vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
6265 commits 2 branches 62 tags 205 MiB
Commit graph

1625 commits

Author SHA1 Message Date
Joseph Schorr
068301ef1f Add more debugging statements to V2 auth 
Also fixes a spurious return
 2016-01-20 18:06:46 -05:00
Joseph Schorr
22b8a562be Fix tutorial by properly publishing user events for V2 API 
Fixes #1123
 2016-01-20 13:42:30 -05:00
Jake Moshenko
5f10c3f7ed Merge pull request #1149 from jakedt/notsoswift 
Improve swift path computations
 2016-01-15 15:54:35 -05:00
Jake Moshenko
612098b645 Use the centrally initialized storage engine for verbs in master process 2016-01-15 15:35:04 -05:00
Jake Moshenko
3071152dd1 Fix the JWK to use base64 encoded bytes 2016-01-14 10:08:35 -05:00
Jimmy Zelinskie
de750defdb s/RSA256/RS256 2016-01-13 12:59:53 -05:00
Jimmy Zelinskie
bcdbf0301d add cache-control headers to /keys 2016-01-12 17:58:21 -05:00
Joseph Schorr
e4da61a05d Fix piece hash calculation 2016-01-12 17:44:19 -05:00
Jake Moshenko
8ab6c8a22d Fix torrent hash generation to work in mixed stacks 2016-01-11 16:43:46 -05:00
Jimmy Zelinskie
d21b4adc62 remove global for get_route_data 2016-01-08 16:43:15 -05:00
Jake Moshenko
1ae101c917 Address torrent feature review comments. 2016-01-08 16:38:21 -05:00
Jimmy Zelinskie
8a924aae4a move jwk set URI to /keys 2016-01-08 16:22:31 -05:00
Jimmy Zelinskie
559a55b1de add lru cache to _get_route_data() 2016-01-08 16:22:17 -05:00
Jake Moshenko
b9821290f6 Merge remote-tracking branch 'upstream/master' into torrent 2016-01-08 15:43:12 -05:00
Jake Moshenko
17d3b5e204 Fix a bug with torrent calculation on duplicate v2 uploads 2016-01-08 15:08:12 -05:00
josephschorr
269bd80f53 Merge pull request #1121 from coreos-inc/typofix2 
Fix typo
 2016-01-08 14:30:42 -05:00
Joseph Schorr
161475baaa Break circular dependencies introduced by importing common in verbs 2016-01-08 13:54:40 -05:00
Jimmy Zelinskie
087c6828ad add feature.BITTORRENT and jwk set URI 2016-01-07 19:07:23 -05:00
Jimmy Zelinskie
e8c0a8355f only check repo usage when billing enabled 2016-01-07 14:34:19 -05:00
Jimmy Zelinskie
a089b3c383 torrent: don't get user when public repo 2016-01-07 14:16:21 -05:00
Joseph Schorr
cd204d8940 Fix typo 2016-01-06 15:00:36 -05:00
Jake Moshenko
476ac8cec9 Add piece hashing to verbs generated image storages 2016-01-06 12:01:15 -05:00
Jake Moshenko
9e2b6a312a Fix typo in method name 2016-01-06 10:59:54 -05:00
Jake Moshenko
8f80d7064b Hash v1 uploads for torrent chunks 2016-01-05 14:43:40 -05:00
Jake Moshenko
44fcc7e44b Fix logic when deciding whether to hash for torrent 2016-01-05 12:13:26 -05:00
Jimmy Zelinskie
0f6c77caab s/repository/repo_name 2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
c780572e69 add public/private torrent swarms 2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
4cb06525a4 finish implementing torrent verb 2016-01-04 16:17:51 -05:00
Jake Moshenko
ce8fcbeaae Update the pieces to use base64 encoded binary 2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796 Hash and track layer file chunks for torrenting 2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
6f6c82a217 implement torrent verb 2016-01-04 16:16:40 -05:00
josephschorr
f748d4348d Merge pull request #1106 from coreos-inc/billingemail 
Add support for custom billing invoice email address
 2016-01-04 14:34:30 -05:00
josephschorr
0ca01e5ae4 Merge pull request #1105 from coreos-inc/qeversion 
Show version number next to copyright in QE
 2016-01-03 17:57:11 -05:00
Jimmy Zelinskie
a967340aad update format_date to handle December 2016-01-01 18:59:27 -05:00
josephschorr
28eb31ed36 Merge pull request #1102 from coreos-inc/deleteimagediff 
Delete the image diff feature
 2015-12-29 14:47:38 -05:00
josephschorr
6371f5e9be Merge pull request #1107 from coreos-inc/errorresponsetype 
Switch error messages to have content type JSON
 2015-12-29 12:26:35 -05:00
Joseph Schorr
31a8a0fba4 Better UX when recovering organization emails 
Fixes #291
 2015-12-28 15:25:31 -05:00
Joseph Schorr
2f3d77157b Switch error messages to have content type JSON 
Fixes #893
 2015-12-28 14:17:44 -05:00
Joseph Schorr
10efa96009 Add support for custom billing invoice email address 
Fixes #782
 2015-12-28 13:59:50 -05:00
Joseph Schorr
be61730224 Show version number next to copyright in QE 
Fixes #672
 2015-12-28 13:27:32 -05:00
Joseph Schorr
ab166c4448 Delete the image diff feature 
Fixes #1077
 2015-12-23 13:08:01 -05:00
Joseph Schorr
327258c83e Add namespace to be returned by docker search 
Fixes #956
 2015-12-17 16:38:06 -05:00
Jake Moshenko
3fda6696e5 Merge pull request #1069 from jakedt/trackhostname 
Trackhostname
 2015-12-16 14:08:55 -05:00
Jake Moshenko
d5bebe2149 Add the hostname to mixpanel requests. 2015-12-16 13:43:31 -05:00
Jake Moshenko
766d60493f Add the ability to blacklist v2 for specific versions 2015-12-15 18:27:10 -05:00
Joseph Schorr
ca7d36bf14 Handle empty scopes and always send the WWW-Authenticate header, as per spec 
Fixes #1045
 2015-12-15 14:59:47 -05:00
Joseph Schorr
ea9ebb98e6 Sample repo pulls in V2 
Fixes #1058
 2015-12-14 17:41:16 -05:00
Joseph Schorr
54095eb5cb Handle the common case of one chunk when calculating the uncompressed size 
Reference #992
 2015-12-14 15:27:48 -05:00
josephschorr
1323da20e3 Merge pull request #1050 from coreos-inc/v2betterlogging 
Make our JWT subjects better and log using the info
 2015-12-14 15:24:39 -05:00
Silas Sewell
881fd53714 Merge pull request #1056 from coreos-inc/dont-hide-ioerror 
Handle IOErrors in v2 uploads
 2015-12-14 14:46:46 -05:00
Joseph Schorr
4a4eee5e05 Make our JWT subjects better and log using the info 
Fixes #1039
 2015-12-14 14:00:33 -05:00
Silas Sewell
2dcc1f13a6 Handle IOErrors in v2 uploads 2015-12-14 11:58:24 -05:00
Joseph Schorr
d963f7174a Change manifest delete to mark tag as dead and log 2015-12-10 15:45:53 -05:00
Jake Moshenko
9f13bb8960 Fix the overlap condition on resumed uploads 2015-12-10 13:14:11 -05:00
josephschorr
37dec895ce Merge pull request #987 from coreos-inc/multimanifest 
Make manifest generation safe for multiple callers
 2015-12-08 14:12:39 -05:00
josephschorr
6c897a7c22 Merge pull request #1035 from coreos-inc/closeforlong 
Close for long operation before we upload chunks
 2015-12-07 14:22:29 -05:00
Joseph Schorr
bcd7f45905 Close for long operation before we upload chunks 2015-12-07 14:11:56 -05:00
Joseph Schorr
b8bd92a64f Handle 404s on blob uploads 
Fixes #1033
 2015-12-07 12:30:28 -05:00
Joseph Schorr
ee0eb80c8f Fix blob content types 
Fixes #990
 2015-12-04 16:13:58 -05:00
josephschorr
32fae5533c Merge pull request #1022 from coreos-inc/manifestexc 
Only write exceptions for manifest gen when a tag exists
 2015-12-04 14:32:06 -05:00
Silas Sewell
d28768f792 Make eventConfig required in create notification 2015-12-03 18:28:07 -05:00
Joseph Schorr
c324ebd7f6 Only write exceptions for manifest gen when a tag exists 
Fixes #1019

