Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c7beea2032 
								
							 
						 
						
							
							
								
								Fix handling of custom LDAP cert  
							
							... 
							
							
							
							This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs
Fixes  #1846  
							
						 
						
							2016-09-19 17:55:08 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								770ac0016e 
								
							 
						 
						
							
							
								
								Change validate method to work for all storages  
							
							
							
						 
						
							2016-08-02 15:01:37 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								66ec1d81ce 
								
							 
						 
						
							
							
								
								Switch to install custom LDAP cert by name  
							
							
							
						 
						
							2016-06-21 15:10:26 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								9221a515de 
								
							 
						 
						
							
							
								
								Use the registry API for security scanning  
							
							... 
							
							
							
							when the storage engine doesn't support direct download url 
							
						 
						
							2016-05-04 18:04:06 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f55fd2049f 
								
							 
						 
						
							
							
								
								Merge pull request  #1433  from coreos-inc/ldapoptions  
							
							... 
							
							
							
							Add additional options for LDAP 
							
						 
						
							2016-05-04 14:06:29 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								42515ed9ec 
								
							 
						 
						
							
							
								
								Add additional options for LDAP  
							
							... 
							
							
							
							Fixes  #1420  
						
							2016-05-04 13:59:20 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								2cbdecb043 
								
							 
						 
						
							
							
								
								Implement setup tool support for Clair  
							
							... 
							
							
							
							Fixes  #1387  
						
							2016-05-04 13:40:50 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1940fd9939 
								
							 
						 
						
							
							
								
								Add UI to the setup tool for enabling ACI conversion  
							
							... 
							
							
							
							Fixes  #1211  
						
							2016-02-17 12:05:48 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1536709c02 
								
							 
						 
						
							
							
								
								Small fixes  
							
							
							
						 
						
							2016-01-29 20:01:17 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Silas Sewell 
								
							 
						 
						
							
							
							
							
								
							
							
								5000b1621c 
								
							 
						 
						
							
							
								
								superuser: add storage replication config  
							
							
							
						 
						
							2015-11-09 17:34:22 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6f2271d0ae 
								
							 
						 
						
							
							
								
								Add support for direct download in Swift storage engine  
							
							... 
							
							
							
							Fixes  #483  
						
							2015-09-14 18:00:03 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								88a04441de 
								
							 
						 
						
							
							
								
								Extract the config provider into its own sub-module  
							
							
							
						 
						
							2015-09-10 12:19:59 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								18100be481 
								
							 
						 
						
							
							
								
								Refactor the util directory to use subpackages.  
							
							
							
						 
						
							2015-08-03 16:04:19 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								26ae629189 
								
							 
						 
						
							
							
								
								Prevent local storage setup on non-mounted paths  
							
							... 
							
							
							
							Fixes  #269  
						
							2015-07-27 14:32:02 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								38a6b3621c 
								
							 
						 
						
							
							
								
								Automatically link the superuser account to federated service for auth  
							
							... 
							
							
							
							When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart. 
							
						 
						
							2015-07-22 13:37:23 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								33b54218cc 
								
							 
						 
						
							
							
								
								Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass  
							
							
							
						 
						
							2015-07-20 11:39:59 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								066637f496 
								
							 
						 
						
							
							
								
								Basic Keystone Auth support  
							
							... 
							
							
							
							Note: This has been verified as working by the end customer 
							
						 
						
							2015-07-20 10:55:21 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								bc29561f8f 
								
							 
						 
						
							
							
								
								Fix and templatize the logic for external JWT AuthN and registry v2 Auth.  
							
							... 
							
							
							
							Make it explicit that the registry-v2 stuff is not ready for prime time. 
							
						 
						
							2015-07-17 11:56:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4726559322 
								
							 
						 
						
							
							
								
								The database SSL name needs to be in its own list  
							
							... 
							
							
							
							FIxes  #243  
						
							2015-07-16 00:49:07 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								bb07d0965f 
								
							 
						 
						
							
							
								
								Allow SSL cert for the database to be configured  
							
							... 
							
