Evan Cordell
f30a9e56f3
Be really sure about proxy protocol
2016-04-29 14:10:33 -04:00
Evan Cordell
8595140f38
Use signer proxy for all http(s) requests
2016-04-29 14:10:33 -04:00
Evan Cordell
f4d2fae5d8
Separate jwtproxy signer config from secscan config
2016-04-29 14:10:33 -04:00
Evan Cordell
474884acd7
Don't require certs for clair anymore
2016-04-29 14:10:33 -04:00
Evan Cordell
e499c4a8ef
Actually go through signer proxy
2016-04-29 14:10:33 -04:00
Evan Cordell
9e7a501dae
Authenticate in the other direction with jwtproxy
2016-04-29 14:10:33 -04:00
Joseph Schorr
dc9bcec9ce
Add pre shared generation tool
2016-04-29 14:09:37 -04:00
Jimmy Zelinskie
6577ac3e62
mv JWK-canonicalization util.security.fingerprint
2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59
keys ui WIP
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
97ae800e6c
canonicalize json
2016-04-29 13:38:25 -04:00
josephschorr
d63ec8c6b0
Merge pull request #1402 from coreos-inc/clairbugfixes
...
Fix handling of Clair notifications without `New` block
2016-04-22 15:11:51 -04:00
Joseph Schorr
34a8090328
Fix handling of Defcon 1
...
Fixes #1397
2016-04-22 13:21:35 -04:00
Joseph Schorr
3f8d51ebd7
Fix handling of Clair notifications without New
block
...
Fixes #1398
2016-04-22 13:05:34 -04:00
josephschorr
affb600423
Merge pull request #1328 from coreos-inc/queuefilefix
...
Fix QueueFile to support read-to-end semantics and add some tests
2016-04-08 18:07:06 -04:00
Jake Moshenko
45e7c94586
Initialize the db for fixsequences
2016-04-01 14:26:19 -04:00
Jake Moshenko
bd5b44cbd2
Move the sequence fixer to a separate tool which can be run
2016-04-01 13:46:13 -04:00
josephschorr
b9f47f6761
Merge pull request #1285 from coreos-inc/configmaildefaults
...
Fix mail and signing defaults
2016-03-31 12:31:26 -04:00
Joseph Schorr
6251e63e0e
Fix QueueFile to support read-to-end semantics and add some tests
2016-03-31 12:06:49 -04:00
Joseph Schorr
0e84a94146
Make analyzer handle images without features or vulnerabilities
2016-03-29 15:16:22 -04:00
Joseph Schorr
dc8f9713f8
Change logs worker to use a global lock in the inner loop and move storage out of the transaction
2016-03-24 14:09:48 -04:00
Joseph Schorr
aa5587c93c
Fixes and added tests for the security notification worker
...
Fixes #1301
- Ensures that the worker uses pagination properly
- Ensures that the worker handles failure as expected
- Moves marking the notification as read to after the worker processes it
- Increases the number of layers requested to 100
2016-03-18 20:28:06 -04:00
Jimmy Zelinskie
8af0b887ef
fix broken tests
2016-03-18 15:48:41 -04:00
Jimmy Zelinskie
5094e1f712
move slash_join to prevent local imports
2016-03-18 15:09:25 -04:00
Jimmy Zelinskie
e5d8a431f4
replace use of URL joining with slash_join
2016-03-18 14:56:10 -04:00
Jimmy Zelinskie
bf477b6b9c
add slash_join helper and tests
2016-03-18 14:56:10 -04:00
Jimmy Zelinskie
0dcfcebe34
remove unused imports and lint
2016-03-18 14:56:09 -04:00
Jimmy Zelinskie
bcea268fcb
use app.gitlab_trigger for config data
...
This includes defaults and makes the structure of the Gitlab trigger
parallel the GitHub trigger.
2016-03-18 14:56:09 -04:00
Quentin Machu
d093a7bde5
Merge pull request #1290 from Quentin-M/split_clair_clusters
...
Split clair clusters
2016-03-15 11:09:51 -04:00
Quentin Machu
81fe315171
Add ability to use another Clair stack for batch tasks
2016-03-14 14:28:34 -04:00
Joseph Schorr
821b09daaf
Update Quay Sec UI as per feedback from design team
...
Fixes #1281
2016-03-10 14:49:36 -05:00
Joseph Schorr
8e1727b6d3
Fix mail and signing defaults
2016-03-08 18:08:40 -05:00
Quentin Machu
897df4de32
Merge pull request #1271 from coreos-inc/allocator_bs
...