Currently, we just raise an exception to the logs regardless, which can make it appear as if there is an issue (when there isn't).
 2015-12-03 16:04:17 -05:00
Silas Sewell
8781cf6e11 Increase nginx proxy timeout and close db before storage operation 2015-12-03 11:19:39 -05:00
Silas Sewell
664a2951cc Don't send content-length when redirecting v2 blob 
Fixes #1012
 2015-12-02 21:28:11 -05:00
Quentin Machu
8a539c4bc1 Fix security notification perform condition 
As defined in util/secscan/api.py, Critical < High < Medium < Low < Negligible < Unknown. We have to send the notification if the expected level is higher than the vulnerability level, not the opposite.
 2015-11-30 13:54:34 -05:00
josephschorr
dc1f6c2d87 Merge pull request #974 from coreos-inc/derivedfix 
Derived image fixes
 2015-11-25 11:57:16 -05:00
Joseph Schorr
6ed705be15 Make manifest generation safe for multiple callers 
Fixes #985
 2015-11-24 18:38:29 -05:00
josephschorr
0dbd19a236 Merge pull request #976 from coreos-inc/incidentaltests 
Add login tests and fix scope security issue
 2015-11-24 13:42:06 -05:00
Joseph Schorr
75a91f0f92 Add login tests and fix scope security issue 2015-11-24 13:39:16 -05:00
Joseph Schorr
762cd56e64 Change derived storage to be based on image 
Fixes #971
 2015-11-24 12:44:07 -05:00
josephschorr
1eb019cd16 Merge pull request #970 from coreos-inc/disableverbcaching 
Disable derived image storage entirely until we fix it to be by image…
 2015-11-23 23:56:51 -05:00
Joseph Schorr
5d3aa2a2b9 Disable derived image storage entirely until we fix it to be by image, not storage 2015-11-23 23:49:46 -05:00
Joseph Schorr
a0e597f957 Send Docker-Content-Digest headers on GET requests 
Fixes #955
 2015-11-23 13:56:34 -05:00
Joseph Schorr
5c8eea2728 Log when pulls occur in V2 
Fixes #958
 2015-11-20 21:30:03 -05:00
Jake Moshenko
0c44949017 Return a 401 when doing a login with bad credentials 2015-11-20 18:37:52 -05:00
Joseph Schorr
b49435bfee Fix track_and_log for grant-ed users 2015-11-19 17:41:27 -05:00
Jake Moshenko
b564492ea7 Improve the performance of fetching manifest blobs by checksum. 2015-11-19 11:01:47 -05:00
Jake Moshenko
e01f5ce06e Re-enable squashed caching 2015-11-18 22:05:07 -05:00
Jake Moshenko
39d799b1aa Fix anonymous repository pulls 2015-11-18 20:11:06 -05:00
Jake Moshenko
c27f91f7cf Fix token pushes for v2 auth, tokens have no user 2015-11-18 19:18:12 -05:00
Matt Jibson
f02bb3caee Add user admin scope 
Also remove unused scope decorator.

fixes #890
 2015-11-18 12:01:40 -05:00
Silas Sewell
f3dafd50e4 Fix squash pull after v2 merge 2015-11-17 18:25:43 -05:00
Jake Moshenko
7205bf5e7f Merge pull request #885 from jakedt/python-registry-v2 
Python registry v2 mega merge
 2015-11-16 16:15:40 -05:00
Matt Jibson
d5fb8cafd4 Don't expose unnamed API operations 
fixes #861
 2015-11-16 15:40:33 -05:00
Jake Moshenko
4cc619f4ca Clean up v2 branch to no longer warn about readiness 2015-11-16 14:42:43 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Jake Moshenko
52125bbfed Fix gc by using the v1/v2 storage location helper everywhere 2015-11-16 14:13:37 -05:00
Joseph Schorr
32a799a067 Remove code that adds images to the image diff queue 2015-11-13 12:42:43 -05:00
Joseph Schorr
db1fae4cfc Fix security scan endpoint status 2015-11-13 01:06:18 -05:00
Joseph Schorr
b7206a8cfc Remove file added accidentally by merge 2015-11-12 22:03:13 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Joseph Schorr
3b3f101ea6 Vulnerability UI part 2 
Fixes #860
Fixes #855
 2015-11-12 16:59:36 -05:00
Jake Moshenko
44d06b0c2e Fix v1 backward compatibility 2015-11-12 16:22:19 -05:00
Joseph Schorr
76ce63895f New Quay Sec UI and fix some small bugs 
Fixes #855
 2015-11-11 18:15:58 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00
Jake Moshenko
a1ccd860e7 Merge pull request #823 from coreos-inc/phase3-11-07-2015 
Phase3 11 07 2015
 2015-11-11 14:22:19 -05:00
Joseph Schorr
ca7d736db2 Only send vulnerability events if the minimum priority is gte to that specified 
Fixes #770
 2015-11-10 16:05:55 -05:00
Joseph Schorr
888ec17538 Recover by email needs to allow anon access to its endpoints 2015-11-10 15:41:19 -05:00
Jimmy Zelinskie
8e2868737b rename secscan_endpoint and move db close to API 2015-11-10 15:22:31 -05:00
Jimmy Zelinskie
d651ea4b48 initial security notification worker 2015-11-10 15:22:30 -05:00
Silas Sewell
e826b14ca4 Merge pull request #725 from coreos-inc/setup-tool-georeplication 
superuser: add storage replication config
 2015-11-09 17:43:38 -05:00
Silas Sewell
5000b1621c superuser: add storage replication config 2015-11-09 17:34:22 -05:00
Joseph Schorr
a69c9e12fd Update quay sec code to fix problems identified in previous review 
- Change get_repository_images_recursive to operate over a single docker image and storage uuid
- Move endpoints/sec to endpoints/secscan
- Change notification system to work with new Quay-sec format

