vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
3853 commits 2 branches 62 tags 205 MiB
Commit graph

470 commits

Author SHA1 Message Date
Jake Moshenko
ebecb1dc89 Regenerate the test db and supporting files. 2015-07-14 16:57:04 -04:00
Jimmy Zelinskie
bde781c98b Merge pull request #205 from coreos-inc/delrobot 
Fix deletion of robot accounts when attached to builds
 2015-07-13 12:19:01 -04:00
Jimmy Zelinskie
cf4800c06c Merge pull request #213 from coreos-inc/orgmember 
Add a secondary tab to Teams for managing org members
 2015-07-06 11:48:40 -04:00
Joseph Schorr
4333bb9e14 Implement stream_read_file for the Swift storage engine 
Note that Swift doesn't seem to have a file-like interface, so we need to wrap the generator we get back from it.

Fixes #210
 2015-07-02 17:52:43 +03:00
Joseph Schorr
3a59c99b08 Add a secondary tab to Teams for managing org members 
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click

Fixes #212
 2015-07-02 17:06:36 +03:00
josephschorr
cb238f8764 Merge pull request #207 from coreos-inc/squashperm 
Have the fetch tag dialog show a warning for robot accounts without access
 2015-07-02 10:23:14 +03:00
Joseph Schorr
b535e222b8 Have the fetch tag dialog show a warning for robot accounts without access 
Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.
 2015-07-01 19:37:52 +03:00
Joseph Schorr
b91b60e83d Add encrypted password output in the superuser API 
When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along
 2015-07-01 19:29:42 +03:00
Joseph Schorr
3ba321934f Fix deletion of robot accounts when attached to builds 
Fixes #204
 2015-06-30 22:56:44 +03:00
Jake Moshenko
7b470237a1 The superuser capability does not require the idea of ordinality since it is a binary permission. 2015-06-30 11:02:13 -04:00
Joseph Schorr
d9ce8fdf52 Fix swagger test 2015-06-29 21:38:21 +03:00
Joseph Schorr
81bb76d3df Fix spelling mistakes 2015-06-29 21:38:01 +03:00
Joseph Schorr
2b1bbcb579 Add a table view to the repos list page 
Fixes #104
 2015-06-29 21:12:53 +03:00
Jimmy Zelinskie
756d6784ca Merge pull request #192 from coreos-inc/sqlssl 
Allow SSL cert for the database to be configured
 2015-06-29 13:33:31 -04:00
Joseph Schorr
dc5af7496c Allow superusers to disable user accounts 2015-06-29 18:40:52 +03:00
Joseph Schorr
b8c74bbb17 Remove container usage tab and replace with changlog view 
Fixes #179
 2015-06-29 11:07:46 +03:00
Joseph Schorr
bb07d0965f Allow SSL cert for the database to be configured 
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
 2015-06-29 08:08:10 +03:00
Joseph Schorr
75b36c0f33 Update test 2015-06-25 23:13:33 -04:00
Joseph Schorr
e7915baf8c Have LDAP return a better error message if it fails to connect 
Currently, the error results in a 500 being raised when a user tries to login.
 2015-06-23 17:41:53 -04:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Jake Moshenko
b21a033ef3 Merge pull request #131 from coreos-inc/moveapp 
Refactor JWT auth to not import app locally
 2015-06-23 17:24:01 -04:00
Joseph Schorr
b4c39e8ec0 Fix ephemeral build manager to ask for watches in index order with no gaps 2015-06-23 17:11:46 -04:00
Joseph Schorr
805af9338a Fix index test spec 2015-06-22 17:33:32 -04:00
Joseph Schorr
331c300893 Refactor JWT auth to not import app locally 2015-06-17 15:53:21 -04:00
Joseph Schorr
e7fa560787 Add support for custom fields in billing invoices 
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.

Fixes #106
 2015-06-12 16:45:01 -04:00
Jake Moshenko
f767fc4d03 Track whether builders ever came online in etcd. Mark builds which never successfully heartbeated as incomplete. 2015-06-10 16:19:51 -04:00
Joseph Schorr
44f49a43dd Fix creation of repositories when having a creator permission 
This fixes the grants on a user's session when creating a repository with only the creator permission

