Commit graph

66 commits

Author SHA1 Message Date
Joseph Schorr
d6fd2fcb8f Fix config setup tool contact field to allow removal of empty non-URL fields
We just need to clear the binding when the value entered is completely empty

Fixes https://jira.coreos.com/browse/QUAY-815
2018-06-01 13:50:39 -04:00
Joseph Schorr
111ba8f7ee Changes missing from the license removal code 2018-03-27 16:18:56 -04:00
Joseph Schorr
de47b13c24 Add superuser config for Azure blob storage 2018-02-06 13:48:40 -05:00
Joseph Schorr
b0f656731c Add support for configuring CloudFront storage engine
Fixes https://jira.coreos.com/browse/QS-116
2018-01-31 11:22:14 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
72bfebdb60 Add license validation to the config validation check
Should prevent a customer from accidentally saving a config that violates their license

Fixes https://jira.coreos.com/browse/QS-97
2017-12-19 13:44:08 -05:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth
OIDC internal auth support
2017-10-02 16:51:17 -04:00
Joseph Schorr
9a4c87795f Fix contacts setup in superuser panel
Adds a missing import
2017-09-14 15:40:11 -04:00
Joseph Schorr
bc82edb2d1 Add ability to configure OIDC internal auth engine via superuser panel 2017-09-12 12:23:52 -04:00
Joseph Schorr
a13235c032 Fix typo 2017-07-10 18:35:51 +03:00
Joseph Schorr
661c0e6432 Add superuser configuration for action log rotation 2017-07-10 13:22:29 +03:00
Joseph Schorr
2b9873483a Enable toggling of the direct login feature in the superuser panel
Allows superusers to disable login to the UI via credentials if at least one OIDC provider is configured
2017-05-24 12:57:55 -04:00
Joseph Schorr
3dcbe3c631 If enabled, allow users and orgs to set their time machine expiration
Fixes https://www.pivotaltracker.com/story/show/142881203
2017-04-21 11:32:45 -04:00
Joseph Schorr
835acfc58e Make custom cert upload not hang and handle errors properly 2017-03-29 16:06:15 -04:00
Joseph Schorr
e509eb4cba Better custom cert handling in the superuser tool
We now only allow certificates ending in .crt to be uploaded and we automatically install the certificate once it has been validated
2017-03-24 17:15:26 -04:00
Joseph Schorr
1146b62c13 Add superuser config panel support for OIDC login 2017-02-28 16:18:34 -05:00
Joseph Schorr
7e0fbeb625 Custom SSL certificates config panel
Adds a new panel to the superuser config tool, for managing custom SSL certificates in the config bundle

[Delivers #135586525]
2017-01-13 14:34:35 -05:00
Joseph Schorr
f4bcf68928 Add support for custom ports on RADOS and S3 storage engines 2016-12-01 14:23:18 -05:00
josephschorr
74e54bdbbb Merge pull request #1872 from coreos-inc/qe-torrent
Add QE setup tool support for BitTorrent downloads
2016-11-11 13:56:22 -05:00
Joseph Schorr
681f975df5 Add QE setup tool support for BitTorrent downloads
Fixes #1871
2016-11-02 17:32:12 -04:00
Jake Moshenko
45bacbabaa s/Regions/Deployments 2016-10-24 16:04:04 -04:00
Joseph Schorr
213cc856e4 Fix UI for real license handling
Following this change, the user gets detailed errors and entitlement information
2016-10-19 17:49:15 -04:00
Joseph Schorr
7a6fb7554d Only attempt to load the license for the setup tool once there is a valid user
Prevents the 401 session expired box from appearing
2016-10-17 21:57:17 -04:00
Joseph Schorr
ee96693252 Add superuser config section for updating license 2016-10-17 21:44:25 -04:00
Joseph Schorr
5a8200f17a Add option to properly handle external TLS
Fixes #1984
2016-10-13 14:49:29 -04:00
Joseph Schorr
14b93f72ff Make S3 access key and secret key optional, enabling IAM.
If not specified, then boto will fallback to reading the credentials from IAM if on an EC2 machine. This should be safe as the validator will still ensure the credentials work if not specified.