Fixes #768
 2015-11-09 17:14:35 -05:00
Quentin Machu
16c364a90c Rename secscan_endpoint where required, fix index and indentation 2015-11-09 15:18:42 -05:00
Matt Jibson
5d9999d1f7 Merge pull request #791 from mjibson/clear-repo-notifications 
Remove error notification when user deletes repos
 2015-11-09 14:46:51 -05:00
Joseph Schorr
02e2bef943 Fix hardcoded priority 2015-11-09 12:51:05 -05:00
Joseph Schorr
b408cfd2cc Ready for demo 2015-11-09 12:51:05 -05:00
Joseph Schorr
407eaae137 WIP: Towards sec demo 2015-11-09 12:50:39 -05:00
Joseph Schorr
fb3d0fa27d Add a SecEndpoint class and move all the cert and config handling in there 2015-11-09 12:49:19 -05:00
Joseph Schorr
87c56d1caa Add vulnerabilities and packages API to Quay 
Fixes #564
 2015-11-09 12:49:19 -05:00
Jake Moshenko
7efa6265bf Merge branch 'newchanges' into python-registry-v2 2015-11-06 18:24:32 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00
Jake Moshenko
4314882fa0 Reverse the order of get_parent_images 2015-11-06 17:47:08 -05:00
Jake Moshenko
ad93425ead Stop writing to v1 checksum on ImageStorage 2015-11-06 16:40:04 -05:00
Jake Moshenko
75f917f592 Stop reading the v1 checksums from storage 2015-11-06 16:17:12 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0 Add vulnerabilities and packages API to Quay 
Fixes #564
 2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea Add a vulnerability_found event for notice when we detect a vuln 
Fixes #637

Note: This PR does *not* actually raise the event; it merely adds support for it
 2015-11-06 15:22:18 -05:00
Jake Moshenko
3d0bcbaaeb Move v1 checksums to image and track v2 separately 2015-11-06 15:17:55 -05:00
Matt Jibson
f4b57eff96 Set and use ETag headers 
Also set no-cache exactly as github recommends. The removed @no_cache
decorater used "Cache-Control:no-cache, no-store, must-revalidate", but
just no-cache should be sufficient, and should certainly work correctly
with github.

See: https://github.com/github/markup/issues/224#issuecomment-48532178

fixes #712
 2015-11-06 12:15:15 -05:00
Quentin Machu
da1fe7d48b Merge pull request #790 from Quentin-M/set4O4 
Define nginx v2 vhost & properly set 404 status code
 2015-11-04 16:32:11 -05:00
josephschorr
11be448d75 Merge pull request #773 from coreos-inc/imageload 
Never load the full repo image list
 2015-11-04 16:29:20 -05:00
Matt Jibson
4d81567a0c Remove error notification when user deletes repos 
Also prevent duplicate notifications of that type.

fixes #493
 2015-11-04 16:11:15 -05:00
Joseph Schorr
4f41f79fa8 Never load the full repo image list 
Always make smaller queries per tag to ensure we scale better