Fixes #117
 2015-06-10 16:12:42 -04:00
Joseph Schorr
f980b892d8 Remove debug flag from JWT tests 
This can break unit tests running
 2015-06-05 15:39:27 -04:00
Jake Moshenko
2a2414d6af Merge pull request #60 from coreos-inc/jwtauthentication 
Add support for an external JWT-based authentication system
 2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system 
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
 2015-06-05 13:20:10 -04:00
josephschorr
63f289a8cb Merge pull request #59 from jzelinskie/custom-git-fix 
triggers: metadata.commit_sha -> metadata.commit
 2015-06-02 16:10:26 -04:00
Joseph Schorr
477a3fdcdc Add a test to verify that all important blueprints have all their methods decorated 
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
 2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0 triggers: metadata.commit_sha -> metadata.commit 
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
 2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031 Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository 
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
 2015-06-02 15:16:22 -04:00
Joseph Schorr
3602b59465 Add registry tests for anonymous access 2015-06-02 14:27:57 -04:00
Joseph Schorr
c0e995c1d4 Merge branch 'master' into nolurk 2015-06-02 13:55:16 -04:00
Jake Moshenko
7bc5f7a1ca Merge pull request #53 from coreos-inc/v1test 
Add tests for the registry that mimic Docker's calls
 2015-06-02 12:24:42 -04:00
Joseph Schorr
9585e2a765 End-to-end registry tests 2015-06-01 16:35:30 -04:00
Joseph Schorr
1aff701bc7 Fix LDAP referral and multiple pair handling 
Fixes two issues found with our LDAP handling code. First, we now follow referrals in both LDAP calls, as some LDAP systems will return a referral instead of the original record. Second, we now make sure to handle multiple search result pairs properly by further filtering based on the presence of the 'mail' attribute when we have multiple valid pairs. This CL also adds tests for all of the above cases.
 2015-05-27 15:04:34 -04:00
Joseph Schorr
b0d763b5ff Fix encrypted password generator to use the LDAP username, not the Quay username. 
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
 2015-05-20 16:37:09 -04:00
Joseph Schorr
eb773e40a2 Add some more debug logging around bitbucket triggers and add some tests to verify we properly handle trigger branch filters 2015-05-20 14:18:12 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
efab02ae47 LDAP improvements: 
- Better logging
  - Better error messages
  - Add unit tests
  - Clean up the setup tool for LDAP
 2015-05-11 21:23:18 -04:00
Joseph Schorr
3e1abba284 Add ability for super users to rename and delete organizations 2015-05-11 18:03:25 -04:00
Joseph Schorr
f858caf6cd Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 16:43:07 -04:00
Joseph Schorr
469f25b64c Start measuring the number of queries on critical API calls 2015-05-07 22:25:23 -04:00
Joseph Schorr
3627de103c Minimize the queries used when retrieve builds. Previously, we'd call out to SQL extra times per build. 2015-05-07 21:11:15 -04:00
Joseph Schorr
7b35555776 Make sure to test for unicode usernames, since the collate on the username field is latin1 2015-05-07 18:13:45 -04:00
Joseph Schorr
d07f9f04e9 UI and code improvements to make working with the multiple SCMs easier 2015-05-03 10:38:11 -07:00
Joseph Schorr
e3aededcbc Merge branch 'master' into gitlab 2015-05-03 12:13:09 -04:00
Jimmy Zelinskie
3ac884beb4 gitlab oauth 2015-05-02 17:54:48 -04:00
Joseph Schorr
b96e35b28c Merge master into bitbucket 2015-04-30 15:52:08 -04:00
Joseph Schorr
b3675df667 Fix tests 2015-04-30 15:47:40 -04:00
Joseph Schorr
60036927c9 Really disallow usage of the same account for an org as the one being converted. Before, you could do so via email. 2015-04-29 20:30:37 -04:00
Joseph Schorr
5a8093bbea Fix API tests 2015-04-29 17:30:24 -04:00
Joseph Schorr
31260d50f5 Rename the new images method to a slightly better name 2015-04-24 16:37:37 -04:00
Joseph Schorr
e70343d849 Faster cache lookup by removing a join with the ImagePlacementTable, removing the extra loop to add the locations and filtering the images looked up by the base image 2015-04-24 16:22:19 -04:00
Jimmy Zelinskie
c238626c56 tests: update to reflect trigger API changes 2015-04-23 18:16:14 -04:00
Jimmy Zelinskie
02498d72ba almost all PR discussion fixes 2015-04-21 18:04:25 -04:00
Jimmy Zelinskie
