* Quota: Configuring Quota for user panel
* Added Quota Consumed column on Super users panel
* Fixing tests
* Fixing tests
* Adding tests for user quota operations
* Reverting org api changes + new endpoint for super user get method
* Reverting changes
* Added tests
* Fetching user namespace or organization
Removes read support for Clair V2, along with the need to package
jwtproxy with Quay.
TODO: Drop deprecate image api + image table, remove image data model.
Clients expect signed schema 1 manifests to contain a signature with the key ID in the correct format. We currently pass the automatically generated key ID which is just a hash of characters.
This causes errors in clients that try to pull signed schema 1 manifests that are generated by Quay - when creating tags through the UI or manifest conversions.
Currently when Quay is set to automatically create organizations it will check the user table for a matching username with organization set to true. This causes conflicts when a user already exists with the same username, where the check will fail and Quay will attempt to create an organization with the same name as the user. This change checks for only a matching username.
The distribution spec does not require the docker-content-digest header
to be set in response to a manifest GET/HEAD request.
This changes both the proxy client and the registry proxy model to
correctly check whether a manifest is up-to-date with the upstream
registry or not when no digest header is received.
NOTE: when checking staleness against registries that do not return the
docker-content-digest header, Quay will make a GET request to the
registry and calculate the digest from the manifest itself. GET requests
usually count towards rate-limiting.
This change also sets the accept-encoding header to 'identity'. The python
requests library seems to automatically set the accept-encoding header to
'gzip'. Dockerhub ignores that header when serving blobs, but some
registries don't (namely registry.access.redhat.com). When Quay receives a
gzipped config blob (have not tested non-config blobs) for some reason it
doesn't know how to handle it. I suspect it has to do wit the fact that in
this case the content-length header will differ from the actual size of
the response body, so when Quay tries to upload the blob it cannot
correctly calculate the actual blob size, so it does a partial upload to
its object storage, which then results in a digest mismatch error
(BlobDigestMismatchException).
Split the work of indexing the recent manifests iterator into multiple
batches. This can reduce how often duplicate work happens when
allowing multiple workers to work on the same chunk of the table.
Having only one worker index recent manifest doesn't keep up with the
rate new manifests being pushed, given the time it takes for an index
request to complete. Adding the option to bypass the global lock
allows for more workers, but also increase the chance of duplicate work.
* Quota API: Add super user permissions on Organization endpoints (PROJQUAY-3742)
* Removing super user permissions form userquota endpoints
* Adding super user permission checks
* Moving super user scope decorator to class level
In the previous kubernetes executor the build job was persisted in DEBUG mode due to the virtual machine in the pod never exiting. This kept the job alive for users to view the debug information. The `kubernetesPodman` executor does not run the VM so it will be cleaned up due to `ttlSecondsAfterFinished` being set on the job. This change prevents the `ttlSecondsAfterFinished` field from being set when DEBUG is true, allowing the pod to stay alive to retrieve the logs.
