docker/quay
1
0
Fork 0
mirror of https://github.com/quay/quay.git synced 2026-01-26 06:21:37 +03:00
Code Activity
11,970 Commits 2,636 Branches 136 Tags
v3.10.17
Commit Graph

121 Commits

Author SHA1 Message Date
OpenShift Cherrypick Robot
c1bc61e4f1 [redhat-3.10] api: adding global readonly user to list repo endpoint (PROJQUAY-7549) (#3087) 
Adding global readonly user to list repo endpoint.

Co-authored-by: bcaton <bcaton@redhat.com>
 2024-07-25 13:39:11 -04:00
OpenShift Cherrypick Robot
2119c14eab [redhat-3.10] api: adding token to global readonly user list robots (PROJQUAY-7545) (#3084) 
Adding token to list robots api when calling as global readonly superuser.

Co-authored-by: bcaton <bcaton@redhat.com>
 2024-07-25 10:51:26 -04:00
OpenShift Cherrypick Robot
071257c039 [redhat-3.10] api: adding global readonly superuser to superuser endpoints (PROJQUAY-7542) (#3078) 
Giving global readonly superuser permissions to superuser endpoints.

Co-authored-by: bcaton <bcaton@redhat.com>
 2024-07-25 10:02:15 -04:00
Brandon Caton
e1fc6e1c65 api: adding permissions for global readonly superuser (PROJQUAY-7545) (#3080) 
The global readonly superuser is missing read only permissions on certain GET api's. This adds those permissions.
 2024-07-24 16:04:53 -04:00
Brandon Caton
0eefefa7ce api: adding endpoints to FEATURE_SUPERUSERS_FULL_ACCESS (PROJQUAY-7308) (#2942) 
api: adding endpoints to FEATURE_SUPERUSERS_FULL_ACCESS
 2024-07-18 09:45:33 -04:00
Brandon Caton
02635f5fcc cherrypick: commit f2417670 from master (PROJQUAY-6895) (#2797) 
cherry-picking commit f241767005 from master
 2024-03-28 09:34:04 -04:00
OpenShift Cherrypick Robot
73b36220b3 [redhat-3.10] autoprune: adding audit logs to namespace autoprune policy API (PROJQUAY-6229) (#2538) 
Adding audit logs to namespace autoprune policy API

---------

Co-authored-by: bcaton <bcaton@redhat.com>
 2023-12-04 14:32:48 -05:00
OpenShift Cherrypick Robot
1499ae5cf2 [redhat-3.10] api: adding nickname decorator to autoprune policy endpoints (PROJQUAY-6483) (#2535) 
adding nickname decorator to autoprune policy endpoints

Co-authored-by: bcaton <bcaton@redhat.com>
 2023-12-04 13:43:52 -05:00
Brandon Caton
e5a5e17814 api: accepting empty body for create robot endpoints (PROJQUAY-6224) (#2420) 
accepting empty body for create robot endpoints
 2023-10-19 09:39:32 +02:00
Brandon Caton
22c4bbfee5 autoprune: add auto-prune policy endpoints (PROJQUAY-6096) (#2393) 
Add's the endpoints to create, update, delete, get, and list organization and user auto-prune policies.
 2023-10-10 16:38:46 -04:00
Brandon Caton
dcdf132fce quota: removing extra calls to get namespace quotas (PROJQUAY-6048) (#2267) 
Caches the result of retrieving the namespace quota limit.
 2023-09-29 15:15:03 -04:00
Oleg Bulatov
84fa795ae7 chore: fix isort config and remove isort: skip_file (#2196) 
* chore: pass config to isort as it doesn't always detect it

* chore: mark package "test" as local, not stdlib

* chore: remove "isort: skip_file"

* chore: fix app in test_load_security_information

* chore: fix app in test_notification

* chore: fix app in test_index_report
 2023-09-21 11:46:03 -04:00
Syed Ahmed
54fcfd14f9 secscan: Cache clair vuln reports (PROJQUAY-6057) (#2245) 
uses modelcache to for caching clair security report responses
 2023-09-20 20:33:41 +00:00
Kenny Lee Sin Cheong
72f7c64ed6 chore: update werkzeug and related package versions (PROJQUAY-5098) (#1982) 
* chore: update werkzeug and related package versions (PROJQUAY-5098)

Path converter related change reference: https://github.com/pallets/werkzeug/issues/2506

* Update query count
 2023-09-12 11:51:09 -04:00
Sunandadadi
c93b6d080d api: fix duplicate robot accounts (PROJQUAY-5931) (#2192) 
* api: fix duplicate robot accounts (PROJQUAY-5931)

