Commit graph

1693 commits

Author SHA1 Message Date
Joseph Schorr
343a080833 Make security scan testing much faster 2016-05-05 13:55:24 -04:00
Jake Moshenko
9221a515de Use the registry API for security scanning
when the storage engine doesn't support direct download url
2016-05-04 18:04:06 -04:00
Joseph Schorr
73fa593d02 Various small fixes in prep for QE release 2016-05-04 15:20:27 -04:00
josephschorr
550b9cb2b3 Merge pull request #1428 from coreos-inc/clair-setup-new
Implement setup tool support for Clair
2016-05-04 13:52:54 -04:00
Joseph Schorr
2cbdecb043 Implement setup tool support for Clair
Fixes #1387
2016-05-04 13:40:50 -04:00
Joseph Schorr
6e2df3b339 Fix key server to not list expired keys
Fixes the key server to not list expire keys and by default not return expired or unapproved keys unless explicitly requested.

Fixes #1430
2016-05-03 17:58:47 -04:00
josephschorr
f0af2ca9c3 Merge pull request #1407 from coreos-inc/enterpriselanding
Add Enterprise Landing page
2016-05-03 13:52:22 -04:00
Evan Cordell
2242c6773d Add 'Automatic' ServiceKeyApprovalType 2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd Generate private key on startup 2016-04-29 14:10:33 -04:00
Joseph Schorr
6091db983b Hide expired keys outside of their staleness window 2016-04-29 14:10:33 -04:00
Jimmy Zelinskie
726cb5fe6a key server: 403 on expired approved keys (#1410) 2016-04-29 14:09:37 -04:00
Joseph Schorr
4f63a50a17 Change account-less logs to use a user and not null
This allows us to skip the migration
2016-04-29 14:09:37 -04:00
Jimmy Zelinskie
ca5794ba18 key server: use total_seconds() for cache headers 2016-04-29 14:09:37 -04:00
Joseph Schorr
5d6e5a42e8 Add delete logging and tests for logging 2016-04-29 14:09:09 -04:00
Jimmy Zelinskie
6aa7040f39 keyserver: add cache-control headers 2016-04-29 14:05:16 -04:00
Joseph Schorr
bc08ac2749 Fix timeouts in the JWT endpoint tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
522cf68c5d Lots of smaller fixes:
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d0bd70fb36 endpoints.web: add missing import 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
370ac3ecd0 service keys: add rotation_duration field 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
fca258d8bf endpoints: remove /keys
BitTorrent support should now be able to use the keyserver
infrastructure instead.
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
9f4a4092da keyserver: get signer kid from unverified headers 2016-04-29 14:05:16 -04:00
Joseph Schorr
08017c5111 Further UI updates 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
cfc15746a6 keyserver: tests! 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
d19eb16b45 keyserver: add generate key function
The superuser API, initdb, and tests will all need this functionality.
2016-04-29 14:05:16 -04:00
Joseph Schorr
fb1dca4e94 Add API usage tests 2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59 keys ui WIP 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
136f92400f key_server: remove s at the end of endpoint 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
e456228434 keyserver: insert rotation policy into metadata 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
885a41e6f5 key server: misc fixes to make jwtproxy work 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
50ad1bb6b1 key server: misc cleanup to get it working 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c0ab45d335 key server: derive audience from host and scheme 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
93720bd0f4 superuser: proper view for approvals/keys 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
d277fe6741 add final service key config 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
c6b8b3ce8c service_keys: s/get_keys/list_keys 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
0ec54fc70e clear notifications on delete/replace service_key 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
42b5196b21 add notification path and use for service keys 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
97ae800e6c canonicalize json 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
f406942984 converging on proper rotation 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
aaf9e83278 basically finish superuser key api 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
35ed73e195 rework superuser api 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
4079dba167 service keys: do all the right stuff 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
499bb16306 service key server wip 2016-04-29 13:38:25 -04:00
Joseph Schorr
c6f7dfa102 Add Enterprise Landing page
Note: The design comes directparners.
2016-04-28 13:47:54 -04:00
Joseph Schorr
03489c22ad Log the pushed tag and add IP address display
Fixes #798
2016-04-20 13:00:21 -04:00
Evan Cordell
9a1d97216b Switch error mimetype back to application/json 2016-04-18 17:42:08 -05:00
Evan Cordell
4d7843580f Fix superuser page 2016-04-15 16:50:01 -04:00
josephschorr
cf04fedd6a Merge pull request #1347 from coreos-inc/marketingtagman
Add Google Tag Manager support to Quay
2016-04-13 16:50:36 -04:00
Evan Cordell
09064853ac Merge pull request #1364 from ecordell/error-json-fixes
Fix error-related issues
2016-04-13 13:32:00 -04:00
Evan Cordell
eb3e7eba88 Merge pull request #1351 from ecordell/document-201-swagger
Swagger: document 201 responses for POST requests
2016-04-13 09:50:34 -04:00
Evan Cordell
e1b3312495 Add back error_message and error_type for backwards-compatibility 2016-04-13 09:11:40 -04:00
Evan Cordell
7b44beb1fd Fix WWW-Authenticate header on 401 2016-04-13 09:01:42 -04:00
Evan Cordell
d67c4ba46c Fix formatting in endpoints/api/error.py 2016-04-12 16:53:50 -04:00
Joseph Schorr
891f7d9213 Add Google Tag Manager support to Quay 2016-04-12 15:28:24 -04:00
Evan Cordell
1cdbd89120 Fix test (response validation in debug mode) 2016-04-12 07:56:58 -04:00
Evan Cordell
693a11c58e Add RFC citation 2016-04-11 20:08:45 -04:00
Evan Cordell
7c361c07f9 Use ApiService to get error message 2016-04-11 17:31:30 -04:00
Evan Cordell
b5db41920f Address review comments 2016-04-11 16:34:40 -04:00
Evan Cordell
eba75494d9 Use new error format for auth errors (factor exceptions into module) 2016-04-11 16:22:26 -04:00
Evan Cordell
9c08717173 Return application/problem+json format errors and provide error endpoint
to dereference error codes.
