+
+
+
+
+
+
+
+ Save Configuration Changes
+ Configuration Saved
+
+
+
+ {{ configform.$error['required'].length }} configuration fields remaining
+
+
+ Invalid configuration field
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
{{ serviceInfo.service.title }}
+
+
+ {{ serviceInfo.errorMessage }}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/static/js/core-config-setup.js b/config_app/js/core-config-setup/core-config-setup.js
similarity index 64%
rename from static/js/core-config-setup.js
rename to config_app/js/core-config-setup/core-config-setup.js
index 721d7d05d..fe5fc512c 100644
--- a/static/js/core-config-setup.js
+++ b/config_app/js/core-config-setup/core-config-setup.js
@@ -1,16 +1,39 @@
-angular.module("core-config-setup", ['angularFileUpload'])
- .directive('configSetupTool', function() {
+import * as URI from 'urijs';
+import * as angular from 'angular';
+const templateUrl = require('./config-setup-tool.html');
+const urlParsedField = require('../config-field-templates/config-parsed-field.html');
+const urlVarField = require('../config-field-templates/config-variable-field.html');
+const urlListField = require('../config-field-templates/config-list-field.html');
+const urlFileField = require('../config-field-templates/config-file-field.html');
+const urlBoolField = require('../config-field-templates/config-bool-field.html');
+const urlNumericField = require('../config-field-templates/config-numeric-field.html');
+const urlContactField = require('../config-field-templates/config-contact-field.html');
+const urlContactsField = require('../config-field-templates/config-contacts-field.html');
+const urlMapField = require('../config-field-templates/config-map-field.html');
+const urlServiceKeyField = require('../config-field-templates/config-service-key-field.html');
+const urlStringField = require('../config-field-templates/config-string-field.html');
+const urlPasswordField = require('../config-field-templates/config-password-field.html');
+
+const urlStringListField = require('../config-field-templates/config-string-list-field.html');
+const urlCertField = require('../config-field-templates/config-certificates-field.html');
+
+
+angular.module("quay-config")
+ .directive('configSetupTool', () => {
var directiveDefinitionObject = {
priority: 1,
- templateUrl: '/static/directives/config/config-setup-tool.html',
+ templateUrl,
replace: true,
transclude: true,
restrict: 'C',
scope: {
'isActive': '=isActive',
- 'configurationSaved': '&configurationSaved'
+ 'configurationSaved': '&configurationSaved',
+ 'setupCompleted': '&setupCompleted',
},
controller: function($rootScope, $scope, $element, $timeout, ApiService) {
+ var authPassword = null;
+
$scope.HOSTNAME_REGEX = '^[a-zA-Z-0-9\.]+(:[0-9]+)?$';
$scope.GITHOST_REGEX = '^https?://([a-zA-Z0-9]+\.?\/?)+$';
@@ -19,24 +42,32 @@ angular.module("core-config-setup", ['angularFileUpload'])
{'id': 'registry-storage', 'title': 'Registry Storage'},
+ {'id': 'time-machine', 'title': 'Time Machine'},
+
+ {'id': 'access', 'title': 'Access Settings'},
+
{'id': 'ssl', 'title': 'SSL certificate and key', 'condition': function(config) {
return config.PREFERRED_URL_SCHEME == 'https';
}},
{'id': 'ldap', 'title': 'LDAP Authentication', 'condition': function(config) {
return config.AUTHENTICATION_TYPE == 'LDAP';
- }, 'password': true},
+ }},
{'id': 'jwt', 'title': 'JWT Authentication', 'condition': function(config) {
return config.AUTHENTICATION_TYPE == 'JWT';
- }, 'password': true},
+ }},
{'id': 'keystone', 'title': 'Keystone Authentication', 'condition': function(config) {
return config.AUTHENTICATION_TYPE == 'Keystone';
- }, 'password': true},
+ }},
- {'id': 'mail', 'title': 'E-mail Support', 'condition': function(config) {
- return config.FEATURE_MAILING;
+ {'id': 'apptoken-auth', 'title': 'App Token Authentication', 'condition': function(config) {
+ return config.AUTHENTICATION_TYPE == 'AppToken';
+ }},
+
+ {'id': 'signer', 'title': 'ACI Signing', 'condition': function(config) {
+ return config.FEATURE_ACI_CONVERSION;
}},
{'id': 'github-login', 'title': 'Github (Enterprise) Authentication', 'condition': function(config) {
@@ -57,7 +88,27 @@ angular.module("core-config-setup", ['angularFileUpload'])
{'id': 'gitlab-trigger', 'title': 'GitLab Build Triggers', 'condition': function(config) {
return config.FEATURE_GITLAB_BUILD;
- }}
+ }},
+
+ {'id': 'security-scanner', 'title': 'Quay Security Scanner', 'condition': function(config) {
+ return config.FEATURE_SECURITY_SCANNER;
+ }},
+
+ {'id': 'bittorrent', 'title': 'BitTorrent downloads', 'condition': function(config) {
+ return config.FEATURE_BITTORRENT;
+ }},
+
+ {'id': 'oidc-login', 'title': 'OIDC Login(s)', 'condition': function(config) {
+ return $scope.getOIDCProviders(config).length > 0;
+ }},
+
+ {'id': 'actionlogarchiving', 'title': 'Action Log Rotation', 'condition': function(config) {
+ return config.FEATURE_ACTION_LOG_ROTATION;
+ }},
+
+ {'id': 'repomirroring', 'title': 'Repository Mirroring', 'condition': function(config) {
+ return config.FEATURE_REPOSITORY_MIRRORING;
+ }},
];
$scope.STORAGE_CONFIG_FIELDS = {
@@ -66,11 +117,20 @@ angular.module("core-config-setup", ['angularFileUpload'])
],
'S3Storage': [
- {'name': 's3_access_key', 'title': 'AWS Access Key', 'placeholder': 'accesskeyhere', 'kind': 'text'},
- {'name': 's3_secret_key', 'title': 'AWS Secret Key', 'placeholder': 'secretkeyhere', 'kind': 'text'},
{'name': 's3_bucket', 'title': 'S3 Bucket', 'placeholder': 'my-cool-bucket', 'kind': 'text'},
{'name': 'storage_path', 'title': 'Storage Directory', 'placeholder': '/path/inside/bucket', 'kind': 'text'},
- {'name': 'host', 'title': 'S3 Host (optional)', 'placeholder': 's3.amazonaws.com', 'kind': 'text', 'optional': true}
+ {'name': 's3_access_key', 'title': 'AWS Access Key (optional if using IAM)', 'placeholder': 'accesskeyhere', 'kind': 'text', 'optional': true},
+ {'name': 's3_secret_key', 'title': 'AWS Secret Key (optional if using IAM)', 'placeholder': 'secretkeyhere', 'kind': 'password', 'optional': true},
+ {'name': 'host', 'title': 'S3 Host', 'placeholder': 's3.amazonaws.com', 'kind': 'text', 'optional': true},
+ {'name': 'port', 'title': 'S3 Port', 'placeholder': '443', 'kind': 'text', 'pattern': '^[0-9]+$', 'optional': true}
+ ],
+
+ 'AzureStorage': [
+ {'name': 'azure_container', 'title': 'Azure Storage Container', 'placeholder': 'container', 'kind': 'text'},
+ {'name': 'storage_path', 'title': 'Storage Directory', 'placeholder': '/path/inside/container', 'kind': 'text'},
+ {'name': 'azure_account_name', 'title': 'Azure Account Name', 'placeholder': 'accountnamehere', 'kind': 'text'},
+ {'name': 'azure_account_key', 'title': 'Azure Account Key', 'placeholder': 'accountkeyhere', 'kind': 'text', 'optional': true},
+ {'name': 'sas_token', 'title': 'Azure SAS Token', 'placeholder': 'sastokenhere', 'kind': 'text', 'optional': true},
],
'GoogleCloudStorage': [
@@ -80,8 +140,19 @@ angular.module("core-config-setup", ['angularFileUpload'])
{'name': 'storage_path', 'title': 'Storage Directory', 'placeholder': '/path/inside/bucket', 'kind': 'text'}
],
+ 'RHOCSStorage': [
+ {'name': 'hostname', 'title': 'NooBaa Server Hostname', 'placeholder': 'my.noobaa.hostname', 'kind': 'text'},
+ {'name': 'port', 'title': 'Custom Port (optional)', 'placeholder': '443', 'kind': 'text', 'pattern': '^[0-9]+$', 'optional': true},
+ {'name': 'is_secure', 'title': 'Is Secure', 'placeholder': 'Require SSL', 'kind': 'bool'},
+ {'name': 'access_key', 'title': 'Access Key', 'placeholder': 'accesskeyhere', 'kind': 'text'},
+ {'name': 'secret_key', 'title': 'Secret Key', 'placeholder': 'secretkeyhere', 'kind': 'text'},
+ {'name': 'bucket_name', 'title': 'Bucket Name', 'placeholder': 'my-cool-bucket', 'kind': 'text'},
+ {'name': 'storage_path', 'title': 'Storage Directory', 'placeholder': '/path/inside/bucket', 'kind': 'text'}
+ ],
+
'RadosGWStorage': [
{'name': 'hostname', 'title': 'Rados Server Hostname', 'placeholder': 'my.rados.hostname', 'kind': 'text'},
+ {'name': 'port', 'title': 'Custom Port (optional)', 'placeholder': '443', 'kind': 'text', 'pattern': '^[0-9]+$', 'optional': true},
{'name': 'is_secure', 'title': 'Is Secure', 'placeholder': 'Require SSL', 'kind': 'bool'},
{'name': 'access_key', 'title': 'Access Key', 'placeholder': 'accesskeyhere', 'kind': 'text', 'help_url': 'http://ceph.com/docs/master/radosgw/admin/'},
{'name': 'secret_key', 'title': 'Secret Key', 'placeholder': 'secretkeyhere', 'kind': 'text'},
@@ -90,7 +161,7 @@ angular.module("core-config-setup", ['angularFileUpload'])
],
'SwiftStorage': [
- {'name': 'auth_version', 'title': 'Swift Version', 'kind': 'option', 'values': [1, 2]},
+ {'name': 'auth_version', 'title': 'Swift Auth Version', 'kind': 'option', 'values': [1, 2, 3]},
{'name': 'auth_url', 'title': 'Swift Auth URL', 'placeholder': 'http://swiftdomain/auth/v1.0', 'kind': 'text'},
{'name': 'swift_container', 'title': 'Swift Container Name', 'placeholder': 'mycontainer', 'kind': 'text',
'help_text': 'The swift container for all objects. Must already exist inside Swift.'},
@@ -109,8 +180,26 @@ angular.module("core-config-setup", ['angularFileUpload'])
'help_text': 'If enabled, will allow for faster pulls directly from Swift.'},
{'name': 'os_options', 'title': 'OS Options', 'kind': 'map',
- 'keys': ['tenant_id', 'auth_token', 'service_type', 'endpoint_type', 'tenant_name', 'object_storage_url', 'region_name']}
- ]
+ 'keys': ['tenant_id', 'auth_token', 'service_type', 'endpoint_type', 'tenant_name', 'object_storage_url', 'region_name',
+ 'project_id', 'project_name', 'project_domain_name', 'user_domain_name', 'user_domain_id']}
+ ],
+
+ 'CloudFrontedS3Storage': [
+ {'name': 's3_bucket', 'title': 'S3 Bucket', 'placeholder': 'my-cool-bucket', 'kind': 'text'},
+ {'name': 'storage_path', 'title': 'Storage Directory', 'placeholder': '/path/inside/bucket', 'kind': 'text'},
+ {'name': 's3_access_key', 'title': 'AWS Access Key (optional if using IAM)', 'placeholder': 'accesskeyhere', 'kind': 'text', 'optional': true},
+ {'name': 's3_secret_key', 'title': 'AWS Secret Key (optional if using IAM)', 'placeholder': 'secretkeyhere', 'kind': 'text', 'optional': true},
+ {'name': 'host', 'title': 'S3 Host', 'placeholder': 's3.amazonaws.com', 'kind': 'text', 'optional': true},
+ {'name': 'port', 'title': 'S3 Port', 'placeholder': '443', 'kind': 'text', 'pattern': '^[0-9]+$', 'optional': true},
+
+ {'name': 'cloudfront_distribution_domain', 'title': 'CloudFront Distribution Domain Name', 'placeholder': 'somesubdomain.cloudfront.net', 'pattern': '^([0-9a-zA-Z]+\\.)+[0-9a-zA-Z]+$', 'kind': 'text'},
+ {'name': 'cloudfront_key_id', 'title': 'CloudFront Key ID', 'placeholder': 'APKATHISISAKEYID', 'kind': 'text'},
+ {'name': 'cloudfront_privatekey_filename', 'title': 'CloudFront Private Key', 'filesuffix': 'cloudfront-signing-key.pem', 'kind': 'file'},
+ ],
+ };
+
+ $scope.enableFeature = function(config, feature) {
+ config[feature] = true;
};
$scope.validateHostname = function(hostname) {
@@ -130,6 +219,59 @@ angular.module("core-config-setup", ['angularFileUpload'])
$scope.validating = null;
$scope.savingConfiguration = false;
+ $scope.removeOIDCProvider = function(provider) {
+ delete $scope.config[provider];
+ };
+
+ $scope.addOIDCProvider = () => {
+ bootbox.prompt('Enter an ID for the OIDC provider', function(result) {
+ if (!result) {
+ return;
+ }
+
+ result = result.toUpperCase();
+
+ if (!result.match(/^[A-Z0-9]+$/)) {
+ bootbox.alert('Invalid ID for OIDC provider: must be alphanumeric');
+ return;
+ }
+
+ if (result == 'GITHUB' || result == 'GOOGLE') {
+ bootbox.alert('Invalid ID for OIDC provider: cannot be a reserved name');
+ return;
+ }
+
+ var key = result + '_LOGIN_CONFIG';
+ if ($scope.config[key]) {
+ bootbox.alert('Invalid ID for OIDC provider: already exists');
+ return;
+ }
+
+ $scope.config[key] = {};
+ });
+ };
+
+ $scope.getOIDCProviderId = function(key) {
+ var index = key.indexOf('_LOGIN_CONFIG');
+ if (index <= 0) {
+ return null;
+ }
+
+ return key.substr(0, index).toLowerCase();
+ };
+
+ $scope.getOIDCProviders = function(config) {
+ var keys = Object.keys(config || {});
+ return keys.filter(function(key) {
+ if (key == 'GITHUB_LOGIN_CONFIG' || key == 'GOOGLE_LOGIN_CONFIG') {
+ // Has custom UI and config.
