Evan Cordell
d64b8b1fcf
Revert to old secret handling, fix license loading
2017-06-28 23:15:14 -04:00
Jimmy Zelinskie
1d2640e012
util.secscan.fake: add test for unexpected status
2017-06-28 13:40:04 -04:00
Evan Cordell
ef459a2d18
Update the expected response layout for kubernetes config
2017-06-28 07:28:57 -04:00
Jimmy Zelinskie
46087d5e64
util.secscan.api: more robust API failures cases
...
Addresses QUAY-672 by handling all status codes that are not 404 and 5xx
and moving response decoding inside the try/except block to ensure that
the response object is in scope.
2017-06-26 17:13:51 -04:00
Jimmy Zelinskie
e028e159c0
add app registry config to setup tool: default off
2017-06-16 15:44:00 -04:00
Jimmy Zelinskie
9df04a09d6
Merge pull request #2694 from jzelinskie/fix-torrent-config-validation
...
Fix torrent config validation
2017-06-09 13:39:01 -04:00
Jimmy Zelinskie
a16b469d9b
util.registry.torrent: stash kid in JWT headers
...
Upstream, chihaya reads this header in order to find the kid in the list
of maintained keys. A long time ago, it used to just iterate, but now it
needs to know the kid.
2017-06-09 13:31:38 -04:00
Jimmy Zelinskie
7d07c2ed07
util.config.validators: fix torrent validation
...
This code was mistaken the info dict with the params passed in an
announce request. Rather, now we expose a function for creating a jwt
from infohashes directly.
2017-06-09 13:31:38 -04:00
Antoine Legrand
f0dd2e348b
Merge pull request #2551 from coreos-inc/structured-logs
...
Add log formatter class
2017-06-07 08:22:18 -07:00
Antoine Legrand
3c99928a27
Add log JSON formatter
2017-06-07 00:02:52 +02:00
Kenny Lee Sin Cheong
1f76e9dc3b
Merge pull request #2661 from kleesc/securityworker_cpu
...
Raise an APIRequestFailure exception when security scanner is unavail…
2017-06-03 12:15:45 -04:00
Joseph Schorr
0ba54ed4fc
Simplify the caching of service keys to hopefully avoid the not found issue
...
Makes accesses simpler and reduces the number of dictionaries to one, in an effort to remove race conditions
2017-05-26 13:51:48 -04:00
josephschorr
2ec43483a8
Merge pull request #2662 from coreos-inc/direct-login
...
Enable toggling of the direct login feature in the superuser panel
2017-05-24 16:51:43 -04:00
Joseph Schorr
2b9873483a
Enable toggling of the direct login feature in the superuser panel
...
Allows superusers to disable login to the UI via credentials if at least one OIDC provider is configured
2017-05-24 12:57:55 -04:00
Evan Cordell
c55c233f1f
Merge pull request #2646 from ecordell/kubernetes-ca-fix
...
ConfigProviders abstract over path construction
2017-05-24 11:37:17 -04:00
josephschorr
8e8470890a
Merge pull request #2653 from coreos-inc/new-signing-ui
...
Implement updated UI for displaying the signing status of a tag, now …
2017-05-24 11:31:52 -04:00
Kenny Lee Sin Cheong
203c0b76e0
Raise an APIRequestFailure exception when security scanner is unavailable
...
Put worker to sleep for the duration of the default indexing interval
when an APIRequestFailure occurs, when the API request fails due to a
connection error, timeout, or other ambiguous errors, from
analyze_layer or get_layer_data .
2017-05-24 11:04:44 -04:00
Evan Cordell
20da91d879
Add tests for providers and update install script
2017-05-23 15:43:21 -04:00
Evan Cordell
b3a5f0db1b
Merge coreos/new-signing-ui into new-signing-ui
2017-05-23 13:07:18 -04:00
Evan Cordell
897da1df67
Fix tuf api calls
2017-05-23 12:36:49 -04:00
Evan Cordell
f877865e82
Fix tuf api calls
2017-05-23 10:47:59 -04:00
Evan Cordell
01b59e8d66
ConfigProviders abstract over path construction
...
Fixes issue where certs can't be uploaded in UI in k8s
2017-05-17 08:12:09 -04:00
Jimmy Zelinskie
702cdf59ff
Merge pull request #2637 from jzelinskie/audit-apps
...
Audit Logs for Apps
2017-05-16 17:06:25 -04:00
Jimmy Zelinskie
4db789b656
add audit logging to app registry endpoints
2017-05-16 15:54:02 -04:00
Evan Cordell
e2be8481b0
Merge pull request #2643 from ecordell/all-delegations-tuf
...