Fixes #754
 2015-11-04 15:53:00 -05:00
Quentin Machu
c1fa22d9b0 Define nginx v2 vhost & properly set 404 status code 
Fixes #777
 2015-11-04 14:56:18 -05:00
josephschorr
c3a4c36df7 Merge pull request #761 from coreos-inc/fixtoomanylogin 
Move decorator for TooManyLoginAttempts into general decorated module
 2015-11-04 12:29:01 -05:00
Joseph Schorr
d4646e459e Disable 404, as it is breaking V2 API checks 2015-11-04 02:47:33 -05:00
Joseph Schorr
95c47fe250 Fix layer ordering in verbs 2015-11-03 14:43:47 -05:00
Joseph Schorr
5e1cd2b2ad Move decorator for TooManyLoginAttempts into general decorated module 
Currently, this is missing in gunicorn_registry which causes 500s when user logins become throttled
 2015-11-03 12:16:01 -05:00
Joseph Schorr
f6a53f7cc5 Change all Quay.io references to Quay, fix tour and change logo 
Fixes #741
 2015-11-02 14:37:48 -05:00
josephschorr
4ae940aede Merge pull request #660 from coreos-inc/superuser 
Superuser Panel Improvements
 2015-10-30 14:32:16 -04:00
Quentin Machu
3f35265858 Merge pull request #683 from Quentin-M/whoops-404 
Add 404 page
 2015-10-30 14:30:20 -04:00
Jake Moshenko
1666ac50fe Filter down the signing key to only public portion 2015-10-26 16:40:19 -04:00
Jake Moshenko
2c10d28afc Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-10-26 14:44:16 -04:00
Jake Moshenko
fc55730db8 Add a feature flag to advertise v2 endpoints 2015-10-26 14:20:51 -04:00
Jake Moshenko
9da64f3aba Stop writing to deprecated columns for image data. 2015-10-24 14:45:15 -04:00
Joseph Schorr
7bac042954 Fix verbs for merged changes to image and image storage 
Fixes #698
 2015-10-23 15:49:31 -04:00
Jimmy Zelinskie
e973289397 Revert "Revert "Merge pull request #682 from jzelinskie/revertrevert"" 
This reverts commit 278bc736e3.
 2015-10-23 15:26:33 -04:00
Jake Moshenko
e7a6176594 Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2 2015-10-22 16:59:28 -04:00
Jimmy Zelinskie
278bc736e3 Revert "Merge pull request #682 from jzelinskie/revertrevert" 
This reverts commit 627ad25c9c, reversing
changes made to 31c392fecc.
 2015-10-22 16:02:07 -04:00
Jake Moshenko
ce94931540 Stop writing to deprecated columns for image data. 2015-10-22 12:14:39 -04:00
Quentin Machu
adb744089e Add 404 page 
Fixes coreos-inc/quay#677
 2015-10-21 18:40:15 -04:00
josephschorr
5dae970787 Merge pull request #681 from coreos-inc/userorg 
Return user orgs when making a call via OAuth
 2015-10-21 16:41:43 -04:00
Joseph Schorr
5d8121e060 Return user orgs when making a call via OAuth 
Fixes #673
 2015-10-21 16:40:31 -04:00
Jimmy Zelinskie
39cfe77d42 Revert "Merge pull request #557 from coreos-inc/revert-migration" 
This reverts commit c4f938898a, reversing
changes made to 7ad2522dbe.
 2015-10-21 15:29:57 -04:00
Joseph Schorr
147b7b26b4 Fix is_public in repo list 
Fixes #678
 2015-10-21 14:13:39 -04:00
Matt Jibson
b4554f4d14 Verify signed manifests 
fixes #394
 2015-10-20 02:08:45 -04:00
Joseph Schorr
5941f3937c Enable async GC for all 
Fixes #569
 2015-10-19 14:22:41 -04:00
Joseph Schorr
d464af4cce Add ability to update superusers via the UI 
Fixes #634
 2015-10-16 15:41:18 -04:00
Joseph Schorr
a37b9394d9 Add org email address to orgs list 2015-10-16 15:17:51 -04:00
Joseph Schorr
ad5beab3ef Disable superuser functions around users when not using DB auth 2015-10-16 15:14:49 -04:00
josephschorr
d3857e509f Merge pull request #643 from coreos-inc/nullimage 
Check and handle NULL image_size
 2015-10-15 13:26:13 -04:00
Joseph Schorr
fe79d5fb66 Check and handle NULL image_size 
Fixes #613
 2015-10-15 13:25:54 -04:00
josephschorr
24b54f1e34 Merge pull request #615 from coreos-inc/queriesunite 
Unionize the mega query - It needed more performance-based benefits
 2015-10-15 13:17:01 -04:00
Joseph Schorr
c9daf7d8a9 Add additional tests for repo visibility and further simplify the query for perf 2015-10-15 12:12:57 -04:00
Jimmy Zelinskie
7c1547221d raise a 520 for any GitLab timeouts 2015-10-13 17:34:08 -04:00
Jimmy Zelinskie
9818481b08 limit logs to a maximum number of pages 2015-10-06 14:13:23 -04:00
josephschorr
3e7a95407b Merge pull request #598 from coreos-inc/limitbadquery 
Prevent unlimited insane query from running and fix tests
 2015-10-05 21:29:35 -04:00
Silas Sewell
c6da322ec1 Merge pull request #597 from coreos-inc/tag-validation 
Update tag validation
 2015-10-05 21:10:55 -04:00
Silas Sewell
dd3d939b31 Update tag validation 
Fixes #536
 2015-10-05 19:32:10 -04:00
Joseph Schorr
dd804816ba Prevent unlimited insane query from running and fix tests 
Fixes #591
 2015-10-05 17:11:49 -04:00
Joseph Schorr
8ca92d6828 Remove old search API and switch V1 search to use the new search system 2015-10-05 14:36:43 -04:00
Joseph Schorr
f393236c9f Add repo name check to V2 
Fixes #592
 2015-10-05 14:19:52 -04:00
Joseph Schorr
d0dc8fe45d Add endpoint security tests for the V2 endpoints 
Fixes #581
 2015-10-02 14:01:12 -04:00
Joseph Schorr
35c35d9913 Load images and storage references in bulk during V1 synthesize 
Currently, we perform multiple queries for each layer, making it much slower (especially cross-region)

Fixes #413
 2015-09-29 17:53:39 -04:00
Joseph Schorr
f44ca79391 Add _catalog endpoint as specified by V2 API 
Fixes #391
 2015-09-29 16:02:19 -04:00
Joseph Schorr
decdaa4c79 New tests and small fixes while comparing against the V2 spec 
Fixes #391
 2015-09-29 15:18:48 -04:00
Silas Sewell
9000169b53 Revert "Merge pull request #491 from jakedt/migratebackp2" 
This reverts commit 7ad2522dbe, reversing
changes made to a0b191ffa1.
 2015-09-28 16:09:22 -04:00
Joseph Schorr
2e694dd3f0 Move Docker V2 key to be loaded from file or generated on server load 
Fixes #394
 2015-09-28 15:43:51 -04:00
Joseph Schorr
09f8ad695b Fix resumable upload support and add another test 2015-09-28 12:17:17 -04:00
josephschorr
7ad2522dbe Merge pull request #491 from jakedt/migratebackp2 
Migrate image data back phase 2
 2015-09-26 15:11:46 -04:00
Joseph Schorr
4dc30d6321 Remove yaml and switch to JSON because yaml is so slow 2015-09-24 16:17:42 -04:00
Joseph Schorr
a283c8d8ec Add a check to ensure repository names are valid according to an extended set of rules. 
Fixes #534
 2015-09-24 11:55:08 -04:00
Joseph Schorr
49b575afb6 Start refactoring of the trigger system: 
- Move each trigger handler into its own file
- Add dictionary helper classes for easier reading and writing of dict-based data
- Extract the web hook payload -> internal representation building for each trigger system
- Add tests for this transformation
- Remove support for Github archived-based building
 2015-09-21 16:36:48 -04:00
Jake Moshenko
26cea9a07c Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-17 16:16:27 -04:00
Jake Moshenko
8baacd2741 Migrate old data to new locations, read only new. 2015-09-17 15:47:13 -04:00
josephschorr
c801965626 Merge pull request #492 from coreos-inc/nofreelunch 
UI and API fixes for disallowing private repo count abuse
 2015-09-16 17:53:11 -04:00
Silas Sewell
a8183ed87b Sample pull_repo events 2015-09-15 18:41:48 -04:00
Joseph Schorr
fbfe7fdb54 Make change repo visibility and create repo raise a 402 when applicable 
We now check the user or org's subscription plan and raise a 402 if the user attempts to create/make a repo private over their limit
 2015-09-15 14:33:35 -04:00
Jake Moshenko
b56de3355c Migrate data back to Image in preparation for v2 2015-09-15 11:53:31 -04:00
Jake Moshenko
9c3ddf846f Some fixes and tests for v2 auth 
Fixes #395
 2015-09-10 15:38:57 -04:00
Joseph Schorr
fd3a21fba9 Add Kubernetes configuration provider which writes config to a secret 
Fixes #145
 2015-09-10 12:19:59 -04:00
Joseph Schorr
88a04441de Extract the config provider into its own sub-module 2015-09-10 12:19:59 -04:00
josephschorr
edef283697 Merge pull request #447 from coreos-inc/ronon 
Add support for Dex to Quay
 2015-09-10 11:42:01 -04:00
Jimmy Zelinskie
d55ab78fbe fix pagination of tags in API 
Fixes #461.
 2015-09-09 15:52:21 -04:00
Joseph Schorr
c0286d1ac3 Add support for Dex to Quay 
Fixes #306

- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
 2015-09-04 17:05:06 -04:00
Joseph Schorr
48cf33a8c1 Add missing superuser aggregate logs endpoint 
Reference: d47d28ea4e/Screen-Shot-2015-09-04-at-11-04-41.png
 2015-09-04 16:48:32 -04:00
Jake Moshenko
210ed7cf02 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-04 16:32:01 -04:00
Jake Moshenko
8269d4ac90 Checkpoint implementing PATCH according to Docker 2015-09-03 16:26:02 -04:00
Joseph Schorr
42dba8655c Fix auth and add V2 tests! 2015-09-03 12:21:21 -04:00
Matt Jibson
a821ad2b01 Return an error on failed S3 uploads 
The previous change to this file didn't raise the error up to stream_write,
and so the complete_upload function still ran because the loop was only
broken. It errored because the data was already canceled. This is better
than what we had before, which was to silently fail but report success
(even internally to ourselves!) on bad image upload.

This means we discovered a bug where a user could have failed during image
upload, but quay would write that image to the repository, potentially
writing broken images to S3.
 2015-09-01 15:53:32 -04:00
josephschorr
62ea4a6cf4 Merge pull request #191 from coreos-inc/carmen 
Add automatic storage replication
 2015-09-01 15:04:36 -04:00
Joseph Schorr
724b1607d7 Add automatic storage replication 
Adds a worker to automatically replicate data between storages and update the database accordingly
 2015-09-01 14:53:32 -04:00
Joseph Schorr
51c507d02d Add back the ability to retrieve information for an org member directly 
Fixes #427
 2015-08-31 16:45:24 -04:00
Jake Moshenko
398202e6fc Implement some new methods on the storage engines. 2015-08-27 11:29:19 -04:00
josephschorr
4fa37a46d1 Merge pull request #408 from coreos-inc/python-registry-v2-notfun 
Change to return a proper manifest URL
 2015-08-26 16:17:25 -04:00
josephschorr
9d1296da38 Merge pull request #407 from coreos-inc/python-registry-v2-pushevent 
Spawn the repo_push event in V2
 2015-08-26 16:13:02 -04:00
Joseph Schorr
9842857b89 Change to return a proper manifest URL 2015-08-26 14:14:59 -04:00
Joseph Schorr
aa90caa97e Spawn the repo_push event in V2 
Fixes #403
 2015-08-25 16:02:21 -04:00
Joseph Schorr
84458811d5 Rename wrap_with_hash to a more generic wrap_with_handler 2015-08-25 15:53:13 -04:00
Joseph Schorr
767be0798f Fix V1 tests due to a typo 
Fixes #397
 2015-08-25 14:31:25 -04:00
Joseph Schorr
31fdb94436 Enable rate limiting of V2 requests 2015-08-25 14:18:34 -04:00
Joseph Schorr
f2252f0726 Add a temporary multiplier for the Docker size -> uncompressed size 2015-08-25 13:49:36 -04:00
Joseph Schorr
1450b7e84c Fix verbs support in V2 2015-08-24 12:05:09 -04:00
Joseph Schorr
cf030e2a98 Save the compressed image size on blob upload completion 2015-08-24 12:05:09 -04:00
Joseph Schorr
d246e68e68 Move shared V1/V2 code into common methods and fix verbs 2015-08-24 12:05:09 -04:00
Joseph Schorr
0e93dbb832 Fix image API for V2 images 2015-08-24 12:05:09 -04:00
Jake Moshenko
b998eca8e5 Fix the tests for registry v2 changes. 2015-08-24 11:59:12 -04:00
josephschorr
b8bfed915d Merge pull request #382 from coreos-inc/manytags 
Limit the number of branches and tags loaded to 30
 2015-08-21 14:36:43 -04:00
Joseph Schorr
b6502d9302 Limit the number of branches and tags loaded to 30 
Fixes #380
 2015-08-21 14:07:20 -04:00
Matt Jibson
2ea784cd6d Send SSL client certs on webhook notifications 
This allows clients that provide a HTTPS webook endpoint a way to verify
that the source of the notification came from quay.io. Needed for the
kubernetes auto deployer so it can verify the request. And apparently
others have also wanted this.
 2015-08-19 13:53:34 -04:00
Joseph Schorr
dead054b43 Fix image API for V2 images 2015-08-19 13:35:47 -04:00
Jimmy Zelinskie
523dc912f7 Merge pull request #372 from coreos-inc/notifyui 
Better notifications UI
 2015-08-17 17:13:24 -04:00
Jimmy Zelinskie
239f76d39f Merge pull request #368 from coreos-inc/buildarchive 
Allow builds to be started with an external archive URL
 2015-08-17 17:09:14 -04:00
Joseph Schorr
84276ee945 Better notifications UI 
Fixes #369
 2015-08-17 17:08:58 -04:00
Joseph Schorr
f092c00621 Allow builds to be started with an external archive URL 
Fixes #114
 2015-08-17 17:01:49 -04:00
Jake Moshenko
2fd1d5969e Merge pull request #351 from mjibson/more-metrics 
More metrics
 2015-08-17 13:09:08 -04:00
Joseph Schorr
bc4e07343e Fix PATCH semantics due to recent API changes 2015-08-13 15:35:37 -04:00
Joseph Schorr
f50ea3329a Fix URL scheme on the authenticate header 2015-08-13 14:44:42 -04:00
Joseph Schorr
17d3bed835 Fix small NPE in BB trigger code 2015-08-13 12:28:48 -04:00
Jake Moshenko
e1b3e9e6ae Another huge batch of registry v2 changes 
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
 2015-08-12 16:41:12 -04:00
Matt Jibson
b483209862 Wrap API and registry requests with common metric timings 
Record response times, codes, and rollup non-2XX responses.
 2015-08-12 12:16:00 -04:00
Joseph Schorr
09bb98f161 Really fix the build trigger schema and add a test for it 2015-08-11 17:17:18 -04:00
Jimmy Zelinskie
7d6c6ba8e8 Merge pull request #316 from jzelinskie/read-tags 
tag history requires READ instead of WRITE
 2015-08-07 13:26:04 -04:00
Joseph Schorr
7ea4c7d17e Add missing JSON schema for 'refs' and 'branch_name' 
Fixes #325
 2015-08-07 13:01:49 -04:00
Joseph Schorr
aab8866345 Fix accidental rename of key 2015-08-06 13:21:52 -04:00
Joseph Schorr
ea25538646 MySQL and Postgres complain about the group by, so calculate dates ourselves 2015-08-06 12:52:55 -04:00
Joseph Schorr
d34afde954 Fix logs view and API 
- We needed to use an engine-agnostic way to extract the days
- Joining with the LogEntryKind table has *horrible* performance in MySQL, so do it ourselves
- Limit to 50 logs per page
 2015-08-05 17:47:03 -04:00
Jimmy Zelinskie
411d4e7abb tag history requires READ instead of WRITE 
Fixes #315.
 2015-08-05 17:09:34 -04:00
Jake Moshenko
65f982577d Merge pull request #289 from coreos-inc/swaggerfix 
Fix swagger errors
 2015-08-04 10:23:05 -04:00
Jimmy Zelinskie
b5b6076b4a Merge pull request #303 from coreos-inc/docsearch 
Add documentation search to the main search bar
 2015-08-03 17:19:48 -04:00
Joseph Schorr
8a8955d234 Add documentation search to the main search bar 2015-08-03 17:15:53 -04:00
josephschorr
f772bd0c9e Merge pull request #300 from coreos-inc/toomanyutils 
Refactor the util directory to use subpackages.
 2015-08-03 16:18:55 -04:00
Jake Moshenko
18100be481 Refactor the util directory to use subpackages. 2015-08-03 16:04:19 -04:00
Jimmy Zelinskie
8e6a0fbbee Merge pull request #294 from coreos-inc/logsload 
Switch to using an aggregated logs query and infinite scrolling
 2015-08-03 14:52:04 -04:00
Joseph Schorr
5c1d195a19 Fix swagger errors 
Fixes #287
 2015-08-03 14:10:15 -04:00
Joseph Schorr
3d6c92901c Switch to using an aggregated logs query and infinite scrolling 
This should allow users to work with large logs set.

