Commit graph

5190 commits

Author SHA1 Message Date
Joseph Schorr
2cbdecb043 Implement setup tool support for Clair
Fixes #1387
2016-05-04 13:40:50 -04:00
Evan Cordell
53ce4de6aa Merge pull request #1426 from ecordell/wait-for-jwtproxy-config
Don't start jwtproxy if conf is not created yet
2016-05-03 13:20:36 -05:00
josephschorr
0d794422bf Merge pull request #1413 from coreos-inc/alwayssecure
Ensure that the `Secure` flag is set on session cookies when under HTTPS
2016-05-03 14:13:26 -04:00
Evan Cordell
8da0ba37ea jwtproxy run: sleep between retries 2016-05-03 13:09:34 -05:00
josephschorr
f0af2ca9c3 Merge pull request #1407 from coreos-inc/enterpriselanding
Add Enterprise Landing page
2016-05-03 13:52:22 -04:00
Jimmy Zelinskie
f842545b3e rename config values to remove "Quay" (#1431) 2016-05-03 13:11:21 -04:00
Jimmy Zelinskie
e502f50c88 tests: add test RSA key for torrent test (#1427) 2016-05-03 13:11:02 -04:00
Evan Cordell
ed96c9ec85 Don't print 'waiting' message when jwtproxy is restarting 2016-05-03 10:47:19 -05:00
Evan Cordell
612c546d16 Don't start jwtproxy if conf is not created yet 2016-05-02 17:10:56 -05:00
Jimmy Zelinskie
437ec84c9f torrent: use quay.pem to mint JWT (#1425) 2016-05-02 18:10:16 -04:00
Jake Moshenko
9969101dac Merge pull request #1424 from coreos-inc/jakedt-patch-1
Fix copy pasta
2016-05-02 12:01:34 -04:00
Jake Moshenko
1dd978aa76 Fix copy pasta 2016-05-02 12:00:26 -04:00
Jake Moshenko
2d08066901 Merge pull request #1423 from jakedt/secscanprocess
Split secscan endpoints into a new process
2016-05-02 11:47:21 -04:00
Jake Moshenko
cc8e58e7f4 Split secscan endpoints into a new process 2016-05-02 11:38:00 -04:00
Quentin Machu
fdf81860a1 Merge pull request #1419 from coreos-inc/extra_ca
Allow adding extra CA certificates
2016-04-29 17:36:35 -04:00
Quentin Machu
1207a71308 Allow adding extra CA certificates to the system 2016-04-29 17:25:45 -04:00
Jimmy Zelinskie
aadb22aaca Merge pull request #1332 from coreos-inc/keyserver
JWT Key Server
2016-04-29 17:16:02 -04:00
Evan Cordell
af4106e5c0 Fix generatepresharedkey script 2016-04-29 15:21:19 -05:00
Jimmy Zelinskie
2aa88dcb80 only send notifications when superusers enabled 2016-04-29 15:42:25 -04:00
Jimmy Zelinskie
b89d81d748 test: add missing helpers.py file 2016-04-29 14:44:52 -04:00
Jimmy Zelinskie
29e2d7c9d4 data.model.log: remove unused method 2016-04-29 14:22:53 -04:00
Joseph Schorr
b5afc4bed6 Tiny CSS merge fix 2016-04-29 14:16:19 -04:00
Jimmy Zelinskie
e47b29a974 migration: add missing delete from down migration
This also reorganizes the file a bit.
2016-04-29 14:10:33 -04:00
Jimmy Zelinskie
4a521f5844 database: revert logentry foreign key proxy 2016-04-29 14:10:33 -04:00
Evan Cordell
85ab543e9e Explicit expiration date param 2016-04-29 14:10:33 -04:00
Evan Cordell
489752a0b7 Only refresh current instance service key 2016-04-29 14:10:33 -04:00
Evan Cordell
a6f6a114c2 service key worker to refresh automatic keys 2016-04-29 14:10:33 -04:00
Evan Cordell
2242c6773d Add 'Automatic' ServiceKeyApprovalType 2016-04-29 14:10:33 -04:00
Evan Cordell
c766727d1d address review comments
- more inline documentation
 - don't explicitly specify audience
 - approver is optional in `generate_key`
 - ADD -> RUN for better caching of jwtproxy
2016-04-29 14:10:33 -04:00
Evan Cordell
9df650688b Install jwtproxy in /usr/local/bin 2016-04-29 14:10:33 -04:00
Evan Cordell
97ad9684d7 Use jwtproxy binary from github 2016-04-29 14:10:33 -04:00
Evan Cordell
d2aa4be29e Explicitly set jwtproxy audience 2016-04-29 14:10:33 -04:00
Evan Cordell
0c2ecec9a9 Don't check for client certs when talking to clair 2016-04-29 14:10:33 -04:00
Evan Cordell
4d0627f83d Turn down logging on jwtproxy 2016-04-29 14:10:33 -04:00
Evan Cordell
47a52a47eb Remove unneeded service key expiration 2016-04-29 14:10:33 -04:00
Evan Cordell
9ffc32f680 Generate preshared key on boot 2016-04-29 14:10:33 -04:00
Evan Cordell
f30a9e56f3 Be really sure about proxy protocol 2016-04-29 14:10:33 -04:00
Evan Cordell
cf5f7aa476 Create JWK formatted key on startup 2016-04-29 14:10:33 -04:00
Evan Cordell
8595140f38 Use signer proxy for all http(s) requests 2016-04-29 14:10:33 -04:00
Evan Cordell
f4d2fae5d8 Separate jwtproxy signer config from secscan config 2016-04-29 14:10:33 -04:00
Evan Cordell
474884acd7 Don't require certs for clair anymore 2016-04-29 14:10:33 -04:00
Evan Cordell
822b253b85 Add message when no approval user exists 2016-04-29 14:10:33 -04:00
Evan Cordell
e499c4a8ef Actually go through signer proxy 2016-04-29 14:10:33 -04:00
Evan Cordell
52590687ae Dockerfile fixes 2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd Generate private key on startup 2016-04-29 14:10:33 -04:00
Evan Cordell
85667a9cf6 Creat mitm certs on boot 2016-04-29 14:10:33 -04:00
Evan Cordell
6754131350 Optional tests (on by default) and better load order to reduce build time 2016-04-29 14:10:33 -04:00
Evan Cordell
492dcf4781 Verify that jwt was issued by clair 2016-04-29 14:10:33 -04:00
Evan Cordell
118f2d0ce5 Add mitm certs to jwtproxy 2016-04-29 14:10:33 -04:00
Evan Cordell
9e7a501dae Authenticate in the other direction with jwtproxy 2016-04-29 14:10:33 -04:00