+ return false;
+ }
+
+ return !!$scope.getOIDCProviderId(key);
+ });
+ };
+
$scope.getServices = function(config) {
var services = [];
if (!config) { return services; }
@@ -179,10 +321,21 @@ angular.module("core-config-setup", ['angularFileUpload'])
'password': opt_password || ''
};
+ var errorDisplay = ApiService.errorDisplay(
+ 'Could not validate configuration. Please report this error.',
+ function() {
+ authPassword = null;
+ });
+
ApiService.scValidateConfig(data, params).then(function(resp) {
serviceInfo.status = resp.status ? 'success' : 'error';
serviceInfo.errorMessage = $.trim(resp.reason || '');
- }, ApiService.errorDisplay('Could not validate configuration. Please report this error.'));
+
+ if (!resp.status) {
+ authPassword = null;
+ }
+
+ }, errorDisplay);
};
$scope.checkValidateAndSave = function() {
@@ -203,56 +356,15 @@ angular.module("core-config-setup", ['angularFileUpload'])
$scope.validateAndSave = function() {
$scope.validating = $scope.getServices($scope.config);
- var requirePassword = false;
- for (var i = 0; i < $scope.validating.length; ++i) {
- var serviceInfo = $scope.validating[i];
- if (serviceInfo.service.password) {
- requirePassword = true;
- break;
- }
- }
-
- if (!requirePassword) {
- $scope.performValidateAndSave();
- return;
- }
-
- var box = bootbox.dialog({
- "message": 'Please enter your superuser password to validate your auth configuration:' +
- '
',
- "title": 'Enter Password',
- "buttons": {
- "success": {
- "label": "Validate Config",
- "className": "btn-success",
- "callback": function() {
- $scope.performValidateAndSave($('#validatePassword').val());
- }
- },
- "close": {
- "label": "Cancel",
- "className": "btn-default",
- "callback": function() {
- }
- }
- }
- });
-
- box.bind('shown.bs.modal', function(){
- box.find("input").focus();
- box.find("form").submit(function() {
- if (!$('#validatePassword').val()) { return; }
- box.modal('hide');
- });
- });
+ $scope.performValidateAndSave();
};
$scope.performValidateAndSave = function(opt_password) {
$scope.savingConfiguration = false;
$scope.validating = $scope.getServices($scope.config);
+ authPassword = opt_password;
+
$('#validateAndSaveModal').modal({
keyboard: false,
backdrop: 'static'
@@ -273,15 +385,26 @@ angular.module("core-config-setup", ['angularFileUpload'])
var data = {
'config': $scope.config,
- 'hostname': window.location.host
+ 'hostname': window.location.host,
+ 'password': authPassword || ''
};
+ var errorDisplay = ApiService.errorDisplay(
+ 'Could not save configuration. Please report this error.',
+ function() {
+ authPassword = null;
+ });
+
ApiService.scUpdateConfig(data).then(function(resp) {
+ authPassword = null;
+
$scope.savingConfiguration = false;
$scope.mapped.$hasChanges = false;
+
$('#validateAndSaveModal').modal('hide');
- $scope.configurationSaved({'config': $scope.config});
- }, ApiService.errorDisplay('Could not save configuration. Please report this error.'));
+
+ $scope.setupCompleted();
+ }, errorDisplay);
};
// Convert storage config to an array
@@ -444,6 +567,36 @@ angular.module("core-config-setup", ['angularFileUpload'])
$scope.mapped['redis']['host'] = getKey(config, 'BUILDLOGS_REDIS.host') || getKey(config, 'USER_EVENTS_REDIS.host');
$scope.mapped['redis']['port'] = getKey(config, 'BUILDLOGS_REDIS.port') || getKey(config, 'USER_EVENTS_REDIS.port');
$scope.mapped['redis']['password'] = getKey(config, 'BUILDLOGS_REDIS.password') || getKey(config, 'USER_EVENTS_REDIS.password');
+
+ $scope.mapped['TLS_SETTING'] = 'none';
+ if (config['PREFERRED_URL_SCHEME'] == 'https') {
+ if (config['EXTERNAL_TLS_TERMINATION'] === true) {
+ $scope.mapped['TLS_SETTING'] = 'external-tls';
+ } else {
+ $scope.mapped['TLS_SETTING'] = 'internal-tls';
+ }
+ }
+ };
+
+ var tlsSetter = function(value) {
+ if (value == null || !$scope.config) { return; }
+
+ switch (value) {
+ case 'none':
+ $scope.config['PREFERRED_URL_SCHEME'] = 'http';
+ delete $scope.config['EXTERNAL_TLS_TERMINATION'];
+ return;
+
+ case 'external-tls':
+ $scope.config['PREFERRED_URL_SCHEME'] = 'https';
+ $scope.config['EXTERNAL_TLS_TERMINATION'] = true;
+ return;
+
+ case 'internal-tls':
+ $scope.config['PREFERRED_URL_SCHEME'] = 'https';
+ delete $scope.config['EXTERNAL_TLS_TERMINATION'];
+ return;
+ }
};
var redisSetter = function(keyname) {
@@ -473,6 +626,7 @@ angular.module("core-config-setup", ['angularFileUpload'])
$scope.$watch('mapped.GITHUB_LOGIN_KIND', githubSelector('GITHUB_LOGIN_CONFIG'));
$scope.$watch('mapped.GITHUB_TRIGGER_KIND', githubSelector('GITHUB_TRIGGER_CONFIG'));
$scope.$watch('mapped.GITLAB_TRIGGER_KIND', gitlabSelector('GITLAB_TRIGGER_KIND'));
+ $scope.$watch('mapped.TLS_SETTING', tlsSetter);
$scope.$watch('mapped.redis.host', redisSetter('host'));
$scope.$watch('mapped.redis.port', redisSetter('port'));
@@ -544,10 +698,22 @@ angular.module("core-config-setup", ['angularFileUpload'])
$scope.configform.$setValidity('storageConfig', valid);
};
+ $scope.$watch('config.INTERNAL_OIDC_SERVICE_ID', function(service_id) {
+ if (service_id) {
+ $scope.config['FEATURE_DIRECT_LOGIN'] = false;
+ }
+ });
+
$scope.$watch('config.FEATURE_STORAGE_REPLICATION', function() {
refreshStorageConfig();
});
+ $scope.$watch('config.FEATURE_USER_CREATION', function(value) {
+ if (!value) {
+ $scope.config['FEATURE_INVITE_ONLY_USER_CREATION'] = false;
+ }
+ });
+
$scope.$watch('storageConfig', function() {
refreshStorageConfig();
}, true);
@@ -575,7 +741,7 @@ angular.module("core-config-setup", ['angularFileUpload'])
.directive('configParsedField', function ($timeout) {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-parsed-field.html',
+ templateUrl: urlParsedField,
replace: false,
transclude: true,
restrict: 'C',
@@ -619,7 +785,7 @@ angular.module("core-config-setup", ['angularFileUpload'])
.directive('configVariableField', function () {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-variable-field.html',
+ templateUrl: urlVarField,
replace: false,
transclude: true,
restrict: 'C',
@@ -668,7 +834,7 @@ angular.module("core-config-setup", ['angularFileUpload'])
.directive('variableSection', function () {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-variable-field.html',
+ templateUrl: urlVarField,
priority: 1,
require: '^configVariableField',
replace: false,
@@ -689,7 +855,7 @@ angular.module("core-config-setup", ['angularFileUpload'])
.directive('configListField', function () {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-list-field.html',
+ templateUrl: urlListField,
replace: false,
transclude: false,
restrict: 'C',
@@ -697,7 +863,8 @@ angular.module("core-config-setup", ['angularFileUpload'])
'binding': '=binding',
'placeholder': '@placeholder',
'defaultValue': '@defaultValue',
- 'itemTitle': '@itemTitle'
+ 'itemTitle': '@itemTitle',
+ 'itemPattern': '@itemPattern'
},
controller: function($scope, $element) {
$scope.removeItem = function(item) {
@@ -724,6 +891,20 @@ angular.module("core-config-setup", ['angularFileUpload'])
$scope.newItemName = null;
};
+ $scope.patternMap = {};
+
+ $scope.getRegexp = function(pattern) {
+ if (!pattern) {
+ pattern = '.*';
+ }
+
+ if ($scope.patternMap[pattern]) {
+ return $scope.patternMap[pattern];
+ }
+
+ return $scope.patternMap[pattern] = new RegExp(pattern);
+ };
+
$scope.$watch('binding', function(binding) {
if (!binding && $scope.defaultValue) {
$scope.binding = eval($scope.defaultValue);
@@ -737,21 +918,27 @@ angular.module("core-config-setup", ['angularFileUpload'])
.directive('configFileField', function () {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-file-field.html',
+ templateUrl: urlFileField,
replace: false,
transclude: false,
restrict: 'C',
scope: {
'filename': '@filename',
'skipCheckFile': '@skipCheckFile',
- 'hasFile': '=hasFile'
+ 'hasFile': '=hasFile',
+ 'binding': '=?binding'
},
controller: function($scope, $element, Restangular, $upload) {
$scope.hasFile = false;
+ var setHasFile = function(hasFile) {
+ $scope.hasFile = hasFile;
+ $scope.binding = hasFile ? $scope.filename : null;
+ };
+
$scope.onFileSelect = function(files) {
if (files.length < 1) {
- $scope.hasFile = false;
+ setHasFile(false);
return;
}
@@ -765,17 +952,17 @@ angular.module("core-config-setup", ['angularFileUpload'])
$scope.uploadProgress = parseInt(100.0 * evt.loaded / evt.total);
if ($scope.uploadProgress == 100) {
$scope.uploadProgress = null;
- $scope.hasFile = true;
+ setHasFile(true);
}
}).success(function(data, status, headers, config) {
$scope.uploadProgress = null;
- $scope.hasFile = true;
+ setHasFile(true);
});
};
var loadStatus = function(filename) {
Restangular.one('superuser/config/file/' + filename).get().then(function(resp) {
- $scope.hasFile = resp['exists'];
+ setHasFile(false);
});
};
@@ -790,9 +977,9 @@ angular.module("core-config-setup", ['angularFileUpload'])
.directive('configBoolField', function () {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-bool-field.html',
+ templateUrl: urlBoolField,
replace: false,
- transclude: false,
+ transclude: true,
restrict: 'C',
scope: {
'binding': '=binding'
@@ -806,14 +993,14 @@ angular.module("core-config-setup", ['angularFileUpload'])
.directive('configNumericField', function () {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-numeric-field.html',
+ templateUrl: urlNumericField,
replace: false,
transclude: false,
restrict: 'C',
scope: {
'binding': '=binding',
'placeholder': '@placeholder',
- 'defaultValue': '@defaultValue'
+ 'defaultValue': '@defaultValue',
},
controller: function($scope, $element) {
$scope.bindinginternal = 0;
@@ -841,7 +1028,7 @@ angular.module("core-config-setup", ['angularFileUpload'])
.directive('configContactsField', function () {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-contacts-field.html',
+ templateUrl: urlContactsField,
priority: 1,
replace: false,
transclude: false,
@@ -904,7 +1091,7 @@ angular.module("core-config-setup", ['angularFileUpload'])
.directive('configContactField', function () {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-contact-field.html',
+ templateUrl: urlContactField,
priority: 1,
replace: false,
transclude: true,
@@ -989,10 +1176,10 @@ angular.module("core-config-setup", ['angularFileUpload'])
return directiveDefinitionObject;
})
- .directive('configMapField', function () {
+ .directive('configMapField', function () {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-map-field.html',
+ templateUrl: urlMapField,
replace: false,
transclude: false,
restrict: 'C',
@@ -1025,10 +1212,92 @@ angular.module("core-config-setup", ['angularFileUpload'])
return directiveDefinitionObject;
})
+ .directive('configServiceKeyField', function (ApiService) {
+ var directiveDefinitionObject = {
+ priority: 0,
+ templateUrl: urlServiceKeyField,
+ replace: false,
+ transclude: false,
+ restrict: 'C',
+ scope: {
+ 'serviceName': '@serviceName',
+ },
+ controller: function($scope, $element) {
+ $scope.foundKeys = [];
+ $scope.loading = false;
+ $scope.loadError = false;
+ $scope.hasValidKey = false;
+ $scope.hasValidKeyStr = null;
+
+ $scope.updateKeys = function() {
+ $scope.foundKeys = [];
+ $scope.loading = true;
+
+ ApiService.listServiceKeys().then(function(resp) {
+ $scope.loading = false;
+ $scope.loadError = false;
+
+ resp['keys'].forEach(function(key) {
+ if (key['service'] == $scope.serviceName) {
+ $scope.foundKeys.push(key);
+ }
+ });
+
+ $scope.hasValidKey = checkValidKey($scope.foundKeys);
+ $scope.hasValidKeyStr = $scope.hasValidKey ? 'true' : '';
+ }, function() {
+ $scope.loading = false;
+ $scope.loadError = true;
+ });
+ };
+
+ // Perform initial loading of the keys.
