Commit graph

501 commits

Author SHA1 Message Date
Evan Cordell
f30a9e56f3 Be really sure about proxy protocol 2016-04-29 14:10:33 -04:00
Evan Cordell
8595140f38 Use signer proxy for all http(s) requests 2016-04-29 14:10:33 -04:00
Evan Cordell
f4d2fae5d8 Separate jwtproxy signer config from secscan config 2016-04-29 14:10:33 -04:00
Evan Cordell
474884acd7 Don't require certs for clair anymore 2016-04-29 14:10:33 -04:00
Evan Cordell
e499c4a8ef Actually go through signer proxy 2016-04-29 14:10:33 -04:00
Evan Cordell
9e7a501dae Authenticate in the other direction with jwtproxy 2016-04-29 14:10:33 -04:00
Joseph Schorr
dc9bcec9ce Add pre shared generation tool 2016-04-29 14:09:37 -04:00
Jimmy Zelinskie
6577ac3e62 mv JWK-canonicalization util.security.fingerprint 2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59 keys ui WIP 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
97ae800e6c canonicalize json 2016-04-29 13:38:25 -04:00
josephschorr
d63ec8c6b0 Merge pull request #1402 from coreos-inc/clairbugfixes
Fix handling of Clair notifications without `New` block
2016-04-22 15:11:51 -04:00
Joseph Schorr
34a8090328 Fix handling of Defcon 1
Fixes #1397
2016-04-22 13:21:35 -04:00
Joseph Schorr
3f8d51ebd7 Fix handling of Clair notifications without New block
Fixes #1398
2016-04-22 13:05:34 -04:00
josephschorr
affb600423 Merge pull request #1328 from coreos-inc/queuefilefix
Fix QueueFile to support read-to-end semantics and add some tests
2016-04-08 18:07:06 -04:00
Jake Moshenko
45e7c94586 Initialize the db for fixsequences 2016-04-01 14:26:19 -04:00
Jake Moshenko
bd5b44cbd2 Move the sequence fixer to a separate tool which can be run 2016-04-01 13:46:13 -04:00
josephschorr
b9f47f6761 Merge pull request #1285 from coreos-inc/configmaildefaults
Fix mail and signing defaults
2016-03-31 12:31:26 -04:00
Joseph Schorr
6251e63e0e Fix QueueFile to support read-to-end semantics and add some tests 2016-03-31 12:06:49 -04:00
Joseph Schorr
0e84a94146 Make analyzer handle images without features or vulnerabilities 2016-03-29 15:16:22 -04:00
Joseph Schorr
dc8f9713f8 Change logs worker to use a global lock in the inner loop and move storage out of the transaction 2016-03-24 14:09:48 -04:00
Joseph Schorr
aa5587c93c Fixes and added tests for the security notification worker
Fixes #1301