93cd459460 Merge branch 'master' into git 2015-04-20 10:58:49 -04:00
Joseph Schorr
e56d5a9fe5 Rebuild test db 2015-04-19 15:48:34 -04:00
Joseph Schorr
d1e2d072ea Add unit tests and a stronger restriction on the revert API call 2015-04-19 15:43:16 -04:00
Joseph Schorr
e16657ed0e Add security tests for the new revert endpoint 2015-04-19 15:25:33 -04:00
Jimmy Zelinskie
ba2cb08904 Merge branch 'master' into git 2015-04-16 17:38:35 -04:00
Joseph Schorr
f8c80f7d11 Add a history view to the tags page. Next step will add the ability to revert back in time 2015-04-15 15:21:09 -04:00
Joseph Schorr
396cba64e6 Fix search to return better results by searching for robots and namespaces in different queries. 2015-04-09 12:57:20 -04:00
Joseph Schorr
3707feaf5d Disable MySQL in the full db test because the table setup fails 2015-04-09 11:47:58 -04:00
Joseph Schorr
40a6892a49 Add search tests 2015-04-07 14:05:12 -04:00
Joseph Schorr
5cd500257d Merge branch 'master' into orgview 2015-04-01 13:56:49 -04:00
Jimmy Zelinskie
f55c478a30 testdb: resync 2015-04-01 13:43:11 -04:00
Joseph Schorr
1f5e6df678 - Fix tests 
- Add new endpoints for retrieving the repo permissions for a robot account
- Have the robots list return the number of repositories for which there are permissions
- Other UI fixes
 2015-03-31 18:50:43 -04:00
Jimmy Zelinskie
c5272f3545 initdb: add custom trigger and refresh test.db 2015-03-27 11:23:49 -04:00
Joseph Schorr
e4b659f107 Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords 2015-03-25 18:43:12 -04:00
Jake Moshenko
201943ed1c Fix deadlocks with tags and garbage collection. 2015-03-24 18:00:04 -04:00
Jimmy Zelinskie
9c55aca011 migration: make resource_key nullable 2015-03-23 15:46:35 -04:00
Jimmy Zelinskie
f6f93e9079 consolidate everything into one GitHub trigger 2015-03-19 17:12:27 -04:00
Jimmy Zelinskie
93a9e9d01a migration: add private key to build triggers 2015-03-19 14:30:25 -04:00
Jimmy Zelinskie
5a29218c5c Merge branch 'master' into git 2015-03-19 12:10:34 -04:00
Jimmy Zelinskie
2a02d08dc6 testdb: update with github-git trigger 2015-03-19 12:07:25 -04:00
Joseph Schorr
44ff85d044 Remove migration (temporarily), fix a broken test, and make the aggregate size calculation use the entire image ancestry (for now). 2015-03-17 12:13:01 -04:00
Joseph Schorr
7b5341c067 Update database 2015-03-16 17:35:57 -04:00
Joseph Schorr
afc8e95e19 Start on new tag view 2015-03-09 22:03:39 -07:00
Joseph Schorr
8423b5874f Typo fixes 2015-03-06 14:29:56 -05:00
Joseph Schorr
6a625ba9e6 Fix build logs date/time 2015-03-06 14:22:19 -05:00
Joseph Schorr
12b458780b Handle loading status better for each namespace displayed in the repo list and update the database we use for testing 2015-03-05 16:25:16 -05:00
Joseph Schorr
43ab838998 Merge branch 'newbuildview' 2015-03-05 16:17:29 -05:00
Joseph Schorr
86447c0a99 Merge branch 'master' into pagesnew 2015-03-05 14:22:10 -05:00
Joseph Schorr
ed46d37ea7 - Add copy button to the build logs 
- Add support for timestamps in the build logs
- Other small UI improvements to the build view
 2015-02-27 16:00:32 -05:00
Jimmy Zelinskie
fb0d3d69c2 changes to reflect PR comments (not finished) 2015-02-24 17:50:54 -05:00
Joseph Schorr
a7ddf46c2a Fix default test DB 2015-02-24 15:00:40 -05:00
Jimmy Zelinskie
35a2414d85 tests: star security tests 2015-02-23 14:23:32 -05:00
Joseph Schorr
10e2eabb1c Fix test 2015-02-23 13:47:21 -05:00
Joseph Schorr
5f605b7cc8 Fix queue handling to remove the dependency from repobuild, and have a cancel method 2015-02-23 13:38:01 -05:00
Jimmy Zelinskie
2914a5da96 tests: add test for star/unstar repo 2015-02-20 15:11:41 -05:00
Jimmy Zelinskie
46832676f7 testdb: re-run initdb 2015-02-19 17:46:44 -05:00
Jake Moshenko
41108a0856 Allow tags to be marked as hidden. Create a hidden tag on every image during a push to prevent them from getting GCed. 2015-02-18 17:05:16 -05:00
Joseph Schorr
7c81d90cda Start recording the commit sha and other metadata about github triggered builds. We'll eventually show this information in the UI 2015-02-18 14:12:59 -05:00
Jake Moshenko
2dd03f1bed Merge remote-tracking branch 'origin/master' into rockyhorror 
Conflicts:
	test/data/test.db
 2015-02-18 10:56:01 -05:00
Jake Moshenko
2cd5bdb563 Address concerns from pull request. 2015-02-18 10:43:08 -05:00
Joseph Schorr
83e05d2342 Add tracking of the kind of temporary access tokens, so we can display if a pull/push by token is for a build worker 2015-02-17 12:35:16 -05:00