2016-04-11 14:57:24 -04:00
Evan Cordell
d69d79d302 swagger: document 201 responses for POST requests 2016-04-07 09:26:28 -04:00
Joseph Schorr
a06bda5910 Never include Stripe checking in LDN
Instead, we always load it from Stripe when billing is enabled. Also fixes our Stripe icon.
2016-04-01 14:10:11 -04:00
Joseph Schorr
a882055f62 Better error message for invalid recovery codes 2016-03-30 16:02:47 -04:00
Joseph Schorr
42e934d84f Make notification lookup faster and fix repo pagination on Postgres 2016-03-30 14:46:31 -04:00
josephschorr
4aa079e743 Merge pull request #1247 from coreos-inc/useradminscopes
Remove internal_only from some APIs now that we expose a user admin scope
2016-03-23 14:16:02 -04:00
Joseph Schorr
aa5587c93c Fixes and added tests for the security notification worker
Fixes #1301

- Ensures that the worker uses pagination properly
- Ensures that the worker handles failure as expected
- Moves marking the notification as read to after the worker processes it
- Increases the number of layers requested to 100
2016-03-18 20:28:06 -04:00
Joseph Schorr
6a4584b87a Add another test for security notification filtering 2016-03-17 12:59:27 -04:00
Joseph Schorr
57e5141fb5 Fix link-to-parent-with-different-blob issue and add a test 2016-03-14 15:35:18 -04:00
Jimmy Zelinskie
ea2e17cc11 v2: send proper scopes for authorization failures
Fixes #1278.
2016-03-11 13:41:38 -05:00
Jimmy Zelinskie
bb46cc933d use kwargs for parse_repository_name 2016-03-09 16:20:28 -05:00
Jake Moshenko
fe2cd240bc Revert "Remove old search API which is no longer in use" 2016-03-07 10:07:41 -05:00
josephschorr
57430a18b4 Merge pull request #1224 from coreos-inc/removeoldsearch
Remove old search API which is no longer in use
2016-03-04 12:05:07 -05:00
Joseph Schorr
85919cbc39 Fix error when constructing DownstreamIssue exception 2016-02-25 17:45:49 -05:00
Jimmy Zelinskie
c7904db30d v2: always send www-authn headers on unauthorized
Fixes #1254.
2016-02-25 17:09:29 -05:00
Joseph Schorr
f498e92d58 Implement against new Clair paginated notification system 2016-02-25 15:58:42 -05:00
Joseph Schorr
c0374d71c9 Refactor the security worker and API calls and add a bunch of tests 2016-02-25 12:29:41 -05:00
Quentin Machu
0183c519f7 Merge pull request #1253 from Quentin-M/clair2
Adapt securityworker, secscan API and Quay UI for Clair 1.0
2016-02-19 18:21:25 -05:00
Quentin Machu
4bd5996bbf Adapt secscan API for Clair v1.0
Squash /vulnerabilities and /packages as it basically does the same
action on Clair and we don't need both for Quay
2016-02-19 17:44:23 -05:00
josephschorr
11af123ba5 Merge pull request #1244 from coreos-inc/enableaci
Add UI to the setup tool for enabling ACI conversion
2016-02-17 12:29:48 -05:00
Joseph Schorr
1940fd9939 Add UI to the setup tool for enabling ACI conversion
Fixes #1211
2016-02-17 12:05:48 -05:00
Joseph Schorr
8d9f3309aa Remove internal_only from some APIs now that we expose a user admin scope
Fixes #1246
2016-02-16 16:50:33 -05:00
josephschorr
e8faa9f843 Merge pull request #939 from coreos-inc/user-admin
Add user admin scope
2016-02-16 16:42:29 -05:00
josephschorr
81a36ee3b8 Merge pull request #1217 from coreos-inc/v2pagination
Fix V2 catalog and tag pagination
2016-02-16 15:34:49 -05:00
josephschorr
ded0a27901 Merge pull request #1242 from coreos-inc/receiptemailsbug
Fix schema for invoice email updating
2016-02-16 13:26:26 -05:00
Joseph Schorr
ecaa051791 Fix schema for invoice email updating
Fixes #1209
2016-02-16 11:52:57 -05:00
Jake Moshenko
6e05920d6b Delete bad manifests from the DB 2016-02-16 11:42:19 -05:00
Joseph Schorr
4b24556cb3 Check for the parent's ID in the updated ID map.
