vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
7536 commits 2 branches 62 tags 205 MiB
Commit graph

238 commits

Author SHA1 Message Date
Jake Moshenko
17536e66dc Change our jwt signing key to actually be self signed. 2016-05-23 15:07:33 -04:00
Joseph Schorr
4aab834156 Move to Angular 1.5 
This has been reasonably well tested, but further testing should be done on staging.

Also optimizes avatar handling to use a constant size and not 404.

Fixes #1434
 2016-05-17 16:32:08 -04:00
Joseph Schorr
2cbdecb043 Implement setup tool support for Clair 
Fixes #1387
 2016-05-04 13:40:50 -04:00
Jimmy Zelinskie
f842545b3e rename config values to remove "Quay" (#1431) 2016-05-03 13:11:21 -04:00
Jimmy Zelinskie
437ec84c9f torrent: use quay.pem to mint JWT (#1425) 2016-05-02 18:10:16 -04:00
Evan Cordell
a6f6a114c2 service key worker to refresh automatic keys 2016-04-29 14:10:33 -04:00
Evan Cordell
c766727d1d address review comments 
- more inline documentation
 - don't explicitly specify audience
 - approver is optional in `generate_key`
 - ADD -> RUN for better caching of jwtproxy
 2016-04-29 14:10:33 -04:00
Evan Cordell
d2aa4be29e Explicitly set jwtproxy audience 2016-04-29 14:10:33 -04:00
Evan Cordell
f30a9e56f3 Be really sure about proxy protocol 2016-04-29 14:10:33 -04:00
Evan Cordell
f4d2fae5d8 Separate jwtproxy signer config from secscan config 2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd Generate private key on startup 2016-04-29 14:10:33 -04:00
Evan Cordell
9e7a501dae Authenticate in the other direction with jwtproxy 2016-04-29 14:10:33 -04:00
Joseph Schorr
4f63a50a17 Change account-less logs to use a user and not null 
This allows us to skip the migration
 2016-04-29 14:09:37 -04:00
Joseph Schorr
522cf68c5d Lots of smaller fixes: 
- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb
 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
c0ab45d335 key server: derive audience from host and scheme 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
d277fe6741 add final service key config 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
4079dba167 service keys: do all the right stuff 2016-04-29 13:38:25 -04:00
Jimmy Zelinskie
cca95ac583 add GITLAB_TRIGGER_CONFIG to config.py 
We were already using this in production in our config.yml. We just
didn't have a default value for it inside of config.py.
 2016-03-18 14:56:09 -04:00
Quentin Machu
d36528a77a Increase POST timeout in secscan API 2016-03-04 11:59:00 -05:00
Quentin Machu
888f976e8d Use a feature flag to toggle security notifications 2016-03-01 15:54:18 -05:00
Joseph Schorr
f498e92d58 Implement against new Clair paginated notification system 2016-02-25 15:58:42 -05:00
Joseph Schorr
1940fd9939 Add UI to the setup tool for enabling ACI conversion 
Fixes #1211
 2016-02-17 12:05:48 -05:00
Jimmy Zelinskie
e18dacd26b extend torrent webseed lifetime to an hour 2016-02-08 17:57:28 -05:00
Joseph Schorr
b4bddacedb Switch to Fernet crypto as per gtank's recommendation 2016-01-26 12:50:48 -05:00
Joseph Schorr
bd0a098282 Add ID-based pagination to logs using new decorators and an encrypted token 
Fixes #599
 2016-01-26 12:50:48 -05:00
Jimmy Zelinskie
85ae1a2a0a Merge pull request #1161 from jzelinskie/torrenthmac 
misc torrent changes
 2016-01-22 23:02:44 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. 
This support is placed behind a feature flag.
 2016-01-22 15:54:06 -05:00
Jimmy Zelinskie
e54b86c6eb s/TORRENT/BITTORRENT 2016-01-22 15:52:28 -05:00
Jake Moshenko
1ae101c917 Address torrent feature review comments. 2016-01-08 16:38:21 -05:00
Jimmy Zelinskie
087c6828ad add feature.BITTORRENT and jwk set URI 2016-01-07 19:07:23 -05:00
Jimmy Zelinskie
a0e5de8f29 add torrent options to config 2016-01-04 16:17:51 -05:00
Jake Moshenko
fe87d3c796 Hash and track layer file chunks for torrenting 2016-01-04 16:17:51 -05:00
Joseph Schorr
ab166c4448 Delete the image diff feature 
Fixes #1077
 2015-12-23 13:08:01 -05:00
Jimmy Zelinskie
f439ad7804 Merge pull request #618 from jzelinskie/logsworker 
add a log rotation worker
 2015-12-16 17:25:50 -05:00
Jimmy Zelinskie
e1f955a3f6 add a log rotation worker 
Fixes #609.
 2015-12-16 17:22:28 -05:00
Joseph Schorr
c888a8b3be Make GC timeout configurable 2015-12-16 15:45:02 -05:00
Jake Moshenko
766d60493f Add the ability to blacklist v2 for specific versions 2015-12-15 18:27:10 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Jimmy Zelinskie
7fd53d6783 update IRC channel 2015-11-11 15:42:36 -05:00
Jimmy Zelinskie
dc476470fe add secscan notification queue 2015-11-10 15:22:30 -05:00
Joseph Schorr
75dfec7875 Fix endpoint 2015-11-09 12:50:39 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00
Jimmy Zelinskie
f3c3e684a1 prepare branch to be merged into phase1-11-07-2015 
This removes the checksum backfill, removes the migration that runs the
backfills, and defaults the security scan feature off.
 2015-11-06 15:22:18 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0 Add vulnerabilities and packages API to Quay 
Fixes #564
 2015-11-06 15:22:18 -05:00
Joseph Schorr
0f3db709ea Add a vulnerability_found event for notice when we detect a vuln 
Fixes #637

