Commit graph

5394 commits

Author SHA1 Message Date
josephschorr
550b9cb2b3 Merge pull request #1428 from coreos-inc/clair-setup-new
Implement setup tool support for Clair
2016-05-04 13:52:54 -04:00
Joseph Schorr
2cbdecb043 Implement setup tool support for Clair
Fixes #1387
2016-05-04 13:40:50 -04:00
josephschorr
ee6d632e1b Merge pull request #1432 from coreos-inc/fix-keyserver
Fix key server to not list expired keys
2016-05-03 17:59:35 -04:00
Joseph Schorr
6e2df3b339 Fix key server to not list expired keys
Fixes the key server to not list expire keys and by default not return expired or unapproved keys unless explicitly requested.

Fixes #1430
2016-05-03 17:58:47 -04:00
Evan Cordell
53ce4de6aa Merge pull request #1426 from ecordell/wait-for-jwtproxy-config
Don't start jwtproxy if conf is not created yet
2016-05-03 13:20:36 -05:00
josephschorr
0d794422bf Merge pull request #1413 from coreos-inc/alwayssecure
Ensure that the `Secure` flag is set on session cookies when under HTTPS
2016-05-03 14:13:26 -04:00
Evan Cordell
8da0ba37ea jwtproxy run: sleep between retries 2016-05-03 13:09:34 -05:00
josephschorr
f0af2ca9c3 Merge pull request #1407 from coreos-inc/enterpriselanding
Add Enterprise Landing page
2016-05-03 13:52:22 -04:00
Jimmy Zelinskie
f842545b3e rename config values to remove "Quay" (#1431) 2016-05-03 13:11:21 -04:00
Jimmy Zelinskie
e502f50c88 tests: add test RSA key for torrent test (#1427) 2016-05-03 13:11:02 -04:00
Evan Cordell
ed96c9ec85 Don't print 'waiting' message when jwtproxy is restarting 2016-05-03 10:47:19 -05:00
Evan Cordell
612c546d16 Don't start jwtproxy if conf is not created yet 2016-05-02 17:10:56 -05:00
Jimmy Zelinskie
437ec84c9f torrent: use quay.pem to mint JWT (#1425) 2016-05-02 18:10:16 -04:00
Jake Moshenko
9969101dac Merge pull request #1424 from coreos-inc/jakedt-patch-1
Fix copy pasta
2016-05-02 12:01:34 -04:00
Jake Moshenko
1dd978aa76 Fix copy pasta 2016-05-02 12:00:26 -04:00
Jake Moshenko
2d08066901 Merge pull request #1423 from jakedt/secscanprocess
Split secscan endpoints into a new process
2016-05-02 11:47:21 -04:00
Jake Moshenko
cc8e58e7f4 Split secscan endpoints into a new process 2016-05-02 11:38:00 -04:00
Quentin Machu
fdf81860a1 Merge pull request #1419 from coreos-inc/extra_ca
Allow adding extra CA certificates
2016-04-29 17:36:35 -04:00
Quentin Machu
1207a71308 Allow adding extra CA certificates to the system 2016-04-29 17:25:45 -04:00
Jimmy Zelinskie
aadb22aaca Merge pull request #1332 from coreos-inc/keyserver
JWT Key Server
2016-04-29 17:16:02 -04:00
Evan Cordell
af4106e5c0 Fix generatepresharedkey script 2016-04-29 15:21:19 -05:00
Jimmy Zelinskie
2aa88dcb80 only send notifications when superusers enabled 2016-04-29 15:42:25 -04:00
Jimmy Zelinskie
b89d81d748 test: add missing helpers.py file 2016-04-29 14:44:52 -04:00
Jimmy Zelinskie
29e2d7c9d4 data.model.log: remove unused method 2016-04-29 14:22:53 -04:00
Joseph Schorr
b5afc4bed6 Tiny CSS merge fix 2016-04-29 14:16:19 -04:00
Jimmy Zelinskie
e47b29a974 migration: add missing delete from down migration
This also reorganizes the file a bit.
2016-04-29 14:10:33 -04:00
Jimmy Zelinskie
4a521f5844 database: revert logentry foreign key proxy 2016-04-29 14:10:33 -04:00
Evan Cordell
85ab543e9e Explicit expiration date param 2016-04-29 14:10:33 -04:00
Evan Cordell
489752a0b7 Only refresh current instance service key 2016-04-29 14:10:33 -04:00
Evan Cordell
a6f6a114c2 service key worker to refresh automatic keys 2016-04-29 14:10:33 -04:00
Evan Cordell
2242c6773d Add 'Automatic' ServiceKeyApprovalType 2016-04-29 14:10:33 -04:00
Evan Cordell
c766727d1d address review comments
- more inline documentation
 - don't explicitly specify audience
 - approver is optional in `generate_key`
 - ADD -> RUN for better caching of jwtproxy
2016-04-29 14:10:33 -04:00
Evan Cordell
9df650688b Install jwtproxy in /usr/local/bin 2016-04-29 14:10:33 -04:00
Evan Cordell
97ad9684d7 Use jwtproxy binary from github 2016-04-29 14:10:33 -04:00
Evan Cordell
d2aa4be29e Explicitly set jwtproxy audience 2016-04-29 14:10:33 -04:00
Evan Cordell
0c2ecec9a9 Don't check for client certs when talking to clair 2016-04-29 14:10:33 -04:00
Evan Cordell
4d0627f83d Turn down logging on jwtproxy 2016-04-29 14:10:33 -04:00
Evan Cordell
47a52a47eb Remove unneeded service key expiration 2016-04-29 14:10:33 -04:00
Evan Cordell
9ffc32f680 Generate preshared key on boot 2016-04-29 14:10:33 -04:00
Evan Cordell
f30a9e56f3 Be really sure about proxy protocol 2016-04-29 14:10:33 -04:00
Evan Cordell
cf5f7aa476 Create JWK formatted key on startup 2016-04-29 14:10:33 -04:00
Evan Cordell
8595140f38 Use signer proxy for all http(s) requests 2016-04-29 14:10:33 -04:00
Evan Cordell
f4d2fae5d8 Separate jwtproxy signer config from secscan config 2016-04-29 14:10:33 -04:00
Evan Cordell
474884acd7 Don't require certs for clair anymore 2016-04-29 14:10:33 -04:00
Evan Cordell
822b253b85 Add message when no approval user exists 2016-04-29 14:10:33 -04:00
Evan Cordell
e499c4a8ef Actually go through signer proxy 2016-04-29 14:10:33 -04:00
Evan Cordell
52590687ae Dockerfile fixes 2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd Generate private key on startup 2016-04-29 14:10:33 -04:00
Evan Cordell
85667a9cf6 Creat mitm certs on boot 2016-04-29 14:10:33 -04:00
Evan Cordell
6754131350 Optional tests (on by default) and better load order to reduce build time 2016-04-29 14:10:33 -04:00