vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
5184 commits 2 branches 62 tags 205 MiB
Commit graph

5184 commits

This branch
This branch
All branches
Author SHA1 Message Date
Joseph Schorr
42515ed9ec Add additional options for LDAP 
Fixes #1420
 2016-05-04 13:59:20 -04:00
josephschorr
f0af2ca9c3 Merge pull request #1407 from coreos-inc/enterpriselanding 
Add Enterprise Landing page
 2016-05-03 13:52:22 -04:00
Jimmy Zelinskie
f842545b3e rename config values to remove "Quay" (#1431) 2016-05-03 13:11:21 -04:00
Jimmy Zelinskie
e502f50c88 tests: add test RSA key for torrent test (#1427) 2016-05-03 13:11:02 -04:00
Jimmy Zelinskie
437ec84c9f torrent: use quay.pem to mint JWT (#1425) 2016-05-02 18:10:16 -04:00
Jake Moshenko
9969101dac Merge pull request #1424 from coreos-inc/jakedt-patch-1 
Fix copy pasta
 2016-05-02 12:01:34 -04:00
Jake Moshenko
1dd978aa76 Fix copy pasta 2016-05-02 12:00:26 -04:00
Jake Moshenko
2d08066901 Merge pull request #1423 from jakedt/secscanprocess 
Split secscan endpoints into a new process
 2016-05-02 11:47:21 -04:00
Jake Moshenko
cc8e58e7f4 Split secscan endpoints into a new process 2016-05-02 11:38:00 -04:00
Quentin Machu
fdf81860a1 Merge pull request #1419 from coreos-inc/extra_ca 
Allow adding extra CA certificates
 2016-04-29 17:36:35 -04:00
Quentin Machu
1207a71308 Allow adding extra CA certificates to the system 2016-04-29 17:25:45 -04:00
Jimmy Zelinskie
aadb22aaca Merge pull request #1332 from coreos-inc/keyserver 
JWT Key Server
 2016-04-29 17:16:02 -04:00
Evan Cordell
af4106e5c0 Fix generatepresharedkey script 2016-04-29 15:21:19 -05:00
Jimmy Zelinskie
2aa88dcb80 only send notifications when superusers enabled 2016-04-29 15:42:25 -04:00
Jimmy Zelinskie
b89d81d748 test: add missing helpers.py file 2016-04-29 14:44:52 -04:00
Jimmy Zelinskie
29e2d7c9d4 data.model.log: remove unused method 2016-04-29 14:22:53 -04:00
Joseph Schorr
b5afc4bed6 Tiny CSS merge fix 2016-04-29 14:16:19 -04:00
Jimmy Zelinskie
e47b29a974 migration: add missing delete from down migration 
This also reorganizes the file a bit.
 2016-04-29 14:10:33 -04:00
Jimmy Zelinskie
4a521f5844 database: revert logentry foreign key proxy 2016-04-29 14:10:33 -04:00
Evan Cordell
85ab543e9e Explicit expiration date param 2016-04-29 14:10:33 -04:00
Evan Cordell
489752a0b7 Only refresh current instance service key 2016-04-29 14:10:33 -04:00
Evan Cordell
a6f6a114c2 service key worker to refresh automatic keys 2016-04-29 14:10:33 -04:00
Evan Cordell
2242c6773d Add 'Automatic' ServiceKeyApprovalType 2016-04-29 14:10:33 -04:00
Evan Cordell
c766727d1d address review comments 
- more inline documentation
 - don't explicitly specify audience
 - approver is optional in `generate_key`
 - ADD -> RUN for better caching of jwtproxy
 2016-04-29 14:10:33 -04:00
Evan Cordell
9df650688b Install jwtproxy in /usr/local/bin 2016-04-29 14:10:33 -04:00
Evan Cordell
97ad9684d7 Use jwtproxy binary from github 2016-04-29 14:10:33 -04:00
Evan Cordell
d2aa4be29e Explicitly set jwtproxy audience 2016-04-29 14:10:33 -04:00
Evan Cordell
0c2ecec9a9 Don't check for client certs when talking to clair 2016-04-29 14:10:33 -04:00
Evan Cordell
4d0627f83d Turn down logging on jwtproxy 2016-04-29 14:10:33 -04:00
Evan Cordell
47a52a47eb Remove unneeded service key expiration 2016-04-29 14:10:33 -04:00
Evan Cordell
9ffc32f680 Generate preshared key on boot 2016-04-29 14:10:33 -04:00
Evan Cordell
f30a9e56f3 Be really sure about proxy protocol 2016-04-29 14:10:33 -04:00
Evan Cordell
cf5f7aa476 Create JWK formatted key on startup 2016-04-29 14:10:33 -04:00
Evan Cordell
8595140f38 Use signer proxy for all http(s) requests 2016-04-29 14:10:33 -04:00
Evan Cordell
f4d2fae5d8 Separate jwtproxy signer config from secscan config 2016-04-29 14:10:33 -04:00
Evan Cordell
474884acd7 Don't require certs for clair anymore 2016-04-29 14:10:33 -04:00
Evan Cordell
822b253b85 Add message when no approval user exists 2016-04-29 14:10:33 -04:00
Evan Cordell
e499c4a8ef Actually go through signer proxy 2016-04-29 14:10:33 -04:00
Evan Cordell
52590687ae Dockerfile fixes 2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd Generate private key on startup 2016-04-29 14:10:33 -04:00
Evan Cordell
85667a9cf6 Creat mitm certs on boot 2016-04-29 14:10:33 -04:00
Evan Cordell
6754131350 Optional tests (on by default) and better load order to reduce build time 2016-04-29 14:10:33 -04:00
Evan Cordell
492dcf4781 Verify that jwt was issued by clair 2016-04-29 14:10:33 -04:00
Evan Cordell
118f2d0ce5 Add mitm certs to jwtproxy 2016-04-29 14:10:33 -04:00
Evan Cordell
9e7a501dae Authenticate in the other direction with jwtproxy 2016-04-29 14:10:33 -04:00
Evan Cordell
da0a988650 Configure jwtproxy from stack/conf yaml 2016-04-29 14:10:33 -04:00
Evan Cordell
adc86456b5 Secure the correct endpoint 2016-04-29 14:10:33 -04:00
Evan Cordell
8c8ee9c2be Add jwtproxy and configure verifier for /secscan/notify 2016-04-29 14:10:33 -04:00
Joseph Schorr
6091db983b Hide expired keys outside of their staleness window 2016-04-29 14:10:33 -04:00
Joseph Schorr
a55e92bc95 Add UI support for multiple operations on keys 2016-04-29 14:09:37 -04:00