Commit graph

216 commits

Author SHA1 Message Date
Jimmy Zelinskie
e18dacd26b extend torrent webseed lifetime to an hour 2016-02-08 17:57:28 -05:00
Joseph Schorr
b4bddacedb Switch to Fernet crypto as per gtank's recommendation 2016-01-26 12:50:48 -05:00
Joseph Schorr
bd0a098282 Add ID-based pagination to logs using new decorators and an encrypted token
Fixes #599
2016-01-26 12:50:48 -05:00
Jimmy Zelinskie
85ae1a2a0a Merge pull request #1161 from jzelinskie/torrenthmac
misc torrent changes
2016-01-22 23:02:44 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Jimmy Zelinskie
e54b86c6eb s/TORRENT/BITTORRENT 2016-01-22 15:52:28 -05:00
Jake Moshenko
1ae101c917 Address torrent feature review comments. 2016-01-08 16:38:21 -05:00
Jimmy Zelinskie
087c6828ad add feature.BITTORRENT and jwk set URI 2016-01-07 19:07:23 -05:00
Jimmy Zelinskie
a0e5de8f29 add torrent options to config 2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796 Hash and track layer file chunks for torrenting 2016-01-04 16:17:51 -05:00
Joseph Schorr
ab166c4448 Delete the image diff feature
Fixes #1077
2015-12-23 13:08:01 -05:00
Jimmy Zelinskie
f439ad7804 Merge pull request #618 from jzelinskie/logsworker
add a log rotation worker
2015-12-16 17:25:50 -05:00
Jimmy Zelinskie
e1f955a3f6 add a log rotation worker
Fixes #609.
2015-12-16 17:22:28 -05:00
Joseph Schorr
c888a8b3be Make GC timeout configurable 2015-12-16 15:45:02 -05:00
Jake Moshenko
766d60493f Add the ability to blacklist v2 for specific versions 2015-12-15 18:27:10 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Jimmy Zelinskie
7fd53d6783 update IRC channel 2015-11-11 15:42:36 -05:00
Jimmy Zelinskie
dc476470fe add secscan notification queue 2015-11-10 15:22:30 -05:00
Joseph Schorr
75dfec7875 Fix endpoint 2015-11-09 12:50:39 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00
Jimmy Zelinskie
f3c3e684a1 prepare branch to be merged into phase1-11-07-2015
This removes the checksum backfill, removes the migration that runs the
backfills, and defaults the security scan feature off.
2015-11-06 15:22:18 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0 Add vulnerabilities and packages API to Quay
Fixes #564
2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea Add a vulnerability_found event for notice when we detect a vuln
Fixes #637

Note: This PR does *not* actually raise the event; it merely adds support for it
2015-11-06 15:22:18 -05:00
Joseph Schorr
2d1df267dd Add security config 2015-11-06 15:22:18 -05:00
Joseph Schorr
f6a53f7cc5 Change all Quay.io references to Quay, fix tour and change logo
Fixes #741
2015-11-02 14:37:48 -05:00
Jake Moshenko
fc55730db8 Add a feature flag to advertise v2 endpoints 2015-10-26 14:20:51 -04:00
Jake Moshenko
26cea9a07c Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-17 16:16:27 -04:00
Jake Moshenko
9c3ddf846f Some fixes and tests for v2 auth
Fixes #395
2015-09-10 15:38:57 -04:00
Joseph Schorr
c0286d1ac3 Add support for Dex to Quay
Fixes #306

- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
2015-09-04 17:05:06 -04:00
Jake Moshenko
210ed7cf02 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-04 16:32:01 -04:00
Joseph Schorr
0a91a1d9d8 Redirect to the /setup page automatically in the ER when not fully setup 2015-09-02 14:59:54 -04:00
Joseph Schorr
724b1607d7 Add automatic storage replication
Adds a worker to automatically replicate data between storages and update the database accordingly
2015-09-01 14:53:32 -04:00
Jake Moshenko
e1b3e9e6ae Another huge batch of registry v2 changes
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
2015-08-12 16:41:12 -04:00
Joseph Schorr
e53c3e23be Change docs to load from HTTPS 2015-08-05 14:34:11 -04:00
Joseph Schorr
8a8955d234 Add documentation search to the main search bar 2015-08-03 17:15:53 -04:00
Joseph Schorr
70de107268 Make GC of repositories fully async for whitelisted namespaces
This change adds a worker to conduct GC on repositories with garbage every 10s.