Repair allocator (min/max swapped)
2016-03-04 12:06:04 -05:00
Quentin Machu
d36528a77a
Increase POST timeout in secscan API
2016-03-04 11:59:00 -05:00
Quentin Machu
4f7a66ab0e
Repair secscan's analyze_layer API call
2016-03-02 16:05:11 -05:00
Quentin Machu
c8bf55c2bb
Repair allocator (min/max swapped)
2016-03-02 14:51:54 -05:00
Quentin Machu
c29ce8e1a1
Merge pull request #1268 from Quentin-M/secnotif_feature_flag
...
Use a feature flag to toggle security notifications
2016-03-01 15:54:37 -05:00
Quentin Machu
888f976e8d
Use a feature flag to toggle security notifications
2016-03-01 15:54:18 -05:00
Quentin Machu
ea013b8066
make min_index optionnal in allocator's constructor
2016-03-01 14:54:38 -05:00
Quentin Machu
672168ce78
Close Clair API connections
...
This forces every API calls to be load-balanced properly.
2016-02-29 14:52:38 -05:00
Joseph Schorr
ae9140caae
Implement new vulnerabilities and packages tabs.
...
Fixes https://github.com/coreos-inc/design/issues/268
2016-02-25 17:09:29 -05:00
Joseph Schorr
f498e92d58
Implement against new Clair paginated notification system
2016-02-25 15:58:42 -05:00
Joseph Schorr
c0374d71c9
Refactor the security worker and API calls and add a bunch of tests
2016-02-25 12:29:41 -05:00
Quentin Machu
0183c519f7
Merge pull request #1253 from Quentin-M/clair2
...
Adapt securityworker, secscan API and Quay UI for Clair 1.0
2016-02-19 18:21:25 -05:00
josephschorr
11af123ba5
Merge pull request #1244 from coreos-inc/enableaci
...
Add UI to the setup tool for enabling ACI conversion
2016-02-17 12:29:48 -05:00
Joseph Schorr
1940fd9939
Add UI to the setup tool for enabling ACI conversion
...
Fixes #1211
2016-02-17 12:05:48 -05:00
josephschorr
6f9fc7fc08
Merge pull request #1225 from coreos-inc/setuptooltest
...
Add tests for superuser config API calls
2016-02-16 17:01:43 -05:00
josephschorr
81a36ee3b8
Merge pull request #1217 from coreos-inc/v2pagination
...
Fix V2 catalog and tag pagination
2016-02-16 15:34:49 -05:00
Quentin Machu
c8d825c232
expose min_id in allocator.py
2016-02-16 15:16:22 -05:00
Jake Moshenko
88d84aa182
Fixes for content checksum and torrent pieces backfill
...
Remove null handler from app.py, was silencing other logs
2016-02-11 16:53:18 -05:00
Joseph Schorr
03533db5a3
Add tests for superuser config API calls
2016-02-11 11:04:37 +02:00
Joseph Schorr
db0eab0461
Fix V2 catalog and tag pagination
2016-02-10 00:25:33 +02:00
Jimmy Zelinskie
5828d8e716
private swarms torrents
2016-02-08 13:56:31 -05:00
Joseph Schorr
1536709c02
Small fixes
2016-01-29 20:01:17 +02:00
Jake Moshenko
01a92a66ba
Refresh base image and python dependencies
2016-01-27 11:36:40 -05:00
Joseph Schorr
335c8eb3a9
Add 2 day TTL to page tokens
2016-01-26 14:04:03 -05:00
Joseph Schorr
b4bddacedb
Switch to Fernet crypto as per gtank's recommendation
2016-01-26 12:50:48 -05:00
Jimmy Zelinskie
85ae1a2a0a
Merge pull request #1161 from jzelinskie/torrenthmac
...
misc torrent changes
2016-01-22 23:02:44 -05:00
Joseph Schorr
e4ffaff869
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
...
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Jimmy Zelinskie
2650772db3
add delimiters to per-user torrent filenames
2016-01-22 15:53:21 -05:00
Jimmy Zelinskie
e54b86c6eb
s/TORRENT/BITTORRENT
2016-01-22 15:52:28 -05:00
Joseph Schorr
7c572fd218
Add support for torrenting verbs
...
Fixes #1130
2016-01-20 18:15:32 -05:00
Jake Moshenko
aaf462682f
Fix the allocator to use id ranges instead of limits
2016-01-12 15:21:13 -05:00
Jake Moshenko
1ae101c917
Address torrent feature review comments.
