Commit graph

6654 commits

Author SHA1 Message Date
Joseph Schorr
eece782038 Prevent peewee from loading the visibility every time
By calling `visibility` instead of `visibility_id`, peewee was issuing a SQL Select statement for the repository, which removes the benefit of the optimization
2017-02-17 12:09:48 -05:00
josephschorr
7cb2da4cea Merge pull request #2348 from coreos-inc/oidc-bind
Add support for binding OIDC and external login auth to the backing internal login auth
2017-02-16 16:29:00 -05:00
Joseph Schorr
198bdf88bc Move OAuth login into its own endpoints module 2017-02-16 16:27:54 -05:00
Joseph Schorr
0167e1e7bf Style fixes 2017-02-16 16:27:54 -05:00
Joseph Schorr
cc4258c015 Blacklist any OIDC service ids that may conflict with our own 2017-02-16 16:27:53 -05:00
Joseph Schorr
421c5d6012 Fix bug where the login service ID doesn't exist 2017-02-16 16:27:53 -05:00
Joseph Schorr
6736e69ebd Add end-to-end OIDC binding test 2017-02-16 16:27:53 -05:00
Joseph Schorr
d47696b69c Add support for sub binding field 2017-02-16 16:27:53 -05:00
Joseph Schorr
7b386e9d63 Move endpoint test fixtures to a non-conftest file 2017-02-16 16:27:53 -05:00
Joseph Schorr
2c35383724 Allow OAuth and OIDC login engines to bind to fields in internal auth
This feature is subtle but very important: Currently, when a user logs in via an "external" auth system (such as Github), they are either logged into an existing bound account or a new account is created for them in the database. While this normally works jut fine, it hits a roadblock when the *internal* auth system configured is not the database, but instead something like LDAP. In that case, *most* Enterprise customers will prefer that logging in via external auth (like OIDC) will also *automatically* bind the newly created account to the backing *internal* auth account. For example, login via PingFederate OIDC (backed by LDAP) should also bind the new QE account to the associated LDAP account, via either username or email. This change allows for this binding field to be specified, and thereafter will perform the proper lookups and bindings.
2017-02-16 16:27:53 -05:00
Joseph Schorr
c6b0376d61 Remove unnecessary email generation in OAuth login
Handled by the `emaIl_required` flag already
2017-02-16 16:27:53 -05:00
josephschorr
c8e5eb5ad1 Merge pull request #2359 from coreos-inc/fix-gitlab-tag
Fix handling of gitlab web hooks when tagging
2017-02-16 15:56:56 -05:00
Joseph Schorr
a34d18b9ea Fix handling of gitlab web hooks when tagging
Gitlab doesn't send any commit information for tagging events (because... reasons), and so we have to perform the lookup ourselves to have full metadata.

Fixes #1467
2017-02-16 15:40:37 -05:00
josephschorr
c4837d87b3 Merge pull request #2362 from coreos-inc/fix-none-queries
Fix handling of None queries
2017-02-16 15:32:36 -05:00
Joseph Schorr
92c0b5ac3e Fix handling of None queries 2017-02-16 15:26:45 -05:00
josephschorr
38e079ced2 Merge pull request #2344 from coreos-inc/v1-search-fix
Implement the full spec for the old Docker V1 registry search API
2017-02-16 15:08:33 -05:00
Joseph Schorr
a0bc0e9488 Implement the full spec for the old Docker V1 registry search API
This API is still (apparently) being used by the Docker CLI for `docker search` (why?!) and we therefore have customers expecting this to work the same way as the DockerHub.
2017-02-16 14:45:33 -05:00
josephschorr
8f01cb959a Merge pull request #2354 from coreos-inc/license-sorting
Change entitlement sorting to sort *valid* entitlements by reverse expiration time
2017-02-15 16:24:51 -05:00
Joseph Schorr
d506279892 Change entitlement sorting to sort *valid* entitlements by reverse expiration time
With this change, if all entitlements are valid, we sort to show the entitlement that will expire the farthest in the future, as that defines the point at which the user must act before the license becomes invalid.
2017-02-15 14:31:24 -05:00
Erica
9dab7d3a36 feat(Makefile): add makefile to repo (#2264)
feat(Makefile): add makefile to repo

*Note* This is still very much a WIP. Please correct any issues you come across.
2017-02-15 08:39:19 -08:00
josephschorr
2a7d1fbe57 Merge pull request #2358 from coreos-inc/better-logging
Log more information to the action logs and display the namespaces for superusers
2017-02-14 16:38:35 -05:00
Charlton Austin
23dd1ccd4d Merge pull request #2355 from charltonaustin/add_queue_depths_135227117
feature(app.py): adding queue_metrics to queues
2017-02-14 16:22:49 -05:00
Charlton Austin
3fd8c8a60d feature(app.py): adding queue_metrics to queues
publishing queue metrics for SRE

