Joseph Schorr
343a080833
Make security scan testing much faster
2016-05-05 13:55:24 -04:00
Jake Moshenko
9221a515de
Use the registry API for security scanning
...
when the storage engine doesn't support direct download url
2016-05-04 18:04:06 -04:00
Joseph Schorr
73fa593d02
Various small fixes in prep for QE release
2016-05-04 15:20:27 -04:00
josephschorr
550b9cb2b3
Merge pull request #1428 from coreos-inc/clair-setup-new
...
Implement setup tool support for Clair
2016-05-04 13:52:54 -04:00
Joseph Schorr
2cbdecb043
Implement setup tool support for Clair
...
Fixes #1387
2016-05-04 13:40:50 -04:00
Joseph Schorr
6e2df3b339
Fix key server to not list expired keys
...
Fixes the key server to not list expire keys and by default not return expired or unapproved keys unless explicitly requested.
Fixes #1430
2016-05-03 17:58:47 -04:00
josephschorr
f0af2ca9c3
Merge pull request #1407 from coreos-inc/enterpriselanding
...
Add Enterprise Landing page
2016-05-03 13:52:22 -04:00
Evan Cordell
2242c6773d
Add 'Automatic' ServiceKeyApprovalType
2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd
Generate private key on startup
2016-04-29 14:10:33 -04:00
Joseph Schorr
6091db983b
Hide expired keys outside of their staleness window
2016-04-29 14:10:33 -04:00
Jimmy Zelinskie
726cb5fe6a
key server: 403 on expired approved keys ( #1410 )
2016-04-29 14:09:37 -04:00
Joseph Schorr
4f63a50a17
Change account-less logs to use a user and not null
...
This allows us to skip the migration
2016-04-29 14:09:37 -04:00
Jimmy Zelinskie
ca5794ba18
key server: use total_seconds() for cache headers
2016-04-29 14:09:37 -04:00
Joseph Schorr
5d6e5a42e8
Add delete logging and tests for logging
2016-04-29 14:09:09 -04:00
Jimmy Zelinskie
6aa7040f39
keyserver: add cache-control headers
2016-04-29 14:05:16 -04:00
Joseph Schorr
bc08ac2749
Fix timeouts in the JWT endpoint tests
2016-04-29 14:05:16 -04:00
Joseph Schorr
522cf68c5d
Lots of smaller fixes:
...
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d0bd70fb36
endpoints.web: add missing import
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
370ac3ecd0
service keys: add rotation_duration field
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
fca258d8bf
endpoints: remove /keys
...
BitTorrent support should now be able to use the keyserver
infrastructure instead.
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
9f4a4092da
keyserver: get signer kid from unverified headers
2016-04-29 14:05:16 -04:00
Joseph Schorr
08017c5111
Further UI updates
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
cfc15746a6
keyserver: tests!
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d19eb16b45
keyserver: add generate key function
...
The superuser API, initdb, and tests will all need this functionality.
2016-04-29 14:05:16 -04:00
Joseph Schorr
fb1dca4e94
Add API usage tests
2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59
keys ui WIP
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
136f92400f
key_server: remove s at the end of endpoint
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
e456228434
keyserver: insert rotation policy into metadata
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
885a41e6f5
key server: misc fixes to make jwtproxy work
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
50ad1bb6b1
key server: misc cleanup to get it working
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c0ab45d335
key server: derive audience from host and scheme
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
93720bd0f4
superuser: proper view for approvals/keys
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
d277fe6741
add final service key config
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c6b8b3ce8c
service_keys: s/get_keys/list_keys
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
0ec54fc70e
clear notifications on delete/replace service_key
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
42b5196b21
add notification path and use for service keys
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
97ae800e6c
canonicalize json
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
f406942984
converging on proper rotation
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
aaf9e83278
basically finish superuser key api
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
35ed73e195
rework superuser api
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
4079dba167
service keys: do all the right stuff
2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
499bb16306
service key server wip
2016-04-29 13:38:25 -04:00
Joseph Schorr
c6f7dfa102
Add Enterprise Landing page
...
Note: The design comes directparners.
2016-04-28 13:47:54 -04:00
Joseph Schorr
03489c22ad
Log the pushed tag and add IP address display
...
Fixes #798
2016-04-20 13:00:21 -04:00
Evan Cordell
9a1d97216b
Switch error mimetype back to application/json
2016-04-18 17:42:08 -05:00
Evan Cordell
4d7843580f
Fix superuser page
2016-04-15 16:50:01 -04:00
josephschorr
cf04fedd6a
Merge pull request #1347 from coreos-inc/marketingtagman
...
Add Google Tag Manager support to Quay
2016-04-13 16:50:36 -04:00
Evan Cordell
09064853ac
Merge pull request #1364 from ecordell/error-json-fixes
...
Fix error-related issues
2016-04-13 13:32:00 -04:00
Evan Cordell
eb3e7eba88
Merge pull request #1351 from ecordell/document-201-swagger
...