+ $scope.updateKeys();
+
+ $scope.isKeyExpired = function(key) {
+ if (key.expiration_date != null) {
+ var expiration_date = moment(key.expiration_date);
+ return moment().isAfter(expiration_date);
+ }
+ return false;
+ };
+
+ $scope.showRequestServiceKey = function(opt_newKey) {
+ $scope.requestKeyInfo = {
+ 'service': $scope.serviceName,
+ 'newKey': opt_newKey
+ };
+ };
+
+ $scope.handleKeyCreated = function() {
+ $scope.updateKeys();
+ };
+
+ var checkValidKey = function(keys) {
+ for (var i = 0; i < keys.length; ++i) {
+ var key = keys[i];
+ if (!key.approval) {
+ continue;
+ }
+
+ if ($scope.isKeyExpired(key)) {
+ continue;
+ }
+
+ return true;
+ }
+
+ return false;
+ };
+ }
+ };
+ return directiveDefinitionObject;
+ })
+
.directive('configStringField', function () {
var directiveDefinitionObject = {
priority: 0,
- templateUrl: '/static/directives/config/config-string-field.html',
+ templateUrl: urlStringField,
replace: false,
transclude: false,
restrict: 'C',
@@ -1041,16 +1310,26 @@ angular.module("core-config-setup", ['angularFileUpload'])
'isOptional': '=isOptional'
},
controller: function($scope, $element) {
+ var firstSet = true;
+
+ $scope.patternMap = {};
+
$scope.getRegexp = function(pattern) {
if (!pattern) {
pattern = '.*';
}
- return new RegExp(pattern);
+
+ if ($scope.patternMap[pattern]) {
+ return $scope.patternMap[pattern];
+ }
+
+ return $scope.patternMap[pattern] = new RegExp(pattern);
};
$scope.$watch('binding', function(binding) {
- if (!binding && $scope.defaultValue) {
+ if (firstSet && !binding && $scope.defaultValue) {
$scope.binding = $scope.defaultValue;
+ firstSet = false;
}
$scope.errorMessage = $scope.validator({'value': binding || ''});
@@ -1058,4 +1337,118 @@ angular.module("core-config-setup", ['angularFileUpload'])
}
};
return directiveDefinitionObject;
+ })
+
+ .directive('configPasswordField', function () {
+ var directiveDefinitionObject = {
+ priority: 0,
+ templateUrl: urlPasswordField,
+ replace: false,
+ transclude: false,
+ restrict: 'C',
+ scope: {
+ 'binding': '=binding',
+ 'placeholder': '@placeholder',
+ 'defaultValue': '@defaultValue',
+ 'validator': '&validator',
+ 'isOptional': '=isOptional'
+ },
+ controller: function($scope, $element) {
+ var firstSet = true;
+
+ $scope.$watch('binding', function(binding) {
+ if (firstSet && !binding && $scope.defaultValue) {
+ $scope.binding = $scope.defaultValue;
+ firstSet = false;
+ }
+ $scope.errorMessage = $scope.validator({'value': binding || ''});
+ });
+ }
+ };
+ return directiveDefinitionObject;
+ })
+
+ .directive('configStringListField', function () {
+ var directiveDefinitionObject = {
+ priority: 0,
+ templateUrl: urlStringListField,
+ replace: false,
+ transclude: false,
+ restrict: 'C',
+ scope: {
+ 'binding': '=binding',
+ 'itemTitle': '@itemTitle',
+ 'itemDelimiter': '@itemDelimiter',
+ 'placeholder': '@placeholder',
+ 'isOptional': '=isOptional'
+ },
+ controller: function($scope, $element) {
+ $scope.$watch('internalBinding', function(value) {
+ if (value) {
+ $scope.binding = value.split($scope.itemDelimiter);
+ }
+ });
+
+ $scope.$watch('binding', function(value) {
+ if (value) {
+ $scope.internalBinding = value.join($scope.itemDelimiter);
+ }
+ });
+ }
+ };
+ return directiveDefinitionObject;
+ })
+
+ .directive('configCertificatesField', function () {
+ var directiveDefinitionObject = {
+ priority: 0,
+ templateUrl: urlCertField,
+ replace: false,
+ transclude: false,
+ restrict: 'C',
+ scope: {
+ },
+ controller: function($scope, $element, $upload, ApiService, UserService) {
+ $scope.resetUpload = 0;
+ $scope.certsUploading = false;
+
+ var loadCertificates = function() {
+ $scope.certificatesResource = ApiService.getCustomCertificatesAsResource().get(function(resp) {
+ $scope.certInfo = resp;
+ $scope.certsUploading = false;
+ });
+ };
+
+ loadCertificates();
+
+ $scope.handleCertsSelected = function(files, callback) {
+ $scope.certsUploading = true;
+ $upload.upload({
+ url: '/api/v1/superuser/customcerts/' + files[0].name,
+ method: 'POST',
+ data: {'_csrf_token': window.__token},
+ file: files[0]
+ }).success(function() {
+ callback(true);
+ $scope.resetUpload++;
+ loadCertificates();
+ }).error(function(r) {
+ bootbox.alert('Could not upload certificate')
+ callback(false);
+ $scope.resetUpload++;
+ loadCertificates();
+ });
+ };
+
+ $scope.deleteCert = function(path) {
+ var errorDisplay = ApiService.errorDisplay('Could not delete certificate');
+ var params = {
+ 'certpath': path
+ };
+
+ ApiService.deleteCustomCertificate(null, params).then(loadCertificates, errorDisplay);
+ };
+ }
+ };
+ return directiveDefinitionObject;
});
diff --git a/config_app/js/main.ts b/config_app/js/main.ts
new file mode 100644
index 000000000..cdd326001
--- /dev/null
+++ b/config_app/js/main.ts
@@ -0,0 +1,37 @@
+// imports shims, etc
+import 'core-js';
+
+import * as angular from 'angular';
+import { ConfigAppModule } from './config-app.module';
+import { bundle } from 'ng-metadata/core';
+
+// load all app dependencies
+require('../static/lib/angular-file-upload.min.js');
+require('../../static/js/tar');
+
+const ng1QuayModule: string = bundle(ConfigAppModule, []).name;
+angular.module('quay-config', [ng1QuayModule])
+ .run(() => {
+ });
+
+declare var require: any;
+function requireAll(r) {
+ r.keys().forEach(r);
+}
+
+// load all services
+requireAll(require.context('./services', true, /\.js$/));
+
+
+// load all the components after services
+requireAll(require.context('./setup', true, /\.js$/));
+requireAll(require.context('./core-config-setup', true, /\.js$/));
+requireAll(require.context('./components', true, /\.js$/));
+
+// load config-app specific css
+requireAll(require.context('../static/css', true, /\.css$/));
+
+
+// Load all the main quay css
+requireAll(require.context('../../static/css', true, /\.css$/));
+requireAll(require.context('../../static/lib', true, /\.css$/));
diff --git a/config_app/js/services/angular-poll-channel.js b/config_app/js/services/angular-poll-channel.js
new file mode 100644
index 000000000..697a04e15
--- /dev/null
+++ b/config_app/js/services/angular-poll-channel.js
@@ -0,0 +1,107 @@
+/**
+ * Specialized class for conducting an HTTP poll, while properly preventing multiple calls.
+ */
+angular.module('quay-config').factory('AngularPollChannel',
+ ['ApiService', '$timeout', 'DocumentVisibilityService', 'CORE_EVENT', '$rootScope',
+ function(ApiService, $timeout, DocumentVisibilityService, CORE_EVENT, $rootScope) {
+ var _PollChannel = function(scope, requester, opt_sleeptime) {
+ this.scope_ = scope;
+ this.requester_ = requester;
+ this.sleeptime_ = opt_sleeptime || (60 * 1000 /* 60s */);
+ this.timer_ = null;
+
+ this.working = false;
+ this.polling = false;
+ this.skipping = false;
+
+ var that = this;
+
+ var visibilityHandler = $rootScope.$on(CORE_EVENT.DOC_VISIBILITY_CHANGE, function() {
+ // If the poll channel was skipping because the visibility was hidden, call it immediately.
