Jimmy Zelinskie
|
437ec84c9f
|
torrent: use quay.pem to mint JWT (#1425)
|
2016-05-02 18:10:16 -04:00 |
|
Jake Moshenko
|
9969101dac
|
Merge pull request #1424 from coreos-inc/jakedt-patch-1
Fix copy pasta
|
2016-05-02 12:01:34 -04:00 |
|
Jake Moshenko
|
1dd978aa76
|
Fix copy pasta
|
2016-05-02 12:00:26 -04:00 |
|
Jake Moshenko
|
2d08066901
|
Merge pull request #1423 from jakedt/secscanprocess
Split secscan endpoints into a new process
|
2016-05-02 11:47:21 -04:00 |
|
Jake Moshenko
|
cc8e58e7f4
|
Split secscan endpoints into a new process
|
2016-05-02 11:38:00 -04:00 |
|
Quentin Machu
|
fdf81860a1
|
Merge pull request #1419 from coreos-inc/extra_ca
Allow adding extra CA certificates
|
2016-04-29 17:36:35 -04:00 |
|
Quentin Machu
|
1207a71308
|
Allow adding extra CA certificates to the system
|
2016-04-29 17:25:45 -04:00 |
|
Jimmy Zelinskie
|
aadb22aaca
|
Merge pull request #1332 from coreos-inc/keyserver
JWT Key Server
|
2016-04-29 17:16:02 -04:00 |
|
Evan Cordell
|
af4106e5c0
|
Fix generatepresharedkey script
|
2016-04-29 15:21:19 -05:00 |
|
Jimmy Zelinskie
|
2aa88dcb80
|
only send notifications when superusers enabled
|
2016-04-29 15:42:25 -04:00 |
|
Jimmy Zelinskie
|
b89d81d748
|
test: add missing helpers.py file
|
2016-04-29 14:44:52 -04:00 |
|
Jimmy Zelinskie
|
29e2d7c9d4
|
data.model.log: remove unused method
|
2016-04-29 14:22:53 -04:00 |
|
Joseph Schorr
|
b5afc4bed6
|
Tiny CSS merge fix
|
2016-04-29 14:16:19 -04:00 |
|
Jimmy Zelinskie
|
e47b29a974
|
migration: add missing delete from down migration
This also reorganizes the file a bit.
|
2016-04-29 14:10:33 -04:00 |
|
Jimmy Zelinskie
|
4a521f5844
|
database: revert logentry foreign key proxy
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
85ab543e9e
|
Explicit expiration date param
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
489752a0b7
|
Only refresh current instance service key
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
a6f6a114c2
|
service key worker to refresh automatic keys
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
2242c6773d
|
Add 'Automatic' ServiceKeyApprovalType
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
c766727d1d
|
address review comments
- more inline documentation
- don't explicitly specify audience
- approver is optional in `generate_key`
- ADD -> RUN for better caching of jwtproxy
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
9df650688b
|
Install jwtproxy in /usr/local/bin
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
97ad9684d7
|
Use jwtproxy binary from github
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
d2aa4be29e
|
Explicitly set jwtproxy audience
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
0c2ecec9a9
|
Don't check for client certs when talking to clair
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
4d0627f83d
|
Turn down logging on jwtproxy
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
47a52a47eb
|
Remove unneeded service key expiration
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
9ffc32f680
|
Generate preshared key on boot
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
f30a9e56f3
|
Be really sure about proxy protocol
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
cf5f7aa476
|
Create JWK formatted key on startup
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
8595140f38
|
Use signer proxy for all http(s) requests
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
f4d2fae5d8
|
Separate jwtproxy signer config from secscan config
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
474884acd7
|
Don't require certs for clair anymore
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
822b253b85
|
Add message when no approval user exists
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
e499c4a8ef
|
Actually go through signer proxy
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
52590687ae
|
Dockerfile fixes
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
668ce2c7cd
|
Generate private key on startup
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
85667a9cf6
|
Creat mitm certs on boot
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
6754131350
|
Optional tests (on by default) and better load order to reduce build time
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
492dcf4781
|
Verify that jwt was issued by clair
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
118f2d0ce5
|
Add mitm certs to jwtproxy
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
9e7a501dae
|
Authenticate in the other direction with jwtproxy
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
da0a988650
|
Configure jwtproxy from stack/conf yaml
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
adc86456b5
|
Secure the correct endpoint
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
8c8ee9c2be
|
Add jwtproxy and configure verifier for /secscan/notify
|
2016-04-29 14:10:33 -04:00 |
|
Joseph Schorr
|
6091db983b
|
Hide expired keys outside of their staleness window
|
2016-04-29 14:10:33 -04:00 |
|
Joseph Schorr
|
a55e92bc95
|
Add UI support for multiple operations on keys
|
2016-04-29 14:09:37 -04:00 |
|
Jimmy Zelinskie
|
726cb5fe6a
|
key server: 403 on expired approved keys (#1410)
|
2016-04-29 14:09:37 -04:00 |
|
Joseph Schorr
|
4f63a50a17
|
Change account-less logs to use a user and not null
This allows us to skip the migration
|
2016-04-29 14:09:37 -04:00 |
|
Jimmy Zelinskie
|
5cb6ba4d12
|
keyserver migration: fix constraint name
|
2016-04-29 14:09:37 -04:00 |
|
Joseph Schorr
|
28a80ef6a9
|
Make sure to verify service names on key creation
|
2016-04-29 14:09:37 -04:00 |
|