Swagger: document 201 responses for POST requests
2016-04-13 09:50:34 -04:00
Evan Cordell
e1b3312495
Add back error_message
and error_type
for backwards-compatibility
2016-04-13 09:11:40 -04:00
Evan Cordell
7b44beb1fd
Fix WWW-Authenticate
header on 401
2016-04-13 09:01:42 -04:00
Evan Cordell
d67c4ba46c
Fix formatting in endpoints/api/error.py
2016-04-12 16:53:50 -04:00
Joseph Schorr
891f7d9213
Add Google Tag Manager support to Quay
2016-04-12 15:28:24 -04:00
Evan Cordell
1cdbd89120
Fix test (response validation in debug mode)
2016-04-12 07:56:58 -04:00
Evan Cordell
693a11c58e
Add RFC citation
2016-04-11 20:08:45 -04:00
Evan Cordell
7c361c07f9
Use ApiService to get error message
2016-04-11 17:31:30 -04:00
Evan Cordell
b5db41920f
Address review comments
2016-04-11 16:34:40 -04:00
Evan Cordell
eba75494d9
Use new error format for auth errors (factor exceptions into module)
2016-04-11 16:22:26 -04:00
Evan Cordell
9c08717173
Return application/problem+json format errors and provide error endpoint
...
to dereference error codes.
2016-04-11 14:57:24 -04:00
Evan Cordell
d69d79d302
swagger: document 201 responses for POST requests
2016-04-07 09:26:28 -04:00
Joseph Schorr
a06bda5910
Never include Stripe checking in LDN
...
Instead, we always load it from Stripe when billing is enabled. Also fixes our Stripe icon.
2016-04-01 14:10:11 -04:00
Joseph Schorr
a882055f62
Better error message for invalid recovery codes
2016-03-30 16:02:47 -04:00
Joseph Schorr
42e934d84f
Make notification lookup faster and fix repo pagination on Postgres
2016-03-30 14:46:31 -04:00
josephschorr
4aa079e743
Merge pull request #1247 from coreos-inc/useradminscopes
...
Remove internal_only from some APIs now that we expose a user admin scope
2016-03-23 14:16:02 -04:00
Joseph Schorr
aa5587c93c
Fixes and added tests for the security notification worker
...
Fixes #1301
- Ensures that the worker uses pagination properly
- Ensures that the worker handles failure as expected
- Moves marking the notification as read to after the worker processes it
- Increases the number of layers requested to 100
2016-03-18 20:28:06 -04:00
Joseph Schorr
6a4584b87a
Add another test for security notification filtering
2016-03-17 12:59:27 -04:00
Joseph Schorr
57e5141fb5
Fix link-to-parent-with-different-blob issue and add a test
2016-03-14 15:35:18 -04:00
Jimmy Zelinskie
ea2e17cc11
v2: send proper scopes for authorization failures
...
Fixes #1278 .
2016-03-11 13:41:38 -05:00
Jimmy Zelinskie
bb46cc933d
use kwargs for parse_repository_name
2016-03-09 16:20:28 -05:00
Jake Moshenko
fe2cd240bc
Revert "Remove old search API which is no longer in use"
2016-03-07 10:07:41 -05:00
josephschorr
57430a18b4
Merge pull request #1224 from coreos-inc/removeoldsearch
...
Remove old search API which is no longer in use
2016-03-04 12:05:07 -05:00
Joseph Schorr
85919cbc39
Fix error when constructing DownstreamIssue exception
2016-02-25 17:45:49 -05:00
Jimmy Zelinskie
c7904db30d
v2: always send www-authn headers on unauthorized
...
Fixes #1254 .
2016-02-25 17:09:29 -05:00
Joseph Schorr
f498e92d58
Implement against new Clair paginated notification system
2016-02-25 15:58:42 -05:00
Joseph Schorr
c0374d71c9
Refactor the security worker and API calls and add a bunch of tests
2016-02-25 12:29:41 -05:00
Quentin Machu
0183c519f7
Merge pull request #1253 from Quentin-M/clair2
...
Adapt securityworker, secscan API and Quay UI for Clair 1.0
2016-02-19 18:21:25 -05:00
Quentin Machu
4bd5996bbf
Adapt secscan API for Clair v1.0
...
Squash /vulnerabilities and /packages as it basically does the same
action on Clair and we don't need both for Quay
2016-02-19 17:44:23 -05:00
josephschorr
11af123ba5
Merge pull request #1244 from coreos-inc/enableaci
...
Add UI to the setup tool for enabling ACI conversion
2016-02-17 12:29:48 -05:00
Joseph Schorr
1940fd9939
Add UI to the setup tool for enabling ACI conversion
...
Fixes #1211
2016-02-17 12:05:48 -05:00
Joseph Schorr
8d9f3309aa
Remove internal_only from some APIs now that we expose a user admin scope
...
Fixes #1246
2016-02-16 16:50:33 -05:00
josephschorr
e8faa9f843
Merge pull request #939 from coreos-inc/user-admin
...
Add user admin scope
2016-02-16 16:42:29 -05:00
josephschorr
81a36ee3b8
Merge pull request #1217 from coreos-inc/v2pagination
...
Fix V2 catalog and tag pagination
2016-02-16 15:34:49 -05:00
josephschorr
ded0a27901
Merge pull request #1242 from coreos-inc/receiptemailsbug
...
Fix schema for invoice email updating
2016-02-16 13:26:26 -05:00
Joseph Schorr
ecaa051791
Fix schema for invoice email updating
...
Fixes #1209
2016-02-16 11:52:57 -05:00
Jake Moshenko
6e05920d6b
Delete bad manifests from the DB
2016-02-16 11:42:19 -05:00
Joseph Schorr
4b24556cb3
Check for the parent's ID in the updated ID map.
...
Fixes #1240
2016-02-15 11:02:52 -05:00
Joseph Schorr
69262282fe
Make sure to encode all V1 metadata strings
...