+ if (that.skipping && !DocumentVisibilityService.isHidden()) {
+ that.call_();
+ }
+ });
+
+ scope.$on('$destroy', function() {
+ that.stop();
+ visibilityHandler();
+ });
+ };
+
+ _PollChannel.prototype.setSleepTime = function(sleepTime) {
+ this.sleeptime_ = sleepTime;
+ this.stop();
+ this.start(true);
+ };
+
+ _PollChannel.prototype.stop = function() {
+ if (this.timer_) {
+ $timeout.cancel(this.timer_);
+ this.timer_ = null;
+ this.polling = false;
+ }
+
+ this.skipping = false;
+ this.working = false;
+ };
+
+ _PollChannel.prototype.start = function(opt_skipFirstCall) {
+ // Make sure we invoke call outside the normal digest cycle, since
+ // we'll call $scope.$apply ourselves.
+ var that = this;
+ setTimeout(function() {
+ if (opt_skipFirstCall) {
+ that.setupTimer_();
+ return;
+ }
+
+ that.call_();
+ }, 0);
+ };
+
+ _PollChannel.prototype.call_ = function() {
+ if (this.working) { return; }
+
+ // If the document is currently hidden, skip the call.
+ if (DocumentVisibilityService.isHidden()) {
+ this.skipping = true;
+ this.setupTimer_();
+ return;
+ }
+
+ var that = this;
+ this.working = true;
+
+ $timeout(function() {
+ that.requester_(function(status) {
+ if (status) {
+ that.working = false;
+ that.skipping = false;
+ that.setupTimer_();
+ } else {
+ that.stop();
+ }
+ });
+ }, 0);
+ };
+
+ _PollChannel.prototype.setupTimer_ = function() {
+ if (this.timer_) { return; }
+
+ var that = this;
+ this.polling = true;
+ this.timer_ = $timeout(function() {
+ that.timer_ = null;
+ that.call_();
+ }, this.sleeptime_)
+ };
+
+ var service = {
+ 'create': function(scope, requester, opt_sleeptime) {
+ return new _PollChannel(scope, requester, opt_sleeptime);
+ }
+ };
+
+ return service;
+}]);
diff --git a/config_app/js/services/api-service.js b/config_app/js/services/api-service.js
new file mode 100644
index 000000000..814e25a45
--- /dev/null
+++ b/config_app/js/services/api-service.js
@@ -0,0 +1,335 @@
+/**
+ * Service which exposes the server-defined API as a nice set of helper methods and automatic
+ * callbacks. Any method defined on the server is exposed here as an equivalent method. Also
+ * defines some helper functions for working with API responses.
+ */
+angular.module('quay-config').factory('ApiService', ['Restangular', '$q', 'UtilService', function(Restangular, $q, UtilService) {
+ var apiService = {};
+
+ if (!window.__endpoints) {
+ return apiService;
+ }
+
+ var getResource = function(getMethod, operation, opt_parameters, opt_background) {
+ var resource = {};
+ resource.withOptions = function(options) {
+ this.options = options;
+ return this;
+ };
+
+ resource.get = function(processor, opt_errorHandler) {
+ var options = this.options;
+ var result = {
+ 'loading': true,
+ 'value': null,
+ 'hasError': false
+ };
+
+ getMethod(options, opt_parameters, opt_background, true).then(function(resp) {
+ result.value = processor(resp);
+ result.loading = false;
+ }, function(resp) {
+ result.hasError = true;
+ result.loading = false;
+ if (opt_errorHandler) {
+ opt_errorHandler(resp);
+ }
+ });
+
+ return result;
+ };
+
+ return resource;
+ };
+
+ var buildUrl = function(path, parameters) {
+ // We already have /api/v1/ on the URLs, so remove them from the paths.
+ path = path.substr('/api/v1/'.length, path.length);
+
+ // Build the path, adjusted with the inline parameters.
+ var used = {};
+ var url = '';
+ for (var i = 0; i < path.length; ++i) {
+ var c = path[i];
+ if (c == '{') {
+ var end = path.indexOf('}', i);
+ var varName = path.substr(i + 1, end - i - 1);
+
+ if (!parameters[varName]) {
+ throw new Error('Missing parameter: ' + varName);
+ }
+
+ used[varName] = true;
+ url += parameters[varName];
+ i = end;
+ continue;
+ }
+
+ url += c;
+ }
+
+ // Append any query parameters.
+ var isFirst = true;
+ for (var paramName in parameters) {
+ if (!parameters.hasOwnProperty(paramName)) { continue; }
+ if (used[paramName]) { continue; }
+
+ var value = parameters[paramName];
+ if (value) {
+ url += isFirst ? '?' : '&';
+ url += paramName + '=' + encodeURIComponent(value)
+ isFirst = false;
+ }
+ }
+
+ return url;
+ };
+
+ var getGenericOperationName = function(userOperationName) {
+ return userOperationName.replace('User', '');
+ };
+
+ var getMatchingUserOperationName = function(orgOperationName, method, userRelatedResource) {
+ if (userRelatedResource) {
+ if (userRelatedResource[method.toLowerCase()]) {
+ return userRelatedResource[method.toLowerCase()]['operationId'];
+ }
+ }
+
+ throw new Error('Could not find user operation matching org operation: ' + orgOperationName);
+ };
+
+ var freshLoginInProgress = [];
+ var reject = function(msg) {
+ for (var i = 0; i < freshLoginInProgress.length; ++i) {
+ freshLoginInProgress[i].deferred.reject({'data': {'message': msg}});
+ }
+ freshLoginInProgress = [];
+ };
+
+ var retry = function() {
+ for (var i = 0; i < freshLoginInProgress.length; ++i) {
+ freshLoginInProgress[i].retry();
+ }
+ freshLoginInProgress = [];
+ };
+
+ var freshLoginFailCheck = function(opName, opArgs) {
+ return function(resp) {
+ var deferred = $q.defer();
+
+ // If the error is a fresh login required, show the dialog.
+ // TODO: remove error_type (old style error)
+ var fresh_login_required = resp.data['title'] == 'fresh_login_required' || resp.data['error_type'] == 'fresh_login_required';
+ if (resp.status == 401 && fresh_login_required) {
+ var retryOperation = function() {
+ apiService[opName].apply(apiService, opArgs).then(function(resp) {
+ deferred.resolve(resp);
+ }, function(resp) {
+ deferred.reject(resp);
+ });
+ };
+
+ var verifyNow = function() {
+ if (!$('#freshPassword').val()) {
+ return;
+ }
+
+ var info = {
+ 'password': $('#freshPassword').val()
+ };
+
+ $('#freshPassword').val('');
+
+ // Conduct the sign in of the user.
+ apiService.verifyUser(info).then(function() {
+ // On success, retry the operations. if it succeeds, then resolve the
+ // deferred promise with the result. Otherwise, reject the same.
+ retry();
+ }, function(resp) {
+ // Reject with the sign in error.
+ reject('Invalid verification credentials');
+ });
+ };
+
+ // Add the retry call to the in progress list. If there is more than a single
+ // in progress call, we skip showing the dialog (since it has already been
+ // shown).
+ freshLoginInProgress.push({
+ 'deferred': deferred,
+ 'retry': retryOperation
+ })
+
+ if (freshLoginInProgress.length > 1) {
+ return deferred.promise;
+ }
+
+ var box = bootbox.dialog({
+ "message": 'It has been more than a few minutes since you last logged in, ' +
+ 'so please verify your password to perform this sensitive operation:' +
+ '
',
+ "title": 'Please Verify',
+ "buttons": {
+ "verify": {
+ "label": "Verify",
+ "className": "btn-success btn-continue",
+ "callback": verifyNow
+ },
+ "close": {
+ "label": "Cancel",
+ "className": "btn-default",
+ "callback": function() {
+ reject('Verification canceled')
+ }
+ }
+ }
+ });
+
+ box.bind('shown.bs.modal', function(){
+ box.find("input").focus();
+ box.find("form").submit(function() {
+ if (!$('#freshPassword').val()) { return; }
+
+ box.modal('hide');
+ verifyNow();
+ });
+ });
+
+ // Return a new promise. We'll accept or reject it based on the result
+ // of the login.
+ return deferred.promise;
+ }
+
+ // Otherwise, we just 'raise' the error via the reject method on the promise.
+ return $q.reject(resp);
+ };
+ };
+
+ var buildMethodsForOperation = function(operation, method, path, resourceMap) {
+ var operationName = operation['operationId'];
+ var urlPath = path['x-path'];
+
+ // Add the operation itself.
+ apiService[operationName] = function(opt_options, opt_parameters, opt_background, opt_forceget, opt_responseType) {
+ var one = Restangular.one(buildUrl(urlPath, opt_parameters));
+
+ if (opt_background || opt_responseType) {
+ let httpConfig = {};
+
+ if (opt_background) {
+ httpConfig['ignoreLoadingBar'] = true;
+ }
+ if (opt_responseType) {
+ httpConfig['responseType'] = opt_responseType;
+ }
+
+ one.withHttpConfig(httpConfig);
+ }
+
+ var opObj = one[opt_forceget ? 'get' : 'custom' + method.toUpperCase()](opt_options);
+
+ // If the operation requires_fresh_login, then add a specialized error handler that
+ // will defer the operation's result if sudo is requested.
+ if (operation['x-requires-fresh-login']) {
+ opObj = opObj.catch(freshLoginFailCheck(operationName, arguments));
+ }
+ return opObj;
+ };
+
+ // If the method for the operation is a GET, add an operationAsResource method.
+ if (method == 'get') {
+ apiService[operationName + 'AsResource'] = function(opt_parameters, opt_background) {
+ var getMethod = apiService[operationName];
+ return getResource(getMethod, operation, opt_parameters, opt_background);
+ };
+ }
+
+ // If the operation has a user-related operation, then make a generic operation for this operation
+ // that can call both the user and the organization versions of the operation, depending on the
+ // parameters given.
+ if (path['x-user-related']) {
+ var userOperationName = getMatchingUserOperationName(operationName, method, resourceMap[path['x-user-related']]);
+ var genericOperationName = getGenericOperationName(userOperationName);
+ apiService[genericOperationName] = function(orgname, opt_options, opt_parameters, opt_background) {
+ if (orgname) {
+ if (orgname.name) {
+ orgname = orgname.name;
+ }
+
+ var params = jQuery.extend({'orgname' : orgname}, opt_parameters || {}, opt_background);
+ return apiService[operationName](opt_options, params);
+ } else {
+ return apiService[userOperationName](opt_options, opt_parameters, opt_background);
+ }
+ };
+ }
+ };
+
+
+ var allowedMethods = ['get', 'post', 'put', 'delete'];
+ var resourceMap = {};
+ var forEachOperation = function(callback) {
+ for (var path in window.__endpoints) {
+ if (!window.__endpoints.hasOwnProperty(path)) {
+ continue;
+ }
+
+ for (var method in window.__endpoints[path]) {
+ if (!window.__endpoints[path].hasOwnProperty(method)) {
+ continue;
+ }
+
+ if (allowedMethods.indexOf(method.toLowerCase()) < 0) { continue; }
+ callback(window.__endpoints[path][method], method, window.__endpoints[path]);
+ }
+ }
+ };
+
+ // Build the map of resource names to their objects.
+ forEachOperation(function(operation, method, path) {
+ resourceMap[path['x-name']] = path;
+ });
+
+ // Construct the methods for each API endpoint.
+ forEachOperation(function(operation, method, path) {
+ buildMethodsForOperation(operation, method, path, resourceMap);
+ });
+
+ apiService.getErrorMessage = function(resp, defaultMessage) {
+ var message = defaultMessage;
+ if (resp && resp['data']) {
+ //TODO: remove error_message and error_description (old style error)
+ message = resp['data']['detail'] || resp['data']['error_message'] || resp['data']['message'] || resp['data']['error_description'] || message;
+ }
+
+ return message;
+ };
+
+ apiService.errorDisplay = function(defaultMessage, opt_handler) {
+ return function(resp) {
+ var message = apiService.getErrorMessage(resp, defaultMessage);
+ if (opt_handler) {
+ var handlerMessage = opt_handler(resp);
+ if (handlerMessage) {
+ message = handlerMessage;
+ }
+ }
+
+ message = UtilService.stringToHTML(message);
+ bootbox.dialog({
+ "message": message,
+ "title": defaultMessage || 'Request Failure',
+ "buttons": {
+ "close": {
+ "label": "Close",
+ "className": "btn-primary"
+ }
+ }
+ });
+ };
+ };
+
+ return apiService;
+}]);
diff --git a/config_app/js/services/container-service.js b/config_app/js/services/container-service.js
new file mode 100644
index 000000000..31b495176
--- /dev/null
+++ b/config_app/js/services/container-service.js
@@ -0,0 +1,43 @@
+/**
+ * Helper service for working with the registry's container. Only works in enterprise.