Fixes #1240
2016-02-15 11:02:52 -05:00
Joseph Schorr
69262282fe Make sure to encode all V1 metadata strings
Fixes #1239
2016-02-15 10:57:20 -05:00
Jimmy Zelinskie
70aa7cc731 Merge pull request #1230 from jzelinskie/aci-head
allow HEAD on ACI images
2016-02-12 16:29:12 -05:00
Jimmy Zelinskie
2b07b6d8a9 allow HEAD on ACI images
Fixes #911.
2016-02-12 16:28:44 -05:00
Jake Moshenko
6454b5aeb7 Update the layer rename PR to preserve the original manifest 2016-02-12 16:25:47 -05:00
Joseph Schorr
abd2e3c234 V1 Docker ID <-> V2 layer SHA mismatch fix
Fix handling of V1 Docker ID <-> V2 layer SHA mismatch by dynamically rewriting the manifest to use new synthesized IDs for all layers above the mismatch. Also adds a bunch of tests for this and other use cases, fixes a bug around manifest digest uniqueness and fixes the 5.5 migration for MySQL.
2016-02-12 17:39:27 +02:00
Quentin Machu
5c7f2a5c16 Remove abort(500) on checksum mismatch 2016-02-11 18:32:21 -05:00
josephschorr
a9c64545fa Merge pull request #1228 from coreos-inc/v2storagevalidation
Add a check that will fail if we try to mislink V1 layers
2016-02-11 22:49:33 +02:00
josephschorr
904b2d53d2 Merge pull request #1197 from coreos-inc/webpytest
Tests for endpoints/web and some small fixes
2016-02-11 22:42:43 +02:00
Joseph Schorr
27f1cc0a13 Add a check that will fail if we try to mislink V1 layers
Also logs some useful information
2016-02-11 22:40:00 +02:00
Joseph Schorr
1887dc879c Remove old search API which is no longer in use 2016-02-10 15:02:27 +02:00
Joseph Schorr
db0eab0461 Fix V2 catalog and tag pagination 2016-02-10 00:25:33 +02:00
Jimmy Zelinskie
deadd5eee3 Merge pull request #1210 from jzelinskie/torrent-life
extend torrent webseed lifetime to an hour
2016-02-09 14:51:26 -05:00
Jimmy Zelinskie
463dc98a42 return an error when writing manifest v2 schema2 2016-02-09 14:42:58 -05:00
Jimmy Zelinskie
e18dacd26b extend torrent webseed lifetime to an hour 2016-02-08 17:57:28 -05:00
Joseph Schorr
6a8331d305 Tests for endpoints/web and some small fixes 2016-02-05 09:45:25 +02:00
Joseph Schorr
534ec9cb2b Add pagination to the repository list API to make it better for public
Fixes #1166
2016-02-01 22:42:44 +02:00
Jake Moshenko
9310fe1832 Convert some flask-login user methods to properties 2016-01-29 10:36:28 -05:00
Joseph Schorr
accc576a98 Fix V1 push URL to match Docker and fix registry tests 2016-01-29 16:42:15 +02:00
Jake Moshenko
018bf8c5ad Refactor how parsed_args are passed to methods 2016-01-26 16:27:36 -05:00
Joseph Schorr
335c8eb3a9 Add 2 day TTL to page tokens 2016-01-26 14:04:03 -05:00
Joseph Schorr
b4bddacedb Switch to Fernet crypto as per gtank's recommendation 2016-01-26 12:50:48 -05:00
Joseph Schorr
bd0a098282 Add ID-based pagination to logs using new decorators and an encrypted token
Fixes #599
2016-01-26 12:50:48 -05:00
Joseph Schorr
a03f0f1970 Fix manifest content type
Fixes #1168
2016-01-25 16:39:59 -05:00
josephschorr
b081e234f8 Merge pull request #1162 from coreos-inc/publicnocredauth
Fix issue with Docker 1.8.3 and pulling public repos with no creds
2016-01-25 16:07:55 -05:00
Joseph Schorr
8cd38569d6 Fix issue with Docker 1.8.3 and pulling public repos with no creds
We now return the valid subset of auth scopes requested.