Fixes #1239
2016-02-15 10:57:20 -05:00
Jimmy Zelinskie
70aa7cc731
Merge pull request #1230 from jzelinskie/aci-head
...
allow HEAD on ACI images
2016-02-12 16:29:12 -05:00
Jimmy Zelinskie
2b07b6d8a9
allow HEAD on ACI images
...
Fixes #911 .
2016-02-12 16:28:44 -05:00
Jake Moshenko
6454b5aeb7
Update the layer rename PR to preserve the original manifest
2016-02-12 16:25:47 -05:00
Joseph Schorr
abd2e3c234
V1 Docker ID <-> V2 layer SHA mismatch fix
...
Fix handling of V1 Docker ID <-> V2 layer SHA mismatch by dynamically rewriting the manifest to use new synthesized IDs for all layers above the mismatch. Also adds a bunch of tests for this and other use cases, fixes a bug around manifest digest uniqueness and fixes the 5.5 migration for MySQL.
2016-02-12 17:39:27 +02:00
Quentin Machu
5c7f2a5c16
Remove abort(500) on checksum mismatch
2016-02-11 18:32:21 -05:00
josephschorr
a9c64545fa
Merge pull request #1228 from coreos-inc/v2storagevalidation
...
Add a check that will fail if we try to mislink V1 layers
2016-02-11 22:49:33 +02:00
josephschorr
904b2d53d2
Merge pull request #1197 from coreos-inc/webpytest
...
Tests for endpoints/web and some small fixes
2016-02-11 22:42:43 +02:00
Joseph Schorr
27f1cc0a13
Add a check that will fail if we try to mislink V1 layers
...
Also logs some useful information
2016-02-11 22:40:00 +02:00
Joseph Schorr
1887dc879c
Remove old search API which is no longer in use
2016-02-10 15:02:27 +02:00
Joseph Schorr
db0eab0461
Fix V2 catalog and tag pagination
2016-02-10 00:25:33 +02:00
Jimmy Zelinskie
deadd5eee3
Merge pull request #1210 from jzelinskie/torrent-life
...
extend torrent webseed lifetime to an hour
2016-02-09 14:51:26 -05:00
Jimmy Zelinskie
463dc98a42
return an error when writing manifest v2 schema2
2016-02-09 14:42:58 -05:00
Jimmy Zelinskie
e18dacd26b
extend torrent webseed lifetime to an hour
2016-02-08 17:57:28 -05:00
Joseph Schorr
6a8331d305
Tests for endpoints/web and some small fixes
2016-02-05 09:45:25 +02:00
Joseph Schorr
534ec9cb2b
Add pagination to the repository list API to make it better for public
...
Fixes #1166
2016-02-01 22:42:44 +02:00
Jake Moshenko
9310fe1832
Convert some flask-login user methods to properties
2016-01-29 10:36:28 -05:00
Joseph Schorr
accc576a98
Fix V1 push URL to match Docker and fix registry tests
2016-01-29 16:42:15 +02:00
Jake Moshenko
018bf8c5ad
Refactor how parsed_args are passed to methods
2016-01-26 16:27:36 -05:00
Joseph Schorr
335c8eb3a9
Add 2 day TTL to page tokens
2016-01-26 14:04:03 -05:00
Joseph Schorr
b4bddacedb
Switch to Fernet crypto as per gtank's recommendation
2016-01-26 12:50:48 -05:00
Joseph Schorr
bd0a098282
Add ID-based pagination to logs using new decorators and an encrypted token
...
Fixes #599
2016-01-26 12:50:48 -05:00
Joseph Schorr
a03f0f1970
Fix manifest content type
...
Fixes #1168
2016-01-25 16:39:59 -05:00
josephschorr
b081e234f8
Merge pull request #1162 from coreos-inc/publicnocredauth
...
Fix issue with Docker 1.8.3 and pulling public repos with no creds
2016-01-25 16:07:55 -05:00
Joseph Schorr
8cd38569d6
Fix issue with Docker 1.8.3 and pulling public repos with no creds
...
We now return the valid subset of auth scopes requested.
Adds a test for this case and adds testing of all returned JWTs in the V2 login tests
2016-01-25 15:54:17 -05:00
Jimmy Zelinskie
85ae1a2a0a
Merge pull request #1161 from jzelinskie/torrenthmac
...
misc torrent changes
2016-01-22 23:02:44 -05:00
josephschorr
566a91f003
Merge pull request #1160 from coreos-inc/dockerv2authsucks
...
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
2016-01-22 16:00:30 -05:00
Joseph Schorr
e4ffaff869
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
...
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Jimmy Zelinskie
e54b86c6eb
s/TORRENT/BITTORRENT
2016-01-22 15:52:28 -05:00
josephschorr
d00db518df
Merge pull request #1153 from coreos-inc/fixtutorial
...
Fix tutorial by properly publishing user events for V2 API
2016-01-22 12:51:47 -05:00
josephschorr
cd81d1e4f5
Merge pull request #1156 from coreos-inc/torrentverb
...
Add support for torrenting verbs
2016-01-20 18:15:52 -05:00
Joseph Schorr
7c572fd218
Add support for torrenting verbs
...
Fixes #1130
2016-01-20 18:15:32 -05:00
Joseph Schorr
068301ef1f
Add more debugging statements to V2 auth
...
Also fixes a spurious return
2016-01-20 18:06:46 -05:00
Joseph Schorr
22b8a562be
Fix tutorial by properly publishing user events for V2 API
...