Fixes #294
 2015-07-31 16:38:02 -04:00
Joseph Schorr
4160b720f9 UI and API improvements for working with large repositories 
- Change the tag check bar to only select the current page (by default), but allow for selecting ALL tags
- Limit the number of tags compared in the visualization view to 10
- Fix the multiselect dropdown to limit itself to 10 items selected
- Remove saving the selected tags in the URL, as it is too slow and overloads the URLs in Chrome when there are 1000+ tags selected
- Change the images API to not return locations: By skipping the extra join and looping, it made the /images API call 10x faster (in hand tests)

Fixes #292
Fixes #293
 2015-07-31 16:31:29 -04:00
Joseph Schorr
a916177c16 Fix broken imports 2015-07-29 18:28:58 -04:00
Joseph Schorr
572d6ba53c Fix broken tests 2015-07-29 14:21:29 -04:00
Joseph Schorr
11c7994398 Fix 500 on logout 2015-07-28 15:47:04 -04:00
Joseph Schorr
80e2739b41 Manually load GHE org repos if none returned by default 
Fixes #276
 2015-07-28 14:01:22 -04:00
Joseph Schorr
5d243bb45f Fix potential NPE 2015-07-24 12:12:30 -04:00
Joseph Schorr
c3f269ee23 Add migration for BitBucket web hooks 
This needs to added only *after* we roll out #255
 2015-07-23 14:45:12 -04:00
Joseph Schorr
f6311b09fe Fix NPE in BitBucket V2 handling code 2015-07-23 14:06:35 -04:00
Jimmy Zelinskie
fee8bf8607 Merge pull request #255 from coreos-inc/betterbb 
Change to use the new BitBucket webhooks
 2015-07-23 13:36:07 -04:00
Joseph Schorr
3c6f13da56 Change to use the new BitBucket webhooks 
BitBucket has deprecated services (which will be removed in approx 6 months), and they don't even really work all that well anyway.

Fixes #251
 2015-07-23 12:09:17 -04:00
Jimmy Zelinskie
2c29dc048d Merge pull request #260 from coreos-inc/githubfix 
GitHub api now returns ALL the visible repositories for user
 2015-07-22 13:53:58 -04:00
Joseph Schorr
69ca34161c GitHub api now returns ALL the visible repositories for user 
Change the code to simply filter the single list returned, rather than reloading the org repos again
 2015-07-22 13:50:46 -04:00
Joseph Schorr
687bab1c05 Support invite codes for verification of email 
Also changes the system so we don't apply the invite until it is called explicitly from the frontend

Fixes #241
 2015-07-22 13:41:27 -04:00
Jake Moshenko
5d86fa80e7 Merge pull request #197 from coreos-inc/keystone 
Add Keystone Auth
 2015-07-22 13:38:47 -04:00
Joseph Schorr
38a6b3621c Automatically link the superuser account to federated service for auth 
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
 2015-07-22 13:37:23 -04:00
Joseph Schorr
a0c4e72f13 Clean up the repository list API and loads stars with it 
We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified)
 2015-07-22 13:05:02 -04:00
Joseph Schorr
a397bb7af6 Update to new-style format 2015-07-21 15:39:23 -04:00
Joseph Schorr
60b05a0493 Fix string concats 
Issue found here: https://app.getsentry.com/quayio/production/group/72831901/
 2015-07-21 15:04:50 -04:00
Joseph Schorr
5f2729f41f Fix logic bug in param check 2015-07-20 17:04:06 -04:00
Jake Moshenko
679044574a Merge pull request #231 from coreos-inc/smallfix 
Small API fixes
 2015-07-20 13:45:24 -04:00
Joseph Schorr
33b54218cc Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass 2015-07-20 11:39:59 -04:00
Jake Moshenko
f2508fb48a Have the auth realm url computed based on the request url. 2015-07-17 11:56:15 -04:00
Jake Moshenko
bc29561f8f Fix and templatize the logic for external JWT AuthN and registry v2 Auth. 
Make it explicit that the registry-v2 stuff is not ready for prime time.
 2015-07-17 11:56:15 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Jake Moshenko
bea8b9ac53 More changes for registry-v2 in python. 
Implement the minimal changes to the local filesystem storage driver and feed them through the distributed storage driver.
Create a digest package which contains digest_tools and checksums.
Fix the tests to use the new v1 endpoint locations.
Fix repository.delete_instance to properly filter the generated queries to avoid most subquery deletes, but still generate them when not explicitly filtered.
 2015-07-17 11:50:41 -04:00
Jake Moshenko
acbcc2e206 Start of a v2 API. 2015-07-17 11:50:41 -04:00
Joseph Schorr
7a548ea101 Fix queries for repository list popularity and action count 
Before this change, we used extremely inefficient outer joins as part of a single query of lookup, which was spiking our CPU usage to nearly 100% on the query. We now issue two separate queries for popularity and action account, by doing a lookup of the previously found IDs. Interestingly enough, because of the way the queries are now written, MySQL can actually do both queries *directly from the indicies*, which means they each occur in approx 20ms!