Adds a test for this case and adds testing of all returned JWTs in the V2 login tests
2016-01-25 15:54:17 -05:00
Jimmy Zelinskie
85ae1a2a0a Merge pull request #1161 from jzelinskie/torrenthmac
misc torrent changes
2016-01-22 23:02:44 -05:00
josephschorr
566a91f003 Merge pull request #1160 from coreos-inc/dockerv2authsucks
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
2016-01-22 16:00:30 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Jimmy Zelinskie
e54b86c6eb s/TORRENT/BITTORRENT 2016-01-22 15:52:28 -05:00
josephschorr
d00db518df Merge pull request #1153 from coreos-inc/fixtutorial
Fix tutorial by properly publishing user events for V2 API
2016-01-22 12:51:47 -05:00
josephschorr
cd81d1e4f5 Merge pull request #1156 from coreos-inc/torrentverb
Add support for torrenting verbs
2016-01-20 18:15:52 -05:00
Joseph Schorr
7c572fd218 Add support for torrenting verbs
Fixes #1130
2016-01-20 18:15:32 -05:00
Joseph Schorr
068301ef1f Add more debugging statements to V2 auth
Also fixes a spurious return
2016-01-20 18:06:46 -05:00
Joseph Schorr
22b8a562be Fix tutorial by properly publishing user events for V2 API
Fixes #1123
2016-01-20 13:42:30 -05:00
Jake Moshenko
5f10c3f7ed Merge pull request #1149 from jakedt/notsoswift
Improve swift path computations
2016-01-15 15:54:35 -05:00
Jake Moshenko
612098b645 Use the centrally initialized storage engine for verbs in master process 2016-01-15 15:35:04 -05:00
Jake Moshenko
3071152dd1 Fix the JWK to use base64 encoded bytes 2016-01-14 10:08:35 -05:00
Jimmy Zelinskie
de750defdb s/RSA256/RS256 2016-01-13 12:59:53 -05:00
Jimmy Zelinskie
bcdbf0301d add cache-control headers to /keys 2016-01-12 17:58:21 -05:00
Joseph Schorr
e4da61a05d Fix piece hash calculation 2016-01-12 17:44:19 -05:00
Jake Moshenko
8ab6c8a22d Fix torrent hash generation to work in mixed stacks 2016-01-11 16:43:46 -05:00
Jimmy Zelinskie
d21b4adc62 remove global for get_route_data 2016-01-08 16:43:15 -05:00
Jake Moshenko
1ae101c917 Address torrent feature review comments. 2016-01-08 16:38:21 -05:00
Jimmy Zelinskie
8a924aae4a move jwk set URI to /keys 2016-01-08 16:22:31 -05:00
Jimmy Zelinskie
559a55b1de add lru cache to _get_route_data() 2016-01-08 16:22:17 -05:00
Jake Moshenko
b9821290f6 Merge remote-tracking branch 'upstream/master' into torrent 2016-01-08 15:43:12 -05:00
Jake Moshenko
17d3b5e204 Fix a bug with torrent calculation on duplicate v2 uploads 2016-01-08 15:08:12 -05:00
josephschorr
269bd80f53 Merge pull request #1121 from coreos-inc/typofix2
Fix typo
2016-01-08 14:30:42 -05:00
Joseph Schorr
161475baaa Break circular dependencies introduced by importing common in verbs 2016-01-08 13:54:40 -05:00
Jimmy Zelinskie
087c6828ad add feature.BITTORRENT and jwk set URI 2016-01-07 19:07:23 -05:00
Jimmy Zelinskie
e8c0a8355f only check repo usage when billing enabled 2016-01-07 14:34:19 -05:00
Jimmy Zelinskie
a089b3c383 torrent: don't get user when public repo 2016-01-07 14:16:21 -05:00
Joseph Schorr
cd204d8940 Fix typo 2016-01-06 15:00:36 -05:00
Jake Moshenko
476ac8cec9 Add piece hashing to verbs generated image storages 2016-01-06 12:01:15 -05:00
Jake Moshenko
9e2b6a312a Fix typo in method name 2016-01-06 10:59:54 -05:00
Jake Moshenko
8f80d7064b Hash v1 uploads for torrent chunks 2016-01-05 14:43:40 -05:00
Jake Moshenko
44fcc7e44b Fix logic when deciding whether to hash for torrent 2016-01-05 12:13:26 -05:00
Jimmy Zelinskie
0f6c77caab s/repository/repo_name 2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
c780572e69 add public/private torrent swarms 2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
4cb06525a4 finish implementing torrent verb 2016-01-04 16:17:51 -05:00
Jake Moshenko
ce8fcbeaae Update the pieces to use base64 encoded binary 2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796 Hash and track layer file chunks for torrenting 2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
6f6c82a217 implement torrent verb 2016-01-04 16:16:40 -05:00
josephschorr
f748d4348d Merge pull request #1106 from coreos-inc/billingemail
Add support for custom billing invoice email address
2016-01-04 14:34:30 -05:00
josephschorr
0ca01e5ae4 Merge pull request #1105 from coreos-inc/qeversion
Show version number next to copyright in QE
2016-01-03 17:57:11 -05:00
Jimmy Zelinskie
a967340aad update format_date to handle December 2016-01-01 18:59:27 -05:00
josephschorr
28eb31ed36 Merge pull request #1102 from coreos-inc/deleteimagediff
Delete the image diff feature
2015-12-29 14:47:38 -05:00
josephschorr
6371f5e9be Merge pull request #1107 from coreos-inc/errorresponsetype
Switch error messages to have content type JSON
2015-12-29 12:26:35 -05:00
Joseph Schorr
31a8a0fba4 Better UX when recovering organization emails
Fixes #291
2015-12-28 15:25:31 -05:00
Joseph Schorr
2f3d77157b Switch error messages to have content type JSON
Fixes #893
2015-12-28 14:17:44 -05:00
Joseph Schorr
10efa96009 Add support for custom billing invoice email address
Fixes #782
2015-12-28 13:59:50 -05:00
Joseph Schorr
be61730224 Show version number next to copyright in QE