- Ensures that the worker uses pagination properly
- Ensures that the worker handles failure as expected
- Moves marking the notification as read to after the worker processes it
- Increases the number of layers requested to 100
2016-03-18 20:28:06 -04:00
Jimmy Zelinskie
8af0b887ef fix broken tests 2016-03-18 15:48:41 -04:00
Jimmy Zelinskie
5094e1f712 move slash_join to prevent local imports 2016-03-18 15:09:25 -04:00
Jimmy Zelinskie
e5d8a431f4 replace use of URL joining with slash_join 2016-03-18 14:56:10 -04:00
Jimmy Zelinskie
bf477b6b9c add slash_join helper and tests 2016-03-18 14:56:10 -04:00
Jimmy Zelinskie
0dcfcebe34 remove unused imports and lint 2016-03-18 14:56:09 -04:00
Jimmy Zelinskie
bcea268fcb use app.gitlab_trigger for config data
This includes defaults and makes the structure of the Gitlab trigger
parallel the GitHub trigger.
2016-03-18 14:56:09 -04:00
Quentin Machu
d093a7bde5 Merge pull request #1290 from Quentin-M/split_clair_clusters
Split clair clusters
2016-03-15 11:09:51 -04:00
Quentin Machu
81fe315171 Add ability to use another Clair stack for batch tasks 2016-03-14 14:28:34 -04:00
Joseph Schorr
821b09daaf Update Quay Sec UI as per feedback from design team
Fixes #1281
2016-03-10 14:49:36 -05:00
Joseph Schorr
8e1727b6d3 Fix mail and signing defaults 2016-03-08 18:08:40 -05:00
Quentin Machu
897df4de32 Merge pull request #1271 from coreos-inc/allocator_bs
Repair allocator (min/max swapped)
2016-03-04 12:06:04 -05:00
Quentin Machu
d36528a77a Increase POST timeout in secscan API 2016-03-04 11:59:00 -05:00
Quentin Machu
4f7a66ab0e Repair secscan's analyze_layer API call 2016-03-02 16:05:11 -05:00
Quentin Machu
c8bf55c2bb Repair allocator (min/max swapped) 2016-03-02 14:51:54 -05:00
Quentin Machu
c29ce8e1a1 Merge pull request #1268 from Quentin-M/secnotif_feature_flag
Use a feature flag to toggle security notifications
2016-03-01 15:54:37 -05:00
Quentin Machu
888f976e8d Use a feature flag to toggle security notifications 2016-03-01 15:54:18 -05:00
Quentin Machu
ea013b8066 make min_index optionnal in allocator's constructor 2016-03-01 14:54:38 -05:00
Quentin Machu
672168ce78 Close Clair API connections
This forces every API calls to be load-balanced properly.
2016-02-29 14:52:38 -05:00
Joseph Schorr
ae9140caae Implement new vulnerabilities and packages tabs.
Fixes https://github.com/coreos-inc/design/issues/268
2016-02-25 17:09:29 -05:00
Joseph Schorr
f498e92d58 Implement against new Clair paginated notification system 2016-02-25 15:58:42 -05:00
Joseph Schorr
c0374d71c9 Refactor the security worker and API calls and add a bunch of tests 2016-02-25 12:29:41 -05:00
Quentin Machu
0183c519f7 Merge pull request #1253 from Quentin-M/clair2
Adapt securityworker, secscan API and Quay UI for Clair 1.0
2016-02-19 18:21:25 -05:00
josephschorr
11af123ba5 Merge pull request #1244 from coreos-inc/enableaci
Add UI to the setup tool for enabling ACI conversion
2016-02-17 12:29:48 -05:00
Joseph Schorr
1940fd9939 Add UI to the setup tool for enabling ACI conversion
Fixes #1211
2016-02-17 12:05:48 -05:00
josephschorr
6f9fc7fc08 Merge pull request #1225 from coreos-inc/setuptooltest
Add tests for superuser config API calls
2016-02-16 17:01:43 -05:00
josephschorr
81a36ee3b8 Merge pull request #1217 from coreos-inc/v2pagination
Fix V2 catalog and tag pagination
2016-02-16 15:34:49 -05:00
Quentin Machu
c8d825c232 expose min_id in allocator.py 2016-02-16 15:16:22 -05:00
Jake Moshenko
88d84aa182 Fixes for content checksum and torrent pieces backfill
Remove null handler from app.py, was silencing other logs
2016-02-11 16:53:18 -05:00
Joseph Schorr
03533db5a3 Add tests for superuser config API calls 2016-02-11 11:04:37 +02:00
Joseph Schorr
db0eab0461 Fix V2 catalog and tag pagination 2016-02-10 00:25:33 +02:00
Jimmy Zelinskie
5828d8e716 private swarms torrents 2016-02-08 13:56:31 -05:00
Joseph Schorr
1536709c02 Small fixes 2016-01-29 20:01:17 +02:00
Jake Moshenko
01a92a66ba Refresh base image and python dependencies 2016-01-27 11:36:40 -05:00
Joseph Schorr
335c8eb3a9 Add 2 day TTL to page tokens 2016-01-26 14:04:03 -05:00
Joseph Schorr
b4bddacedb Switch to Fernet crypto as per gtank's recommendation 2016-01-26 12:50:48 -05:00
Jimmy Zelinskie
85ae1a2a0a Merge pull request #1161 from jzelinskie/torrenthmac
misc torrent changes
2016-01-22 23:02:44 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Jimmy Zelinskie
2650772db3 add delimiters to per-user torrent filenames 2016-01-22 15:53:21 -05:00
Jimmy Zelinskie
e54b86c6eb s/TORRENT/BITTORRENT 2016-01-22 15:52:28 -05:00
Joseph Schorr
7c572fd218 Add support for torrenting verbs
Fixes #1130
2016-01-20 18:15:32 -05:00
Jake Moshenko
aaf462682f Fix the allocator to use id ranges instead of limits 2016-01-12 15:21:13 -05:00
Jake Moshenko
1ae101c917 Address torrent feature review comments. 2016-01-08 16:38:21 -05:00
Jimmy Zelinskie
932d892276 torrent: remove pubkey token header 2016-01-08 14:29:24 -05:00
Joseph Schorr
9d966c2605 Backport V1 metadata fix 2016-01-08 13:53:04 -05:00
Jake Moshenko
073b68cf0d Fix torrent migration and update backfill to compute torrent pieces 2016-01-08 11:15:34 -05:00
Jimmy Zelinskie
087c6828ad add feature.BITTORRENT and jwk set URI 2016-01-07 19:07:23 -05:00
Jimmy Zelinskie
f774442a84 torrent: send jwt in announce url 2016-01-07 14:16:21 -05:00
Jake Moshenko
476ac8cec9 Add piece hashing to verbs generated image storages 2016-01-06 12:01:15 -05:00
Jake Moshenko
8f80d7064b Hash v1 uploads for torrent chunks 2016-01-05 14:43:40 -05:00
Jake Moshenko
8d5f4466d6 Cleanup some indentation and imports 2016-01-05 12:12:57 -05:00
Jimmy Zelinskie
fff016d0f5 "created by" now uses REGISTRY_TITLE 2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
a0e5de8f29 add torrent options to config 2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
c780572e69 add public/private torrent swarms 2016-01-04 16:17:51 -05:00
Jimmy Zelinskie
4cb06525a4 finish implementing torrent verb 2016-01-04 16:17:51 -05:00
Jake Moshenko
ce8fcbeaae Update the pieces to use base64 encoded binary 2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796 Hash and track layer file chunks for torrenting 2016-01-04 16:17:51 -05:00
josephschorr
28eb31ed36 Merge pull request #1102 from coreos-inc/deleteimagediff
Delete the image diff feature
2015-12-29 14:47:38 -05:00
Joseph Schorr
31a8a0fba4 Better UX when recovering organization emails
Fixes #291
2015-12-28 15:25:31 -05:00
Joseph Schorr
ab166c4448 Delete the image diff feature
Fixes #1077
2015-12-23 13:08:01 -05:00
Joseph Schorr
63a8b197e4 Break out 5XX errors into their own metric
First part of #983
2015-12-16 13:56:07 -05:00
Jake Moshenko
766d60493f Add the ability to blacklist v2 for specific versions 2015-12-15 18:27:10 -05:00
Joseph Schorr
54095eb5cb Handle the common case of one chunk when calculating the uncompressed size
Reference #992
2015-12-14 15:27:48 -05:00
Jake Moshenko
7205bf5e7f Merge pull request #885 from jakedt/python-registry-v2
Python registry v2 mega merge
2015-11-16 16:15:40 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Matt Jibson
01fe548abd Use env vars to set k8s endpoint URL
The old DNS method is optionally enabled in k8s, but the env vars are
always there.

