Commit graph

146 commits

Author SHA1 Message Date
Silas Sewell
c739c453da Merge pull request #807 from coreos-inc/storage-preference
Enable storage preference
2015-11-09 16:30:47 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Silas Sewell
a7fef8377c Enable storage preference 2015-11-06 13:34:49 -05:00
Jake Moshenko
e7a6176594 Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2 2015-10-22 16:59:28 -04:00
Jimmy Zelinskie
8aa26fdbfa disable queue metrics
The lock contention on the queue table is murdering performance.

yep
2015-10-06 17:10:48 -04:00
Joseph Schorr
2e694dd3f0 Move Docker V2 key to be loaded from file or generated on server load
Fixes #394
2015-09-28 15:43:51 -04:00
Jake Moshenko
26cea9a07c Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-17 16:16:27 -04:00
Matt Jibson
39dc4c7d8d Monitor various sizes for queues
see #304
2015-09-14 15:57:08 -04:00
Joseph Schorr
fd3a21fba9 Add Kubernetes configuration provider which writes config to a secret
Fixes #145
2015-09-10 12:19:59 -04:00
Joseph Schorr
88a04441de Extract the config provider into its own sub-module 2015-09-10 12:19:59 -04:00
Joseph Schorr
c0286d1ac3 Add support for Dex to Quay
Fixes #306

- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
2015-09-04 17:05:06 -04:00
Jake Moshenko
210ed7cf02 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-04 16:32:01 -04:00
josephschorr
9889ca268a Merge pull request #432 from coreos-inc/oauthcheck
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
2015-09-02 13:35:44 -04:00
Joseph Schorr
b7f487da42 Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior 2015-09-02 13:32:11 -04:00
Joseph Schorr
724b1607d7 Add automatic storage replication
Adds a worker to automatically replicate data between storages and update the database accordingly
2015-09-01 14:53:32 -04:00
Joseph Schorr
e56115d9d2 Move secret key generation before we load users of config, as they may reference it 2015-08-24 16:09:01 -04:00
Matt Jibson
fc671f3dde Fix test_queue.py tests
This restores the reporter class as was before the metrics changes.
2015-08-17 17:22:46 -04:00
Jake Moshenko
e1b3e9e6ae Another huge batch of registry v2 changes
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
2015-08-12 16:41:12 -04:00
Matt Jibson
7c3b555ee9 Code review 2015-08-12 16:31:01 -04:00
Matt Jibson
f043bc1379 Don't enable the metric queue if there's no Cloudwatch 2015-08-12 15:14:09 -04:00
Matt Jibson
cfb6e884f2 Refactor metric collection
This change adds a generic queue onto which metrics can be pushed. A
separate module removes metrics from the queue and adds them to Cloudwatch.
Since these are now separate ideas, we can easily change the consumer from
Cloudwatch to anything else.