[none]
2017-02-14 16:01:28 -05:00
Jimmy Zelinskie
8755706454 Merge pull request #2357 from jzelinskie/secscan-test-fix
Fix Security Scanning API Usage Tests
2017-02-14 15:41:17 -05:00
Jimmy Zelinskie
ab941607d4 test.test_api_usage: add AppConfigChange ctxmgr 2017-02-14 15:27:22 -05:00
Jimmy Zelinskie
1d6339e644 test.test_api_usage: fix secscan tests 2017-02-14 15:21:18 -05:00
Jimmy Zelinskie
3286566478 util.secscan.api: reorg try/catch 2017-02-14 15:21:17 -05:00
Joseph Schorr
11c931f781 Log more information to the action logs and display the namespaces for superusers
This helps superusers understand better what, exactly, is going on in the registry
2017-02-14 14:55:24 -05:00
Jimmy Zelinskie
d2909c0e4d failover: store result in FailoverException 2017-02-14 14:36:36 -05:00
Jimmy Zelinskie
8a1b48dd8c move ConfigProvider ctxmgr back to su tests 2017-02-14 14:36:36 -05:00
josephschorr
9df8e924a5 Merge pull request #2356 from coreos-inc/fix-flaky-test
Fix flaky OAuth tests under tor
2017-02-14 14:02:05 -05:00
Joseph Schorr
2f4487c184 Fix flaky OAuth tests under tor
The `> 0` check fails if the code was found first in the query string, which can occasionally happen under tox due to the `PYTHONHASHSEED` var changing. We simply change to use a proper parse and check to avoid this issue entirely.
2017-02-14 13:51:58 -05:00
Alec Merdler
2b189694a8 Merge pull request #2352 from alecmerdler/ascii-art
Improve Local Development Experience
2017-02-13 12:19:51 -08:00
alecmerdler
b97ceda59b improvements to startup logo 2017-02-13 00:48:17 -08:00
alecmerdler
007241e965 further enhancing development experience with Quay logo 2017-02-12 15:45:45 -08:00
Alec Merdler
f229f375b5 Merge pull request #2350 from alecmerdler/ascii-art
Improve Local Development Experience
2017-02-10 17:58:51 -08:00
alecmerdler
391ada42e1 corrected development startup console art to more accurately reflect the company 2017-02-10 15:41:20 -08:00
alecmerdler
d0a0c2609f add some flair to startup 2017-02-10 12:50:05 -08:00
Erica
11d6fbc65c Merge pull request #2349 from coreos-inc/FIX-broken-build
fix(setup.cfg): ignore src dir for tests
2017-02-09 16:15:07 -08:00
EvB
2f8390a017 fix(setup.cfg): ignore src dir for tests 2017-02-09 16:10:31 -08:00
Erica
7d9004121b Merge pull request #2347 from coreos-inc/FIX-etcd-exception
fix(buildman/ephemeral): remove exception log on noncritical error
2017-02-09 11:40:06 -08:00
EvB
cedce6f98b fix(buildman/ephemeral): remove exception log on noncritical error 2017-02-09 11:32:41 -08:00
josephschorr
2510769625 Merge pull request #2345 from coreos-inc/logs-fixes
Various small fixes for dealing with action logs
2017-02-08 18:38:11 -08:00
Joseph Schorr
f569cea4b3 Fix logs graphs tooltips for months < 10
Fixes #2342
2017-02-08 18:30:53 -08:00
Joseph Schorr
8d96d8b682 Add tests for missing logs APIs 2017-02-08 16:52:17 -08:00
Alec Merdler
6384b47849 Merge pull request #2339 from alecmerdler/webpack-2-upgrade
Update Webpack
2017-02-06 16:04:33 -08:00
alecmerdler
75d203c478 update Webpack to 2.2 2017-02-06 14:05:19 -08:00
Jimmy Zelinskie
c5441923f7 Merge pull request #2330 from jzelinskie/two-clair
Generic failover library and QSS read-only failover
2017-02-06 15:45:21 -05:00
Jimmy Zelinskie
c2c6bc1e90 test: add qss read failover case 2017-02-03 19:20:13 -05:00
Jimmy Zelinskie
dd033e4feb test: move ConfigForTesting 2017-02-03 19:20:13 -05:00