* fixing formating

* referecing named tuples by names
 2023-09-01 12:03:33 -04:00
Marcus Kok
e44783fe19 billing: Assign SKU to org (PROJQUAY-5363) (#1989) 
* add migration for orgrhskus table

* add endpoints for managing and listing skus bound to an org

* create checks in billing flow to look for org-bound skus

* refactor RH marketplace api objects to be more usable in tests

* update cypress test db data and exclude it from pre-commit hook formatting
 2023-08-25 14:52:54 -04:00
Kenny Lee Sin Cheong
5f63b3a7bb chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089) 
* chore: drop deprecated tables and remove unused code

* isort imports

* migration: check for table existence before drop
 2023-08-25 12:17:24 -04:00
Kenny Lee Sin Cheong
0ea4826956 secscan: garbage collect manifests (#1663) 
Garbage collect manifests no longer referenced in Quay from the
security scanner service.

Also moved quota related code from data/registry_model/ to data/model/
to avoid circular dependencies.
 2023-07-06 11:59:47 -04:00
Oleg Bulatov
ea49bb53a3 chore: Bump mypy (#1962) 2023-06-28 13:47:32 +02:00
Ivan Bazulic
d7864ed4ee ui: Add custom TOS support (PROJQUAY-5648) (#1973) 
* ui: Add custom TOS support
Enable adding of a custom TOS in the Quay footer for on-premise installations via the optional `TERMS_OF_SERVICE` config flag.
If the flag is not defined, the TOS field will not be visible on Quay rendering. Also changes the behaviour of the discovery endpoint to include custom terms of service instead of pointing to Quay.io terms of service for all installations.

* Fix formatting errors

* Fix TOS page for Quay.io deployments

* Change TOS variable name to TERMS_OF_SERVICE_URL for better clarity

* Removed reference to Quay.io from the discovery endpoint description
 2023-06-19 11:44:52 -04:00
Brandon Caton
e38d70f0cb api: add permanently delete tag usage log (PROJQUAY-5496) (#1887) 
Now logging the permanently delete tag as a usage log.
 2023-06-02 10:43:14 -04:00
Harish Govindarajulu
e349762d78 proxy: Allow anonymous pulls from registries (PROJQUAY-5273) (#1906) 
This change allows validation of proxy cache config api to support anonymous pulls
when the registry returns a 401 since repo name is not known during initial proxy config

Signed-off-by: harishsurf <hgovinda@redhat.com>
 2023-05-25 11:53:15 -04:00
Marcus Kok
de8c48fa28 marketplace: fixing allowed repo count (PROJQUAY-5513) (#1891) 
* Aggregate stripe plans and subscriptions.

* Validate end date for subscriptions when fetching from marketplace.

* Check subscription returned from stripe api is non-null value when
finding stripe plan for sku.
 2023-05-25 10:46:58 -04:00
Brandon Caton
6cf0a3531b quota: calculating registry size (PROJQUAY-5476) (#1879) 
Allows superusers to trigger a calculation of the deduplicated registry size. A superuser can go to the organization panel of the superuser page and select Calculate to queue a calculation of the registry total. The total will only be calculated when requested. Includes warning to user of increase of database load when running calculation.
 2023-05-24 17:10:40 -04:00
Brandon Caton
9adf2d8cf0 superuser: paginate user's list (PROJQUAY-4297) (#1881) 
Allow loading of superuser user list for larger registries by paginating API call.
 2023-05-18 11:20:30 -04:00
Brandon Caton
c505a6bae8 superuser: paginating superuser organization list (PROJQUAY-4297) (#1876) 
Allows super user organization list to load for larger registries.
 2023-05-17 14:49:09 -04:00
Daniel Messer
41cd8330d0 logs: add audit log events for login/logout to Quay (PROJQUAY-2344) (#1866) 
* add auditing of login and logout events