Fixes #672
2015-12-28 13:27:32 -05:00
Joseph Schorr
ab166c4448 Delete the image diff feature
Fixes #1077
2015-12-23 13:08:01 -05:00
Joseph Schorr
327258c83e Add namespace to be returned by docker search
Fixes #956
2015-12-17 16:38:06 -05:00
Jake Moshenko
3fda6696e5 Merge pull request #1069 from jakedt/trackhostname
Trackhostname
2015-12-16 14:08:55 -05:00
Jake Moshenko
d5bebe2149 Add the hostname to mixpanel requests. 2015-12-16 13:43:31 -05:00
Jake Moshenko
766d60493f Add the ability to blacklist v2 for specific versions 2015-12-15 18:27:10 -05:00
Joseph Schorr
ca7d36bf14 Handle empty scopes and always send the WWW-Authenticate header, as per spec
Fixes #1045
2015-12-15 14:59:47 -05:00
Joseph Schorr
ea9ebb98e6 Sample repo pulls in V2
Fixes #1058
2015-12-14 17:41:16 -05:00
Joseph Schorr
54095eb5cb Handle the common case of one chunk when calculating the uncompressed size
Reference #992
2015-12-14 15:27:48 -05:00
josephschorr
1323da20e3 Merge pull request #1050 from coreos-inc/v2betterlogging
Make our JWT subjects better and log using the info
2015-12-14 15:24:39 -05:00
Silas Sewell
881fd53714 Merge pull request #1056 from coreos-inc/dont-hide-ioerror
Handle IOErrors in v2 uploads
2015-12-14 14:46:46 -05:00
Joseph Schorr
4a4eee5e05 Make our JWT subjects better and log using the info
Fixes #1039
2015-12-14 14:00:33 -05:00
Silas Sewell
2dcc1f13a6 Handle IOErrors in v2 uploads 2015-12-14 11:58:24 -05:00
Joseph Schorr
d963f7174a Change manifest delete to mark tag as dead and log 2015-12-10 15:45:53 -05:00
Jake Moshenko
9f13bb8960 Fix the overlap condition on resumed uploads 2015-12-10 13:14:11 -05:00
josephschorr
37dec895ce Merge pull request #987 from coreos-inc/multimanifest
Make manifest generation safe for multiple callers
2015-12-08 14:12:39 -05:00
josephschorr
6c897a7c22 Merge pull request #1035 from coreos-inc/closeforlong
Close for long operation before we upload chunks
2015-12-07 14:22:29 -05:00
Joseph Schorr
bcd7f45905 Close for long operation before we upload chunks 2015-12-07 14:11:56 -05:00
Joseph Schorr
b8bd92a64f Handle 404s on blob uploads
Fixes #1033
2015-12-07 12:30:28 -05:00
Joseph Schorr
ee0eb80c8f Fix blob content types
Fixes #990
2015-12-04 16:13:58 -05:00
josephschorr
32fae5533c Merge pull request #1022 from coreos-inc/manifestexc
Only write exceptions for manifest gen when a tag exists
2015-12-04 14:32:06 -05:00
Silas Sewell
d28768f792 Make eventConfig required in create notification 2015-12-03 18:28:07 -05:00
Joseph Schorr
c324ebd7f6 Only write exceptions for manifest gen when a tag exists
Fixes #1019

Currently, we just raise an exception to the logs regardless, which can make it appear as if there is an issue (when there isn't).
2015-12-03 16:04:17 -05:00
Silas Sewell
8781cf6e11 Increase nginx proxy timeout and close db before storage operation 2015-12-03 11:19:39 -05:00
Silas Sewell
664a2951cc Don't send content-length when redirecting v2 blob
Fixes #1012
2015-12-02 21:28:11 -05:00
Quentin Machu
8a539c4bc1 Fix security notification perform condition
As defined in util/secscan/api.py, Critical < High < Medium < Low < Negligible < Unknown. We have to send the notification if the expected level is higher than the vulnerability level, not the opposite.
2015-11-30 13:54:34 -05:00
josephschorr
dc1f6c2d87 Merge pull request #974 from coreos-inc/derivedfix
Derived image fixes
2015-11-25 11:57:16 -05:00
Joseph Schorr
6ed705be15 Make manifest generation safe for multiple callers
Fixes #985
2015-11-24 18:38:29 -05:00
josephschorr
0dbd19a236 Merge pull request #976 from coreos-inc/incidentaltests
Add login tests and fix scope security issue
2015-11-24 13:42:06 -05:00
Joseph Schorr
75a91f0f92 Add login tests and fix scope security issue 2015-11-24 13:39:16 -05:00
Joseph Schorr
762cd56e64 Change derived storage to be based on image
Fixes #971
2015-11-24 12:44:07 -05:00
josephschorr
1eb019cd16 Merge pull request #970 from coreos-inc/disableverbcaching
Disable derived image storage entirely until we fix it to be by image…
2015-11-23 23:56:51 -05:00
Joseph Schorr
5d3aa2a2b9 Disable derived image storage entirely until we fix it to be by image, not storage 2015-11-23 23:49:46 -05:00
Joseph Schorr
a0e597f957 Send Docker-Content-Digest headers on GET requests
Fixes #955
2015-11-23 13:56:34 -05:00
Joseph Schorr
5c8eea2728 Log when pulls occur in V2
Fixes #958
2015-11-20 21:30:03 -05:00
Jake Moshenko
0c44949017 Return a 401 when doing a login with bad credentials 2015-11-20 18:37:52 -05:00
Joseph Schorr
b49435bfee Fix track_and_log for grant-ed users 2015-11-19 17:41:27 -05:00
Jake Moshenko
b564492ea7 Improve the performance of fetching manifest blobs by checksum. 2015-11-19 11:01:47 -05:00
Jake Moshenko
e01f5ce06e Re-enable squashed caching 2015-11-18 22:05:07 -05:00
Jake Moshenko
39d799b1aa Fix anonymous repository pulls 2015-11-18 20:11:06 -05:00
Jake Moshenko
c27f91f7cf Fix token pushes for v2 auth, tokens have no user 2015-11-18 19:18:12 -05:00
Matt Jibson
f02bb3caee Add user admin scope
Also remove unused scope decorator.

