fixing CVE-2025-4374 by extending the create_repository method to understand if we are requesting a proxy_cache repository added unittests for create_repository when proxy_cache.
Co-authored-by: Michaela Lang <milang@redhat.com>
Currently if a new manifest is created that re-uses blobs already existing in the registry but not within the namespace it's possible for that manifest to be blocked if the newly referenced blobs exceed the quota limit. The issue being that the rejection only happens after the manifest has been created and tagged. This change blocks the manifest upload before the creation of the tag and prevents that tag from appearing in the UI and being pullable.
If the manifest upload get's rejected before the tag has been created for a new manifest, a temporary tag is created outside the time machine window so it is immediately available for GC.
* api: Removing parsing of datetime (PROJQUAY-5360)
* added ignoretz flag to date util parser
* added removed extra line
---------
Co-authored-by: Sunandadadi <sunanda.3094@gmail.com>
In Clair 4.7, an API field documented to have version information in no
particular format may URL encode it. This change attempts to decode and
read a known field that contains the "fixed" version. If that fails, the
value will be passed through, as it is now.
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Co-authored-by: Hank Donnay <hdonnay@redhat.com>
* Pagination: Fixing paginate for /api/v1/superuser/logs API
* using offset to fetch next page items
* adding datetime parsing
* using black to format code
* removing use_offset
* Removing redundant declaration
---------
Co-authored-by: Sunandadadi <sunanda.3094@gmail.com>
(PROJQUAY-4659)
Change the default from `False` to `True` for
`FEATURE_SECURITY_SCANNING_NOTIFY_ON_NEW_INDEX`.
Since this flag addresses a bug, it should be enabled by default.
Adds the following changes:
- Allows remove_tag_from_timemachine to expire tags even if the time machine window is set to 0, immediately marking them for deletion. This allows the quota proxy pruner to expire tags with the same method call. This wasn't required for normal push/pulls as the user would just call the DELETE /tag endpoint.
- Remove hidden = true when expiring tags. For proxy Quay will attempt to lookup the tag referenced by the manifest in order to extend it's lifetime_end_ms. Hiding this tag prevents that logic from running correctly.
Add new parameter `allow_hidden` to `lookup_manifest_by_digest` method and set this to true on the manifest v2 endpoint.
Enables manifests to be pulled by digest, and fixes issues with recent versions of conftest being unable to push to quay.
Allows superusers to trigger a calculation of the deduplicated registry size. A superuser can go to the organization panel of the superuser page and select Calculate to queue a calculation of the registry total. The total will only be calculated when requested. Includes warning to user of increase of database load when running calculation.
Moves the resetting of child manifest temporary tags to happen on deletion instead of on push/pull. Resetting child manifest temporary tags caused issues in other portions of the code like proxy cache where temporary tags were deleted too early.
Allows for only unique blobs are counted at the namespace and repository level. Calculation includes manifest list sizes.
Add's the following internal configurations that default to true:
QUOTA_INVALIDATE_TOTALS: Invalidates calculated totals when FEATURE_QUOTA_MANAGEMENT is set to false
RESET_CHILD_MANIFEST_EXPIRATION: Resets the expiry for child manifests on push of the manifest list for immediate GC eligibility
PERMANENTLY_DELETE_TAGS: Enables features related to the permanent deletion of tags outside the configured time machine window
* API/UI: Filtering of tags API through query parameter (PROJQUAY-5362)
* Changing syntax of query param to add operation + added propagation of filtering from new UI
* added exception to return 400 on incorrect syntax
* Added tests to test filtering of /tags endpoint
* Minor fixes
* Change error messages in UI during LDAP login (PROJQUAY-4845)
Previously, on installations where LDAP is used, we were telling users whether the username or password was failing when login attempts were made. This might pose a security risk, a malicious user could, via the returned message, identify which users have access to Quay and which don't.
With this change, we return a general message saying the user used wrong credentials instead of providing any details.
* Fixed tests.
* Fix some more tests.
* Readd accidental removal of one assertion.
Prevent creating namespaces/orgs on pushes (CREATE_NAMESPACE_ON_PUSH)
if user is restricted.
Also updates RESTRICTED_USERS_WHITELIST to defaults to all if not set,
given that FEATURE_RESTRICTED_USERS is set.
- Similar to LDAP_SUPERUSER_FILTER, add a specific filter to define
restricted users, based on the LDAP_USER_FILTER
- restrict writes on restricted users' own namespace. Normal
permissions applies on organization membership
- add global readonly superuser GLOBAL_READONLY_SUPER_USERS (PROJQUAY-2604)
- Removes RESTRICTED_USER_INCLUDE_ROBOTS, FEATURE_RESTRICTED_READ_ONLY_USERS
Currently Quay is displaying the Clair response with no
interpretation meaning when Clair reports on vulns per repo
they appear to be duplicated (RHEL based images with multiple
repos and packages existing in more than one). The correct way
to fix this is via an interpretation layer in Quay, this change
is a stop-gap to improve readability for the user.
Signed-off-by: crozzy <joseph.crosland@gmail.com>
Signed-off-by: crozzy <joseph.crosland@gmail.com>