Verified by local tests, postgres tests, and testing on staging with monitoring of our CPU usage during lookup
 2015-07-17 00:08:27 +03:00
Jake Moshenko
c64e490059 Merge pull request #136 from coreos-inc/syslogviewfix 
Fix logs view in superuser panel
 2015-07-15 18:22:23 -04:00
Jake Moshenko
f5ee7a6697 Make the scopes dynamic based on app config. 2015-07-15 18:13:15 -04:00
Joseph Schorr
f6a9afce90 Change abort to NotFound so it is properly formatted into JSON 2015-07-14 11:34:45 +03:00
Joseph Schorr
e04c22867c Switch logs to use a single comprehension 2015-07-13 12:45:08 +03:00
Joseph Schorr
3a59c99b08 Add a secondary tab to Teams for managing org members 
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click

Fixes #212
 2015-07-02 17:06:36 +03:00
josephschorr
cb238f8764 Merge pull request #207 from coreos-inc/squashperm 
Have the fetch tag dialog show a warning for robot accounts without access
 2015-07-02 10:23:14 +03:00
Jake Moshenko
ba067048d8 Merge pull request #203 from coreos-inc/encpass 
Add encrypted password output in the superuser API
 2015-07-01 12:40:05 -04:00
Joseph Schorr
b535e222b8 Have the fetch tag dialog show a warning for robot accounts without access 
Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.
 2015-07-01 19:37:52 +03:00
Joseph Schorr
b91b60e83d Add encrypted password output in the superuser API 
When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along
 2015-07-01 19:29:42 +03:00
Joseph Schorr
f06fed32b8 Fix build ID key on build queued event 2015-07-01 17:48:43 +03:00
josephschorr
7aeaf2344e Merge pull request #200 from coreos-inc/tagapilimit 
Add pagination support to tag history API
 2015-06-30 22:09:09 +03:00
Jake Moshenko
411ddceee0 Merge pull request #195 from coreos-inc/tidy 
Delete all the old UI code and branches for new UI
 2015-06-30 14:34:43 -04:00
Joseph Schorr
f7f10f4a6d Add pagination support to tag history API 
Fixes #198
 2015-06-30 19:44:43 +03:00
Joseph Schorr
87efcb9e3d Delegated superuser API access 
Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users.
 2015-06-30 11:08:26 +03:00
Joseph Schorr
81bb76d3df Fix spelling mistakes 2015-06-29 21:38:01 +03:00
Joseph Schorr
2b1bbcb579 Add a table view to the repos list page 
Fixes #104
 2015-06-29 21:12:53 +03:00
Jimmy Zelinskie
756d6784ca Merge pull request #192 from coreos-inc/sqlssl 
Allow SSL cert for the database to be configured
 2015-06-29 13:33:31 -04:00
Jake Moshenko
6e6b3c675f Merge pull request #28 from coreos-inc/swagger2 
Switch to Swagger v2
 2015-06-29 12:18:10 -04:00
Joseph Schorr
dc5af7496c Allow superusers to disable user accounts 2015-06-29 18:40:52 +03:00
Jimmy Zelinskie
442cbed087 Merge pull request #186 from coreos-inc/changelog 
Remove container usage tab and replace with changlog view
 2015-06-29 10:06:07 -04:00
Joseph Schorr
33039e9bc4 New layout cleanup: Remove second GH trigger path 2015-06-29 12:18:21 +03:00
Joseph Schorr
b8c74bbb17 Remove container usage tab and replace with changlog view 
Fixes #179
 2015-06-29 11:07:46 +03:00
Joseph Schorr
bb07d0965f Allow SSL cert for the database to be configured 
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
 2015-06-29 08:08:10 +03:00
Joseph Schorr
cd5cb4b767 NPE fix 2015-06-28 10:44:58 +03:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Jake Moshenko
ccebba8f51 Clean up headers and whitespace. 2015-06-23 17:10:03 -04:00
Joseph Schorr
9887c9c163 Remove ability to create Quay users from the Docker CLI 2015-06-22 17:12:05 -04:00
Jimmy Zelinskie
66450d4810 Merge pull request #152 from coreos-inc/branchtag 
Allow manual triggering of both branches and tags
 2015-06-22 15:37:03 -04:00
Joseph Schorr
ce6474c6b5 Robots API for users should not be internal-only 2015-06-22 15:14:10 -04:00
Joseph Schorr
3fb2a33ee7 Fix the API service to use the new Swagger description form 2015-06-22 15:13:26 -04:00
Joseph Schorr
143036be9c Allow manual triggering of both branches and tags 
Fixes #100
 2015-06-19 14:38:26 -04:00
Joseph Schorr
2c46665415 Optimize the generate_headers check to skip the permissions load when we don't need it 2015-06-19 14:02:51 -04:00
Joseph Schorr
ec22bc0662 Raise a proper deactivation exception on bad credentials 2015-06-19 13:05:42 -04:00
Jimmy Zelinskie
82287926ab Merge pull request #140 from coreos-inc/eventinfo 
Add more build information to the events and have better messaging
 2015-06-17 16:49:59 -04:00
Jake Moshenko
34c06b0932 Merge pull request #133 from coreos-inc/alembichealth 
Add health check endpoint to verify that the locally running DB revis…
 2015-06-17 15:04:19 -04:00
Joseph Schorr
fe70139daa Allow GitHub triggers to be removed if OAuth token is invalid 2015-06-17 13:25:01 -04:00
Joseph Schorr
9b974f6b80 Add more build information to the events and have better messaging 
Fixes #79
 2015-06-16 23:16:36 -04:00
Joseph Schorr
7b94e37c95 Clarify why we use features.BILLING as the feature flag on the route 2015-06-16 17:43:02 -04:00
Joseph Schorr
48ee4671a7 Some additional fixes when testing this branch 2015-06-16 15:46:58 -04:00
Joseph Schorr
91c829bd14 Merge branch 'master' into gitfix 2015-06-16 15:18:24 -04:00
Joseph Schorr
33b31a2451 Fix logs view in superuser panel 
This seems to have been broken ever since we moved to syslog
 2015-06-15 20:55:23 -04:00
Joseph Schorr
6e0dc1df08 Add health check endpoint to verify that the locally running DB revision matches that of the database 
Fixes #132
 2015-06-15 15:55:30 -04:00
Jake Moshenko
860c7faf61 Merge pull request #127 from coreos-inc/vatotax 
Add support for custom fields in billing invoices
 2015-06-12 16:51:46 -04:00
Joseph Schorr
e7fa560787 Add support for custom fields in billing invoices 
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.