+ */
+angular.module('quay-config')
+ .factory('ContainerService', ['ApiService', '$timeout', 'Restangular',
+ function(ApiService, $timeout, Restangular) {
+ var containerService = {};
+ containerService.restartContainer = function(callback) {
+ ApiService.errorDisplay('Removed Endpoint. This error should never be seen.')
+ };
+
+ containerService.scheduleStatusCheck = function(callback, opt_config) {
+ $timeout(function() {
+ containerService.checkStatus(callback, opt_config);
+ }, 2000);
+ };
+
+ containerService.checkStatus = function(callback, opt_config) {
+ var errorHandler = function(resp) {
+ if (resp.status == 404 || resp.status == 502 || resp.status == -1) {
+ // Container has not yet come back up, so we schedule another check.
+ containerService.scheduleStatusCheck(callback, opt_config);
+ return;
+ }
+
+ return ApiService.errorDisplay('Cannot load status. Please report this to support')(resp);
+ };
+
+ // If config is specified, override the API base URL from this point onward.
+ // TODO: Find a better way than this. This is safe, since this will only be called
+ // for a restart, but it is still ugly.
+ if (opt_config && opt_config['SERVER_HOSTNAME']) {
+ var scheme = opt_config['PREFERRED_URL_SCHEME'] || 'http';
+ var baseUrl = scheme + '://' + opt_config['SERVER_HOSTNAME'] + '/api/v1/';
+ Restangular.setBaseUrl(baseUrl);
+ }
+
+ ApiService.scRegistryStatus(null, null, /* background */true)
+ .then(callback, errorHandler);
+ };
+
+ return containerService;
+ }]);
diff --git a/config_app/js/services/cookie-service.js b/config_app/js/services/cookie-service.js
new file mode 100644
index 000000000..af904124a
--- /dev/null
+++ b/config_app/js/services/cookie-service.js
@@ -0,0 +1,23 @@
+/**
+ * Helper service for working with cookies.
+ */
+angular.module('quay-config').factory('CookieService', ['$cookies', function($cookies) {
+ var cookieService = {};
+ cookieService.putPermanent = function(name, value) {
+ document.cookie = escape(name) + "=" + escape(value) + "; expires=Fri, 31 Dec 9999 23:59:59 GMT; path=/";
+ };
+
+ cookieService.putSession = function(name, value) {
+ $cookies.put(name, value);
+ };
+
+ cookieService.clear = function(name) {
+ $cookies.remove(name);
+ };
+
+ cookieService.get = function(name) {
+ return $cookies.get(name);
+ };
+
+ return cookieService;
+}]);
diff --git a/config_app/js/services/document-visibility-service.js b/config_app/js/services/document-visibility-service.js
new file mode 100644
index 000000000..59d935d8b
--- /dev/null
+++ b/config_app/js/services/document-visibility-service.js
@@ -0,0 +1,60 @@
+/**
+ * Helper service which fires off events when the document's visibility changes, as well as allowing
+ * other Angular code to query the state of the document's visibility directly.
+ */
+angular.module('quay-config').constant('CORE_EVENT', {
+ DOC_VISIBILITY_CHANGE: 'core.event.doc_visibility_change'
+});
+
+angular.module('quay-config').factory('DocumentVisibilityService', ['$rootScope', '$document', 'CORE_EVENT',
+ function($rootScope, $document, CORE_EVENT) {
+ var document = $document[0],
+ features,
+ detectedFeature;
+
+ function broadcastChangeEvent() {
+ $rootScope.$broadcast(CORE_EVENT.DOC_VISIBILITY_CHANGE,
+ document[detectedFeature.propertyName]);
+ }
+
+ features = {
+ standard: {
+ eventName: 'visibilitychange',
+ propertyName: 'hidden'
+ },
+ moz: {
+ eventName: 'mozvisibilitychange',
+ propertyName: 'mozHidden'
+ },
+ ms: {
+ eventName: 'msvisibilitychange',
+ propertyName: 'msHidden'
+ },
+ webkit: {
+ eventName: 'webkitvisibilitychange',
+ propertyName: 'webkitHidden'
+ }
+ };
+
+ Object.keys(features).some(function(feature) {
+ if (document[features[feature].propertyName] !== undefined) {
+ detectedFeature = features[feature];
+ return true;
+ }
+ });
+
+ if (detectedFeature) {
+ $document.on(detectedFeature.eventName, broadcastChangeEvent);
+ }
+
+ return {
+ /**
+ * Is the window currently hidden or not.
+ */
+ isHidden: function() {
+ if (detectedFeature) {
+ return document[detectedFeature.propertyName];
+ }
+ }
+ };
+}]);
\ No newline at end of file
diff --git a/config_app/js/services/features-config.js b/config_app/js/services/features-config.js
new file mode 100644
index 000000000..e655f32bf
--- /dev/null
+++ b/config_app/js/services/features-config.js
@@ -0,0 +1,91 @@
+/**
+ * Feature flags.
+ */
+angular.module('quay-config').factory('Features', [function() {
+ if (!window.__features) {
+ return {};
+ }
+
+ var features = window.__features;
+ features.getFeature = function(name, opt_defaultValue) {
+ var value = features[name];
+ if (value == null) {
+ return opt_defaultValue;
+ }
+ return value;
+ };
+
+ features.hasFeature = function(name) {
+ return !!features.getFeature(name);
+ };
+
+ features.matchesFeatures = function(list) {
+ for (var i = 0; i < list.length; ++i) {
+ var value = features.getFeature(list[i]);
+ if (!value) {
+ return false;
+ }
+ }
+ return true;
+ };
+
+ return features;
+}]);
+
+/**
+ * Application configuration.
+ */
+angular.module('quay-config').factory('Config', ['Features', function(Features) {
+ if (!window.__config) {
+ return {};
+ }
+
+ var config = window.__config;
+ config.getDomain = function() {
+ return config['SERVER_HOSTNAME'];
+ };
+
+ config.getHost = function(opt_auth) {
+ var auth = opt_auth;
+ if (auth) {
+ auth = auth + '@';
+ }
+
+ return config['PREFERRED_URL_SCHEME'] + '://' + auth + config['SERVER_HOSTNAME'];
+ };
+
+ config.getHttp = function() {
+ return config['PREFERRED_URL_SCHEME'];
+ };
+
+ config.getUrl = function(opt_path) {
+ var path = opt_path || '';
+ return config['PREFERRED_URL_SCHEME'] + '://' + config['SERVER_HOSTNAME'] + path;
+ };
+
+ config.getValue = function(name, opt_defaultValue) {
+ var value = config[name];
+ if (value == null) {
+ return opt_defaultValue;
+ }
+ return value;
+ };
+
+ config.getEnterpriseLogo = function(opt_defaultValue) {
+ if (!config.ENTERPRISE_LOGO_URL) {
+ if (opt_defaultValue) {
+ return opt_defaultValue;
+ }
+
+ if (Features.BILLING) {
+ return '/static/img/quay-horizontal-color.svg';
+ } else {
+ return '/static/img/QuayEnterprise_horizontal_color.svg';
+ }
+ }
+
+ return config.ENTERPRISE_LOGO_URL;
+ };
+
+ return config;
+}]);
\ No newline at end of file
diff --git a/config_app/js/services/services.types.ts b/config_app/js/services/services.types.ts
new file mode 100644
index 000000000..217824f6b
--- /dev/null
+++ b/config_app/js/services/services.types.ts
@@ -0,0 +1,15 @@
+export interface AngularPollChannel {
+ create: PollConstructor
+}
+
+type PollConstructor = (scope: MockAngularScope, requester: ShouldContinueCallback, opt_sleeptime?: number) => PollHandle;
+type MockAngularScope = {
+ '$on': Function
+};
+type ShouldContinueCallback = (boolean) => void;
+
+export interface PollHandle {
+ start(opt_skipFirstCall?: boolean): void,
+ stop(): void,
+ setSleepTime(sleepTime: number): void,
+}
diff --git a/config_app/js/services/user-service.js b/config_app/js/services/user-service.js
new file mode 100644
index 000000000..8c222b955
--- /dev/null
+++ b/config_app/js/services/user-service.js
@@ -0,0 +1,177 @@
+import * as Raven from 'raven-js';
+
+
+/**
+ * Service which monitors the current user session and provides methods for returning information
+ * about the user.
+ */
+angular.module('quay-config')
+ .factory('UserService', ['ApiService', 'CookieService', '$rootScope', 'Config', '$location', '$timeout',
+
+function(ApiService, CookieService, $rootScope, Config, $location, $timeout) {
+ var userResponse = {
+ verified: false,
+ anonymous: true,
+ username: null,
+ email: null,
+ organizations: [],
+ logins: [],
+ beforeload: true
+ };
+
+ var userService = {};
+
+ userService.hasEverLoggedIn = function() {
+ return CookieService.get('quay.loggedin') == 'true';
+ };
+
+ userService.updateUserIn = function(scope, opt_callback) {
+ scope.$watch(function () { return userService.currentUser(); }, function (currentUser) {
+ if (currentUser) {
+ $timeout(function(){
+ scope.user = currentUser;
+ if (opt_callback) {
+ opt_callback(currentUser);
+ }
+ }, 0, false);
+ };
+ }, true);
+ };
+
+ userService.load = function(opt_callback) {
+ var handleUserResponse = function(loadedUser) {
+ userResponse = loadedUser;
+
+ if (!userResponse.anonymous) {
+ if (Config.MIXPANEL_KEY) {
+ try {
+ mixpanel.identify(userResponse.username);
+ mixpanel.people.set({
+ '$email': userResponse.email,
+ '$username': userResponse.username,
+ 'verified': userResponse.verified
+ });
+ mixpanel.people.set_once({
+ '$created': new Date()
+ })
+ } catch (e) {
+ window.console.log(e);
+ }
+ }
+
+ if (Config.MARKETO_MUNCHKIN_ID && userResponse['marketo_user_hash']) {
+ var associateLeadBody = {'Email': userResponse.email};
+ if (window.Munchkin !== undefined) {
+ try {
+ Munchkin.munchkinFunction(
+ 'associateLead',
+ associateLeadBody,
+ userResponse['marketo_user_hash']
+ );
+ } catch (e) {
+ }
+ } else {
+ window.__quay_munchkin_queue.push([
+ 'associateLead',
+ associateLeadBody,
+ userResponse['marketo_user_hash']
+ ]);
+ }
+ }
+
+ if (window.Raven !== undefined) {
+ try {
+ Raven.setUser({
+ email: userResponse.email,
+ id: userResponse.username
+ });
+ } catch (e) {
+ window.console.log(e);
+ }
+ }
+
+ CookieService.putPermanent('quay.loggedin', 'true');
+ } else {
+ if (window.Raven !== undefined) {
+ Raven.setUser();
+ }
+ }
+
+ // If the loaded user has a prompt, redirect them to the update page.
