Joseph Schorr
8887f09ba8
Use the instance service key for registry JWT signing
2016-06-07 11:58:10 -04:00
Joseph Schorr
f670c4c7a9
Change Signer to use the config provider and fix tests
...
Fixes the broken ACI tests
2016-05-23 17:10:03 -04:00
Jake Moshenko
9221a515de
Use the registry API for security scanning
...
when the storage engine doesn't support direct download url
2016-05-04 18:04:06 -04:00
Jake Moshenko
1ef7008d85
Fix our url converters to not be silly
2016-05-04 17:38:21 -04:00
josephschorr
f55fd2049f
Merge pull request #1433 from coreos-inc/ldapoptions
...
Add additional options for LDAP
2016-05-04 14:06:29 -04:00
Joseph Schorr
42515ed9ec
Add additional options for LDAP
...
Fixes #1420
2016-05-04 13:59:20 -04:00
Joseph Schorr
2cbdecb043
Implement setup tool support for Clair
...
Fixes #1387
2016-05-04 13:40:50 -04:00
Joseph Schorr
e344597861
Ensure that the Secure
flag is set on session cookies when under HTTPS
2016-04-28 13:41:50 -04:00
Joseph Schorr
c0374d71c9
Refactor the security worker and API calls and add a bunch of tests
2016-02-25 12:29:41 -05:00
Jake Moshenko
88d84aa182
Fixes for content checksum and torrent pieces backfill
...
Remove null handler from app.py, was silencing other logs
2016-02-11 16:53:18 -05:00
Jake Moshenko
8c82fb44ae
Add a null handler to the root logger to silence test errors
2016-01-28 13:20:12 -05:00
Jake Moshenko
01a92a66ba
Refresh base image and python dependencies
2016-01-27 11:36:40 -05:00
Joseph Schorr
e4ffaff869
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
...
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Jake Moshenko
909e7d45b7
Add a test for swift path computation
2016-01-15 15:35:04 -05:00
Joseph Schorr
ab166c4448
Delete the image diff feature
...
Fixes #1077
2015-12-23 13:08:01 -05:00
Jake Moshenko
0459c3bc54
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-16 14:22:54 -05:00
Joseph Schorr
7816b0c657
Merge master into vulnerability-tool
2015-11-12 21:52:47 -05:00
Jake Moshenko
ab340e20ea
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-11 16:41:40 -05:00
Jimmy Zelinskie
8e2868737b
rename secscan_endpoint and move db close to API
2015-11-10 15:22:31 -05:00
Jimmy Zelinskie
dc476470fe
add secscan notification queue
2015-11-10 15:22:30 -05:00
Silas Sewell
c739c453da
Merge pull request #807 from coreos-inc/storage-preference
...
Enable storage preference
2015-11-09 16:30:47 -05:00
Jake Moshenko
c2fcf8bead
Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2
2015-11-06 18:18:29 -05:00
Joseph Schorr
cfa03951e1
Add a SecScanEndpoint class and move all the cert and config handling in there
2015-11-06 15:22:18 -05:00
Silas Sewell
a7fef8377c
Enable storage preference
2015-11-06 13:34:49 -05:00
Jake Moshenko
e7a6176594
Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2
2015-10-22 16:59:28 -04:00
Jimmy Zelinskie
8aa26fdbfa
disable queue metrics
...
The lock contention on the queue table is murdering performance.
yep
2015-10-06 17:10:48 -04:00
Joseph Schorr
2e694dd3f0
Move Docker V2 key to be loaded from file or generated on server load
...
Fixes #394
2015-09-28 15:43:51 -04:00
Jake Moshenko
26cea9a07c
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-17 16:16:27 -04:00
Matt Jibson
39dc4c7d8d
Monitor various sizes for queues
...
see #304
2015-09-14 15:57:08 -04:00
Joseph Schorr
fd3a21fba9
Add Kubernetes configuration provider which writes config to a secret
...
Fixes #145
2015-09-10 12:19:59 -04:00
Joseph Schorr
88a04441de
Extract the config provider into its own sub-module
2015-09-10 12:19:59 -04:00
Joseph Schorr
c0286d1ac3
Add support for Dex to Quay
...
Fixes #306
- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
2015-09-04 17:05:06 -04:00
Jake Moshenko
210ed7cf02
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-09-04 16:32:01 -04:00
josephschorr
9889ca268a
Merge pull request #432 from coreos-inc/oauthcheck
...
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
2015-09-02 13:35:44 -04:00
Joseph Schorr
b7f487da42
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
2015-09-02 13:32:11 -04:00
Joseph Schorr
724b1607d7
Add automatic storage replication
...
Adds a worker to automatically replicate data between storages and update the database accordingly
2015-09-01 14:53:32 -04:00
Joseph Schorr
e56115d9d2
Move secret key generation before we load users of config, as they may reference it
2015-08-24 16:09:01 -04:00
Matt Jibson
fc671f3dde
Fix test_queue.py tests
...
