vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
4184 commits 2 branches 62 tags 205 MiB
Commit graph

774 commits

Author SHA1 Message Date
Jimmy Zelinskie
7c82e0b5b3 move UseThenDisconnect into queueworker 
This makes the tests pass while maintaining the same behavior.
 2015-09-21 13:34:12 -04:00
Jimmy Zelinskie
0de17627d5 Merge pull request #517 from jzelinskie/fixmysqlssl 
close connections after getting queue metrics
 2015-09-21 12:28:23 -04:00
Jimmy Zelinskie
98d6262a7f close connections after getting queue metrics 2015-09-21 12:21:39 -04:00
Matt Jibson
bba1557437 Monitor queue adds and EC2 node starts 
fixes #157
see #304
 2015-09-18 16:21:16 -04:00
Jake Moshenko
8baacd2741 Migrate old data to new locations, read only new. 2015-09-17 15:47:13 -04:00
Joseph Schorr
b807accfb5 Fix migration head 2015-09-16 18:34:42 -04:00
josephschorr
217779273f Merge pull request #503 from coreos-inc/ghmigrate 
Migrate all GitHub build triggers to use deploy keys
 2015-09-16 18:32:32 -04:00
Joseph Schorr
eff9ff7a66 Migrate all GitHub build triggers to use deploy keys 2015-09-16 17:55:51 -04:00
Silas Sewell
0a48f1cfb0 Merge pull request #495 from coreos-inc/quay-versions 
Add quay releases
 2015-09-16 17:29:58 -04:00
Silas Sewell
386c017d99 Add quay releases 2015-09-16 17:18:46 -04:00
Joseph Schorr
30379a2dd8 Fix interleaved repo delete with RAC via a transaction 
The RepositoryActionCount table can have entries added while a repository deletion is in progress. We now perform the repository deletion under a transaction and explicitly test for RAC entries in the deletion unit test (which doesn't test interleaving, but it was missing this check).

Fixes #494
 2015-09-16 15:34:32 -04:00
Jake Moshenko
502f5e4c8a Missed one place to duplicate metadata. 2015-09-15 15:57:55 -04:00
Jake Moshenko
b56de3355c Migrate data back to Image in preparation for v2 2015-09-15 11:53:31 -04:00
Matt Jibson
d36c7dcb4b Merge pull request #425 from mjibson/monitor-queue-size 
Monitor various sizes for queues
 2015-09-14 16:13:31 -04:00
Matt Jibson
39dc4c7d8d Monitor various sizes for queues 
see #304
 2015-09-14 15:57:08 -04:00
josephschorr
6d8752bdb5 Merge pull request #454 from coreos-inc/urlfor 
Remove uses of _external for url_for
 2015-09-14 15:54:42 -04:00
Joseph Schorr
96d5bbb155 Fix exceptions raised by the diffs worker 
Fixes #465
 2015-09-10 14:12:16 -04:00
josephschorr
edef283697 Merge pull request #447 from coreos-inc/ronon 
Add support for Dex to Quay
 2015-09-10 11:42:01 -04:00
Joseph Schorr
474fffd01f Select the full RepositoryBuild record 
If we just return the ID, then peewee just fills in the other fields with defaults (such as UUID).
 2015-09-09 21:43:48 -04:00
Jimmy Zelinskie
ece08f6e88 Merge pull request #463 from jzelinskie/fixpagination 
fix pagination of tags in API
 2015-09-09 15:53:55 -04:00
Jimmy Zelinskie
ebdee55585 list_repository_tag_history fallback orderby name 
If tags are created at the same time (usually from a tight loop), it is
possible that they will be order nondeterministically unless we fallback
to another orderby.
 2015-09-09 15:52:25 -04:00
Joseph Schorr
3ee4147117 Switch the build logs archiver to a more performant query 
Fixes #459
 2015-09-09 13:59:45 -04:00
Joseph Schorr
f0c8552668 Remove uses of _external for url_for 
Fixes #439
 2015-09-08 10:29:28 -04:00
Joseph Schorr
c0286d1ac3 Add support for Dex to Quay 
Fixes #306

- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
 2015-09-04 17:05:06 -04:00
Jake Moshenko
82efc746b3 Make our JWT checking more strict. 2015-09-04 15:18:57 -04:00
josephschorr
9889ca268a Merge pull request #432 from coreos-inc/oauthcheck 
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
 2015-09-02 13:35:44 -04:00
Joseph Schorr
b7f487da42 Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior 2015-09-02 13:32:11 -04:00
josephschorr
62ea4a6cf4 Merge pull request #191 from coreos-inc/carmen 
Add automatic storage replication
 2015-09-01 15:04:36 -04:00
Joseph Schorr
724b1607d7 Add automatic storage replication 
Adds a worker to automatically replicate data between storages and update the database accordingly
 2015-09-01 14:53:32 -04:00
Joseph Schorr
51c507d02d Add back the ability to retrieve information for an org member directly 
Fixes #427
 2015-08-31 16:45:24 -04:00
Joseph Schorr
c0c1da3232 Change build logs load to using streaming Gzip 2015-08-28 14:08:13 -04:00
Jimmy Zelinskie
7787e1350d Merge pull request #386 from coreos-inc/missingmigration2 
Add missing migration
 2015-08-21 14:21:51 -04:00
Joseph Schorr
e7c405f56b Add missing migration 
Should have been in commit 84276ee945
 2015-08-21 14:21:11 -04:00
Joseph Schorr
e5d2083912 Add new carrier billing plan 
Fixes #370
 2015-08-21 14:10:48 -04:00
Matt Jibson
4cb4288672 Merge pull request #373 from mjibson/fix-metric-tests 
Fix test_queue.py tests
 2015-08-18 14:05:29 -04:00
Joseph Schorr
0854d20cbd SECURITY FIX FOR LDAP 
It appears the recent migration of the LDAP code and add of a check for the admin username/password being invalid *broke the LDAP password check*, allowing any password to succeed for login. This fixes the problem, add unit tests to verify the fix and add some tests to our other external auth test suite.

A release will be needed immediately along with an announcement
 2015-08-18 12:32:19 -04:00
Matt Jibson
fc671f3dde Fix test_queue.py tests 
This restores the reporter class as was before the metrics changes.
 2015-08-17 17:22:46 -04:00
Joseph Schorr
84276ee945 Better notifications UI 
Fixes #369
 2015-08-17 17:08:58 -04:00
Jake Moshenko
2fd1d5969e Merge pull request #351 from mjibson/more-metrics 
More metrics
 2015-08-17 13:09:08 -04:00
Jake Moshenko
ec6bee35b6 Allow a stripe plan to be superseded 
If a plan has a direct corrolary, show that one as the selected plan
instead of showing the plan as deprecated even though it has the same
details
 2015-08-12 15:01:15 -04:00
Matt Jibson
cfb6e884f2 Refactor metric collection 
This change adds a generic queue onto which metrics can be pushed. A
separate module removes metrics from the queue and adds them to Cloudwatch.
Since these are now separate ideas, we can easily change the consumer from
Cloudwatch to anything else.

This change maintains near feature parity (the only change is there is now
just one queue instead of two - not a big deal).
 2015-08-12 12:15:52 -04:00
Jake Moshenko
0cbc96a54b Unify the free trial period 
Fixes #263
 2015-08-10 17:36:13 -04:00
Joseph Schorr
ea25538646 MySQL and Postgres complain about the group by, so calculate dates ourselves 2015-08-06 12:52:55 -04:00
Joseph Schorr
d34afde954 Fix logs view and API 
- We needed to use an engine-agnostic way to extract the days
- Joining with the LogEntryKind table has *horrible* performance in MySQL, so do it ourselves
- Limit to 50 logs per page
 2015-08-05 17:47:03 -04:00
Joseph Schorr
d480a204f5 Revert change to queue 2015-08-05 15:27:33 -04:00
josephschorr
ee53c04a45 Merge pull request #309 from coreos-inc/fasterqueue 
Improve the performance of queue candidate queries.
 2015-08-04 18:24:28 -04:00
Jake Moshenko
ed62339f89 Improve the performance of queue candidate queries. 2015-08-04 18:20:54 -04:00
Joseph Schorr
9f2d6282bd Add missing index on retries_remaining 2015-08-04 18:01:28 -04:00
josephschorr
f772bd0c9e Merge pull request #300 from coreos-inc/toomanyutils 
Refactor the util directory to use subpackages.
 2015-08-03 16:18:55 -04:00
Jake Moshenko
18100be481 Refactor the util directory to use subpackages. 2015-08-03 16:04:19 -04:00
Jimmy Zelinskie
8e6a0fbbee Merge pull request #294 from coreos-inc/logsload 
Switch to using an aggregated logs query and infinite scrolling
 2015-08-03 14:52:04 -04:00
Joseph Schorr
3d6c92901c Switch to using an aggregated logs query and infinite scrolling 
This should allow users to work with large logs set.