This change maintains near feature parity (the only change is there is now
just one queue instead of two - not a big deal).
2015-08-12 12:15:52 -04:00
Jake Moshenko
18100be481 Refactor the util directory to use subpackages. 2015-08-03 16:04:19 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Jake Moshenko
acbcc2e206 Start of a v2 API. 2015-07-17 11:50:41 -04:00
Joseph Schorr
331c300893 Refactor JWT auth to not import app locally 2015-06-17 15:53:21 -04:00
Jimmy Zelinskie
3ac884beb4 gitlab oauth 2015-05-02 17:54:48 -04:00
Jake Moshenko
0f34b7d8e0 Remove one of the last vestigal references to the license system. 2015-03-26 09:22:47 -04:00
Jimmy Zelinskie
0e7418ffce buildman: add BuildMetrics and BuildReporter 2015-02-17 10:56:09 -05:00
Joseph Schorr
f107b50a46 Merge branch 'master' into ackbar 2015-02-12 12:04:45 -05:00
Jake Moshenko
0f3d87466e Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger. 2015-02-11 14:15:18 -05:00
Joseph Schorr
70270b09be Further merge fixes 2015-02-09 17:28:11 -05:00
Joseph Schorr
045614c6c8 Merge branch 'master' into ackbar 2015-02-09 17:16:42 -05:00
Joseph Schorr
cf774e23df Merge branch 'master' into v2 2015-02-05 15:37:14 -05:00
Joseph Schorr
bfb0784abc Add signing to the ACI converter 2015-02-04 15:29:24 -05:00
Jimmy Zelinskie
90a3782933 lint: pylint comments and unused imports 2015-02-02 16:54:23 -05:00
Joseph Schorr
30b895b795 Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar 2015-01-23 17:26:14 -05:00
Joseph Schorr
28d319ad26 Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not). 2015-01-20 12:43:11 -05:00
Joseph Schorr
2a89accc49 Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked 2015-01-16 22:41:54 -05:00
Joseph Schorr
b89ba61286 Change to only run the cloud watch reporter in the gunicorn_web 2015-01-16 13:44:29 -05:00
Joseph Schorr
6d604a656a Move config handling into a provider class to make testing much easier 2015-01-09 16:23:31 -05:00
Joseph Schorr
63504c87fb Get end-to-end configuration setup working, including verification (except for Github, which is in progress) 2015-01-07 16:20:51 -05:00
Joseph Schorr
40d2b1748f Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py). 2015-01-05 12:31:02 -05:00
Joseph Schorr
1bf25f25c1 WIP 2015-01-04 14:38:41 -05:00
Jimmy Zelinskie
f3259c862b Merge branch 'koh'
Conflicts:
	auth/scopes.py
	requirements-nover.txt
	requirements.txt
	static/css/quay.css
	static/directives/namespace-selector.html
	static/js/app.js
	static/partials/manage-application.html
	templates/oauthorize.html
2014-12-01 12:30:09 -08:00
Joseph Schorr
e9cac407df Add a configurable avatar system and add an internal avatar system for enterprise 2014-11-24 19:25:13 -05:00
Jimmy Zelinskie
716d7a737b Strip whitespace from ALL the things. 2014-11-24 16:07:38 -05:00
Joseph Schorr
3e79379942 - Make the OAuth config system centralized
- Add support for Github Enterprise login
2014-11-05 16:43:37 -05:00
Jake Moshenko
328db8b660 Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 13:58:08 -04:00
Jake Moshenko
2455c17f96 Merge remote-tracking branch 'origin/master' into waltermitty
Conflicts:
	app.py
	data/userfiles.py
2014-09-11 11:18:28 -04:00
Jake Moshenko
29d40db5ea Add a new RadosGW storage engine. Allow engines to distinguish not only between those that can support direct uploads and downloads, but those that support doing it through the browser. Rename resumeable->resumable. 2014-09-09 15:54:03 -04:00
Jake Moshenko
451e034ca1 Archived logs commit 1. Squash me. 2014-09-08 16:43:17 -04:00
Joseph Schorr
b51022c739 Add support for parsing YAML override config, in addition to Python config 2014-08-21 20:36:11 -04:00
Joseph Schorr
8866b881db Remove all license code 2014-08-21 17:44:56 -04:00
Joseph Schorr
80707d71d0 Minor UI fix and better logging when license cannot be found 2014-08-12 21:04:16 -04:00
Jake Moshenko
0372013f70 Merge remote-tracking branch 'origin/redalert'
Conflicts:
	app.py
2014-08-04 16:56:34 -04:00
Jake Moshenko
0aa6e92b02 Finish porting the workers over to apscheduler 3.0 2014-08-01 18:38:02 -04:00
Joseph Schorr
49801bc2c4 - Add web hook queue code back in. We'll remove it and turn it off after this CL goes to prod
- Make notification lookup always be by repo and its UUID, rather than the internal DB ID
- Add the init script for the notification worker
2014-07-31 13:30:54 -04:00
Joseph Schorr
6b85ee3eb6 Make sure all user emails that can be sent in enterprise properly adjust to the app's URL 2014-07-29 13:47:54 -04:00
Jake Moshenko
a661ef4fa8 Centrally disable the expiration module for now. 2014-07-28 17:55:01 -04:00
Joseph Schorr