Fixes #106
 2015-06-12 16:45:01 -04:00
Joseph Schorr
da120a1ef2 Handle the case where GH auth fails on a trigger request 
Fixes #124
 2015-06-12 16:34:13 -04:00
Joseph Schorr
88aa5a0830 Switch BitBucket code to always use the latest commit 
Before this change, we'd use the first commit, which could be incorrect if there are multiple commits in a single push

Fixes #99
 2015-06-11 14:12:01 -04:00
Joseph Schorr
44f49a43dd Fix creation of repositories when having a creator permission 
This fixes the grants on a user's session when creating a repository with only the creator permission

Fixes #117
 2015-06-10 16:12:42 -04:00
Jake Moshenko
e09d84b3c8 Merge pull request #55 from coreos-inc/oauthdeny 
Fix OAuth redirect for denial action when generating for internal tokens
 2015-06-05 14:00:16 -04:00
Jake Moshenko
2a2414d6af Merge pull request #60 from coreos-inc/jwtauthentication 
Add support for an external JWT-based authentication system
 2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system 
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
 2015-06-05 13:20:10 -04:00
josephschorr
63f289a8cb Merge pull request #59 from jzelinskie/custom-git-fix 
triggers: metadata.commit_sha -> metadata.commit
 2015-06-02 16:10:26 -04:00
Joseph Schorr
477a3fdcdc Add a test to verify that all important blueprints have all their methods decorated 
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
 2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0 triggers: metadata.commit_sha -> metadata.commit 
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
 2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031 Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository 
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
 2015-06-02 15:16:22 -04:00
Joseph Schorr
c0e995c1d4 Merge branch 'master' into nolurk 2015-06-02 13:55:16 -04:00
Jake Moshenko
42da017d69 Merge pull request #48 from coreos-inc/nobots 
Change API calls that expect non-robots to explicitly filter
 2015-06-02 12:31:19 -04:00
Joseph Schorr
5516911de9 Fix OAuth redirect for denial action when generating for internal tokens 2015-06-02 12:25:59 -04:00
Joseph Schorr
25ee46f5a2 Fix bitbucket triggers when the branch tag filter removes all branches 2015-06-01 15:35:59 -04:00
Joseph Schorr
fdd43e2490 Change API calls that expect non-robots to explicitly filter 
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
 2015-05-26 17:47:33 -04:00
Joseph Schorr
b3ea4ecaa2 Remove unneeded mime type set; jsonify does this for us 2015-05-26 17:30:10 -04:00
Joseph Schorr
9888c3ad9b Add an endpoint for downloading the logs of a build. 2015-05-26 17:24:18 -04:00
Joseph Schorr
ecabf086ea Add missing newline at end of decorators.py 2015-05-26 16:48:59 -04:00
Joseph Schorr
374d1d7e89 Fix case where the auth token was not written properly for BitBucket 2015-05-26 13:40:21 -04:00
Joseph Schorr
855f3a3e4d Have the verifyUser endpoint use the same confirm_existing_user method 
This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP
 2015-05-22 16:26:26 -04:00
Joseph Schorr
b0d763b5ff Fix encrypted password generator to use the LDAP username, not the Quay username. 
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
 2015-05-20 16:37:09 -04:00
Jimmy Zelinskie
7bed404302 Merge pull request #33 from coreos-inc/branchregex 
Add some more debug logging around bitbucket triggers and add some te…
 2015-05-20 14:22:33 -04:00
Joseph Schorr
eb773e40a2 Add some more debug logging around bitbucket triggers and add some tests to verify we properly handle trigger branch filters 2015-05-20 14:18:12 -04:00
Jimmy Zelinskie
fe3f0dc10b custom-git: accept commit SHAs 7+ chars in length 2015-05-20 12:53:43 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
2379af71f8 Parse the client secret properly 2015-05-18 15:01:37 -04:00
Joseph Schorr
fb8e718c44 Fix OAuth 2 handler to support retrieving parameters from other places; various OAuth client (such as the Go library) send the values in the request body or even the Auth header 2015-05-18 12:38:39 -04:00
Joseph Schorr
0bc1c29dff Switch the Python side to Swagger v2 2015-05-14 16:47:38 -04:00
Joseph Schorr
28bd9af4ff Fix tutorial 2015-05-13 14:55:39 -04:00
Joseph Schorr
0e86fc80ca Fix bitbucket trigger to use the specified branch name before the default branch 2015-05-13 13:55:44 -04:00
Joseph Schorr
3e1abba284 Add ability for super users to rename and delete organizations 2015-05-11 18:03:25 -04:00
Joseph Schorr
1c41d34b7c Add ability for superusers to change user emails 2015-05-11 14:38:10 -04:00
Joseph Schorr
de6267700e Fix bugs with the custom git trigger and make error reporting better 2015-05-10 13:38:47 -04:00
Joseph Schorr
f858caf6cd Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 16:43:07 -04:00
Joseph Schorr
c767aafcd6 Make the repository API faster by only checking the log entries table once for each kind of entry, rather than twice. We make use of a special subquery-like syntax, which allows us to count those entries that are both 30 days only and 1 day old in the same query. This was tested successfully on MySQL, Postgres and Sqlite. 2015-05-07 22:49:11 -04:00
Joseph Schorr
3627de103c Minimize the queries used when retrieve builds. Previously, we'd call out to SQL extra times per build. 2015-05-07 21:11:15 -04:00
Joseph Schorr
8eb9c376cd Add constructors for the QuayDeferredPermissionUser so that we can avoid extraneous DB lookups of the user whenever we already have the object 2015-05-07 15:04:12 -04:00
Joseph Schorr
a46d367276 Remove unneeded repo filter 2015-05-06 20:55:17 -04:00
Joseph Schorr
e647d91e8b Switch the repos page to use a single API call, rather than one per namespace + one for star repos 2015-05-06 19:15:03 -04:00
Joseph Schorr
2d83e5c7e7 Change to using the SSH url; git urls cannot be used with private repos on GitHub 2015-05-06 12:23:46 -07:00
Joseph Schorr
65d0332176 Skip bitbucket trigger if there is no commit branch and no commit tag 2015-05-05 09:40:23 -07:00
Joseph Schorr
df2883bfb6 Fix variable access error 2015-05-03 18:15:11 -07:00