fixes #890
2015-11-18 12:01:40 -05:00
Silas Sewell
f3dafd50e4 Fix squash pull after v2 merge 2015-11-17 18:25:43 -05:00
Jake Moshenko
7205bf5e7f Merge pull request #885 from jakedt/python-registry-v2
Python registry v2 mega merge
2015-11-16 16:15:40 -05:00
Matt Jibson
d5fb8cafd4 Don't expose unnamed API operations
fixes #861
2015-11-16 15:40:33 -05:00
Jake Moshenko
4cc619f4ca Clean up v2 branch to no longer warn about readiness 2015-11-16 14:42:43 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Jake Moshenko
52125bbfed Fix gc by using the v1/v2 storage location helper everywhere 2015-11-16 14:13:37 -05:00
Joseph Schorr
32a799a067 Remove code that adds images to the image diff queue 2015-11-13 12:42:43 -05:00
Joseph Schorr
db1fae4cfc Fix security scan endpoint status 2015-11-13 01:06:18 -05:00
Joseph Schorr
b7206a8cfc Remove file added accidentally by merge 2015-11-12 22:03:13 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Joseph Schorr
3b3f101ea6 Vulnerability UI part 2
Fixes #860
Fixes #855
2015-11-12 16:59:36 -05:00
Jake Moshenko
44d06b0c2e Fix v1 backward compatibility 2015-11-12 16:22:19 -05:00
Joseph Schorr
76ce63895f New Quay Sec UI and fix some small bugs
Fixes #855
2015-11-11 18:15:58 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00
Jake Moshenko
a1ccd860e7 Merge pull request #823 from coreos-inc/phase3-11-07-2015
Phase3 11 07 2015
2015-11-11 14:22:19 -05:00
Joseph Schorr
ca7d736db2 Only send vulnerability events if the minimum priority is gte to that specified
Fixes #770
2015-11-10 16:05:55 -05:00
Joseph Schorr
888ec17538 Recover by email needs to allow anon access to its endpoints 2015-11-10 15:41:19 -05:00
Jimmy Zelinskie
8e2868737b rename secscan_endpoint and move db close to API 2015-11-10 15:22:31 -05:00
Jimmy Zelinskie
d651ea4b48 initial security notification worker 2015-11-10 15:22:30 -05:00
Silas Sewell
e826b14ca4 Merge pull request #725 from coreos-inc/setup-tool-georeplication
superuser: add storage replication config
2015-11-09 17:43:38 -05:00
Silas Sewell
5000b1621c superuser: add storage replication config 2015-11-09 17:34:22 -05:00
Joseph Schorr
a69c9e12fd Update quay sec code to fix problems identified in previous review
- Change get_repository_images_recursive to operate over a single docker image and storage uuid
- Move endpoints/sec to endpoints/secscan
- Change notification system to work with new Quay-sec format

Fixes #768
2015-11-09 17:14:35 -05:00
Quentin Machu
16c364a90c Rename secscan_endpoint where required, fix index and indentation 2015-11-09 15:18:42 -05:00
Matt Jibson
5d9999d1f7 Merge pull request #791 from mjibson/clear-repo-notifications
Remove error notification when user deletes repos
2015-11-09 14:46:51 -05:00
Joseph Schorr
02e2bef943 Fix hardcoded priority 2015-11-09 12:51:05 -05:00
Joseph Schorr
b408cfd2cc Ready for demo 2015-11-09 12:51:05 -05:00
Joseph Schorr
407eaae137 WIP: Towards sec demo 2015-11-09 12:50:39 -05:00
Joseph Schorr
fb3d0fa27d Add a SecEndpoint class and move all the cert and config handling in there 2015-11-09 12:49:19 -05:00
Joseph Schorr
87c56d1caa Add vulnerabilities and packages API to Quay
Fixes #564
2015-11-09 12:49:19 -05:00
Jake Moshenko
7efa6265bf Merge branch 'newchanges' into python-registry-v2 2015-11-06 18:24:32 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00
Jake Moshenko
4314882fa0 Reverse the order of get_parent_images 2015-11-06 17:47:08 -05:00
Jake Moshenko
ad93425ead Stop writing to v1 checksum on ImageStorage 2015-11-06 16:40:04 -05:00
Jake Moshenko
75f917f592 Stop reading the v1 checksums from storage 2015-11-06 16:17:12 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0 Add vulnerabilities and packages API to Quay
Fixes #564
2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea Add a vulnerability_found event for notice when we detect a vuln
Fixes #637

Note: This PR does *not* actually raise the event; it merely adds support for it
2015-11-06 15:22:18 -05:00
Jake Moshenko
3d0bcbaaeb Move v1 checksums to image and track v2 separately 2015-11-06 15:17:55 -05:00
Matt Jibson
f4b57eff96 Set and use ETag headers
Also set no-cache exactly as github recommends. The removed @no_cache
decorater used "Cache-Control:no-cache, no-store, must-revalidate", but
just no-cache should be sufficient, and should certainly work correctly
with github.