Fixes #294
 2015-07-31 16:38:02 -04:00
Jake Moshenko
e133ea0962 Try not to throw any sets of data away when computing images to garbage collect. 2015-07-31 16:12:57 -04:00
Joseph Schorr
0fdc8b0f1f Fix spelling of ancestors 2015-07-28 15:30:04 -04:00
Joseph Schorr
ba7686af99 Switch back to the read-then-write tag deletion code 
We changed to this originally to avoid locks
 2015-07-28 15:30:04 -04:00
Joseph Schorr
70de107268 Make GC of repositories fully async for whitelisted namespaces 
This change adds a worker to conduct GC on repositories with garbage every 10s.

Fixes #144
 2015-07-28 15:30:04 -04:00
Joseph Schorr
acd86008c8 Switch tag deletion to use a single query 2015-07-28 15:30:04 -04:00
Joseph Schorr
378c83598d Fix subquery issues in MySQL 2015-07-28 15:28:00 -04:00
Joseph Schorr
66b3d45fbc Remove legacy.py that was misadded 2015-07-27 15:53:25 -04:00
Joseph Schorr
c3f269ee23 Add migration for BitBucket web hooks 
This needs to added only *after* we roll out #255
 2015-07-23 14:45:12 -04:00
Joseph Schorr
ac1b46e7ec Add missing migration 2015-07-22 16:19:10 -04:00
Joseph Schorr
687bab1c05 Support invite codes for verification of email 
Also changes the system so we don't apply the invite until it is called explicitly from the frontend

Fixes #241
 2015-07-22 13:41:27 -04:00
Jake Moshenko
5d86fa80e7 Merge pull request #197 from coreos-inc/keystone 
Add Keystone Auth
 2015-07-22 13:38:47 -04:00
Joseph Schorr
38a6b3621c Automatically link the superuser account to federated service for auth 
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
 2015-07-22 13:37:23 -04:00
Joseph Schorr
a0c4e72f13 Clean up the repository list API and loads stars with it 
We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified)
 2015-07-22 13:05:02 -04:00
Joseph Schorr
7e4b23916a Small SQL query fix 
Fixes #248
 2015-07-20 14:17:26 -04:00
Joseph Schorr
33b54218cc Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass 2015-07-20 11:39:59 -04:00
Joseph Schorr
1245385808 Fix typo 2015-07-20 10:55:21 -04:00
Joseph Schorr
066637f496 Basic Keystone Auth support 
Note: This has been verified as working by the end customer
 2015-07-20 10:55:21 -04:00
Jake Moshenko
bc29561f8f Fix and templatize the logic for external JWT AuthN and registry v2 Auth. 
Make it explicit that the registry-v2 stuff is not ready for prime time.
 2015-07-17 11:56:15 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Jake Moshenko
bea8b9ac53 More changes for registry-v2 in python. 
Implement the minimal changes to the local filesystem storage driver and feed them through the distributed storage driver.
Create a digest package which contains digest_tools and checksums.
Fix the tests to use the new v1 endpoint locations.
Fix repository.delete_instance to properly filter the generated queries to avoid most subquery deletes, but still generate them when not explicitly filtered.
 2015-07-17 11:50:41 -04:00
Jake Moshenko
acbcc2e206 Start of a v2 API. 2015-07-17 11:50:41 -04:00
Joseph Schorr
7a548ea101 Fix queries for repository list popularity and action count 
Before this change, we used extremely inefficient outer joins as part of a single query of lookup, which was spiking our CPU usage to nearly 100% on the query. We now issue two separate queries for popularity and action account, by doing a lookup of the previously found IDs. Interestingly enough, because of the way the queries are now written, MySQL can actually do both queries *directly from the indicies*, which means they each occur in approx 20ms!