Fixes #1123
2016-01-20 13:42:30 -05:00
Jake Moshenko
5f10c3f7ed
Merge pull request #1149 from jakedt/notsoswift
...
Improve swift path computations
2016-01-15 15:54:35 -05:00
Jake Moshenko
612098b645
Use the centrally initialized storage engine for verbs in master process
2016-01-15 15:35:04 -05:00
Jake Moshenko
3071152dd1
Fix the JWK to use base64 encoded bytes
2016-01-14 10:08:35 -05:00
Jimmy Zelinskie
de750defdb
s/RSA256/RS256
2016-01-13 12:59:53 -05:00
Jimmy Zelinskie
bcdbf0301d
add cache-control headers to /keys
2016-01-12 17:58:21 -05:00
Joseph Schorr
e4da61a05d
Fix piece hash calculation
2016-01-12 17:44:19 -05:00
Jake Moshenko
8ab6c8a22d
Fix torrent hash generation to work in mixed stacks
2016-01-11 16:43:46 -05:00
Jimmy Zelinskie
d21b4adc62
remove global for get_route_data
2016-01-08 16:43:15 -05:00
Jake Moshenko
1ae101c917
Address torrent feature review comments.
2016-01-08 16:38:21 -05:00
Jimmy Zelinskie
8a924aae4a
move jwk set URI to /keys
2016-01-08 16:22:31 -05:00
Jimmy Zelinskie
559a55b1de
add lru cache to _get_route_data()
2016-01-08 16:22:17 -05:00
Jake Moshenko
b9821290f6
Merge remote-tracking branch 'upstream/master' into torrent
2016-01-08 15:43:12 -05:00
Jake Moshenko
17d3b5e204
Fix a bug with torrent calculation on duplicate v2 uploads
2016-01-08 15:08:12 -05:00
josephschorr
269bd80f53
Merge pull request #1121 from coreos-inc/typofix2
...
Fix typo
2016-01-08 14:30:42 -05:00
Joseph Schorr
161475baaa
Break circular dependencies introduced by importing common in verbs
2016-01-08 13:54:40 -05:00
Jimmy Zelinskie
087c6828ad
add feature.BITTORRENT and jwk set URI
2016-01-07 19:07:23 -05:00
Jimmy Zelinskie
e8c0a8355f
only check repo usage when billing enabled
2016-01-07 14:34:19 -05:00
Jimmy Zelinskie
a089b3c383
torrent: don't get user when public repo
2016-01-07 14:16:21 -05:00
Joseph Schorr
cd204d8940
Fix typo
2016-01-06 15:00:36 -05:00
Jake Moshenko
476ac8cec9
Add piece hashing to verbs generated image storages
2016-01-06 12:01:15 -05:00
Jake Moshenko
9e2b6a312a
Fix typo in method name
2016-01-06 10:59:54 -05:00
Jake Moshenko
8f80d7064b
Hash v1 uploads for torrent chunks
2016-01-05 14:43:40 -05:00
Jake Moshenko
44fcc7e44b
Fix logic when deciding whether to hash for torrent
2016-01-05 12:13:26 -05:00
Jimmy Zelinskie
0f6c77caab
s/repository/repo_name
2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
c780572e69
add public/private torrent swarms
2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
4cb06525a4
finish implementing torrent verb
2016-01-04 16:17:51 -05:00
Jake Moshenko
ce8fcbeaae
Update the pieces to use base64 encoded binary
2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796
Hash and track layer file chunks for torrenting
2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
6f6c82a217
implement torrent verb
2016-01-04 16:16:40 -05:00
josephschorr
f748d4348d
Merge pull request #1106 from coreos-inc/billingemail
...
Add support for custom billing invoice email address
2016-01-04 14:34:30 -05:00
josephschorr
0ca01e5ae4
Merge pull request #1105 from coreos-inc/qeversion
...
Show version number next to copyright in QE
2016-01-03 17:57:11 -05:00
Jimmy Zelinskie
a967340aad
update format_date to handle December
2016-01-01 18:59:27 -05:00
josephschorr
28eb31ed36
Merge pull request #1102 from coreos-inc/deleteimagediff
...
Delete the image diff feature
2015-12-29 14:47:38 -05:00
josephschorr
6371f5e9be
Merge pull request #1107 from coreos-inc/errorresponsetype
...
Switch error messages to have content type JSON
2015-12-29 12:26:35 -05:00
Joseph Schorr
31a8a0fba4
Better UX when recovering organization emails
...
Fixes #291
2015-12-28 15:25:31 -05:00
Joseph Schorr
2f3d77157b
Switch error messages to have content type JSON
...
Fixes #893
2015-12-28 14:17:44 -05:00
Joseph Schorr
10efa96009
Add support for custom billing invoice email address
...
Fixes #782
2015-12-28 13:59:50 -05:00
Joseph Schorr
be61730224
Show version number next to copyright in QE
...
Fixes #672
2015-12-28 13:27:32 -05:00
Joseph Schorr
ab166c4448
Delete the image diff feature
...
Fixes #1077
2015-12-23 13:08:01 -05:00
Joseph Schorr
327258c83e
Add namespace to be returned by docker search
...
Fixes #956
2015-12-17 16:38:06 -05:00
Jake Moshenko
3fda6696e5
Merge pull request #1069 from jakedt/trackhostname
...
