Joseph Schorr
7d525a7670
Fix geoip resolution for AWS-based pulls
...
Typo resulted in an error being raised: https://sentry.io/coreos/backend-staging/issues/801171785/?referrer=slack
2018-12-09 20:46:07 -05:00
Joseph Schorr
c3710a6a5e
Add ability for specific geographic regions to be blocked from pulling images within a namespace
2018-12-06 17:14:45 -05:00
Kenny Lee Sin Cheong
fc67bbd0a6
IPResolver: fix unreachable code ( #3267 )
...
* Fix unreachable code
_get_aws_ip_ranges handles missing file exceptions and returns None,
so the excepttion handling block in the UpdateIPRange thread is never reached.
* Test for missing range file in resolver thread
2018-10-12 10:24:28 -04:00
Kenny Lee Sin Cheong
4834c281cb
nit: styling
2018-09-07 13:50:56 -04:00
Kenny Lee Sin Cheong
105a7c0ea6
Worker started flag
2018-09-07 13:40:20 -04:00
Kenny Lee Sin Cheong
7743cc44fa
Handle exceptions when trying to start resolver thread
2018-09-07 13:26:49 -04:00
Kenny Lee Sin Cheong
7563d97be4
Fix: Should not break from ipresolver thread
2018-09-07 09:55:09 -04:00
Kenny Lee Sin Cheong
bff91c0fb9
UpdateIPRange thread start on the 1st call to _get_location_function
...
Thread will start on first call to _get_location_function as opposed
to IPResolver's new instance.
2018-09-05 13:35:55 -04:00
Kenny Lee Sin Cheong
b6336393de
Make IPResolver run the update in a separate thread
...
A separate thread will cache the results of parsing the range
file, and the IPResolver will hit the cache instead of blocking while recomputing the
ranges everytime. The thread updates every 600s, and retry every 60s on
failures.
2018-08-31 14:00:53 -04:00
Joseph Schorr
b7d8bb227e
Make IP resolver performance a bit better by skipping an unnecessary set
...
This will still hang for a second or two on first call
2018-08-08 14:40:26 -04:00
Joseph Schorr
d4882f0077
Fix the IP data lookup to take in an API key
...
Fixes https://jira.coreos.com/browse/QUAY-989
2018-06-20 15:44:40 -04:00
Joseph Schorr
942f526016
Missing parens on IP resolver lookup
...
Also adds a generic catch in case this happens again; we should *never* fail
2018-05-04 02:14:26 +03:00
Joseph Schorr
3309daa32e
Add support for reduced initial build count for new possible abusing users
...
If configured, we now check the IP address of the user signing up and, if they are a possible threat, we further reduce their number of allowed maximum builds to the configured value.
2018-04-20 18:46:32 +03:00
Joseph Schorr
8194f5cf72
Switch ipresolver to always be defined in the storage context
...
We now use a no-op IP resolver instead of an IF check
Fixes https://jira.prod.coreos.systems/browse/QS-38
2017-10-17 14:29:40 -04:00
Joseph Schorr
05b4a7d457
Add worker to update ipresolver data files every few hours
2017-09-28 14:40:59 -04:00
Joseph Schorr
52927de7f6
Add resolved IP information to track_and_log
2017-09-28 14:40:58 -04:00
Joseph Schorr
010dda2c52
Add CloudFrontedS3Storage, which redirects to CloudFront for non-S3 ips
2017-09-28 14:40:58 -04:00
Joseph Schorr
2d522764f7
Add IP resolver utility that returns whether an IP is under AWS
2017-09-26 16:11:16 -04:00