Signed-off-by: dmesser <dmesser@redhat.com>

* python black formatting

Signed-off-by: dmesser <dmesser@redhat.com>

* correctly identify username during

Signed-off-by: dmesser <dmesser@redhat.com>

* revert change to existing code

Signed-off-by: dmesser <dmesser@redhat.com>

* remove superfluous ip tracking

Signed-off-by: dmesser <dmesser@redhat.com>

* beautify login messages

Signed-off-by: dmesser <dmesser@redhat.com>

* remove unused import

Signed-off-by: dmesser <dmesser@redhat.com>

* move alembic patch to head

Signed-off-by: dmesser <dmesser@redhat.com>

* correctly log target namespace for robots

Signed-off-by: dmesser <dmesser@redhat.com>

* python black formatting

Signed-off-by: dmesser <dmesser@redhat.com>

* login event detection refinement

Signed-off-by: dmesser <dmesser@redhat.com>

* add missing visualization

Signed-off-by: dmesser <dmesser@redhat.com>

* enrich login event data

Signed-off-by: dmesser <dmesser@redhat.com>

* make login auditing configurable

Signed-off-by: dmesser <dmesser@redhat.com>

* make update-testdata

Signed-off-by: dmesser <dmesser@redhat.com>

---------

Signed-off-by: dmesser <dmesser@redhat.com>
 2023-05-17 11:22:35 +02:00
Marcus Kok
0a1c7fb22e marketplace: add reconciler (PROJQUAY-5320) (#1817) 
marketplace: add reconciler (PROJQUAY-5320)
* check RH marketplace after stripe for private repo creation / changing visibility
* add reconciliation worker that creates RH subscriptions in marketplace for pre-existing stripe customers
 2023-05-08 09:48:17 -04:00
Kenny Lee Sin Cheong
2d949b3b2e billing: allow changing subscription on empty stripe_id (PROJQUAY-5413) (#1857) 
Fix to allow non-stripe user changing to free plan in order to convert
from user to organization.
 2023-05-03 10:01:13 -04:00
Daniel Messer
37e4990b07 logs: Add audit logs for organization and user namespace activities (PROJQUAY-3482) (#1846) 
* add auditing events for orgs

Signed-off-by: dmesser <dmesser@redhat.com>

* add database migrations

Signed-off-by: dmesser <dmesser@redhat.com>

* fix org delete race condition

Signed-off-by: dmesser <dmesser@redhat.com>

* action log visualization

Signed-off-by: dmesser <dmesser@redhat.com>

* audit superuser events

Signed-off-by: dmesser <dmesser@redhat.com>

* additional user auditing

Signed-off-by: dmesser <dmesser@redhat.com>

* audit log visualization refinement

Signed-off-by: dmesser <dmesser@redhat.com>

* consistent email change auditing

Signed-off-by: dmesser <dmesser@redhat.com>

* python black formatting

Signed-off-by: dmesser <dmesser@redhat.com>

* fix incorrect log kind

Signed-off-by: dmesser <dmesser@redhat.com>

* missing log kind in migration

Signed-off-by: dmesser <dmesser@redhat.com>

* python black formatting

Signed-off-by: dmesser <dmesser@redhat.com>

* even more python black formatting

Signed-off-by: dmesser <dmesser@redhat.com>

* remove unnecessary import

Signed-off-by: dmesser <dmesser@redhat.com>

* bump alembic revision to head

Signed-off-by: dmesser <dmesser@redhat.com>

* alembic metadata change

Signed-off-by: dmesser <dmesser@redhat.com>

---------

Signed-off-by: dmesser <dmesser@redhat.com>
 2023-05-03 13:52:10 +02:00
Brandon Caton
a2c379d47c quota: Include blob deduplication in totals (PROJQUAY-3942) (#1751) 
Allows for only unique blobs are counted at the namespace and repository level. Calculation includes manifest list sizes.
Add's the following internal configurations that default to true:
QUOTA_INVALIDATE_TOTALS: Invalidates calculated totals when FEATURE_QUOTA_MANAGEMENT is set to false
RESET_CHILD_MANIFEST_EXPIRATION: Resets the expiry for child manifests on push of the manifest list for immediate GC eligibility
PERMANENTLY_DELETE_TAGS: Enables features related to the permanent deletion of tags outside the configured time machine window
 2023-05-01 16:40:01 -04:00
Sunandadadi
5c34296920 API/UI: Filtering of tags API through query parameter (PROJQUAY-5362) (#1839) 
* API/UI: Filtering of tags API through query parameter (PROJQUAY-5362)

* Changing syntax of query param to add operation + added propagation of filtering from new UI

* added exception to return 400 on incorrect syntax

* Added tests to test filtering of /tags endpoint

* Minor fixes
 2023-04-28 16:16:41 -04:00
Syed Ahmed
2db3b186f9 ui: add support for exposing quay UI as a dynamic plugin (PROJQUAY-3203) (#1799) 
* ui: add support for exposing quay UI as a dynamic plugin (PROJQUAY-3203)