2016-01-08 16:38:21 -05:00
Jimmy Zelinskie
932d892276
torrent: remove pubkey token header
2016-01-08 14:29:24 -05:00
Joseph Schorr
9d966c2605
Backport V1 metadata fix
2016-01-08 13:53:04 -05:00
Jake Moshenko
073b68cf0d
Fix torrent migration and update backfill to compute torrent pieces
2016-01-08 11:15:34 -05:00
Jimmy Zelinskie
087c6828ad
add feature.BITTORRENT and jwk set URI
2016-01-07 19:07:23 -05:00
Jimmy Zelinskie
f774442a84
torrent: send jwt in announce url
2016-01-07 14:16:21 -05:00
Jake Moshenko
476ac8cec9
Add piece hashing to verbs generated image storages
2016-01-06 12:01:15 -05:00
Jake Moshenko
8f80d7064b
Hash v1 uploads for torrent chunks
2016-01-05 14:43:40 -05:00
Jake Moshenko
8d5f4466d6
Cleanup some indentation and imports
2016-01-05 12:12:57 -05:00
Jimmy Zelinskie
fff016d0f5
"created by" now uses REGISTRY_TITLE
2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
a0e5de8f29
add torrent options to config
2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
c780572e69
add public/private torrent swarms
2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
4cb06525a4
finish implementing torrent verb
2016-01-04 16:17:51 -05:00
Jake Moshenko
ce8fcbeaae
Update the pieces to use base64 encoded binary
2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796
Hash and track layer file chunks for torrenting
2016-01-04 16:17:51 -05:00
josephschorr
28eb31ed36
Merge pull request #1102 from coreos-inc/deleteimagediff
...
Delete the image diff feature
2015-12-29 14:47:38 -05:00
Joseph Schorr
31a8a0fba4
Better UX when recovering organization emails
...
Fixes #291
2015-12-28 15:25:31 -05:00
Joseph Schorr
ab166c4448
Delete the image diff feature
...
Fixes #1077
2015-12-23 13:08:01 -05:00
Joseph Schorr
63a8b197e4
Break out 5XX errors into their own metric
...
First part of #983
2015-12-16 13:56:07 -05:00
Jake Moshenko
766d60493f
Add the ability to blacklist v2 for specific versions
2015-12-15 18:27:10 -05:00
Joseph Schorr
54095eb5cb
Handle the common case of one chunk when calculating the uncompressed size
...
Reference #992
2015-12-14 15:27:48 -05:00
Jake Moshenko
7205bf5e7f
Merge pull request #885 from jakedt/python-registry-v2
...
Python registry v2 mega merge
2015-11-16 16:15:40 -05:00
Jake Moshenko
0459c3bc54
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-16 14:22:54 -05:00
Matt Jibson
01fe548abd
Use env vars to set k8s endpoint URL
...
The old DNS method is optionally enabled in k8s, but the env vars are
always there.
partial solution to #864
2015-11-13 17:05:14 -05:00
Matt Jibson
2e1b49b009
Allow None for max_id during migrations
...
This allows empty databases with no max_id to run.
fixes #869
2015-11-13 15:41:39 -05:00
Joseph Schorr
46745ee30f
Remove file added accidentally by merge
2015-11-12 22:07:47 -05:00
Joseph Schorr
7816b0c657
Merge master into vulnerability-tool
2015-11-12 21:52:47 -05:00
Joseph Schorr
25b8b7590f
Fix all the things!
2015-11-12 20:55:41 -05:00
Jimmy Zelinskie
37ce84f6af
tiny fixes to securityworker
2015-11-12 17:18:04 -05:00
Jimmy Zelinskie
e86a342868
create class for security config validation
2015-11-12 15:47:01 -05:00
Jake Moshenko
ab340e20ea
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-11 16:41:40 -05:00
Jake Moshenko
88bbf34993
Silence a lot of the useless logs for the checksum backfill
2015-11-10 19:49:23 -05:00
Jake Moshenko
83c98882bb
Fix the backfill batch message to report the number
2015-11-10 19:49:00 -05:00
Jake Moshenko
941d13ea3e
Fix an off by one error in the common backfill code
2015-11-10 16:14:44 -05:00
Joseph Schorr
ca7d736db2
Only send vulnerability events if the minimum priority is gte to that specified
...
Fixes #770
2015-11-10 16:05:55 -05:00
Jimmy Zelinskie
8e2868737b
rename secscan_endpoint and move db close to API
2015-11-10 15:22:31 -05:00
Jimmy Zelinskie
112bef8f8c
fix bug where v1 backfill never completed
2015-11-10 14:04:20 -05:00
Jake Moshenko
a33077b978
Optimistically update backfill items, reducing RTs
2015-11-10 11:10:09 -05:00