+ if (loadedUser.prompts && loadedUser.prompts.length) {
+ $location.path('/updateuser');
+ return;
+ }
+
+ if (opt_callback) {
+ opt_callback(loadedUser);
+ }
+ };
+
+ ApiService.getLoggedInUser().then(function(loadedUser) {
+ handleUserResponse(loadedUser);
+ }, function() {
+ handleUserResponse({'anonymous': true});
+ });
+ };
+
+ userService.isOrganization = function(name) {
+ return !!userService.getOrganization(name);
+ };
+
+ userService.getOrganization = function(name) {
+ if (!userResponse || !userResponse.organizations) { return null; }
+ for (var i = 0; i < userResponse.organizations.length; ++i) {
+ var org = userResponse.organizations[i];
+ if (org.name == name) {
+ return org;
+ }
+ }
+
+ return null;
+ };
+
+ userService.isNamespaceAdmin = function(namespace) {
+ if (namespace == userResponse.username) {
+ return true;
+ }
+
+ var org = userService.getOrganization(namespace);
+ if (!org) {
+ return false;
+ }
+
+ return org.is_org_admin;
+ };
+
+ userService.isKnownNamespace = function(namespace) {
+ if (namespace == userResponse.username) {
+ return true;
+ }
+
+ var org = userService.getOrganization(namespace);
+ return !!org;
+ };
+
+ userService.getNamespace = function(namespace) {
+ var org = userService.getOrganization(namespace);
+ if (org) {
+ return org;
+ }
+
+ if (namespace == userResponse.username) {
+ return userResponse;
+ }
+
+ return null;
+ };
+
+ userService.currentUser = function() {
+ return userResponse;
+ };
+
+ // Update the user in the root scope.
+ userService.updateUserIn($rootScope);
+
+ return userService;
+}]);
diff --git a/config_app/js/services/util-service.js b/config_app/js/services/util-service.js
new file mode 100644
index 000000000..34f0a4191
--- /dev/null
+++ b/config_app/js/services/util-service.js
@@ -0,0 +1,83 @@
+/**
+ * Service which exposes various utility methods.
+ */
+angular.module('quay-config').factory('UtilService', ['$sanitize',
+ function($sanitize) {
+ var utilService = {};
+
+ var adBlockEnabled = null;
+
+ utilService.isAdBlockEnabled = function(callback) {
+ if (adBlockEnabled !== null) {
+ callback(adBlockEnabled);
+ return;
+ }
+
+ if(typeof blockAdBlock === 'undefined') {
+ callback(true);
+ return;
+ }
+
+ var bab = new BlockAdBlock({
+ checkOnLoad: false,
+ resetOnEnd: true
+ });
+
+ bab.onDetected(function() { adBlockEnabled = true; callback(true); });
+ bab.onNotDetected(function() { adBlockEnabled = false; callback(false); });
+ bab.check();
+ };
+
+ utilService.isEmailAddress = function(val) {
+ var emailRegex = /^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/;
+ return emailRegex.test(val);
+ };
+
+ utilService.escapeHtmlString = function(text) {
+ var textStr = (text || '').toString();
+ var adjusted = textStr.replace(/&/g, "&")
+ .replace(//g, ">")
+ .replace(/"/g, """)
+ .replace(/'/g, "'");
+
+ return adjusted;
+ };
+
+ utilService.stringToHTML = function(text) {
+ text = utilService.escapeHtmlString(text);
+ text = text.replace(/\n/g, '
');
+ return text;
+ };
+
+ utilService.getRestUrl = function(args) {
+ var url = '';
+ for (var i = 0; i < arguments.length; ++i) {
+ if (i > 0) {
+ url += '/';
+ }
+ url += encodeURI(arguments[i])
+ }
+ return url;
+ };
+
+ utilService.textToSafeHtml = function(text) {
+ return $sanitize(utilService.escapeHtmlString(text));
+ };
+
+ return utilService;
+ }])
+ .factory('CoreDialog', [() => {
+ var service = {};
+ service['fatal'] = function(title, message) {
+ bootbox.dialog({
+ "title": title,
+ "message": "
" + message,
+ "buttons": {},
+ "className": "co-dialog fatal-error",
+ "closeButton": false
+ });
+ };
+
+ return service;
+ }]);
diff --git a/config_app/js/setup/setup.component.js b/config_app/js/setup/setup.component.js
new file mode 100644
index 000000000..65a076f31
--- /dev/null
+++ b/config_app/js/setup/setup.component.js
@@ -0,0 +1,319 @@
+import * as URI from 'urijs';
+const templateUrl = require('./setup.html');
+
+(function() {
+ /**
+ * The Setup page provides a nice GUI walkthrough experience for setting up Red Hat Quay.
+ */
+
+ angular.module('quay-config').directive('setup', () => {
+ const directiveDefinitionObject = {
+ priority: 1,
+ templateUrl,
+ replace: true,
+ transclude: true,
+ restrict: 'C',
+ scope: {
+ 'isActive': '=isActive',
+ 'configurationSaved': '&configurationSaved',
+ 'setupCompleted': '&setupCompleted',
+ },
+ controller: SetupCtrl,
+ };
+
+ return directiveDefinitionObject;
+ })
+
+ function SetupCtrl($scope, $timeout, ApiService, Features, UserService, ContainerService, CoreDialog) {
+ // if (!Features.SUPER_USERS) {
+ // return;
+ // }
+
+ $scope.HOSTNAME_REGEX = '^[a-zA-Z-0-9_\.\-]+(:[0-9]+)?$';
+
+ $scope.validateHostname = function(hostname) {
+ if (hostname.indexOf('127.0.0.1') == 0 || hostname.indexOf('localhost') == 0) {
+ return 'Please specify a non-localhost hostname. "localhost" will refer to the container, not your machine.'
+ }
+
+ return null;
+ };
+
+ // Note: The values of the enumeration are important for isStepFamily. For example,
+ // *all* states under the "configuring db" family must start with "config-db".
+ $scope.States = {
+ // Loading the state of the product.
+ 'LOADING': 'loading',
+
+ // The configuration directory is missing.
+ 'MISSING_CONFIG_DIR': 'missing-config-dir',
+
+ // The config.yaml exists but it is invalid.
+ 'INVALID_CONFIG': 'config-invalid',
+
+ // DB is being configured.
+ 'CONFIG_DB': 'config-db',
+
+ // DB information is being validated.
+ 'VALIDATING_DB': 'config-db-validating',
+
+ // DB information is being saved to the config.
+ 'SAVING_DB': 'config-db-saving',
+
+ // A validation error occurred with the database.
+ 'DB_ERROR': 'config-db-error',
+
+ // Database is being setup.
+ 'DB_SETUP': 'setup-db',
+
+ // An error occurred when setting up the database.
+ 'DB_SETUP_ERROR': 'setup-db-error',
+
+ // A superuser is being configured.
+ 'CREATE_SUPERUSER': 'create-superuser',
+
+ // The superuser is being created.
+ 'CREATING_SUPERUSER': 'create-superuser-creating',
+
+ // An error occurred when setting up the superuser.
+ 'SUPERUSER_ERROR': 'create-superuser-error',
+
+ // The superuser was created successfully.
+ 'SUPERUSER_CREATED': 'create-superuser-created',
+
+ // General configuration is being setup.
+ 'CONFIG': 'config',
+
+ // The configuration is fully valid.
+ 'VALID_CONFIG': 'valid-config',
+
+ // The product is ready for use.
+ 'READY': 'ready'
+ }
+
+ $scope.csrf_token = window.__token;
+ $scope.currentStep = $scope.States.LOADING;
+ $scope.errors = {};
+ $scope.stepProgress = [];
+ $scope.hasSSL = false;
+ $scope.hostname = null;
+ $scope.currentConfig = null;
+
+ $scope.currentState = {
+ 'hasDatabaseSSLCert': false
+ };
+
+ $scope.$watch('currentStep', function(currentStep) {
+ $scope.stepProgress = $scope.getProgress(currentStep);
+
+ switch (currentStep) {
+ case $scope.States.CONFIG:
+ $('#setupModal').modal('hide');
+ break;
+
+ case $scope.States.MISSING_CONFIG_DIR:
+ $scope.showMissingConfigDialog();
+ break;
+
+ case $scope.States.INVALID_CONFIG:
+ $scope.showInvalidConfigDialog();
+ break;
+
+ case $scope.States.DB_SETUP:
+ $scope.performDatabaseSetup();
+ // Fall-through.
+
+ case $scope.States.CREATE_SUPERUSER:
+ case $scope.States.CONFIG_DB:
+ case $scope.States.VALID_CONFIG:
+ case $scope.States.READY:
+ $('#setupModal').modal({
+ keyboard: false,
+ backdrop: 'static'
+ });
+ break;
+ }
+ });
+
+ $scope.restartContainer = function(state) {
+ $scope.currentStep = state;
+ ContainerService.restartContainer(function() {
+ $scope.checkStatus()
+ });
+ };
+
+ $scope.showSuperuserPanel = function() {
+ $('#setupModal').modal('hide');
+ var prefix = $scope.hasSSL ? 'https' : 'http';
+ var hostname = $scope.hostname;
+ if (!hostname) {
+ hostname = document.location.hostname;
+ if (document.location.port) {
+ hostname = hostname + ':' + document.location.port;
+ }
+ }
+
+ window.location = prefix + '://' + hostname + '/superuser';
+ };
+
+ $scope.configurationSaved = function(config) {
+ $scope.hasSSL = config['PREFERRED_URL_SCHEME'] == 'https';
+ $scope.hostname = config['SERVER_HOSTNAME'];
+ $scope.currentConfig = config;
+
+ $scope.currentStep = $scope.States.VALID_CONFIG;
+ };
+
+ $scope.getProgress = function(step) {
+ var isStep = $scope.isStep;
+ var isStepFamily = $scope.isStepFamily;
+ var States = $scope.States;
+
+ return [
+ isStepFamily(step, States.CONFIG_DB),
+ isStepFamily(step, States.DB_SETUP),
+ isStepFamily(step, States.CREATE_SUPERUSER),
+ isStep(step, States.CONFIG),
+ isStep(step, States.VALID_CONFIG),
+ isStep(step, States.READY)
+ ];
+ };
+
+ $scope.isStepFamily = function(step, family) {
+ if (!step) { return false; }
+ return step.indexOf(family) == 0;
+ };
+
+ $scope.isStep = function(step) {
+ for (var i = 1; i < arguments.length; ++i) {
+ if (arguments[i] == step) {
+ return true;
+ }
+ }
+ return false;
+ };
+
+ $scope.beginSetup = function() {
+ $scope.currentStep = $scope.States.CONFIG_DB;
+ };
+
+ $scope.showInvalidConfigDialog = function() {
+ var message = "The
config.yaml file found in
conf/stack could not be parsed."
+ var title = "Invalid configuration file";
+ CoreDialog.fatal(title, message);
+ };
+
+
+ $scope.showMissingConfigDialog = function() {
+ var message = "A volume should be mounted into the container at
/conf/stack: " +
+ "
docker run -v /path/to/config:/conf/stack " +
+ "
Once fixed, restart the container. For more information, " +
+ "
" +
+ "Read the Setup Guide "
+
+ var title = "Missing configuration volume";
+ CoreDialog.fatal(title, message);
+ };
+
+ $scope.parseDbUri = function(value) {
+ if (!value) { return null; }
+
+ // Format: mysql+pymysql://
:@/
+ var uri = URI(value);
+ return {
+ 'kind': uri.protocol(),
+ 'username': uri.username(),
+ 'password': uri.password(),
+ 'server': uri.host(),
+ 'database': uri.path() ? uri.path().substr(1) : ''
+ };
+ };
+
+ $scope.serializeDbUri = function(fields) {
+ if (!fields['server']) { return ''; }
+ if (!fields['database']) { return ''; }
+
+ var uri = URI();
+ try {
+ uri = uri && uri.host(fields['server']);
+ uri = uri && uri.protocol(fields['kind']);
+ uri = uri && uri.username(fields['username']);
+ uri = uri && uri.password(fields['password']);
+ uri = uri && uri.path('/' + (fields['database'] || ''));
+ uri = uri && uri.toString();
+ } catch (ex) {
+ return '';
+ }
+
+ return uri;
+ };
+
+ $scope.createSuperUser = function() {
+ $scope.currentStep = $scope.States.CREATING_SUPERUSER;
+ ApiService.scCreateInitialSuperuser($scope.superUser, null).then(function(resp) {
+ $scope.checkStatus();
+ }, function(resp) {
+ $scope.currentStep = $scope.States.SUPERUSER_ERROR;
+ $scope.errors.SuperuserCreationError = ApiService.getErrorMessage(resp, 'Could not create superuser');
+ });
+ };
+
+ $scope.performDatabaseSetup = function() {
+ $scope.currentStep = $scope.States.DB_SETUP;
+ ApiService.scSetupDatabase(null, null).then(function(resp) {
+ if (resp['error']) {
+ $scope.currentStep = $scope.States.DB_SETUP_ERROR;
+ $scope.errors.DatabaseSetupError = resp['error'];
+ } else {
+ $scope.currentStep = $scope.States.CREATE_SUPERUSER;
+ }
+ }, ApiService.errorDisplay('Could not setup database. Please report this to support.'))