This restores the reporter class as was before the metrics changes.
2015-08-17 17:22:46 -04:00
Jake Moshenko
e1b3e9e6ae
Another huge batch of registry v2 changes
...
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
2015-08-12 16:41:12 -04:00
Matt Jibson
7c3b555ee9
Code review
2015-08-12 16:31:01 -04:00
Matt Jibson
f043bc1379
Don't enable the metric queue if there's no Cloudwatch
2015-08-12 15:14:09 -04:00
Matt Jibson
cfb6e884f2
Refactor metric collection
...
This change adds a generic queue onto which metrics can be pushed. A
separate module removes metrics from the queue and adds them to Cloudwatch.
Since these are now separate ideas, we can easily change the consumer from
Cloudwatch to anything else.
This change maintains near feature parity (the only change is there is now
just one queue instead of two - not a big deal).
2015-08-12 12:15:52 -04:00
Jake Moshenko
18100be481
Refactor the util directory to use subpackages.
2015-08-03 16:04:19 -04:00
Jake Moshenko
3efaa255e8
Accidental refactor, split out legacy.py into separate sumodules and update all call sites.
2015-07-17 11:56:15 -04:00
Jake Moshenko
acbcc2e206
Start of a v2 API.
2015-07-17 11:50:41 -04:00
Joseph Schorr
331c300893
Refactor JWT auth to not import app locally
2015-06-17 15:53:21 -04:00
Jimmy Zelinskie
3ac884beb4
gitlab oauth
2015-05-02 17:54:48 -04:00
Jake Moshenko
0f34b7d8e0
Remove one of the last vestigal references to the license system.
2015-03-26 09:22:47 -04:00
Jimmy Zelinskie
0e7418ffce
buildman: add BuildMetrics and BuildReporter
2015-02-17 10:56:09 -05:00
Joseph Schorr
f107b50a46
Merge branch 'master' into ackbar
2015-02-12 12:04:45 -05:00
Jake Moshenko
0f3d87466e
Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger.
2015-02-11 14:15:18 -05:00
Joseph Schorr
70270b09be
Further merge fixes
2015-02-09 17:28:11 -05:00
Joseph Schorr
045614c6c8
Merge branch 'master' into ackbar
2015-02-09 17:16:42 -05:00
Joseph Schorr
cf774e23df
Merge branch 'master' into v2
2015-02-05 15:37:14 -05:00
Joseph Schorr
bfb0784abc
Add signing to the ACI converter
2015-02-04 15:29:24 -05:00
Jimmy Zelinskie
90a3782933
lint: pylint comments and unused imports
2015-02-02 16:54:23 -05:00
Joseph Schorr
30b895b795
Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar
2015-01-23 17:26:14 -05:00
Joseph Schorr
28d319ad26
Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not).
2015-01-20 12:43:11 -05:00
Joseph Schorr
2a89accc49
Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked
2015-01-16 22:41:54 -05:00
Joseph Schorr
b89ba61286
Change to only run the cloud watch reporter in the gunicorn_web
2015-01-16 13:44:29 -05:00
Joseph Schorr
6d604a656a
Move config handling into a provider class to make testing much easier
2015-01-09 16:23:31 -05:00
Joseph Schorr
63504c87fb
Get end-to-end configuration setup working, including verification (except for Github, which is in progress)
2015-01-07 16:20:51 -05:00
Joseph Schorr
40d2b1748f
Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py).
2015-01-05 12:31:02 -05:00
Joseph Schorr
1bf25f25c1
WIP
2015-01-04 14:38:41 -05:00
Jimmy Zelinskie
f3259c862b
Merge branch 'koh'
...
Conflicts:
auth/scopes.py
requirements-nover.txt
requirements.txt
static/css/quay.css
static/directives/namespace-selector.html
static/js/app.js
static/partials/manage-application.html
templates/oauthorize.html
2014-12-01 12:30:09 -08:00
Joseph Schorr
e9cac407df
Add a configurable avatar system and add an internal avatar system for enterprise
2014-11-24 19:25:13 -05:00
Jimmy Zelinskie
716d7a737b
Strip whitespace from ALL the things.
2014-11-24 16:07:38 -05:00
Joseph Schorr
3e79379942
- Make the OAuth config system centralized
...
- Add support for Github Enterprise login
2014-11-05 16:43:37 -05:00
Jake Moshenko
328db8b660
Split the app into separate backends, which can use different worker types and different timeouts.
2014-10-14 13:58:08 -04:00
Jake Moshenko
2455c17f96
Merge remote-tracking branch 'origin/master' into waltermitty
...
