
Quentin Machu
0183c519f7 Merge pull request #1253 from Quentin-M/clair2
Adapt securityworker, secscan API and Quay UI for Clair 1.0
2016-02-19 18:21:25 -05:00
Quentin Machu
e5da33578c Adapt security worker for Clair v1.0 (except notifications) 2016-02-19 17:44:14 -05:00
Joseph Schorr
abd2e3c234 V1 Docker ID <-> V2 layer SHA mismatch fix
Fix handling of V1 Docker ID <-> V2 layer SHA mismatch by dynamically rewriting the manifest to use new synthesized IDs for all layers above the mismatch. Also adds a bunch of tests for this and other use cases, fixes a bug around manifest digest uniqueness and fixes the 5.5 migration for MySQL.
2016-02-12 17:39:27 +02:00
Joseph Schorr
27f1cc0a13 Add a check that will fail if we try to mislink V1 layers
Also logs some useful information
2016-02-11 22:40:00 +02:00
Joseph Schorr
4e771e667f Change sec scan candidate query to match parents to the expected version only 2016-02-09 22:23:48 +02:00
Jake Moshenko
1ae101c917 Address torrent feature review comments. 2016-01-08 16:38:21 -05:00
Jake Moshenko
8f80d7064b Hash v1 uploads for torrent chunks 2016-01-05 14:43:40 -05:00
Jake Moshenko
8d5f4466d6 Cleanup some indentation and imports 2016-01-05 12:12:57 -05:00
Joseph Schorr
762cd56e64 Change derived storage to be based on image
Fixes #971
2015-11-24 12:44:07 -05:00
Joseph Schorr
f4266d08d2 Fix handling of aggregate size in V2
Fixes #931
2015-11-20 11:44:03 -05:00
Silas Sewell
1162814734 securityworker: mark children we can't analyze
This allows us to differentiate between images that are queued and those we
can't analyze in constant time.
2015-11-19 11:22:15 -05:00
Quentin Machu
f2d874386b Fix security worker (ok last time before I give up on engineering) 2015-11-18 21:21:00 -05:00
Quentin Machu
88e85cded0 Fix security worker (again?) 2015-11-18 19:45:09 -05:00
Quentin Machu
605ed1fc77 Refactor security worker 2015-11-18 14:38:32 -05:00
Jake Moshenko
e252397292 Switch parent back to a ForeignKeyField without a constraint 2015-11-17 16:09:33 -05:00
Jake Moshenko
ae61ebeac9 The translate placements query was renamed in v2 2015-11-17 12:24:05 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Jake Moshenko
44d06b0c2e Fix v1 backward compatibility 2015-11-12 16:22:19 -05:00