Fixes #144
2015-07-28 15:30:04 -04:00
Jake Moshenko
bc29561f8f Fix and templatize the logic for external JWT AuthN and registry v2 Auth.
Make it explicit that the registry-v2 stuff is not ready for prime time.
2015-07-17 11:56:15 -04:00
Joseph Schorr
33b31a2451 Fix logs view in superuser panel
This seems to have been broken ever since we moved to syslog
2015-06-15 20:55:23 -04:00
Jake Moshenko
e09d84b3c8 Merge pull request #55 from coreos-inc/oauthdeny
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-05 14:00:16 -04:00
Joseph Schorr
5516911de9 Fix OAuth redirect for denial action when generating for internal tokens 2015-06-02 12:25:59 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
ba0fafc857 Add missing default for the gitlab feature flag 2015-05-04 19:04:27 -07:00
Joseph Schorr
c480fb2105 Work in progress: bitbucket support 2015-04-24 15:13:08 -04:00
Joseph Schorr
5cd500257d Merge branch 'master' into orgview 2015-04-01 13:56:49 -04:00
Joseph Schorr
27a9b84587 Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists 2015-03-30 17:55:04 -04:00
Joseph Schorr
e4b659f107 Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords 2015-03-25 18:43:12 -04:00
Jake Moshenko
78c8354174 Switch our temporary token lookups for signed grants which will not require DB access. 2015-02-19 16:54:23 -05:00
Jake Moshenko
ec01373240 Rename the config variable for temp tag expiration per the pull request feedback. 2015-02-18 17:06:41 -05:00
Jake Moshenko
41108a0856 Allow tags to be marked as hidden. Create a hidden tag on every image during a push to prevent them from getting GCed. 2015-02-18 17:05:16 -05:00
Joseph Schorr
3cae6609a7 Remove old services from the blacklist 2015-02-18 16:34:42 -05:00
Joseph Schorr
0d2c42ad03 Fix tests 2015-01-09 17:11:51 -05:00
Joseph Schorr
40d2b1748f Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py). 2015-01-05 12:31:02 -05:00
Joseph Schorr
1bf25f25c1 WIP 2015-01-04 14:38:41 -05:00
Joseph Schorr
4ca877c1d4 Add ability to download system logs 2014-12-23 14:01:00 -05:00
Jimmy Zelinskie
f3259c862b Merge branch 'koh'
Conflicts:
	auth/scopes.py
	requirements-nover.txt
	requirements.txt
	static/css/quay.css
	static/directives/namespace-selector.html
	static/js/app.js
	static/partials/manage-application.html
	templates/oauthorize.html
2014-12-01 12:30:09 -08:00
Joseph Schorr
72d613614d Merge branch 'bagger' 2014-12-01 12:48:59 -05:00
Joseph Schorr
660a640de6 Better organize the source file structure of the build manager and change it to choose a lifecycle manager based on the config 2014-11-25 16:14:44 -05:00
Joseph Schorr
e9cac407df Add a configurable avatar system and add an internal avatar system for enterprise 2014-11-24 19:25:13 -05:00
Jimmy Zelinskie
716d7a737b Strip whitespace from ALL the things. 2014-11-24 16:07:38 -05:00
Jake Moshenko
8b3184a7cb Change the default username and password for flask-mail to None instead of empty string. 2014-11-21 12:32:30 -05:00
Jake Moshenko
2b8c246476 Temporarily put user rename behind a feature flag. Switch queue names back to using the username for namespace while we figure out a real migration strategy. 2014-11-20 15:36:39 -05:00
Joseph Schorr
3e79379942 - Make the OAuth config system centralized
- Add support for Github Enterprise login
2014-11-05 16:43:37 -05:00
Joseph Schorr
98602a2d0c Add a new configurable health check, to make sure production instances are not taken down by Redis or non-local DB issues 2014-11-02 15:06:17 -05:00
Joseph Schorr
4eedd54b66 - Make usage language more accurate by stating "repositories"
- Have usage counter be based on a 4 weeks TTL
- Add a simple usage counter breakage test
2014-10-30 13:26:02 -04:00
Joseph Schorr
c1398c6d2b - Add a log entry for repo verb handling and make the container usage calculation take it into account
- Move all the repo push/pull/verb logging into a central track_and_log method
- Readd images accidentally deleted in the last CL
- Make the uncompressed size migration script better handle exceptions
2014-10-29 15:42:44 -04:00
Joseph Schorr
8b331b453e Make the contact page dynamic so that enterprise customers can configure it however they like 2014-10-22 14:49:33 -04:00