partial solution to #864
2015-11-13 17:05:14 -05:00
Matt Jibson
2e1b49b009 Allow None for max_id during migrations
This allows empty databases with no max_id to run.

fixes #869
2015-11-13 15:41:39 -05:00
Joseph Schorr
46745ee30f Remove file added accidentally by merge 2015-11-12 22:07:47 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Joseph Schorr
25b8b7590f Fix all the things! 2015-11-12 20:55:41 -05:00
Jimmy Zelinskie
37ce84f6af tiny fixes to securityworker 2015-11-12 17:18:04 -05:00
Jimmy Zelinskie
e86a342868 create class for security config validation 2015-11-12 15:47:01 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00
Jake Moshenko
88bbf34993 Silence a lot of the useless logs for the checksum backfill 2015-11-10 19:49:23 -05:00
Jake Moshenko
83c98882bb Fix the backfill batch message to report the number 2015-11-10 19:49:00 -05:00
Jake Moshenko
941d13ea3e Fix an off by one error in the common backfill code 2015-11-10 16:14:44 -05:00
Joseph Schorr
ca7d736db2 Only send vulnerability events if the minimum priority is gte to that specified
Fixes #770
2015-11-10 16:05:55 -05:00
Jimmy Zelinskie
8e2868737b rename secscan_endpoint and move db close to API 2015-11-10 15:22:31 -05:00
Jimmy Zelinskie
112bef8f8c fix bug where v1 backfill never completed 2015-11-10 14:04:20 -05:00
Jake Moshenko
a33077b978 Optimistically update backfill items, reducing RTs 2015-11-10 11:10:09 -05:00