Trackhostname
2015-12-16 14:08:55 -05:00
Jake Moshenko
d5bebe2149
Add the hostname to mixpanel requests.
2015-12-16 13:43:31 -05:00
Jake Moshenko
766d60493f
Add the ability to blacklist v2 for specific versions
2015-12-15 18:27:10 -05:00
Joseph Schorr
ca7d36bf14
Handle empty scopes and always send the WWW-Authenticate header, as per spec
...
Fixes #1045
2015-12-15 14:59:47 -05:00
Joseph Schorr
ea9ebb98e6
Sample repo pulls in V2
...
Fixes #1058
2015-12-14 17:41:16 -05:00
Joseph Schorr
54095eb5cb
Handle the common case of one chunk when calculating the uncompressed size
...
Reference #992
2015-12-14 15:27:48 -05:00
josephschorr
1323da20e3
Merge pull request #1050 from coreos-inc/v2betterlogging
...
Make our JWT subjects better and log using the info
2015-12-14 15:24:39 -05:00
Silas Sewell
881fd53714
Merge pull request #1056 from coreos-inc/dont-hide-ioerror
...
Handle IOErrors in v2 uploads
2015-12-14 14:46:46 -05:00
Joseph Schorr
4a4eee5e05
Make our JWT subjects better and log using the info
...
Fixes #1039
2015-12-14 14:00:33 -05:00
Silas Sewell
2dcc1f13a6
Handle IOErrors in v2 uploads
2015-12-14 11:58:24 -05:00
Joseph Schorr
d963f7174a
Change manifest delete to mark tag as dead and log
2015-12-10 15:45:53 -05:00
Jake Moshenko
9f13bb8960
Fix the overlap condition on resumed uploads
2015-12-10 13:14:11 -05:00
josephschorr
37dec895ce
Merge pull request #987 from coreos-inc/multimanifest
...
Make manifest generation safe for multiple callers
2015-12-08 14:12:39 -05:00
josephschorr
6c897a7c22
Merge pull request #1035 from coreos-inc/closeforlong
...
Close for long operation before we upload chunks
2015-12-07 14:22:29 -05:00
Joseph Schorr
bcd7f45905
Close for long operation before we upload chunks
2015-12-07 14:11:56 -05:00
Joseph Schorr
b8bd92a64f
Handle 404s on blob uploads
...
Fixes #1033
2015-12-07 12:30:28 -05:00
Joseph Schorr
ee0eb80c8f
Fix blob content types
...
Fixes #990
2015-12-04 16:13:58 -05:00
josephschorr
32fae5533c
Merge pull request #1022 from coreos-inc/manifestexc
...
Only write exceptions for manifest gen when a tag exists
2015-12-04 14:32:06 -05:00
Silas Sewell
d28768f792
Make eventConfig required in create notification
2015-12-03 18:28:07 -05:00
Joseph Schorr
c324ebd7f6
Only write exceptions for manifest gen when a tag exists
...
Fixes #1019
Currently, we just raise an exception to the logs regardless, which can make it appear as if there is an issue (when there isn't).
2015-12-03 16:04:17 -05:00
Silas Sewell
8781cf6e11
Increase nginx proxy timeout and close db before storage operation
2015-12-03 11:19:39 -05:00
Silas Sewell
664a2951cc
Don't send content-length when redirecting v2 blob
...
Fixes #1012
2015-12-02 21:28:11 -05:00
Quentin Machu
8a539c4bc1
Fix security notification perform condition
...
As defined in util/secscan/api.py, Critical < High < Medium < Low < Negligible < Unknown. We have to send the notification if the expected level is higher than the vulnerability level, not the opposite.
2015-11-30 13:54:34 -05:00
josephschorr
dc1f6c2d87
Merge pull request #974 from coreos-inc/derivedfix
...
Derived image fixes
2015-11-25 11:57:16 -05:00
Joseph Schorr
6ed705be15
Make manifest generation safe for multiple callers
...
Fixes #985
2015-11-24 18:38:29 -05:00
josephschorr
0dbd19a236
Merge pull request #976 from coreos-inc/incidentaltests
...
Add login tests and fix scope security issue
2015-11-24 13:42:06 -05:00
Joseph Schorr
75a91f0f92
Add login tests and fix scope security issue
2015-11-24 13:39:16 -05:00
Joseph Schorr
762cd56e64
Change derived storage to be based on image
...
Fixes #971
2015-11-24 12:44:07 -05:00
josephschorr
1eb019cd16
Merge pull request #970 from coreos-inc/disableverbcaching
...
Disable derived image storage entirely until we fix it to be by image…
2015-11-23 23:56:51 -05:00
Joseph Schorr
5d3aa2a2b9
Disable derived image storage entirely until we fix it to be by image, not storage
2015-11-23 23:49:46 -05:00
Joseph Schorr
a0e597f957
Send Docker-Content-Digest headers on GET requests
...
Fixes #955
2015-11-23 13:56:34 -05:00
Joseph Schorr
5c8eea2728
Log when pulls occur in V2
...
Fixes #958
2015-11-20 21:30:03 -05:00
Jake Moshenko
0c44949017
Return a 401 when doing a login with bad credentials
2015-11-20 18:37:52 -05:00
Joseph Schorr
b49435bfee
Fix track_and_log for grant-ed users
2015-11-19 17:41:27 -05:00
Jake Moshenko
b564492ea7
Improve the performance of fetching manifest blobs by checksum.