Conflicts:
app.py
data/userfiles.py
2014-09-11 11:18:28 -04:00
Jake Moshenko
29d40db5ea
Add a new RadosGW storage engine. Allow engines to distinguish not only between those that can support direct uploads and downloads, but those that support doing it through the browser. Rename resumeable->resumable.
2014-09-09 15:54:03 -04:00
Jake Moshenko
451e034ca1
Archived logs commit 1. Squash me.
2014-09-08 16:43:17 -04:00
Joseph Schorr
b51022c739
Add support for parsing YAML override config, in addition to Python config
2014-08-21 20:36:11 -04:00
Joseph Schorr
8866b881db
Remove all license code
2014-08-21 17:44:56 -04:00
Joseph Schorr
80707d71d0
Minor UI fix and better logging when license cannot be found
2014-08-12 21:04:16 -04:00
Jake Moshenko
0372013f70
Merge remote-tracking branch 'origin/redalert'
...
Conflicts:
app.py
2014-08-04 16:56:34 -04:00
Jake Moshenko
0aa6e92b02
Finish porting the workers over to apscheduler 3.0
2014-08-01 18:38:02 -04:00
Joseph Schorr
49801bc2c4
- Add web hook queue code back in. We'll remove it and turn it off after this CL goes to prod
...
- Make notification lookup always be by repo and its UUID, rather than the internal DB ID
- Add the init script for the notification worker
2014-07-31 13:30:54 -04:00
Joseph Schorr
6b85ee3eb6
Make sure all user emails that can be sent in enterprise properly adjust to the app's URL
2014-07-29 13:47:54 -04:00
Jake Moshenko
a661ef4fa8
Centrally disable the expiration module for now.
2014-07-28 17:55:01 -04:00
Joseph Schorr
8d7493cb86
Convert over to notifications system. Note this is incomplete
2014-07-17 22:51:58 -04:00
Jake Moshenko
2e923c0441
Add config override to allow for specialization using environment variables.
2014-06-23 11:24:54 -04:00
Jake Moshenko
d1f4fbdacc
Split out the redis hostname for user events and build logs as a string config. Modularize the user events and fix all callers.
2014-05-30 14:25:29 -04:00
Jake Moshenko
0ba4201020
Add a module which will create notifications for all users when the license is at its expiration period, and terminate the process when the license expires.
2014-05-29 11:24:10 -04:00
Jake Moshenko
33b43b75c0
Eliminate a lot of the if cases in create_user by separating them out. Add a limit to the number of users which can be created based on the license. Add support for creating and loading licenses.
2014-05-28 13:51:52 -04:00
Jake Moshenko
f6726bd0a4
Merge branch 'ldapper'
...
Conflicts:
Dockerfile
app.py
data/database.py
endpoints/index.py
test/data/test.db
2014-05-22 12:13:41 -04:00
Jake Moshenko
d14798de1d
Add a queue capacity reporter plugin to the queue. Move the queue definitions to app. Add a cloudwatch reporter to the dockerfile build queue.
2014-05-21 19:50:37 -04:00
Jake Moshenko
11c6c5fa52
Merge remote-tracking branch 'origin/master' into ldapper
...
Conflicts:
app.py
2014-05-13 16:55:02 -04:00
Jake Moshenko
5fdccfe3e6
Add an alembic migration for the full initial database with the data. Switch LDAP to using bind and creating a federated login entry. Add LDAP support to the registry and index endpoints. Add a username transliteration and suggestion mechanism. Switch the database and model to require a manual initialization call.
2014-05-13 12:17:26 -04:00
Jake Moshenko
bcb993a914
Set up the build logs to use our fake build logs on test and local.
2014-05-09 18:45:11 -04:00
Jake Moshenko
027ada1f5c
First stab at LDAP integration.
2014-05-09 17:39:43 -04:00
Jake Moshenko
fe665118bb
Add sentry exception monitoring.
2014-04-28 18:59:22 -04:00
jakedt
d39f3cc5d4
Fix the tests and implement a fake stripe.
2014-04-10 15:20:16 -04:00
jakedt
4d4f3b1c18
Add the olark feature flag to the default config and fix the usage of flask modules.
2014-04-08 23:05:45 -04:00
jakedt
265fa5070a
Fix support for multiple stack configurations and move most secrets into the quay-config project.
2014-04-07 16:59:22 -04:00
jakedt
8e9faf6121
Toward running quay in a docker container.
2014-04-07 01:20:09 -04:00
jakedt
0abbf042dd
Add a features modules that process the flask dict.
2014-04-03 18:47:17 -04:00
jakedt
e87ffa20cf
First attempt at making config loadable through string config overrides in an env variable.
2014-04-03 17:31:46 -04:00
jakedt
5bb4008880
Fix cookie auth to work with oauth token auth. Make sure user loading is truly deferred to save DB connections.
2014-03-17 12:01:13 -04:00
jakedt
39de79dec6
Forgot to import staging config.
2014-03-04 19:41:48 -05:00