Verified by local tests, postgres tests, and testing on staging with monitoring of our CPU usage during lookup
 2015-07-17 00:08:27 +03:00
Jimmy Zelinskie
2869e2a6ea model: add missing params to validate_database_url 2015-07-15 17:39:26 -04:00
Jake Moshenko
eec7886e01 Add a server default for the broken migration. 2015-07-14 16:58:58 -04:00
Jimmy Zelinskie
bde781c98b Merge pull request #205 from coreos-inc/delrobot 
Fix deletion of robot accounts when attached to builds
 2015-07-13 12:19:01 -04:00
Joseph Schorr
3a59c99b08 Add a secondary tab to Teams for managing org members 
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click

Fixes #212
 2015-07-02 17:06:36 +03:00
Joseph Schorr
b535e222b8 Have the fetch tag dialog show a warning for robot accounts without access 
Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.
 2015-07-01 19:37:52 +03:00
Joseph Schorr
3ba321934f Fix deletion of robot accounts when attached to builds 
Fixes #204
 2015-06-30 22:56:44 +03:00
josephschorr
7aeaf2344e Merge pull request #200 from coreos-inc/tagapilimit 
Add pagination support to tag history API
 2015-06-30 22:09:09 +03:00
Joseph Schorr
f7f10f4a6d Add pagination support to tag history API 
Fixes #198
 2015-06-30 19:44:43 +03:00
Jake Moshenko
38a5963afe Merge pull request #190 from coreos-inc/timezone 
Fromtimestamp needs to be in UTC for JWT auth
 2015-06-30 12:05:00 -04:00
Joseph Schorr
2b1bbcb579 Add a table view to the repos list page 
Fixes #104
 2015-06-29 21:12:53 +03:00
Jimmy Zelinskie
756d6784ca Merge pull request #192 from coreos-inc/sqlssl 
Allow SSL cert for the database to be configured
 2015-06-29 13:33:31 -04:00
Joseph Schorr
dc5af7496c Allow superusers to disable user accounts 2015-06-29 18:40:52 +03:00
Joseph Schorr
bb07d0965f Allow SSL cert for the database to be configured 
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
 2015-06-29 08:08:10 +03:00
Joseph Schorr
477e244eff Fromtimestamp needs to be in UTC for JWT auth 2015-06-28 11:37:09 +03:00
Joseph Schorr
e7915baf8c Have LDAP return a better error message if it fails to connect 
Currently, the error results in a 500 being raised when a user tries to login.
 2015-06-23 17:41:53 -04:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Jake Moshenko
b21a033ef3 Merge pull request #131 from coreos-inc/moveapp 
Refactor JWT auth to not import app locally
 2015-06-23 17:24:01 -04:00
Jake Moshenko
5f1d23c6e8 Use a UNION query instead of a multitude of left outer joins for performance reasons. 
Fixes #159
 2015-06-23 17:18:37 -04:00
Joseph Schorr
331c300893 Refactor JWT auth to not import app locally 2015-06-17 15:53:21 -04:00
Joseph Schorr
e7fa560787 Add support for custom fields in billing invoices 
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.

Fixes #106
 2015-06-12 16:45:01 -04:00
Jake Moshenko
79f1181a63 Switch build-scheduled to an official build phase. 2015-06-10 16:19:51 -04:00
Jake Moshenko
e09d84b3c8 Merge pull request #55 from coreos-inc/oauthdeny 
Fix OAuth redirect for denial action when generating for internal tokens
 2015-06-05 14:00:16 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system 
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
 2015-06-05 13:20:10 -04:00
Jake Moshenko
42da017d69 Merge pull request #48 from coreos-inc/nobots 
Change API calls that expect non-robots to explicitly filter
 2015-06-02 12:31:19 -04:00
Joseph Schorr
5516911de9 Fix OAuth redirect for denial action when generating for internal tokens 2015-06-02 12:25:59 -04:00
Joseph Schorr
2a56790d38 Switch to using a named LDAP tuple for more readable code 2015-06-01 14:02:05 -04:00