Jake Moshenko
fa6a06502d Change the default redis host to localhost. Fix some whitespace issues in the userevents module. 2014-10-14 14:37:02 -04:00
Jake Moshenko
44637dad96 Merge branch 'master' of bitbucket.org:yackob03/quay 2014-10-14 13:58:14 -04:00
Jake Moshenko
328db8b660 Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 13:58:08 -04:00
Joseph Schorr
49f8629566 Make the default mail sender use the Flask mail config value 2014-10-10 13:14:33 -04:00
Joseph Schorr
c682899861 Add a feature flag to disable user creation 2014-10-02 14:49:18 -04:00
Joseph Schorr
2c5cc7990f Allow for additional REDIS config such as password and port 2014-10-01 14:16:42 -04:00
Joseph Schorr
f3b03ebc34 Add a feature flag for disabling all emails 2014-09-22 19:11:48 -04:00
Jake Moshenko
2455c17f96 Merge remote-tracking branch 'origin/master' into waltermitty
Conflicts:
	app.py
	data/userfiles.py
2014-09-11 11:18:28 -04:00
Jake Moshenko
c9e1648781 Small fixes to bugs in the streaming handler for use with magic and radosgw. 2014-09-09 18:30:14 -04:00
Jake Moshenko
451e034ca1 Archived logs commit 1. Squash me. 2014-09-08 16:43:17 -04:00
Joseph Schorr
e028d4ae0a Merge master into branch 2014-09-04 18:08:18 -04:00
Joseph Schorr
4140e115e5 Put building behind a feature flag 2014-08-22 18:03:22 -04:00
Joseph Schorr
2597bcef3f Add support for login with Google. Note that this CL is not complete 2014-08-11 15:47:44 -04:00
Joseph Schorr
6f804c222a Replace references seen in the enterprise version to "Quay.io" with a config-pulled value 2014-08-08 13:50:04 -04:00
Joseph Schorr
bcbea37fce Change distributed config format to make it easier for the setup tool 2014-08-07 13:45:15 -04:00
Joseph Schorr
49801bc2c4 - Add web hook queue code back in. We'll remove it and turn it off after this CL goes to prod
- Make notification lookup always be by repo and its UUID, rather than the internal DB ID
- Add the init script for the notification worker
2014-07-31 13:30:54 -04:00
Joseph Schorr
8d7493cb86 Convert over to notifications system. Note this is incomplete 2014-07-17 22:51:58 -04:00
Jake Moshenko
6047f3759f Remove the placement fallback since the DB has been fully backfilled. 2014-06-24 17:01:23 -04:00
Jake Moshenko
cf2ba9f0b6 Fix a typo in the config for the backfill location. 2014-06-23 11:25:14 -04:00
Jake Moshenko
0a62f7f725 Add the ability to look up images which do not have a placement yet. 2014-06-18 12:40:23 -04:00
Jake Moshenko
bf98575feb Add the basics of geographic data distribution and get the tests to work. 2014-06-17 16:03:43 -04:00
Jake Moshenko
0057ced98c Move GitHub build trigger behind a feature flag. 2014-05-30 18:28:18 -04:00
Jake Moshenko
d1f4fbdacc Split out the redis hostname for user events and build logs as a string config. Modularize the user events and fix all callers. 2014-05-30 14:25:29 -04:00
Joseph Schorr
69be86be97 Add extra seat check in the user API call and turn off user->org conversion when authentication is LDAP 2014-05-28 15:53:53 -04:00
Jake Moshenko
f6726bd0a4 Merge branch 'ldapper'
Conflicts:
	Dockerfile
	app.py
	data/database.py
	endpoints/index.py
	test/data/test.db
2014-05-22 12:13:41 -04:00
Jake Moshenko
d14798de1d Add a queue capacity reporter plugin to the queue. Move the queue definitions to app. Add a cloudwatch reporter to the dockerfile build queue. 2014-05-21 19:50:37 -04:00
Jake Moshenko
11c6c5fa52 Merge remote-tracking branch 'origin/master' into ldapper
Conflicts:
	app.py
2014-05-13 16:55:02 -04:00
Joseph Schorr
08ccad7fe4 Add support for not using CDN-based resources. When USE_CDN = False, all CDN-based resources will instead be used from the local system. 2014-05-09 18:49:33 -04:00
Jake Moshenko
bcb993a914 Set up the build logs to use our fake build logs on test and local. 2014-05-09 18:45:11 -04:00
Jake Moshenko
027ada1f5c First stab at LDAP integration. 2014-05-09 17:39:43 -04:00
Jake Moshenko
fe2eb079b7 Remove unused import. 2014-05-01 21:38:02 -04:00
Jake Moshenko
a5a61576ae Revamp the logging a bit. Not quite done yet. 2014-05-01 19:44:28 -04:00