vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
3349 commits 2 branches 62 tags 205 MiB
Commit graph

3349 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jake Moshenko
e09d84b3c8 Merge pull request #55 from coreos-inc/oauthdeny 
Fix OAuth redirect for denial action when generating for internal tokens
 2015-06-05 14:00:16 -04:00
Jake Moshenko
2a2414d6af Merge pull request #60 from coreos-inc/jwtauthentication 
Add support for an external JWT-based authentication system
 2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system 
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
 2015-06-05 13:20:10 -04:00
Jimmy Zelinskie
6392f32f0d Merge pull request #88 from coreos-inc/tutfix 
Tutorial improvements
 2015-06-04 14:20:58 -04:00
Joseph Schorr
4347e2f344 Tutorial improvements 
- Skip the build-related tutorial steps when builds are disabled
- Make the styling of the tutorial more consistent with the new layout
 2015-06-04 14:15:47 -04:00
Jimmy Zelinskie
973acddd59 Merge pull request #87 from coreos-inc/tutfix 
Add to the login section of tutorial when encrypted passwords are required
 2015-06-04 13:42:24 -04:00
Joseph Schorr
04678e4e64 Add information to the login section of tutorial when encrypted passwords are required 
When encrypted passwords are required for the Docker CLI, we add a warning to the Docker login portion of the tutorial indicating that this is needed and how to generate an encrypted password
 2015-06-04 13:31:45 -04:00
Jimmy Zelinskie
4745247ef1 Merge pull request #72 from coreos-inc/etcdfix 
Switch the python-etcd client to the sslfix branch
 2015-06-03 14:33:44 -04:00
Joseph Schorr
698f62388e Switch the python-etcd client to the sslfix branch 
This fixes an issue with urllib3 and SSL
 2015-06-03 14:32:32 -04:00
josephschorr
63f289a8cb Merge pull request #59 from jzelinskie/custom-git-fix 
triggers: metadata.commit_sha -> metadata.commit
 2015-06-02 16:10:26 -04:00
Jimmy Zelinskie
7f4dd7d42f triggers: backwards compatible schema for metadata 2015-06-02 16:05:17 -04:00
Jake Moshenko
7d1e5a0c6f Merge pull request #31 from coreos-inc/nolurk 
Add a feature flag for disabling unauthenticated access to the regist…
 2015-06-02 16:03:49 -04:00
Joseph Schorr
477a3fdcdc Add a test to verify that all important blueprints have all their methods decorated 
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
 2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0 triggers: metadata.commit_sha -> metadata.commit 
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
 2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031 Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository 
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
 2015-06-02 15:16:22 -04:00
Joseph Schorr
3602b59465 Add registry tests for anonymous access 2015-06-02 14:27:57 -04:00
Joseph Schorr
c0e995c1d4 Merge branch 'master' into nolurk 2015-06-02 13:55:16 -04:00
Jake Moshenko
42da017d69 Merge pull request #48 from coreos-inc/nobots 
Change API calls that expect non-robots to explicitly filter
 2015-06-02 12:31:19 -04:00
Joseph Schorr
5516911de9 Fix OAuth redirect for denial action when generating for internal tokens 2015-06-02 12:25:59 -04:00
Jake Moshenko
7bc5f7a1ca Merge pull request #53 from coreos-inc/v1test 
Add tests for the registry that mimic Docker's calls
 2015-06-02 12:24:42 -04:00
Joseph Schorr
9585e2a765 End-to-end registry tests 2015-06-01 16:35:30 -04:00
Jimmy Zelinskie
b7adacb36b Merge pull request #58 from coreos-inc/gitjsfix 
Fix small JS issue if the underlying repository has no branches defined
 2015-06-01 16:10:04 -04:00
Joseph Schorr
d414111fa7 Fix small JS issue if the underlying repository has no branches defined 
This allows the user to continue the setup, even if the repo is empty.