See: https://github.com/github/markup/issues/224#issuecomment-48532178

fixes #712
2015-11-06 12:15:15 -05:00
Quentin Machu
da1fe7d48b Merge pull request #790 from Quentin-M/set4O4
Define nginx v2 vhost & properly set 404 status code
2015-11-04 16:32:11 -05:00
josephschorr
11be448d75 Merge pull request #773 from coreos-inc/imageload
Never load the full repo image list
2015-11-04 16:29:20 -05:00
Matt Jibson
4d81567a0c Remove error notification when user deletes repos
Also prevent duplicate notifications of that type.

fixes #493
2015-11-04 16:11:15 -05:00
Joseph Schorr
4f41f79fa8 Never load the full repo image list
Always make smaller queries per tag to ensure we scale better

Fixes #754
2015-11-04 15:53:00 -05:00
Quentin Machu
c1fa22d9b0 Define nginx v2 vhost & properly set 404 status code
Fixes #777
2015-11-04 14:56:18 -05:00
josephschorr
c3a4c36df7 Merge pull request #761 from coreos-inc/fixtoomanylogin
Move decorator for TooManyLoginAttempts into general decorated module
2015-11-04 12:29:01 -05:00
Joseph Schorr
d4646e459e Disable 404, as it is breaking V2 API checks 2015-11-04 02:47:33 -05:00
Joseph Schorr
95c47fe250 Fix layer ordering in verbs 2015-11-03 14:43:47 -05:00
Joseph Schorr
5e1cd2b2ad Move decorator for TooManyLoginAttempts into general decorated module
Currently, this is missing in gunicorn_registry which causes 500s when user logins become throttled
2015-11-03 12:16:01 -05:00
Joseph Schorr
f6a53f7cc5 Change all Quay.io references to Quay, fix tour and change logo
Fixes #741
2015-11-02 14:37:48 -05:00
josephschorr
4ae940aede Merge pull request #660 from coreos-inc/superuser
Superuser Panel Improvements
2015-10-30 14:32:16 -04:00
Quentin Machu
3f35265858 Merge pull request #683 from Quentin-M/whoops-404
Add 404 page
2015-10-30 14:30:20 -04:00
Jake Moshenko
1666ac50fe Filter down the signing key to only public portion 2015-10-26 16:40:19 -04:00
Jake Moshenko
2c10d28afc Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-10-26 14:44:16 -04:00
Jake Moshenko
fc55730db8 Add a feature flag to advertise v2 endpoints 2015-10-26 14:20:51 -04:00
Jake Moshenko
9da64f3aba Stop writing to deprecated columns for image data. 2015-10-24 14:45:15 -04:00
Joseph Schorr
7bac042954 Fix verbs for merged changes to image and image storage
Fixes #698
2015-10-23 15:49:31 -04:00
Jimmy Zelinskie
e973289397 Revert "Revert "Merge pull request #682 from jzelinskie/revertrevert""
This reverts commit 278bc736e3.
2015-10-23 15:26:33 -04:00
Jake Moshenko
e7a6176594 Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2 2015-10-22 16:59:28 -04:00
Jimmy Zelinskie
278bc736e3 Revert "Merge pull request #682 from jzelinskie/revertrevert"
This reverts commit 627ad25c9c, reversing
changes made to 31c392fecc.
2015-10-22 16:02:07 -04:00
Jake Moshenko
ce94931540 Stop writing to deprecated columns for image data. 2015-10-22 12:14:39 -04:00
Quentin Machu
adb744089e Add 404 page
Fixes coreos-inc/quay#677
2015-10-21 18:40:15 -04:00
josephschorr
5dae970787 Merge pull request #681 from coreos-inc/userorg
Return user orgs when making a call via OAuth
2015-10-21 16:41:43 -04:00
Joseph Schorr
5d8121e060 Return user orgs when making a call via OAuth
Fixes #673
2015-10-21 16:40:31 -04:00
Jimmy Zelinskie
39cfe77d42 Revert "Merge pull request #557 from coreos-inc/revert-migration"
This reverts commit c4f938898a, reversing
changes made to 7ad2522dbe.