+ };
+
+ $scope.validateDatabase = function() {
+ $scope.currentStep = $scope.States.VALIDATING_DB;
+ $scope.databaseInvalid = null;
+
+ var data = {
+ 'config': {
+ 'DB_URI': $scope.databaseUri
+ },
+ };
+
+ if ($scope.currentState.hasDatabaseSSLCert) {
+ data['config']['DB_CONNECTION_ARGS'] = {
+ 'ssl': {
+ 'ca': 'conf/stack/database.pem'
+ }
+ };
+ }
+
+ var params = {
+ 'service': 'database'
+ };
+
+ ApiService.scValidateConfig(data, params).then(function(resp) {
+ var status = resp.status;
+
+ if (status) {
+ $scope.currentStep = $scope.States.SAVING_DB;
+ ApiService.scUpdateConfig(data, null).then(function(resp) {
+ $scope.checkStatus();
+ }, ApiService.errorDisplay('Cannot update config. Please report this to support'));
+ } else {
+ $scope.currentStep = $scope.States.DB_ERROR;
+ $scope.errors.DatabaseValidationError = resp.reason;
+ }
+ }, ApiService.errorDisplay('Cannot validate database. Please report this to support'));
+ };
+
+ $scope.checkStatus = function() {
+ ContainerService.checkStatus(function(resp) {
+ $scope.currentStep = resp['status'];
+ }, $scope.currentConfig);
+ };
+
+ // Load the initial status.
+ $scope.checkStatus();
+ };
+})();
diff --git a/static/partials/setup.html b/config_app/js/setup/setup.html
similarity index 90%
rename from static/partials/setup.html
rename to config_app/js/setup/setup.html
index 50e507ad4..7b989804f 100644
--- a/static/partials/setup.html
+++ b/config_app/js/setup/setup.html
@@ -1,22 +1,21 @@
+
-
+
Enterprise Registry Setup
+ Red Hat Quay Setup
-
+
Almost done!
@@ -24,7 +23,9 @@
+ configuration-saved="configurationSaved(config)"
+ setup-completed="setupCompleted()"
+ >
@@ -38,14 +39,12 @@
-
+
Setup
+
+Click on "Start New Registry Setup", and follow the instructions to create your configuration, downloading and saving it when complete.
+
+**Note**: Please keep this tarball safe, as it contains your certificates and other access credentials unencryped. You will also need it if you ever wish to update your configuration.
+
+
+## Setting up the directories
+
+Red Hat Quay requires a configuration directory (and a storage directory if using local storage):
+
+You will need to extract the tarball you received in the previous step into a directory:
+```
+mkdir config && tar xzf quay-config.tar.gz -C config
+```
+
+
+If you are storing images locally, then you will need a storage directory (skip this step if you are storing images remotely):
+```
+mkdir storage
+```
+
+**Note**: storing images locally is not recommended for production workloads!
+
+
+
+## Running the registry
+
+If you are running with local storage, you'll have to add it as a volume to the docker command, replacing `/local/path/to/the/config/directory` and `/local/path/to/the/storage/directory` with the absolute paths to the directories created in the previous step:
+
+
+```
+sudo docker run --restart=always -p 443:443 -p 80:80 --privileged=true -v /local/path/to/the/config/directory:/conf/stack -v /local/path/to/the/storage/directory:/datastorage -d quay.io/coreos/quay:3.0.0
+```
+
+Otherwise, run the following command, replacing `/local/path/to/the/config/directory` with the absolute path to the directory created in the previous step:
+
+```
+sudo docker run --restart=always -p 443:443 -p 80:80 --privileged=true -v /local/path/to/the/config/directory:/conf/stack -d quay.io/coreos/quay:3.0.0
+```
+
+
+## Verifying the status of QE
+
+Visit the `/health/endtoend` endpoint on the Red Hat Quay hostname and verify that the `code` is `200` and `is_testing` is `false`.
+
+If `code` is anything other than `200`, visit http://yourhost/ and you will see instructions detailing the problems Red Hat Quay is having with the configuration.
+
+
+## Logging in
+
+### If using database authentication:
+
+Once Red Hat Quay is running, new users can be created by clicking the `Sign Up` button. If e-mail is enabled, the sign up process will require an e-mail confirmation step, after which repositories, organizations and teams can be setup by the user.
+
+
+### If using LDAP authentication:
+
+Users should be able to login to the Red Hat Quay directly with their LDAP username and password.
+
+
+## Updating your configuration
+
+If you ever wish to change your configuration, you will need to run the configuration tool again:
+
+```
+sudo docker run -p 443:443 -d quay.io/coreos/quay:v3.0.0 config
+```
+
+Click on "Modify an existing configuration", and upload the tarball provided when initially creating the configuration.
+
+You will be taken to the setup page, with your previous configuration values pre-populated. After you have made your changes, save the configuration and download the tarball.
+
+
+
+Extract the tarball into the config directory where your Red Hat Quay will run:
+```
+mkdir config && tar xzf quay-config.tar.gz -C config
+```
+
+Now run Red Hat Quay as stated in the **Running the registry** step, and your new instance will reflect the changes made in the new configuration.
+
diff --git a/config_app/docs/k8s_templates/config-tool-service-nodeport.yml b/config_app/docs/k8s_templates/config-tool-service-nodeport.yml
new file mode 100644
index 000000000..313ad2b1c
--- /dev/null
+++ b/config_app/docs/k8s_templates/config-tool-service-nodeport.yml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: quay-enterprise
+ name: quay-enterprise-config-tool
+spec:
+ type: NodePort
+ ports:
+ - protocol: TCP
+ port: 443
+ targetPort: 443
+ nodePort: 30090
+ selector:
+ quay-enterprise-component: config-tool
diff --git a/config_app/docs/k8s_templates/config-tool-serviceaccount.yml b/config_app/docs/k8s_templates/config-tool-serviceaccount.yml
new file mode 100644
index 000000000..2af878c5a
--- /dev/null
+++ b/config_app/docs/k8s_templates/config-tool-serviceaccount.yml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: qe-config-tool-serviceaccount
+ namespace: quay-enterprise
diff --git a/config_app/docs/k8s_templates/config-tool-servicetoken-role-binding.yml b/config_app/docs/k8s_templates/config-tool-servicetoken-role-binding.yml
new file mode 100644
index 000000000..fa12b296d
--- /dev/null
+++ b/config_app/docs/k8s_templates/config-tool-servicetoken-role-binding.yml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: quay-enterprise-config-tool-writer
+ namespace: quay-enterprise
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: quay-enterprise-config-tool-role
+subjects:
+- kind: ServiceAccount
+ name: qe-config-tool-serviceaccount
diff --git a/config_app/docs/k8s_templates/config-tool-servicetoken-role.yml b/config_app/docs/k8s_templates/config-tool-servicetoken-role.yml
new file mode 100644
index 000000000..f11ee3281
--- /dev/null
+++ b/config_app/docs/k8s_templates/config-tool-servicetoken-role.yml
@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: quay-enterprise-config-tool-role
+ namespace: quay-enterprise
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - put
+ - patch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+- apiGroups:
+ - "extensions"
+ - "apps"
+ resources:
+ - deployments
+ - deployments/rollback
+ verbs:
+ - create
+ - get
+ - list
+ - patch
diff --git a/config_app/docs/k8s_templates/qe-config-tool.yml b/config_app/docs/k8s_templates/qe-config-tool.yml
new file mode 100644
index 000000000..a3fab21bd
--- /dev/null
+++ b/config_app/docs/k8s_templates/qe-config-tool.yml
@@ -0,0 +1,30 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ namespace: quay-enterprise
+ name: quay-enterprise-config-tool
+ labels:
+ quay-enterprise-component: config-tool
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ quay-enterprise-component: config-tool
+ template:
+ metadata:
+ namespace: quay-enterprise
+ labels:
+ quay-enterprise-component: config-tool
+ spec:
+ serviceAccountName: qe-config-tool-serviceaccount
+ volumes:
+ - name: configvolume
+ secret:
+ secretName: quay-enterprise-config-secret
+ containers:
+ - name: quay-enterprise-config-tool
+ image: config-app:latest # TODO: change to reference to quay image?
+ imagePullPolicy: IfNotPresent # enable when testing with minikube
+ args: ["config"]
+ ports:
+ - containerPort: 80
diff --git a/config_app/docs/k8s_templates/quay-enterprise-app-rc.yml b/config_app/docs/k8s_templates/quay-enterprise-app-rc.yml
new file mode 100644
index 000000000..c4f8443b3
--- /dev/null
+++ b/config_app/docs/k8s_templates/quay-enterprise-app-rc.yml
@@ -0,0 +1,40 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ namespace: quay-enterprise
+ name: quay-enterprise-app
+ labels:
+ quay-enterprise-component: app
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ quay-enterprise-component: app
+ template:
+ metadata:
+ namespace: quay-enterprise
+ labels:
+ quay-enterprise-component: app
+ spec:
+ volumes:
+ - name: configvolume
+ secret:
+ secretName: quay-enterprise-config-secret
+ containers:
+ - name: quay-enterprise-app
+ image: quay.io/coreos/quay:v2.9.3
+ ports:
+ - containerPort: 80
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /health
+ port: 80
+ initialDelaySeconds: 10
+ periodSeconds: 5
+ volumeMounts:
+ - name: configvolume
+ readOnly: false
+ mountPath: /conf/stack
+ imagePullSecrets:
+ - name: coreos-pull-secret
diff --git a/config_app/docs/k8s_templates/quay-enterprise-config-secret.yml b/config_app/docs/k8s_templates/quay-enterprise-config-secret.yml
new file mode 100644
index 000000000..83a49ab3a
--- /dev/null
+++ b/config_app/docs/k8s_templates/quay-enterprise-config-secret.yml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: quay-enterprise
+ name: quay-enterprise-config-secret
diff --git a/config_app/docs/k8s_templates/quay-enterprise-namespace.yml b/config_app/docs/k8s_templates/quay-enterprise-namespace.yml
new file mode 100644
index 000000000..cb4adf59b
--- /dev/null
+++ b/config_app/docs/k8s_templates/quay-enterprise-namespace.yml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: quay-enterprise
diff --git a/config_app/docs/k8s_templates/quay-enterprise-redis.yml b/config_app/docs/k8s_templates/quay-enterprise-redis.yml
new file mode 100644
index 000000000..37982cbb2
--- /dev/null
+++ b/config_app/docs/k8s_templates/quay-enterprise-redis.yml
@@ -0,0 +1,36 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ namespace: quay-enterprise
+ name: quay-enterprise-redis
+ labels:
+ quay-enterprise-component: redis
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ quay-enterprise-component: redis
+ template:
+ metadata:
+ namespace: quay-enterprise
+ labels:
+ quay-enterprise-component: redis
+ spec:
+ containers:
+ - name: redis-master
+ image: quay.io/quay/redis
+ ports:
+ - containerPort: 6379
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: quay-enterprise
+ name: quay-enterprise-redis
+ labels:
+ quay-enterprise-component: redis
+spec:
+ ports:
+ - port: 6379
+ selector:
+ quay-enterprise-component: redis
diff --git a/config_app/docs/k8s_templates/quay-enterprise-service-loadbalancer.yml b/config_app/docs/k8s_templates/quay-enterprise-service-loadbalancer.yml
new file mode 100644
index 000000000..0cf47896f
--- /dev/null
+++ b/config_app/docs/k8s_templates/quay-enterprise-service-loadbalancer.yml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: quay-enterprise
+ name: quay-enterprise
+spec:
+ type: LoadBalancer
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 80
+ name: http
+ - protocol: TCP
+ port: 443
+ targetPort: 443
+ name: https
+ selector:
+ quay-enterprise-component: app
diff --git a/config_app/docs/k8s_templates/quay-enterprise-service-nodeport.yml b/config_app/docs/k8s_templates/quay-enterprise-service-nodeport.yml
new file mode 100644
index 000000000..ea05cfde8
--- /dev/null
+++ b/config_app/docs/k8s_templates/quay-enterprise-service-nodeport.yml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: quay-enterprise
+ name: quay-enterprise
+spec:
+ type: NodePort
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 80
+ nodePort: 30080
+ selector:
+ quay-enterprise-component: app
diff --git a/config_app/docs/k8s_templates/quay-servicetoken-role-binding-k8s1-6.yaml b/config_app/docs/k8s_templates/quay-servicetoken-role-binding-k8s1-6.yaml
new file mode 100644
index 000000000..045baad12
--- /dev/null
+++ b/config_app/docs/k8s_templates/quay-servicetoken-role-binding-k8s1-6.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: quay-enterprise-secret-writer
+ namespace: quay-enterprise
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: quay-enterprise-serviceaccount
+subjects:
+- kind: ServiceAccount
+ name: default
\ No newline at end of file
diff --git a/config_app/docs/k8s_templates/quay-servicetoken-role-k8s1-6.yaml b/config_app/docs/k8s_templates/quay-servicetoken-role-k8s1-6.yaml
new file mode 100644
index 000000000..610894eff
--- /dev/null
+++ b/config_app/docs/k8s_templates/quay-servicetoken-role-k8s1-6.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: quay-enterprise-serviceaccount
+ namespace: quay-enterprise
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - put
+ - patch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
diff --git a/config_app/docs/kube_setup.md b/config_app/docs/kube_setup.md
new file mode 100644
index 000000000..72529b2e9
--- /dev/null
+++ b/config_app/docs/kube_setup.md
@@ -0,0 +1,143 @@
+# Red Hat Quay Installation on Kubernetes
+
+This guide walks through the deployment of [Red Hat Quay][quay-enterprise-tour] onto a Kubernetes cluster.