Note: This PR does *not* actually raise the event; it merely adds support for it
 2015-11-06 15:22:18 -05:00
Joseph Schorr
2d1df267dd Add security config 2015-11-06 15:22:18 -05:00
Joseph Schorr
f6a53f7cc5 Change all Quay.io references to Quay, fix tour and change logo 
Fixes #741
 2015-11-02 14:37:48 -05:00
Jake Moshenko
fc55730db8 Add a feature flag to advertise v2 endpoints 2015-10-26 14:20:51 -04:00
Jake Moshenko
26cea9a07c Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-17 16:16:27 -04:00
Jake Moshenko
9c3ddf846f Some fixes and tests for v2 auth 
Fixes #395
 2015-09-10 15:38:57 -04:00
Joseph Schorr
c0286d1ac3 Add support for Dex to Quay 
Fixes #306

- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
 2015-09-04 17:05:06 -04:00
Jake Moshenko
210ed7cf02 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-09-04 16:32:01 -04:00
Joseph Schorr
0a91a1d9d8 Redirect to the /setup page automatically in the ER when not fully setup 2015-09-02 14:59:54 -04:00
Joseph Schorr
724b1607d7 Add automatic storage replication 
Adds a worker to automatically replicate data between storages and update the database accordingly
 2015-09-01 14:53:32 -04:00
Jake Moshenko
e1b3e9e6ae Another huge batch of registry v2 changes 
Add patch support and resumeable sha
Implement all actual registry methods
Add a simple database generation option
 2015-08-12 16:41:12 -04:00
Joseph Schorr
e53c3e23be Change docs to load from HTTPS 2015-08-05 14:34:11 -04:00
Joseph Schorr
8a8955d234 Add documentation search to the main search bar 2015-08-03 17:15:53 -04:00
Joseph Schorr
70de107268 Make GC of repositories fully async for whitelisted namespaces 
This change adds a worker to conduct GC on repositories with garbage every 10s.