2015-11-19 11:01:47 -05:00
Jake Moshenko
e01f5ce06e
Re-enable squashed caching
2015-11-18 22:05:07 -05:00
Jake Moshenko
39d799b1aa
Fix anonymous repository pulls
2015-11-18 20:11:06 -05:00
Jake Moshenko
c27f91f7cf
Fix token pushes for v2 auth, tokens have no user
2015-11-18 19:18:12 -05:00
Matt Jibson
f02bb3caee
Add user admin scope
...
Also remove unused scope decorator.
fixes #890
2015-11-18 12:01:40 -05:00
Silas Sewell
f3dafd50e4
Fix squash pull after v2 merge
2015-11-17 18:25:43 -05:00
Jake Moshenko
7205bf5e7f
Merge pull request #885 from jakedt/python-registry-v2
...
Python registry v2 mega merge
2015-11-16 16:15:40 -05:00
Matt Jibson
d5fb8cafd4
Don't expose unnamed API operations
...
fixes #861
2015-11-16 15:40:33 -05:00
Jake Moshenko
4cc619f4ca
Clean up v2 branch to no longer warn about readiness
2015-11-16 14:42:43 -05:00
Jake Moshenko
0459c3bc54
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-16 14:22:54 -05:00
Jake Moshenko
52125bbfed
Fix gc by using the v1/v2 storage location helper everywhere
2015-11-16 14:13:37 -05:00
Joseph Schorr
32a799a067
Remove code that adds images to the image diff queue
2015-11-13 12:42:43 -05:00
Joseph Schorr
db1fae4cfc
Fix security scan endpoint status
2015-11-13 01:06:18 -05:00
Joseph Schorr
b7206a8cfc
Remove file added accidentally by merge
2015-11-12 22:03:13 -05:00
Joseph Schorr
7816b0c657
Merge master into vulnerability-tool
2015-11-12 21:52:47 -05:00
Joseph Schorr
3b3f101ea6
Vulnerability UI part 2
...
Fixes #860
Fixes #855
2015-11-12 16:59:36 -05:00
Jake Moshenko
44d06b0c2e
Fix v1 backward compatibility
2015-11-12 16:22:19 -05:00
Joseph Schorr
76ce63895f
New Quay Sec UI and fix some small bugs
...
Fixes #855
2015-11-11 18:15:58 -05:00
Jake Moshenko
ab340e20ea
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-11 16:41:40 -05:00
Jake Moshenko
a1ccd860e7
Merge pull request #823 from coreos-inc/phase3-11-07-2015
...
Phase3 11 07 2015
2015-11-11 14:22:19 -05:00
Joseph Schorr
ca7d736db2
Only send vulnerability events if the minimum priority is gte to that specified
...
Fixes #770
2015-11-10 16:05:55 -05:00
Joseph Schorr
888ec17538
Recover by email needs to allow anon access to its endpoints
2015-11-10 15:41:19 -05:00
Jimmy Zelinskie
8e2868737b
rename secscan_endpoint and move db close to API
2015-11-10 15:22:31 -05:00
Jimmy Zelinskie
d651ea4b48
initial security notification worker
2015-11-10 15:22:30 -05:00
Silas Sewell
e826b14ca4
Merge pull request #725 from coreos-inc/setup-tool-georeplication
...
superuser: add storage replication config
2015-11-09 17:43:38 -05:00
Silas Sewell
5000b1621c
superuser: add storage replication config
2015-11-09 17:34:22 -05:00
Joseph Schorr
a69c9e12fd
Update quay sec code to fix problems identified in previous review
...
- Change get_repository_images_recursive to operate over a single docker image and storage uuid
- Move endpoints/sec to endpoints/secscan
- Change notification system to work with new Quay-sec format
Fixes #768
2015-11-09 17:14:35 -05:00
Quentin Machu
16c364a90c
Rename secscan_endpoint where required, fix index and indentation
2015-11-09 15:18:42 -05:00
Matt Jibson
5d9999d1f7
Merge pull request #791 from mjibson/clear-repo-notifications
...
Remove error notification when user deletes repos
2015-11-09 14:46:51 -05:00
Joseph Schorr
02e2bef943
Fix hardcoded priority
2015-11-09 12:51:05 -05:00
Joseph Schorr
b408cfd2cc
Ready for demo
2015-11-09 12:51:05 -05:00
Joseph Schorr
407eaae137
WIP: Towards sec demo
2015-11-09 12:50:39 -05:00
Joseph Schorr
fb3d0fa27d
Add a SecEndpoint class and move all the cert and config handling in there
2015-11-09 12:49:19 -05:00
Joseph Schorr
87c56d1caa
Add vulnerabilities and packages API to Quay
...
Fixes #564
2015-11-09 12:49:19 -05:00
Jake Moshenko
7efa6265bf
Merge branch 'newchanges' into python-registry-v2
2015-11-06 18:24:32 -05:00
Jake Moshenko
c2fcf8bead
Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2
2015-11-06 18:18:29 -05:00
Jake Moshenko
4314882fa0
Reverse the order of get_parent_images
2015-11-06 17:47:08 -05:00
Jake Moshenko
ad93425ead
Stop writing to v1 checksum on ImageStorage
2015-11-06 16:40:04 -05:00
Jake Moshenko
75f917f592
Stop reading the v1 checksums from storage
2015-11-06 16:17:12 -05:00
Joseph Schorr
cfa03951e1
Add a SecScanEndpoint class and move all the cert and config handling in there
2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0
Add vulnerabilities and packages API to Quay
...