8d7493cb86 Convert over to notifications system. Note this is incomplete 2014-07-17 22:51:58 -04:00
Jake Moshenko
2e923c0441 Add config override to allow for specialization using environment variables. 2014-06-23 11:24:54 -04:00
Jake Moshenko
d1f4fbdacc Split out the redis hostname for user events and build logs as a string config. Modularize the user events and fix all callers. 2014-05-30 14:25:29 -04:00
Jake Moshenko
0ba4201020 Add a module which will create notifications for all users when the license is at its expiration period, and terminate the process when the license expires. 2014-05-29 11:24:10 -04:00
Jake Moshenko
33b43b75c0 Eliminate a lot of the if cases in create_user by separating them out. Add a limit to the number of users which can be created based on the license. Add support for creating and loading licenses. 2014-05-28 13:51:52 -04:00
Jake Moshenko
f6726bd0a4 Merge branch 'ldapper'
Conflicts:
	Dockerfile
	app.py
	data/database.py
	endpoints/index.py
	test/data/test.db
2014-05-22 12:13:41 -04:00
Jake Moshenko
d14798de1d Add a queue capacity reporter plugin to the queue. Move the queue definitions to app. Add a cloudwatch reporter to the dockerfile build queue. 2014-05-21 19:50:37 -04:00
Jake Moshenko
11c6c5fa52 Merge remote-tracking branch 'origin/master' into ldapper
Conflicts:
	app.py
2014-05-13 16:55:02 -04:00
Jake Moshenko
5fdccfe3e6 Add an alembic migration for the full initial database with the data. Switch LDAP to using bind and creating a federated login entry. Add LDAP support to the registry and index endpoints. Add a username transliteration and suggestion mechanism. Switch the database and model to require a manual initialization call. 2014-05-13 12:17:26 -04:00
Jake Moshenko
bcb993a914 Set up the build logs to use our fake build logs on test and local. 2014-05-09 18:45:11 -04:00
Jake Moshenko
027ada1f5c First stab at LDAP integration. 2014-05-09 17:39:43 -04:00
Jake Moshenko
fe665118bb Add sentry exception monitoring. 2014-04-28 18:59:22 -04:00
jakedt
d39f3cc5d4 Fix the tests and implement a fake stripe. 2014-04-10 15:20:16 -04:00
jakedt
4d4f3b1c18 Add the olark feature flag to the default config and fix the usage of flask modules. 2014-04-08 23:05:45 -04:00
jakedt
265fa5070a Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 16:59:22 -04:00
jakedt
8e9faf6121 Toward running quay in a docker container. 2014-04-07 01:20:09 -04:00
jakedt
0abbf042dd Add a features modules that process the flask dict. 2014-04-03 18:47:17 -04:00
jakedt
e87ffa20cf First attempt at making config loadable through string config overrides in an env variable. 2014-04-03 17:31:46 -04:00
jakedt
5bb4008880 Fix cookie auth to work with oauth token auth. Make sure user loading is truly deferred to save DB connections. 2014-03-17 12:01:13 -04:00
jakedt
39de79dec6 Forgot to import staging config. 2014-03-04 19:41:48 -05:00
jakedt
2ea59c8555 Allow for special config for staging. 2014-03-04 19:40:29 -05:00
yackob03
2cd98fc58e Make the app config more powerful in terms of injecting fake dependencies. Refactor the tests to use metaclasses and to actually all run. 2013-11-06 23:21:12 -05:00
yackob03
4c15072c5a Move signin to use AJAX. Render all flask templates with the common header. Move the header to a partial. Add account recovery. 2013-10-14 17:50:07 -04:00
yackob03
0eaf879af8 Remove a spurious getLogger call. 2013-10-09 23:52:43 -04:00
yackob03
00b8244661 Add analytics on push and pull repo events in the backend. 2013-10-03 16:19:01 -04:00
yackob03
7bd18c1bab Checkpointing stripe work. 2013-10-02 00:48:03 -04:00
yackob03
fb91fb98da Add an application config for local mode but hosted data. 2013-10-01 17:23:29 -04:00
yackob03
67147240b6 Use production config in production and dev config in dev. 2013-09-30 23:54:12 -04:00
yackob03
99341f7d53 Send a confirmation email when an account is created. Links don't do anything yet. 2013-09-27 19:29:01 -04:00
yackob03
9278871381 Load flask principal permissions even for web and api endpoints. 2013-09-26 16:32:09 -04:00
yackob03
ee5ea51532 Refactor the code into modules, it was getting unweildy. 2013-09-25 12:45:12 -04:00
yackob03
2611d70185 Need to unwrap the flask user to get the db user for api queries. 2013-09-24 18:38:58 -04:00
yackob03
cc58b970d6 Decouple the db user from the flask login user. 2013-09-24 18:21:27 -04:00
yackob03
e107d79612 Add some login machinery. 2013-09-23 12:37:40 -04:00
yackob03
458b69953a Integrate flask-principal in order to provide RBAC. 2013-09-20 18:38:17 -04:00
yackob03
8e169b1026 Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 11:55:44 -04:00