2015-10-21 15:29:57 -04:00
Joseph Schorr
147b7b26b4 Fix is_public in repo list
Fixes #678
2015-10-21 14:13:39 -04:00
Matt Jibson
b4554f4d14 Verify signed manifests
fixes #394
2015-10-20 02:08:45 -04:00
Joseph Schorr
5941f3937c Enable async GC for all
Fixes #569
2015-10-19 14:22:41 -04:00
Joseph Schorr
d464af4cce Add ability to update superusers via the UI
Fixes #634
2015-10-16 15:41:18 -04:00
Joseph Schorr
a37b9394d9 Add org email address to orgs list 2015-10-16 15:17:51 -04:00
Joseph Schorr
ad5beab3ef Disable superuser functions around users when not using DB auth 2015-10-16 15:14:49 -04:00
josephschorr
d3857e509f Merge pull request #643 from coreos-inc/nullimage
Check and handle NULL image_size
2015-10-15 13:26:13 -04:00
Joseph Schorr
fe79d5fb66 Check and handle NULL image_size
Fixes #613
2015-10-15 13:25:54 -04:00
josephschorr
24b54f1e34 Merge pull request #615 from coreos-inc/queriesunite
Unionize the mega query - It needed more performance-based benefits
2015-10-15 13:17:01 -04:00
Joseph Schorr
c9daf7d8a9 Add additional tests for repo visibility and further simplify the query for perf 2015-10-15 12:12:57 -04:00
Jimmy Zelinskie
7c1547221d raise a 520 for any GitLab timeouts 2015-10-13 17:34:08 -04:00
Jimmy Zelinskie
9818481b08 limit logs to a maximum number of pages 2015-10-06 14:13:23 -04:00
josephschorr
3e7a95407b Merge pull request #598 from coreos-inc/limitbadquery
Prevent unlimited insane query from running and fix tests
2015-10-05 21:29:35 -04:00
Silas Sewell
c6da322ec1 Merge pull request #597 from coreos-inc/tag-validation
Update tag validation
2015-10-05 21:10:55 -04:00
Silas Sewell
dd3d939b31 Update tag validation
Fixes #536
2015-10-05 19:32:10 -04:00
Joseph Schorr
dd804816ba Prevent unlimited insane query from running and fix tests
Fixes #591
2015-10-05 17:11:49 -04:00
Joseph Schorr
8ca92d6828 Remove old search API and switch V1 search to use the new search system 2015-10-05 14:36:43 -04:00
Joseph Schorr
f393236c9f Add repo name check to V2
Fixes #592
2015-10-05 14:19:52 -04:00
Joseph Schorr
d0dc8fe45d Add endpoint security tests for the V2 endpoints
Fixes #581
2015-10-02 14:01:12 -04:00
Joseph Schorr
35c35d9913 Load images and storage references in bulk during V1 synthesize
Currently, we perform multiple queries for each layer, making it much slower (especially cross-region)

Fixes #413
2015-09-29 17:53:39 -04:00
Joseph Schorr
f44ca79391 Add _catalog endpoint as specified by V2 API
Fixes #391
2015-09-29 16:02:19 -04:00
Joseph Schorr
decdaa4c79 New tests and small fixes while comparing against the V2 spec
Fixes #391
2015-09-29 15:18:48 -04:00
Silas Sewell
9000169b53 Revert "Merge pull request #491 from jakedt/migratebackp2"
This reverts commit 7ad2522dbe, reversing
changes made to a0b191ffa1.
2015-09-28 16:09:22 -04:00
Joseph Schorr
2e694dd3f0 Move Docker V2 key to be loaded from file or generated on server load
Fixes #394
2015-09-28 15:43:51 -04:00
Joseph Schorr
09f8ad695b Fix resumable upload support and add another test 2015-09-28 12:17:17 -04:00
josephschorr
7ad2522dbe Merge pull request #491 from jakedt/migratebackp2
Migrate image data back phase 2
2015-09-26 15:11:46 -04:00
Joseph Schorr
4dc30d6321 Remove yaml and switch to JSON because yaml is so slow 2015-09-24 16:17:42 -04:00
Joseph Schorr
a283c8d8ec Add a check to ensure repository names are valid according to an extended set of rules.
Fixes #534
2015-09-24 11:55:08 -04:00
Joseph Schorr
49b575afb6 Start refactoring of the trigger system:
- Move each trigger handler into its own file
- Add dictionary helper classes for easier reading and writing of dict-based data
- Extract the web hook payload -> internal representation building for each trigger system
- Add tests for this transformation
- Remove support for Github archived-based building
2015-09-21 16:36:48 -04:00
Jake Moshenko
26cea9a07c Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-17 16:16:27 -04:00
Jake Moshenko
8baacd2741 Migrate old data to new locations, read only new. 2015-09-17 15:47:13 -04:00
josephschorr
c801965626 Merge pull request #492 from coreos-inc/nofreelunch
UI and API fixes for disallowing private repo count abuse
2015-09-16 17:53:11 -04:00
Silas Sewell
a8183ed87b Sample pull_repo events 2015-09-15 18:41:48 -04:00
Joseph Schorr
fbfe7fdb54 Make change repo visibility and create repo raise a 402 when applicable
We now check the user or org's subscription plan and raise a 402 if the user attempts to create/make a repo private over their limit
2015-09-15 14:33:35 -04:00
Jake Moshenko
b56de3355c Migrate data back to Image in preparation for v2 2015-09-15 11:53:31 -04:00
Jake Moshenko
9c3ddf846f Some fixes and tests for v2 auth
Fixes #395
2015-09-10 15:38:57 -04:00
Joseph Schorr
fd3a21fba9 Add Kubernetes configuration provider which writes config to a secret
Fixes #145
2015-09-10 12:19:59 -04:00