Fixes #564
2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea
Add a vulnerability_found event for notice when we detect a vuln
...
Fixes #637
Note: This PR does *not* actually raise the event; it merely adds support for it
2015-11-06 15:22:18 -05:00
Jake Moshenko
3d0bcbaaeb
Move v1 checksums to image and track v2 separately
2015-11-06 15:17:55 -05:00
Matt Jibson
f4b57eff96
Set and use ETag headers
...
Also set no-cache exactly as github recommends. The removed @no_cache
decorater used "Cache-Control:no-cache, no-store, must-revalidate", but
just no-cache should be sufficient, and should certainly work correctly
with github.
See: https://github.com/github/markup/issues/224#issuecomment-48532178
fixes #712
2015-11-06 12:15:15 -05:00
Quentin Machu
da1fe7d48b
Merge pull request #790 from Quentin-M/set4O4
...
Define nginx v2 vhost & properly set 404 status code
2015-11-04 16:32:11 -05:00
josephschorr
11be448d75
Merge pull request #773 from coreos-inc/imageload
...
Never load the full repo image list
2015-11-04 16:29:20 -05:00
Matt Jibson
4d81567a0c
Remove error notification when user deletes repos
...
Also prevent duplicate notifications of that type.
fixes #493
2015-11-04 16:11:15 -05:00
Joseph Schorr
4f41f79fa8
Never load the full repo image list
...
Always make smaller queries per tag to ensure we scale better
Fixes #754
2015-11-04 15:53:00 -05:00
Quentin Machu
c1fa22d9b0
Define nginx v2 vhost & properly set 404 status code
...
Fixes #777
2015-11-04 14:56:18 -05:00
josephschorr
c3a4c36df7
Merge pull request #761 from coreos-inc/fixtoomanylogin
...
Move decorator for TooManyLoginAttempts into general decorated module
2015-11-04 12:29:01 -05:00
Joseph Schorr
d4646e459e
Disable 404, as it is breaking V2 API checks
2015-11-04 02:47:33 -05:00
Joseph Schorr
95c47fe250
Fix layer ordering in verbs
2015-11-03 14:43:47 -05:00
Joseph Schorr
5e1cd2b2ad
Move decorator for TooManyLoginAttempts into general decorated module
...
Currently, this is missing in gunicorn_registry which causes 500s when user logins become throttled
2015-11-03 12:16:01 -05:00
Joseph Schorr
f6a53f7cc5
Change all Quay.io references to Quay, fix tour and change logo
...
Fixes #741
2015-11-02 14:37:48 -05:00
josephschorr
4ae940aede
Merge pull request #660 from coreos-inc/superuser
...
Superuser Panel Improvements
2015-10-30 14:32:16 -04:00
Quentin Machu
3f35265858
Merge pull request #683 from Quentin-M/whoops-404
...
Add 404 page
2015-10-30 14:30:20 -04:00
Jake Moshenko
1666ac50fe
Filter down the signing key to only public portion
2015-10-26 16:40:19 -04:00
Jake Moshenko
2c10d28afc
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-10-26 14:44:16 -04:00
Jake Moshenko
fc55730db8
Add a feature flag to advertise v2 endpoints
2015-10-26 14:20:51 -04:00
Jake Moshenko
9da64f3aba
Stop writing to deprecated columns for image data.
2015-10-24 14:45:15 -04:00
Joseph Schorr
7bac042954
Fix verbs for merged changes to image and image storage
...
Fixes #698
2015-10-23 15:49:31 -04:00
Jimmy Zelinskie
e973289397
Revert "Revert "Merge pull request #682 from jzelinskie/revertrevert""
...
This reverts commit 278bc736e3
.
2015-10-23 15:26:33 -04:00
Jake Moshenko
e7a6176594
Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2
2015-10-22 16:59:28 -04:00
Jimmy Zelinskie
278bc736e3
Revert "Merge pull request #682 from jzelinskie/revertrevert"
...
This reverts commit 627ad25c9c
, reversing
changes made to 31c392fecc
.
2015-10-22 16:02:07 -04:00
Jake Moshenko
ce94931540
Stop writing to deprecated columns for image data.
2015-10-22 12:14:39 -04:00
Quentin Machu
adb744089e
Add 404 page
...
Fixes coreos-inc/quay#677
2015-10-21 18:40:15 -04:00
josephschorr
5dae970787
Merge pull request #681 from coreos-inc/userorg
...
Return user orgs when making a call via OAuth
2015-10-21 16:41:43 -04:00
Joseph Schorr
5d8121e060
Return user orgs when making a call via OAuth
...
Fixes #673
2015-10-21 16:40:31 -04:00
Jimmy Zelinskie
39cfe77d42
Revert "Merge pull request #557 from coreos-inc/revert-migration"
...
This reverts commit c4f938898a
, reversing
changes made to 7ad2522dbe
.
2015-10-21 15:29:57 -04:00
Joseph Schorr
147b7b26b4
Fix is_public in repo list
...
Fixes #678
2015-10-21 14:13:39 -04:00
Matt Jibson
b4554f4d14
Verify signed manifests
...
fixes #394
2015-10-20 02:08:45 -04:00
Joseph Schorr
5941f3937c
Enable async GC for all
...
Fixes #569
2015-10-19 14:22:41 -04:00
Joseph Schorr
d464af4cce
Add ability to update superusers via the UI
...