+After completing the steps in this guide, a deployer will have a functioning instance of Red Hat Quay orchestrated as a Kubernetes service on a cluster, and will be able to access the Red Hat Quay Setup tool with a browser to complete configuration of image repositories, builders, and users.
+
+[quay-enterprise-tour]: https://quay.io/tour/enterprise
+
+## Prerequisites
+
+A PostgreSQL database must be available for Red Hat Quay metadata storage.
+We currently recommend running this database server outside of the cluster.
+
+## Download Kubernetes Configuration Files
+
+Visit the [RedHat Documentation][RedHat-documentation] and download the pre-formatted pull secret, under "Account Assets". There are several formats of the secret, be sure to download the "dockercfg" format resulting in a `config.json` file. This pull secret is used to download the Red Hat Quay containers.
+
+This will be used later in the guide.
+
+[RedHat-documentation]: https://access.redhat.com/documentation/en-us/
+
+Next, download each of the following files to your workstation, placing them alongside your pull secret:
+
+- [quay-enterprise-namespace.yml](k8s_templates/quay-enterprise-namespace.yml)
+- [quay-enterprise-config-secret.yml](k8s_templates/quay-enterprise-config-secret.yml)
+- [quay-enterprise-redis.yml](k8s_templates/quay-enterprise-redis.yml)
+- [quay-enterprise-app-rc.yml](k8s_templates/quay-enterprise-app-rc.yml)
+- [quay-enterprise-service-nodeport.yml](k8s_templates/quay-enterprise-service-nodeport.yml)
+- [quay-enterprise-service-loadbalancer.yml](k8s_templates/quay-enterprise-service-loadbalancer.yml)
+
+## Role Based Access Control
+
+Red Hat Quay has native Kubernetes integrations. These integrations require Service Account to have access to Kubernetes API. When Kubernetes RBAC is enabled, Role Based Access Control policy manifests also have to be deployed.
+
+Kubernetes API has minor changes between versions 1.4 and 1.5, Download appropiate versions of Role Based Access Control (RBAC) Policies.
+
+### Kubernetes v1.6.x and later RBAC Policies
+
+- [quay-servicetoken-role.yaml](k8s_templates/quay-servicetoken-role-k8s1-6.yaml)
+- [quay-servicetoken-role-binding.yaml](k8s_templates/quay-servicetoken-role-binding-k8s1-6.yaml)
+
+
+## Deploy to Kubernetes
+
+All Kubernetes objects will be deployed under the "quay-enterprise" namespace.
+The first step is to create this namespace:
+
+```sh
+kubectl create -f quay-enterprise-namespace.yml
+```
+
+Next, add your pull secret to Kubernetes (make sure you specify the correct path to `config.json`):
+
+```sh
+kubectl create secret generic coreos-pull-secret --from-file=".dockerconfigjson=config.json" --type='kubernetes.io/dockerconfigjson' --namespace=quay-enterprise
+```
+
+### Kubernetes v1.6.x and later : Deploy RBAC Policies
+
+```sh
+kubectl create -f quay-servicetoken-role-k8s1-6.yaml
+kubectl create -f quay-servicetoken-role-binding-k8s1-6.yaml
+```
+
+### Deploy Red Hat Quay objects
+
+Finally, the remaining Kubernetes objects can be deployed onto Kubernetes:
+
+```sh
+kubectl create -f quay-enterprise-config-secret.yml -f quay-enterprise-redis.yml -f quay-enterprise-app-rc.yml
+```
+
+## Expose via Kubernetes Service
+
+In order to access Red Hat Quay, a user must route to it through a Kubernetes Service.
+It is up to the deployer to decide which Service type is appropriate for their use case: a [LoadBalancer](http://kubernetes.io/docs/user-guide/services/#type-loadbalancer) or a [NodePort](http://kubernetes.io/docs/user-guide/services/#type-nodeport).
+
+A LoadBalancer is recommended if the Kubernetes cluster is integrated with a cloud provider, otherwise a NodePort will suffice.
+Along with this guide are examples of this service.
+
+### LoadBalancer
+
+Using the sample provided, a LoadBalancer Kubernetes Service can be created like so:
+
+```sh
+kubectl create -f quay-enterprise-service-loadbalancer.yml
+```
+
+kubectl can be used to find the externally-accessible URL of the quay-enterprise service:
+
+```sh
+kubectl describe services quay-enterprise --namespace=quay-enterprise
+```
+
+### NodePort
+
+Using the sample provided, a NodePort Kubernetes Service can be created like so:
+
+```sh
+kubectl create -f quay-enterprise-service-nodeport.yml
+```
+
+By default, the quay-enterprise service will be available on port 30080 on every node in the Kubernetes cluster.
+If this port conflicts with an existing Kubernetes Service, simply modify the sample configuration file and change the value of NodePort.
+
+## Continue with Red Hat Quay Setup
+
+All that remains is to configure Red Hat Quay itself through the configuration tool.
+
+Download the following files to your workstation:
+
+- [config-tool-service-nodeport.yml](k8s_templates/config-tool-service-nodeport.yml)
+- [config-tool-serviceaccount.yml](k8s_templates/config-tool-serviceaccount.yml)
+- [config-tool-servicetoken-role.yml](k8s_templates/config-tool-servicetoken-role.yml)
+- [config-tool-servicetoken-role-binding.yml](k8s_templates/config-tool-servicetoken-role-binding.yml)
+- [qe-config-tool.yml](k8s_templates/qe-config-tool.yml)
+
+### Configuring RBAC for the configuration tool
+
+Apply the following policies to allow the config tool to make changes to the Q.E. deployment:
+```bash
+kubectl apply -f config-tool-serviceaccount.yaml
+```
+```bash
+kubectl apply -f config-tool-servicetoken-role.yaml
+```
+```bash
+kubectl apply -f config-tool-servicetoken-role-binding.yaml
+```
+
+### Deploy Config Tool
+
+Deploy the configuration tool and route a service to it:
+```bash
+kubectl apply -f qe-config-tool.yml -f config-tool-service-nodeport.yml
+```
+
+By default, the config-tool service will be available on port 30090 on every node in the Kubernetes cluster.
+Similar to the Quay application service, if this port conflicts with an existing Kubernetes Service, simply modify the sample configuration file and change the value of NodePort.
+Once at the Red Hat Quay setup UI, follow the setup instructions to finalize your installation.
+
+## Using the Configuration Tool
+Click on "Start New Configuration for this Cluster", and follow the instructions to create your configuration, downloading and saving it (to load as a backup or if you ever wish to change your settings).
+You will also be able to deploy the configuration to all instances by hitting "Deploy". Allow for a minute for the Quay instances to cycle the pods, and your configuration will be enacted once the pods have started.
diff --git a/config_app/init/certs_create.sh b/config_app/init/certs_create.sh
new file mode 100755
index 000000000..0437188ca
--- /dev/null
+++ b/config_app/init/certs_create.sh
@@ -0,0 +1,22 @@
+#! /bin/bash
+set -e
+QUAYPATH=${QUAYPATH:-"."}
+QUAYCONF=${QUAYCONF:-"$QUAYPATH/conf"}
+cd ${QUAYDIR:-"/"}
+
+if [ -f "$QUAYCONF/stack/ssl.key" ] && [ -f "$QUAYCONF/stack/ssl.cert" ]; then
+ echo 'Using mounted ssl certs for quay-config app'
+ cp $QUAYCONF/stack/ssl.key $QUAYDIR/config_app/quay-config.key
+ cp $QUAYCONF/stack/ssl.cert $QUAYDIR/config_app/quay-config.cert
+else
+ echo 'Creating self-signed certs for quay-config app'
+
+ # Create certs to secure connections while uploading config for secrets
+ # echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert -initca - | cfssljson -bare quay-config
+ mkdir -p /certificates; cd /certificates
+ openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
+ -subj "/C=US/ST=NY/L=NYC/O=Dis/CN=self-signed" \
+ -keyout quay-config-key.pem -out quay-config.pem
+ cp /certificates/quay-config-key.pem $QUAYDIR/config_app/quay-config.key
+ cp /certificates/quay-config.pem $QUAYDIR/config_app/quay-config.cert
+fi
diff --git a/config_app/init/service/gunicorn_web/run b/config_app/init/service/gunicorn_web/run
new file mode 100755
index 000000000..1fdf1870e
--- /dev/null
+++ b/config_app/init/service/gunicorn_web/run
@@ -0,0 +1,11 @@
+#! /bin/bash
+
+echo 'Starting gunicon'
+
+QUAYPATH=${QUAYPATH:-"."}
+QUAYCONF=${QUAYCONF:-"$QUAYPATH/conf"}
+
+cd ${QUAYDIR:-"/"}
+PYTHONPATH=$QUAYPATH venv/bin/gunicorn -c $QUAYDIR/config_app/conf/gunicorn_web.py config_application:application
+
+echo 'Gunicorn exited'
\ No newline at end of file
diff --git a/config_app/init/service/nginx/run b/config_app/init/service/nginx/run
new file mode 100755
index 000000000..7c4c96026
--- /dev/null
+++ b/config_app/init/service/nginx/run
@@ -0,0 +1,12 @@
+#! /bin/bash
+
+echo 'Starting nginx'
+
+QUAYPATH=${QUAYPATH:-"."}
+cd ${QUAYDIR:-"/"}
+PYTHONPATH=$QUAYPATH
+QUAYCONF=${QUAYCONF:-"$QUAYPATH/conf"}
+
+/usr/sbin/nginx -c $QUAYDIR/config_app/conf/nginx.conf
+
+echo 'Nginx exited'
diff --git a/config_app/js/components/config-setup-app/config-setup-app.component.html b/config_app/js/components/config-setup-app/config-setup-app.component.html
new file mode 100644
index 000000000..58edfcac2
--- /dev/null
+++ b/config_app/js/components/config-setup-app/config-setup-app.component.html
@@ -0,0 +1,61 @@
+