 2015-06-01 15:45:13 -04:00
Jimmy Zelinskie
8493395aec Merge pull request #56 from coreos-inc/bbbranchfix 
Fix bitbucket triggers when the branch tag filter removes all branches
 2015-06-01 15:43:38 -04:00
Joseph Schorr
25ee46f5a2 Fix bitbucket triggers when the branch tag filter removes all branches 2015-06-01 15:35:59 -04:00
josephschorr
491de200f6 Merge pull request #45 from coreos-inc/ldapreferfix 
Fix LDAP referral and multiple pair handling
 2015-06-01 14:11:00 -04:00
Joseph Schorr
2a56790d38 Switch to using a named LDAP tuple for more readable code 2015-06-01 14:02:05 -04:00
Jimmy Zelinskie
edee0d1fd5 Merge pull request #54 from coreos-inc/removedep 
Remove unneeded avatar library
 2015-06-01 13:53:02 -04:00
Joseph Schorr
e4e82790ca Remove unneeded avatar library 2015-06-01 13:32:57 -04:00
Joseph Schorr
dd28a845db Fix NPE in cache control decorator 2015-05-28 13:22:42 -04:00
Jake Moshenko
a875d2c34b Merge pull request #52 from jakedt/roadmap 
Add a roadmap.
 2015-05-27 15:56:12 -04:00
Jake Moshenko
eb35845c87 Add a roadmap. 2015-05-27 15:54:45 -04:00
Jimmy Zelinskie
af0c4fab70 Merge pull request #51 from coreos-inc/badgenote 
Add a note to the badges section about tokens
 2015-05-27 15:31:07 -04:00
Joseph Schorr
e22e94d609 Add a note to the badges section about tokens 
This alerts users to the fact that the tokens for badges are safe to share
 2015-05-27 15:27:08 -04:00
Joseph Schorr
386b1710ed Merge branch 'master' into ldapreferfix 2015-05-27 15:15:47 -04:00
Joseph Schorr
1aff701bc7 Fix LDAP referral and multiple pair handling 
Fixes two issues found with our LDAP handling code. First, we now follow referrals in both LDAP calls, as some LDAP systems will return a referral instead of the original record. Second, we now make sure to handle multiple search result pairs properly by further filtering based on the presence of the 'mail' attribute when we have multiple valid pairs. This CL also adds tests for all of the above cases.
 2015-05-27 15:04:34 -04:00
Joseph Schorr
92a374d708 Merge branch 'master' of github.com:coreos-inc/quay 2015-05-27 12:06:43 -04:00
Joseph Schorr
8929e25dd8 Fix typo 2015-05-27 12:06:38 -04:00
Jimmy Zelinskie
8061a70889 Merge pull request #49 from coreos-inc/uifix 
Make sure there is always a way to create a repo notification
 2015-05-26 18:29:56 -04:00
Joseph Schorr
bd262bbb3f Make sure there is always a way to create a repo notification 
Before this change, the button was hidden on small sizes, but the link was only shown on extra-small sizes, leaving a small window where there was no way to create a new notification
 2015-05-26 18:29:04 -04:00
Joseph Schorr
fdd43e2490 Change API calls that expect non-robots to explicitly filter 
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
 2015-05-26 17:47:33 -04:00
Jimmy Zelinskie
e5e2384998 Merge pull request #47 from coreos-inc/downloadbuildlogs 
Add an endpoint for downloading the logs of a build.
 2015-05-26 17:32:47 -04:00
Joseph Schorr
b3ea4ecaa2 Remove unneeded mime type set; jsonify does this for us 2015-05-26 17:30:10 -04:00
Joseph Schorr
9888c3ad9b Add an endpoint for downloading the logs of a build. 2015-05-26 17:24:18 -04:00
Joseph Schorr
ecabf086ea Add missing newline at end of decorators.py 2015-05-26 16:48:59 -04:00
Jimmy Zelinskie
2464124f62 Merge pull request #38 from coreos-inc/swift 
Add Swift Storage
 2015-05-26 16:37:26 -04:00
Joseph Schorr
375d7670a8 Explain why we re-raise ClientException in the swift storage engine 2015-05-26 16:35:12 -04:00
Joseph Schorr
7001fb05bf Add further comments on the TODO in get_direct_download_url 2015-05-26 16:34:59 -04:00
Joseph Schorr
2e4893dce0 We only add the build to the build list if present, not if missing 2015-05-26 16:05:38 -04:00
Joseph Schorr
58685f02cd Fix NPE in notifications service 2015-05-26 16:05:38 -04:00