Fixes #634
2015-10-16 15:41:18 -04:00
Joseph Schorr
a37b9394d9
Add org email address to orgs list
2015-10-16 15:17:51 -04:00
Joseph Schorr
ad5beab3ef
Disable superuser functions around users when not using DB auth
2015-10-16 15:14:49 -04:00
josephschorr
d3857e509f
Merge pull request #643 from coreos-inc/nullimage
...
Check and handle NULL image_size
2015-10-15 13:26:13 -04:00
Joseph Schorr
fe79d5fb66
Check and handle NULL image_size
...
Fixes #613
2015-10-15 13:25:54 -04:00
josephschorr
24b54f1e34
Merge pull request #615 from coreos-inc/queriesunite
...
Unionize the mega query - It needed more performance-based benefits
2015-10-15 13:17:01 -04:00
Joseph Schorr
c9daf7d8a9
Add additional tests for repo visibility and further simplify the query for perf
2015-10-15 12:12:57 -04:00
Jimmy Zelinskie
7c1547221d
raise a 520 for any GitLab timeouts
2015-10-13 17:34:08 -04:00
Jimmy Zelinskie
9818481b08
limit logs to a maximum number of pages
2015-10-06 14:13:23 -04:00
josephschorr
3e7a95407b
Merge pull request #598 from coreos-inc/limitbadquery
...
Prevent unlimited insane query from running and fix tests
2015-10-05 21:29:35 -04:00
Silas Sewell
c6da322ec1
Merge pull request #597 from coreos-inc/tag-validation
...
Update tag validation
2015-10-05 21:10:55 -04:00
Silas Sewell
dd3d939b31
Update tag validation
...
Fixes #536
2015-10-05 19:32:10 -04:00
Joseph Schorr
dd804816ba
Prevent unlimited insane query from running and fix tests
...
Fixes #591
2015-10-05 17:11:49 -04:00
Joseph Schorr
8ca92d6828
Remove old search API and switch V1 search to use the new search system
2015-10-05 14:36:43 -04:00
Joseph Schorr
f393236c9f
Add repo name check to V2
...
Fixes #592
2015-10-05 14:19:52 -04:00
Joseph Schorr
d0dc8fe45d
Add endpoint security tests for the V2 endpoints
...
Fixes #581
2015-10-02 14:01:12 -04:00
Joseph Schorr
35c35d9913
Load images and storage references in bulk during V1 synthesize
...
Currently, we perform multiple queries for each layer, making it much slower (especially cross-region)
Fixes #413
2015-09-29 17:53:39 -04:00
Joseph Schorr
f44ca79391
Add _catalog endpoint as specified by V2 API
...
Fixes #391
2015-09-29 16:02:19 -04:00
Joseph Schorr
decdaa4c79
New tests and small fixes while comparing against the V2 spec
...
Fixes #391
2015-09-29 15:18:48 -04:00
Silas Sewell
9000169b53
Revert "Merge pull request #491 from jakedt/migratebackp2"
...
This reverts commit 7ad2522dbe
, reversing
changes made to a0b191ffa1
.
2015-09-28 16:09:22 -04:00
Joseph Schorr
2e694dd3f0
Move Docker V2 key to be loaded from file or generated on server load
...
Fixes #394
2015-09-28 15:43:51 -04:00
Joseph Schorr
09f8ad695b
Fix resumable upload support and add another test
2015-09-28 12:17:17 -04:00
josephschorr
7ad2522dbe
Merge pull request #491 from jakedt/migratebackp2
...
Migrate image data back phase 2
2015-09-26 15:11:46 -04:00
Joseph Schorr
4dc30d6321
Remove yaml and switch to JSON because yaml is so slow
2015-09-24 16:17:42 -04:00
Joseph Schorr
a283c8d8ec
Add a check to ensure repository names are valid according to an extended set of rules.
...
Fixes #534
2015-09-24 11:55:08 -04:00
Joseph Schorr
49b575afb6
Start refactoring of the trigger system:
...
- Move each trigger handler into its own file
- Add dictionary helper classes for easier reading and writing of dict-based data
- Extract the web hook payload -> internal representation building for each trigger system
- Add tests for this transformation
- Remove support for Github archived-based building
2015-09-21 16:36:48 -04:00
Jake Moshenko
26cea9a07c
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-17 16:16:27 -04:00
Jake Moshenko
8baacd2741
Migrate old data to new locations, read only new.
2015-09-17 15:47:13 -04:00
josephschorr
c801965626
Merge pull request #492 from coreos-inc/nofreelunch
...
UI and API fixes for disallowing private repo count abuse
2015-09-16 17:53:11 -04:00
Silas Sewell
a8183ed87b
Sample pull_repo events
2015-09-15 18:41:48 -04:00
Joseph Schorr
fbfe7fdb54
Make change repo visibility and create repo raise a 402 when applicable
...
We now check the user or org's subscription plan and raise a 402 if the user attempts to create/make a repo private over their limit
2015-09-15 14:33:35 -04:00
Jake Moshenko
b56de3355c
Migrate data back to Image in preparation for v2
2015-09-15 11:53:31 -04:00
Jake Moshenko
9c3ddf846f
Some fixes and tests for v2 auth
...
Fixes #395
2015-09-10 15:38:57 -04:00
Joseph Schorr
fd3a21fba9
Add Kubernetes configuration provider which writes config to a secret
...
Fixes #145
2015-09-10 12:19:59 -04:00