* Introduces a new SSO JWT based auth for client side Oauth
* Adds a new entrypoint component for the UI without topnav and sidenav for plugin
* Adds webpack config to build dynamic plugin
 2023-04-20 19:05:07 -04:00
Kenny Lee Sin Cheong
e7a7b4a050 billing: fallback to cards api if paymentmethod is not set (PROJQUAY-5129) (#1826) 2023-04-13 12:36:19 -04:00
Kenny Lee Sin Cheong
89725309be billing: update Stripe checkout to support 3DS (PROJQUAY-5129) (#1818) 
Update Stripe checkout in order to support auth requirements from
banks.
 2023-04-11 14:41:37 -04:00
Kenny Lee Sin Cheong
d05c32b9d1 billing: update default subscription payment behavior (#1778) 
Update stripe payment behavior to 'default_incomplete'.
 2023-03-08 12:19:05 -05:00
Kenny Lee Sin Cheong
16e5321108 permissions: lazy-load superuser permissions (PROJQUAY-5117) (#1761) 2023-03-06 10:29:55 -05:00
Kenny Lee Sin Cheong
80fdb92462 secscan: add config to limit manifests with layer size too large to index (PROJQUAY-4957) (#1733) 
Also removes deprecated Clair v2 configs.
 2023-01-31 15:50:16 -05:00
Kenny Lee Sin Cheong
6e8e2d2fe7 chore: remove deprecated appr code (PROJQUAY-4992) (#1718) 2023-01-24 10:11:04 +01:00
Kenny Lee Sin Cheong
ed86a102ce logs: validate date range is within configuration (PROJQUAY-4959) (#1707) 2023-01-17 12:04:57 -05:00
Kenny Lee Sin Cheong
1bd016fda5 logs: Add repository information for build audit logs (PROJQUAY-4726) (#1705) 2023-01-12 15:33:17 -05:00
Kenny Lee Sin Cheong
33451ca96e logs: audit logs on manual build triggers and build cancellations (PROJQUAY-4726) (#1682) 2023-01-10 13:35:01 -05:00
Kenny Lee Sin Cheong
45d00a6b8f superusers: gives superusers access to team invite api (PROJQUAY-4765) (#1694) 2023-01-10 12:36:47 -05:00
Kenny Lee Sin Cheong
fe2b89d656 logs: create action logs on proxy cache config creation/deletion (PROJQUAY-4718) (#1625) 2022-11-22 12:36:57 -05:00
Kenny Lee Sin Cheong
7cd55ea0cd users: fix create repo on push on orgs for restricted users (PROJQUAY-4732) (#1634) 2022-11-22 11:50:16 -05:00
Kenny Lee Sin Cheong
8fc03857cb users: when set, grant superusers repository permissions. (#1620) 
When FEATURE_SUPERUSERS_FULL_ACCESS is set, grant superusers
repository permission registry-wide.
 2022-11-08 16:48:58 -05:00
Kenny Lee Sin Cheong
64ec15605c superusers: grant superusers additinonal org permissions (PROJQUAY-4687) (#1613) 
When FEATURE_SUPERUSERS_FULL_ACCESS is set, grant superusers org admin permissions:
- PROJQUAY-4687
- PROJQUAY-4690
- PROJQUAY-4693
- PROJQUAY-4697
- PROJQUAY-4701
 2022-11-07 17:41:18 -05:00
Harish Govindarajulu
ad5e3f8d51 Modify registry auth url for proxy cache validation (PROJQUAY-4585) (#1603) 
When authenticating again a registry, if the www-authenticate header
doesn't specify a service, exclude it from the url

Signed-off-by: harishsurf <hgovinda@redhat.com>
 2022-11-04 10:13:26 -04:00
Brandon Caton
d34e9399af auth: Adding wraps to user namespace decorator (PROJQUAY-4694) (#1607) 
Missing wraps decorator on disallow_for_user_namespace prevents some API endpoints from being discovered on the frontend.
 2022-11-03 12:19:34 -04:00
Kenny Lee Sin Cheong
c84067a4d6 users: add restricted users' filter (PROJQUAY-1245) (#1551) 
- Similar to LDAP_SUPERUSER_FILTER, add a specific filter to define
restricted users, based on the LDAP_USER_FILTER
- restrict writes on restricted users' own namespace. Normal
permissions applies on organization membership
- add global readonly superuser GLOBAL_READONLY_SUPER_USERS (PROJQUAY-2604)
- Removes RESTRICTED_USER_INCLUDE_ROBOTS, FEATURE_RESTRICTED_READ_ONLY_USERS
 2022-10-28 13:38:37 -04:00