Fixes #1707
2016-08-11 17:17:36 -04:00
Joseph Schorr
adaeeba5d0 Allow for multiple user RDNs in LDAP
Fixes #1600
2016-07-07 14:46:38 -04:00
Joseph Schorr
40ec2fcfd0 Fix enter key in password dialogs 2016-06-09 14:45:48 -04:00
Joseph Schorr
60bbca2185 Fix setup tool when binding to external auth
We now query the external auth provider for the external service's identifier before adding the linking row into the database. This fixes the case where the external service resolves a different identifier for the same username.

Fixes #1477
2016-05-23 17:11:36 -04:00
Joseph Schorr
f2b3c89ec9 Fix checkboxes in setup tool to use a directive
Fixes #1481
2016-05-20 12:23:32 -05:00
Joseph Schorr
4aab834156 Move to Angular 1.5
This has been reasonably well tested, but further testing should be done on staging.

Also optimizes avatar handling to use a constant size and not 404.

Fixes #1434
2016-05-17 16:32:08 -04:00
Joseph Schorr
9113fcecb5 Add basic Swift V3 support 2016-05-16 14:57:59 -04:00
Joseph Schorr
2cbdecb043 Implement setup tool support for Clair
Fixes #1387
2016-05-04 13:40:50 -04:00
Joseph Schorr
09f252a7e1 Fix handling of default values in string config fields
Fixes #1322
2016-04-22 13:55:47 -04:00
Joseph Schorr
1940fd9939 Add UI to the setup tool for enabling ACI conversion
Fixes #1211
2016-02-17 12:05:48 -05:00
Joseph Schorr
04f96ea859 Fix upload file boxes in config setup 2015-12-07 15:55:55 -05:00
Matt Jibson
b3c2388618 Allow setting of boto's S3 host for SIGv4
The problem only happens when a user has configured the new AWS Frankfurt
region for their S3 backend. It is the only region to require the new
v4 signature. All other regions support both v2 and v4. I'm not sure
which version is used by default on US Standard.

We could attempt to figure out where the bucket is hosted based on its
DNS resolution and auto-populate the host field that way. But I think
the amount of effort to have that work correctly outweighs its benefit
for such a simple solution.

fixes #863
fixes #764
2015-11-18 17:19:33 -05:00
Silas Sewell
5000b1621c superuser: add storage replication config 2015-11-09 17:34:22 -05:00
Joseph Schorr
6f2271d0ae Add support for direct download in Swift storage engine
Fixes #483
2015-09-14 18:00:03 -04:00
josephschorr
0823ba5c46 Merge pull request #441 from coreos-inc/ersetupimprove
ER setup improvements
2015-09-02 17:46:53 -04:00
Joseph Schorr
587ef85c7f Allow users to choose the version of Swift to use
Fixes #442
2015-09-02 17:46:14 -04:00
Joseph Schorr
f6cca81178 Handle hostname changes in the config panel
Fixes #436
2015-09-02 17:21:38 -04:00
Joseph Schorr
397dc139a5 Don't accidentally overwrite true values from config 2015-08-05 13:52:48 -04:00
Joseph Schorr
38a6b3621c Automatically link the superuser account to federated service for auth
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
2015-07-22 13:37:23 -04:00
Joseph Schorr
066637f496 Basic Keystone Auth support
Note: This has been verified as working by the end customer
2015-07-20 10:55:21 -04:00
Joseph Schorr
bb07d0965f Allow SSL cert for the database to be configured
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
2015-06-29 08:08:10 +03:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
Joseph Schorr
5845e37e32 Add Swift storage library 2015-05-26 16:05:21 -04:00
Joseph Schorr
4f2a1b3734 Add setup UI for the new trigger types (bitbucket and gitlab) and add validation 2015-05-03 11:50:26 -07:00