1. 07 Sep, 2020 1 commit
  2. 09 Apr, 2020 1 commit
    • BAIRE Anthony's avatar
      Implement version update/delete/restore · 0312cd9e
      BAIRE Anthony authored
      - implement the deletion and restoration of webapp versions
      - add the WebappVersionUpdate form to:
        - update version fields: number, description, published
        - restore a recently deleted version
      
      - make WebappVersionList a pure list (remove the form) and add control
        buttons to edit/delete/restore the versions
      - add the WebappVersion.deleted_at to record the deletion time
      - rename the state 'REPLACED' as 'DELETED' (because versions can now be
        deleted explicitley by the user)
      - use a common WebappVersionForm for the WebappVesionUpdate and
        WebappSandboxPanel views
      - reuse the previous 'published' status by default when replacing
        a version in the sandbox panel
      - add the 'ALLGO_EXPUNGE_DELAY' configure when the deleted images are
        destroyed for real
      0312cd9e
  3. 02 Apr, 2020 5 commits
  4. 17 Sep, 2018 2 commits
  5. 03 Jul, 2018 1 commit
    • BAIRE Anthony's avatar
      allow using network prefixes in ALLGO_ALLOWED_IP_ADMIN · 40c2945a
      BAIRE Anthony authored
      Rationale: in development the ip address of the local machine is not
      easily predictible because when docker creates virtual networks it
      assigns the ip prefixes/addres dynamically by default (and i do not want
      to configure static addresses because of it may interefere and cause
      nasty side-effects if using docker for other projects on the same
      machine)
      
      Now in development we allow admin actions from 0.0.0.0/0 (which means
      all ip addresses)
      
      Note: I used the IPy package (whose purpose is to handle ranges of
      IP addresses)
      40c2945a
  6. 27 Jun, 2018 2 commits
    • BAIRE Anthony's avatar
      introduce a special token for the controller · b0807974
      BAIRE Anthony authored
      Initially the authentication with the registry was performed with a TLS
      client certificate installed on the controller.
      
      The registry is now configured to use token-based authentication (to
      give access to the users), but unfortunately it cannot be configured to
      support multiple auth methods. So we have to provide a token for the
      controller.
      
      This is a 'God' token, it gives total access (pull and push) on all
      images.
      b0807974
    • BAIRE Anthony's avatar
      Add an auxiliary HTTP server (allgo.aio) for serving asynchronous requests · c5cd2bc1
      BAIRE Anthony authored
      There are two purposes:
      - implement server push (using long-lived HTTP requests) for:
          - sending status updates for the jobs and sandboxes
          - live-streaming of the job logs
      - have a really async implementation for pushing image manifests into
        the registry (the preliminary implementation in
        5451a6df was blocking)
      
      It is implemented with aiohttp.web (a lighweight HTTP framework,
      similar to what we can do with flask but asynchronously).
      
      The alternative would have been to use the django channels plugin, but:
      - it went through a major refactoring (v2) recently
      - it requires replacing unicorn with an ASGI server (daphne)
      - django-channels and daphne are not yet debian, and for the HTTP server
        i would prefer an implementation for which we have stable security
        updates
      
      (anyway this can be ported to django-channels later)
      
      The nginx config redirects the /aio/ path to this server (and the image
      manifests pushes too).
      
      The allgo.aio server interacts only with the nginx, reddis and django
      containers. It relies totally on the django server for authenticating
      the user and for accessing the mysql db (so there is no ORM).
      
      NOTE: in this design the django server has to trust blindly the requests
      coming from the allgo.aio server (for some endpoints). To prevent
      security issues, the nginx configuration is modified to set the header
      'X-Origin: nginx'. Thus django knowns who he can trust.
      
      This commits implements only the image pushs. Job updated and logs
      streaming will come in a later pull request.
      c5cd2bc1
  7. 26 Jun, 2018 2 commits
  8. 20 Jun, 2018 1 commit
  9. 14 Jun, 2018 2 commits
  10. 13 Jun, 2018 1 commit
    • BAIRE Anthony's avatar
      implement registry endpoint for push/pull of image manfests · 5451a6df
      BAIRE Anthony authored
      Manifest push/pull are expected to be routed through the django server
      which forwards them to the real registry.
      
      This allows:
      - (before push) ensuring there is no commit/push in progress on the
        controller side, and refuse the request until the commit is done
      - (after push) ensure that the image is transactionally inserted into
        the db before the '201 Created' response is forwarded to the user
      5451a6df
  11. 07 Jun, 2018 5 commits
  12. 05 Jun, 2018 1 commit