Jake Moshenko
746728ba24
Remove escaped_fragment snapshot rendering.
2016-06-14 12:53:10 -04:00
josephschorr
58bef472d9
Merge pull request #1526 from coreos-inc/superuser-grant
...
Add ability for super users to take ownership of namespaces
2016-06-13 16:23:10 -04:00
Joseph Schorr
20816804e5
Add ability for super users to take ownership of namespaces
...
Fixes #1395
2016-06-13 16:22:52 -04:00
Jimmy Zelinskie
f15e5483e7
fix identation according to lint
2016-06-08 15:55:47 -04:00
Jimmy Zelinskie
9fb8b585b5
fix broken import
2016-06-08 15:55:29 -04:00
Joseph Schorr
71b2853f40
Make sure to iterate over a copy of the public_keys dictionary
2016-06-07 18:20:42 -04:00
Joseph Schorr
8887f09ba8
Use the instance service key for registry JWT signing
2016-06-07 11:58:10 -04:00
josephschorr
cad8746f9d
Merge pull request #1502 from coreos-inc/image-replication
...
Enable storage replication for V2 and add backfill tool
2016-06-02 15:02:53 -04:00
Joseph Schorr
12924784ce
Enable storage replication for V2 and add backfill tool
...
Fixes #1501
2016-06-02 14:36:08 -04:00
Jimmy Zelinskie
2317938bfa
Merge pull request #1496 from jzelinskie/ripRMS
...
dockerfile: add check for GPL pip packages
2016-06-02 12:28:18 -04:00
Jimmy Zelinskie
8810157586
remove GPL'd timeparse library
2016-06-02 12:27:49 -04:00
Joseph Schorr
c61c3db728
Remove unused safetar file
2016-05-31 16:50:16 -04:00
Joseph Schorr
4ec3a6c231
Make ACI generation consistent across calls
...
This will ensure that no matter which signature we write for the generated ACI, it is correct for that image.
2016-05-26 17:09:19 -04:00
Joseph Schorr
f02d295dd8
Fix missing argument change
2016-05-23 17:44:22 -04:00
Joseph Schorr
f670c4c7a9
Change Signer to use the config provider and fix tests
...
Fixes the broken ACI tests
2016-05-23 17:10:03 -04:00
Jimmy Zelinskie
5568cc77b8
remove all default keys ( #1485 )
...
This change:
- Generates a new BitTorrent pepper by default
- Generates a new pagination key by default
- Changes the pagination key format to base64
- Removes selfsigned JWT certs
- Moves test keys to test/data
2016-05-23 16:00:48 -04:00
Jake Moshenko
4266ae7ce5
Fix the x5c header in our registry jwts.
2016-05-23 15:05:54 -04:00
Joseph Schorr
64fe11a5f1
Add ACI signing tests
2016-05-13 18:29:57 -04:00
josephschorr
d572a45a57
Merge pull request #1441 from coreos-inc/fastesttests
...
Make security scan testing much faster
2016-05-05 13:57:05 -04:00
Joseph Schorr
343a080833
Make security scan testing much faster
2016-05-05 13:55:24 -04:00
Jake Moshenko
75f5df6369
Add clair auth header in generalized interface
2016-05-05 13:28:06 -04:00
Joseph Schorr
232fa42897
Add testing of the new secscan-for-local endpoint and fix a bug
2016-05-04 21:47:03 -04:00
Jake Moshenko
9221a515de
Use the registry API for security scanning
...
when the storage engine doesn't support direct download url
2016-05-04 18:04:06 -04:00
Joseph Schorr
73fa593d02
Various small fixes in prep for QE release
2016-05-04 15:20:27 -04:00
josephschorr
f55fd2049f
Merge pull request #1433 from coreos-inc/ldapoptions
...
Add additional options for LDAP
2016-05-04 14:06:29 -04:00
Joseph Schorr
42515ed9ec
Add additional options for LDAP
...
Fixes #1420
2016-05-04 13:59:20 -04:00
Joseph Schorr
2cbdecb043
Implement setup tool support for Clair
...
Fixes #1387
2016-05-04 13:40:50 -04:00
Jimmy Zelinskie
437ec84c9f
torrent: use quay.pem to mint JWT ( #1425 )
2016-05-02 18:10:16 -04:00
Evan Cordell
af4106e5c0
Fix generatepresharedkey script
2016-04-29 15:21:19 -05:00
Evan Cordell
2242c6773d
Add 'Automatic' ServiceKeyApprovalType
2016-04-29 14:10:33 -04:00
Evan Cordell
c766727d1d
address review comments
...
- more inline documentation
- don't explicitly specify audience
- approver is optional in `generate_key`
- ADD -> RUN for better caching of jwtproxy
2016-04-29 14:10:33 -04:00
Evan Cordell
0c2ecec9a9
Don't check for client certs when talking to clair
2016-04-29 14:10:33 -04:00
Evan Cordell
9ffc32f680
Generate preshared key on boot
2016-04-29 14:10:33 -04:00
Evan Cordell
f30a9e56f3
Be really sure about proxy protocol
2016-04-29 14:10:33 -04:00
Evan Cordell
8595140f38
Use signer proxy for all http(s) requests
2016-04-29 14:10:33 -04:00
Evan Cordell
f4d2fae5d8
Separate jwtproxy signer config from secscan config
2016-04-29 14:10:33 -04:00
Evan Cordell
474884acd7
Don't require certs for clair anymore
2016-04-29 14:10:33 -04:00
Evan Cordell
e499c4a8ef
Actually go through signer proxy
2016-04-29 14:10:33 -04:00
Evan Cordell
9e7a501dae
Authenticate in the other direction with jwtproxy
2016-04-29 14:10:33 -04:00
Joseph Schorr
dc9bcec9ce
Add pre shared generation tool
2016-04-29 14:09:37 -04:00
Jimmy Zelinskie
6577ac3e62
mv JWK-canonicalization util.security.fingerprint
2016-04-29 14:05:16 -04:00
Joseph Schorr
11ff3e9b59
keys ui WIP
2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
97ae800e6c
canonicalize json
2016-04-29 13:38:25 -04:00
josephschorr
d63ec8c6b0
Merge pull request #1402 from coreos-inc/clairbugfixes
...
Fix handling of Clair notifications without `New` block
2016-04-22 15:11:51 -04:00
Joseph Schorr
34a8090328
Fix handling of Defcon 1
...
Fixes #1397
2016-04-22 13:21:35 -04:00
Joseph Schorr
3f8d51ebd7
Fix handling of Clair notifications without New
block
...
Fixes #1398
2016-04-22 13:05:34 -04:00
josephschorr
affb600423
Merge pull request #1328 from coreos-inc/queuefilefix
...
Fix QueueFile to support read-to-end semantics and add some tests
2016-04-08 18:07:06 -04:00
Jake Moshenko
45e7c94586
Initialize the db for fixsequences
2016-04-01 14:26:19 -04:00
Jake Moshenko
bd5b44cbd2
Move the sequence fixer to a separate tool which can be run
2016-04-01 13:46:13 -04:00
josephschorr
b9f47f6761
Merge pull request #1285 from coreos-inc/configmaildefaults
...
Fix mail and signing defaults
2016-03-31 12:31:26 -04:00