Fixes #144
 2015-07-28 15:30:04 -04:00
Jake Moshenko
bc29561f8f Fix and templatize the logic for external JWT AuthN and registry v2 Auth. 
Make it explicit that the registry-v2 stuff is not ready for prime time.
 2015-07-17 11:56:15 -04:00
Joseph Schorr
33b31a2451 Fix logs view in superuser panel 
This seems to have been broken ever since we moved to syslog
 2015-06-15 20:55:23 -04:00
Jake Moshenko
e09d84b3c8 Merge pull request #55 from coreos-inc/oauthdeny 
Fix OAuth redirect for denial action when generating for internal tokens
 2015-06-05 14:00:16 -04:00
Joseph Schorr
5516911de9 Fix OAuth redirect for denial action when generating for internal tokens 2015-06-02 12:25:59 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
ba0fafc857 Add missing default for the gitlab feature flag 2015-05-04 19:04:27 -07:00
Joseph Schorr
c480fb2105 Work in progress: bitbucket support 2015-04-24 15:13:08 -04:00
Joseph Schorr
5cd500257d Merge branch 'master' into orgview 2015-04-01 13:56:49 -04:00
Joseph Schorr
27a9b84587 Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists 2015-03-30 17:55:04 -04:00
Joseph Schorr
e4b659f107 Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords 2015-03-25 18:43:12 -04:00
Jake Moshenko
78c8354174 Switch our temporary token lookups for signed grants which will not require DB access. 2015-02-19 16:54:23 -05:00
Jake Moshenko
ec01373240 Rename the config variable for temp tag expiration per the pull request feedback. 2015-02-18 17:06:41 -05:00
Jake Moshenko
41108a0856 Allow tags to be marked as hidden. Create a hidden tag on every image during a push to prevent them from getting GCed. 2015-02-18 17:05:16 -05:00
Joseph Schorr
3cae6609a7 Remove old services from the blacklist 2015-02-18 16:34:42 -05:00
Joseph Schorr
0d2c42ad03 Fix tests 2015-01-09 17:11:51 -05:00
Joseph Schorr
40d2b1748f Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py). 2015-01-05 12:31:02 -05:00
Joseph Schorr
1bf25f25c1 WIP 2015-01-04 14:38:41 -05:00
Joseph Schorr
4ca877c1d4 Add ability to download system logs 2014-12-23 14:01:00 -05:00
Jimmy Zelinskie
f3259c862b Merge branch 'koh' 
Conflicts:
	auth/scopes.py
	requirements-nover.txt
	requirements.txt
	static/css/quay.css
	static/directives/namespace-selector.html
	static/js/app.js
	static/partials/manage-application.html
	templates/oauthorize.html
 2014-12-01 12:30:09 -08:00
Joseph Schorr
72d613614d Merge branch 'bagger' 2014-12-01 12:48:59 -05:00
Joseph Schorr
660a640de6 Better organize the source file structure of the build manager and change it to choose a lifecycle manager based on the config 2014-11-25 16:14:44 -05:00
Joseph Schorr
e9cac407df Add a configurable avatar system and add an internal avatar system for enterprise 2014-11-24 19:25:13 -05:00
Jimmy Zelinskie
716d7a737b Strip whitespace from ALL the things. 2014-11-24 16:07:38 -05:00
Jake Moshenko
8b3184a7cb Change the default username and password for flask-mail to None instead of empty string. 2014-11-21 12:32:30 -05:00
Jake Moshenko
2b8c246476 Temporarily put user rename behind a feature flag. Switch queue names back to using the username for namespace while we figure out a real migration strategy. 2014-11-20 15:36:39 -05:00
Joseph Schorr
3e79379942 - Make the OAuth config system centralized 
- Add support for Github Enterprise login
 2014-11-05 16:43:37 -05:00
Joseph Schorr
98602a2d0c Add a new configurable health check, to make sure production instances are not taken down by Redis or non-local DB issues 2014-11-02 15:06:17 -05:00
Joseph Schorr
4eedd54b66 - Make usage language more accurate by stating "repositories" 
- Have usage counter be based on a 4 weeks TTL
- Add a simple usage counter breakage test
 2014-10-30 13:26:02 -04:00
Joseph Schorr
c1398c6d2b - Add a log entry for repo verb handling and make the container usage calculation take it into account 
- Move all the repo push/pull/verb logging into a central track_and_log method
- Readd images accidentally deleted in the last CL
- Make the uncompressed size migration script better handle exceptions
 2014-10-29 15:42:44 -04:00
Joseph Schorr
8b331b453e Make the contact page dynamic so that enterprise customers can configure it however they like 2014-10-22 14:49:33 -04:00
Jake Moshenko
fa6a06502d Change the default redis host to localhost. Fix some whitespace issues in the userevents module. 2014-10-14 14:37:02 -04:00
Jake Moshenko
44637dad96 Merge branch 'master' of bitbucket.org:yackob03/quay 2014-10-14 13:58:14 -04:00
Jake Moshenko
328db8b660 Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 13:58:08 -04:00
Joseph Schorr
49f8629566 Make the default mail sender use the Flask mail config value 2014-10-10 13:14:33 -04:00
Joseph Schorr
c682899861 Add a feature flag to disable user creation 2014-10-02 14:49:18 -04:00
Joseph Schorr
2c5cc7990f Allow for additional REDIS config such as password and port 2014-10-01 14:16:42 -04:00
Joseph Schorr
f3b03ebc34 Add a feature flag for disabling all emails 2014-09-22 19:11:48 -04:00
Jake Moshenko
2455c17f96 Merge remote-tracking branch 'origin/master' into waltermitty 
Conflicts:
	app.py
	data/userfiles.py
 2014-09-11 11:18:28 -04:00
Jake Moshenko
c9e1648781 Small fixes to bugs in the streaming handler for use with magic and radosgw. 2014-09-09 18:30:14 -04:00
Jake Moshenko
451e034ca1 Archived logs commit 1. Squash me. 2014-09-08 16:43:17 -04:00