							
							
							This change adds a field for the SSL cert for the database in the setup tool. Fixes  #89  
							
						 
						
							2015-06-29 08:08:10 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								07439328a4 
								
							 
						 
						
							
							
								
								Remove user_exists endpoint from all auth systems  
							
							
							
						 
						
							2015-06-23 17:33:51 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								331c300893 
								
							 
						 
						
							
							
								
								Refactor JWT auth to not import app locally  
							
							
							
						 
						
							2015-06-17 15:53:21 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								457ee7306e 
								
							 
						 
						
							
							
								
								Parenthesis fix on the JWT auth error message  
							
							
							
						 
						
							2015-06-10 16:00:25 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								8aac3fd86e 
								
							 
						 
						
							
							
								
								Add support for an external JWT-based authentication system  
							
							... 
							
							
							
							This authentication system hits two HTTP endpoints to check and verify the existence of users:
Existance endpoint:
GET http://endpoint/  with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise
Verification endpoint:
GET http://endpoint/  with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message
The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory. 
							
						 
						
							2015-06-05 13:20:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4f2a1b3734 
								
							 
						 
						
							
							
								
								Add setup UI for the new trigger types (bitbucket and gitlab) and add validation  
							
							
							
						 
						
							2015-05-03 11:50:26 -07:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								85d6500daa 
								
							 
						 
						
							
							
								
								Merge resistanceisfutile into master  
							
							
							
						 
						
							2015-03-23 15:39:08 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								360aa69d92 
								
							 
						 
						
							
							
								
								Fix LDAP error and url handling to be more clear for the end user  
							
							
							
						 
						
							2015-03-16 14:33:53 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4ca5d9b04b 
								
							 
						 
						
							
							
								
								Add support for filtering github login by org  
							
							
							
						 
						
							2015-03-03 19:58:42 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								2c662b7861 
								
							 
						 
						
							
							
								
								Make sure to specify a default mail sender when validating emails. Unfortunately for us, flask-mail by default uses the sender from the *global* app instance, rather than the one specified in the Mail(...) call. This was breaking validation.  
							
							
							
						 
						
							2015-03-03 13:56:32 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								7a199f63eb 
								
							 
						 
						
							
							
								
								Various small fixes and add support for subjectAltName to the SSL cert check  
							
							
							
						 
						
							2015-02-12 14:00:26 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								400ffa73e6 
								
							 
						 
						
							
							
								
								Add SSL cert and key validation  
							
							
							
						 
						
							2015-02-05 13:06:56 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								53e5fc6265 
								
							 
						 
						
							
							
								
								Have the config setup tool automatically prepare the S3 or GCS storage with CORS config  
							
							
							
						 
						
							2015-01-16 16:10:40 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6d604a656a 
								
							 
						 
						
							
							
								
								Move config handling into a provider class to make testing much easier  
							
							
							
						 
						
							2015-01-09 16:23:31 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								bfd273d16f 
								
							 
						 
						
							
							
								
								- Make validation a bit nicer:  
							
							... 
							
							
							
							- Add timeout to the DB validation
  - Make DB validation exception handling a bit nicer
  - Move the DB validation error message
- Fix bug around RADOS config default for Is Secure
- Allow hiding of the validation box 
							
						 
						
							2015-01-08 15:27:49 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5ac2c4970a 
								
							 
						 
						
							
							
								
								Add Google auth validation and fix the case where no config is specified at all for Google auth or Github auth  
							
							
							
						 
						
							2015-01-08 13:56:17 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5e0ce4eea9 
								
							 
						 
						
							
							
								
								Add validation of github to the config tool  
							
							
							
						 
						
							2015-01-08 13:26:24 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								63504c87fb 
								
							 
						 
						
							
							
								
								Get end-to-end configuration setup working, including verification (except for Github, which is in progress)  
							
							
							
						 
						
							2015-01-07 16:20:51 -05:00