Jimmy Zelinskie
5db4e58e16
nginx: SSL config into server-base.conf
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
0c15c2888d
nginx: update cipher suite, HSTS, X-Frame-Options
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
ccfebdf22b
nginx: support OCSP Stapling
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
2a03f4d070
nginx: drop SSLv3, support TLS 1.1 & 1.2
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
4f6234ea8f
nginx: enable Strict Transport Security
2015-05-26 16:05:36 -04:00
Joseph Schorr
f6fea27c12
Fix encrypted password generator to use the LDAP username, not the Quay username.
...
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-26 16:05:36 -04:00
Joseph Schorr
88ece113ee
Explicitly enable LDAP referrals
...
Note: The mock LDAP system doesn't support referrals, so we can't add a unit test for this.
2015-05-26 16:05:36 -04:00
Joseph Schorr
4030b0a470
- Have the heartbeat fail to update if the worker has timed out
...
- Add additional build component logging for tracking down problems in the future
2015-05-26 16:05:36 -04:00
Joseph Schorr
0f18fc1c26
Disable the angular poll channel when the browser tab is hidden
...
Quay pages that normally poll (repo view, build logs, etc) will skip the API call(s) when the tab is hidden.
2015-05-26 16:05:36 -04:00
Joseph Schorr
dbd119c365
Fix the DB health check
...
Make sure to search for the proper DB identifier
2015-05-26 16:05:36 -04:00
Joseph Schorr
5845e37e32
Add Swift storage library
2015-05-26 16:05:21 -04:00
Jimmy Zelinskie
0633db973e
Merge pull request #44 from coreos-inc/smallfixes
...
We only add the build to the build list if present, not if missing
2015-05-26 13:50:41 -04:00
Joseph Schorr
cb733ef25a
We only add the build to the build list if present, not if missing
2015-05-26 13:49:58 -04:00
Jimmy Zelinskie
0a51891d95
Merge pull request #43 from coreos-inc/smallfixes
...
Fix NPE in notifications service
2015-05-26 13:48:31 -04:00
Joseph Schorr
578b62b4a8
Fix NPE in notifications service
2015-05-26 13:46:41 -04:00
Jimmy Zelinskie
67df205e12
Merge pull request #42 from coreos-inc/smallfixes
...
Fix NPE
2015-05-26 13:45:01 -04:00
Joseph Schorr
f257c8b405
Fix NPE
2015-05-26 13:43:51 -04:00
Jimmy Zelinskie
15464f1169
Merge pull request #41 from coreos-inc/smallfixes
...
Fix case where the auth token was not written properly for BitBucket
2015-05-26 13:41:22 -04:00
Joseph Schorr
374d1d7e89
Fix case where the auth token was not written properly for BitBucket
2015-05-26 13:40:21 -04:00
josephschorr
f5dc3c2a5a
Merge pull request #40 from coreos-inc/verifyfix
...
Have the verifyUser endpoint use the same confirm_existing_user method
2015-05-22 16:30:25 -04:00
Jimmy Zelinskie
66dad67661
Merge pull request #35 from jzelinskie/tls
...
Update lots of stuff in regards to TLS
2015-05-22 16:26:38 -04:00
Joseph Schorr
855f3a3e4d
Have the verifyUser endpoint use the same confirm_existing_user method
...
This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP
2015-05-22 16:26:26 -04:00
Jimmy Zelinskie
581d2fa4fc
nginx: move ssl config out of server-base
2015-05-22 16:25:28 -04:00
Jimmy Zelinskie
2a25864061
setup-tool: add HSTS info box
2015-05-22 16:18:56 -04:00
josephschorr
1117a2cdc6
Merge pull request #36 from coreos-inc/ldapfix
...
LDAP fixes
2015-05-22 15:46:00 -04:00
Joseph Schorr
5589bfc6d5
- Have the heartbeat fail to update if the worker has timed out
...
- Add additional build component logging for tracking down problems in the future
2015-05-22 15:24:14 -04:00
Jimmy Zelinskie
4323eb58da
nginx: SSL config into server-base.conf
2015-05-22 13:54:43 -04:00
Jimmy Zelinskie
f9f933feff
nginx: update cipher suite, HSTS, X-Frame-Options
2015-05-22 13:35:49 -04:00
Jimmy Zelinskie
dfc2df1885
Merge pull request #39 from coreos-inc/hiddentab
...
Disable the angular poll channel when the browser tab is hidden
2015-05-21 18:12:39 -04:00
Joseph Schorr
c788d02a57
Disable the angular poll channel when the browser tab is hidden
...
Quay pages that normally poll (repo view, build logs, etc) will skip the API call(s) when the tab is hidden.
2015-05-21 17:16:38 -04:00
Jimmy Zelinskie
5f787c7e82
Merge pull request #37 from coreos-inc/fixhealthcheck
...
Fix the DB health check
2015-05-20 17:42:26 -04:00
Joseph Schorr
e23f1e9ded
Fix the DB health check
...
Make sure to search for the proper DB identifier
2015-05-20 17:40:43 -04:00
Jimmy Zelinskie
417c77f4d9
Merge pull request #34 from jzelinskie/flatten-logs
...
cloudconfig: flatten logentries container
2015-05-20 16:42:52 -04:00
Joseph Schorr
b0d763b5ff
Fix encrypted password generator to use the LDAP username, not the Quay username.
...
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-20 16:37:09 -04:00
Jimmy Zelinskie
db05db6295
cloudconfig: flatten logentries container
2015-05-20 16:34:16 -04:00
Jimmy Zelinskie
60763d69b1
nginx: support OCSP Stapling
2015-05-20 16:32:12 -04:00
Jimmy Zelinskie
4689c00fad
nginx: drop SSLv3, support TLS 1.1 & 1.2
2015-05-20 16:31:32 -04:00
Jimmy Zelinskie
c44846103e
nginx: enable Strict Transport Security
2015-05-20 16:31:00 -04:00
Joseph Schorr
ac239ec4ee
Make sure to only split into two parts max
2015-05-20 14:54:41 -04:00
Joseph Schorr
d5e70c6e2a
Explicitly enable LDAP referrals
...
Note: The mock LDAP system doesn't support referrals, so we can't add a unit test for this.
2015-05-20 14:53:31 -04:00
Jimmy Zelinskie
7bed404302
Merge pull request #33 from coreos-inc/branchregex
...
Add some more debug logging around bitbucket triggers and add some te…
2015-05-20 14:22:33 -04:00
Joseph Schorr
eb773e40a2
Add some more debug logging around bitbucket triggers and add some tests to verify we properly handle trigger branch filters
2015-05-20 14:18:12 -04:00
Jimmy Zelinskie
1e0d184a99
Merge pull request #32 from jzelinskie/bb
...
custom-git: accept commit SHAs 7+ chars in length
2015-05-20 12:59:10 -04:00
Jimmy Zelinskie
fe3f0dc10b
custom-git: accept commit SHAs 7+ chars in length
2015-05-20 12:53:43 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
598fc6ec46
Add the error code to the worker error logged to redis
2015-05-18 15:01:48 -04:00
Joseph Schorr
2379af71f8
Parse the client secret properly
2015-05-18 15:01:37 -04:00
Joseph Schorr
fb8e718c44
Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header
2015-05-18 12:38:39 -04:00
Joseph Schorr
91b464d0de
Switch build manager to always just WARN on boto
2015-05-18 12:34:26 -04:00
Jimmy Zelinskie
3daa0e6a52
migration: use SA boolean value for server_default
2015-05-15 19:04:54 -04:00