Return all tags in all delegations in tuf api
2017-05-15 17:23:05 -04:00
Evan Cordell
3e3ed11634
Add api for getting all signed tags, separated by delegation
2017-05-15 16:18:30 -04:00
Jake Moshenko
21cb9f1aa1
Handle null executor cancellations separately from other exceptions
2017-05-15 13:45:44 -04:00
josephschorr
19f67bfa1b
Merge pull request #2607 from coreos-inc/faster-security-notify
...
Batch the tag lookups in the security notification worker in an attempt to significant reduce load
2017-05-03 13:49:13 -04:00
Joseph Schorr
977bbc20a2
Add filtering onto the images query in get_matching_tags_for_images
...
Should make the query even faster in the security notification case
2017-05-02 18:29:14 -04:00
Joseph Schorr
4e09fff181
Remove test that breaks MySQL full DB tests
2017-05-02 16:04:46 -04:00
Joseph Schorr
98fcae753b
Change the security notification system to use get_matching_tags_for_images
...
This should vastly reduce the number of database calls we make, as instead of making 2-3 calls per image, we'll make two calls per ~100 images
2017-05-02 15:39:27 -04:00
Evan Cordell
738f53f61a
Merge pull request #2597 from ecordell/sni
...
TUF metadata api SNI support
2017-05-02 13:01:16 -04:00
Evan Cordell
b2569ffbb2
Support SNI in python requests, and only delete tuf metadata if it
...
exists
2017-05-02 09:32:12 -04:00
Joseph Schorr
ae0d1e831b
Add prometheus metric for queued builds
2017-05-01 15:16:55 -04:00
josephschorr
8b148bf1d4
Merge pull request #2576 from coreos-inc/full-db-tests-tox
...
Reenable full database testing locally and in concourse
2017-04-27 18:09:15 -04:00
Joseph Schorr
4ea4ee3aa4
Fix time machine config validator on old-style config
...
Existing config won't have the keys defined, so make sure we skip in that case (and just use the defaults)
2017-04-27 14:24:47 -04:00
Joseph Schorr
cb3695a629
Change config validator tests to use the shared fixtures
2017-04-24 16:45:14 -04:00
Joseph Schorr
f296599162
Add additional logging around secscan analyze
2017-04-21 16:52:47 -04:00
Jake Moshenko
3b26e819d3
Merge pull request #2558 from jakedt/betternooper
...
Make the nooper impl even smaller!
2017-04-21 14:29:52 -04:00
Joseph Schorr
3dcbe3c631
If enabled, allow users and orgs to set their time machine expiration
...
Fixes https://www.pivotaltracker.com/story/show/142881203
2017-04-21 11:32:45 -04:00
Jimmy Zelinskie
6bef1d1ff3
Merge pull request #2322 from jzelinskie/acifix
...
image/appc: fix volume conversion and add tests
2017-04-21 10:15:03 -04:00
Jake Moshenko
e97ef09bd3
Make the nooper impl even smaller!
2017-04-20 13:42:49 -04:00
josephschorr
b03771669b
Merge pull request #2554 from coreos-inc/no-secscan-delete
...
Fix deleting repos when sec scan or signing is disabled
2017-04-19 17:09:59 -04:00
Joseph Schorr
c5bb9abf11
Fix deleting repos when sec scan or signing is disabled
...
Make sure we don't invoke the APIs to non-existent endpoints
2017-04-19 16:57:36 -04:00
Joseph Schorr
08b9c4b0d4
Fill backfill script for recent changes
...
We forgot that we need to lookup by user *object* and we need to lookup locations on their own
2017-04-19 16:50:51 -04:00
Jake Moshenko
ba07270bb2
Turn off in-app sentry logging, only log 500s at the WSGI layer
2017-04-18 16:38:22 -04:00
Jake Moshenko
22f5934f34
Add error logging to Marketo calls
2017-04-17 10:19:52 -04:00
Evan Cordell
2661db7485
Add flag to enable trust per repo ( #2541 )
...
* Add flag to enable trust per repo
* Add api for enabling/disabling trust
* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api
* Add `set_trust` method to repository
* Expose new logkind to UI
* Fix registry tests
* Rebase migrations and regen test.db
* Raise downstreamissue if trust metadata can't be removed
* Refactor change_repo_trust
* Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00
Evan Cordell
ec63e495fc
Add repo purge callbacks and register TUF metadata deletion as one
2017-04-12 17:33:51 -04:00
Evan Cordell
883692345b
Add unit tests for gun calculation
2017-04-12 17:33:51 -04:00