josephschorr
|
550b9cb2b3
|
Merge pull request #1428 from coreos-inc/clair-setup-new
Implement setup tool support for Clair
|
2016-05-04 13:52:54 -04:00 |
|
Joseph Schorr
|
2cbdecb043
|
Implement setup tool support for Clair
Fixes #1387
|
2016-05-04 13:40:50 -04:00 |
|
josephschorr
|
ee6d632e1b
|
Merge pull request #1432 from coreos-inc/fix-keyserver
Fix key server to not list expired keys
|
2016-05-03 17:59:35 -04:00 |
|
Joseph Schorr
|
6e2df3b339
|
Fix key server to not list expired keys
Fixes the key server to not list expire keys and by default not return expired or unapproved keys unless explicitly requested.
Fixes #1430
|
2016-05-03 17:58:47 -04:00 |
|
Evan Cordell
|
53ce4de6aa
|
Merge pull request #1426 from ecordell/wait-for-jwtproxy-config
Don't start jwtproxy if conf is not created yet
|
2016-05-03 13:20:36 -05:00 |
|
josephschorr
|
0d794422bf
|
Merge pull request #1413 from coreos-inc/alwayssecure
Ensure that the `Secure` flag is set on session cookies when under HTTPS
|
2016-05-03 14:13:26 -04:00 |
|
Evan Cordell
|
8da0ba37ea
|
jwtproxy run: sleep between retries
|
2016-05-03 13:09:34 -05:00 |
|
josephschorr
|
f0af2ca9c3
|
Merge pull request #1407 from coreos-inc/enterpriselanding
Add Enterprise Landing page
|
2016-05-03 13:52:22 -04:00 |
|
Jimmy Zelinskie
|
f842545b3e
|
rename config values to remove "Quay" (#1431)
|
2016-05-03 13:11:21 -04:00 |
|
Jimmy Zelinskie
|
e502f50c88
|
tests: add test RSA key for torrent test (#1427)
|
2016-05-03 13:11:02 -04:00 |
|
Evan Cordell
|
ed96c9ec85
|
Don't print 'waiting' message when jwtproxy is restarting
|
2016-05-03 10:47:19 -05:00 |
|
Evan Cordell
|
612c546d16
|
Don't start jwtproxy if conf is not created yet
|
2016-05-02 17:10:56 -05:00 |
|
Jimmy Zelinskie
|
437ec84c9f
|
torrent: use quay.pem to mint JWT (#1425)
|
2016-05-02 18:10:16 -04:00 |
|
Jake Moshenko
|
9969101dac
|
Merge pull request #1424 from coreos-inc/jakedt-patch-1
Fix copy pasta
|
2016-05-02 12:01:34 -04:00 |
|
Jake Moshenko
|
1dd978aa76
|
Fix copy pasta
|
2016-05-02 12:00:26 -04:00 |
|
Jake Moshenko
|
2d08066901
|
Merge pull request #1423 from jakedt/secscanprocess
Split secscan endpoints into a new process
|
2016-05-02 11:47:21 -04:00 |
|
Jake Moshenko
|
cc8e58e7f4
|
Split secscan endpoints into a new process
|
2016-05-02 11:38:00 -04:00 |
|
Quentin Machu
|
fdf81860a1
|
Merge pull request #1419 from coreos-inc/extra_ca
Allow adding extra CA certificates
|
2016-04-29 17:36:35 -04:00 |
|
Quentin Machu
|
1207a71308
|
Allow adding extra CA certificates to the system
|
2016-04-29 17:25:45 -04:00 |
|
Jimmy Zelinskie
|
aadb22aaca
|
Merge pull request #1332 from coreos-inc/keyserver
JWT Key Server
|
2016-04-29 17:16:02 -04:00 |
|
Evan Cordell
|
af4106e5c0
|
Fix generatepresharedkey script
|
2016-04-29 15:21:19 -05:00 |
|
Jimmy Zelinskie
|
2aa88dcb80
|
only send notifications when superusers enabled
|
2016-04-29 15:42:25 -04:00 |
|
Jimmy Zelinskie
|
b89d81d748
|
test: add missing helpers.py file
|
2016-04-29 14:44:52 -04:00 |
|
Jimmy Zelinskie
|
29e2d7c9d4
|
data.model.log: remove unused method
|
2016-04-29 14:22:53 -04:00 |
|
Joseph Schorr
|
b5afc4bed6
|
Tiny CSS merge fix
|
2016-04-29 14:16:19 -04:00 |
|
Jimmy Zelinskie
|
e47b29a974
|
migration: add missing delete from down migration
This also reorganizes the file a bit.
|
2016-04-29 14:10:33 -04:00 |
|
Jimmy Zelinskie
|
4a521f5844
|
database: revert logentry foreign key proxy
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
85ab543e9e
|
Explicit expiration date param
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
489752a0b7
|
Only refresh current instance service key
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
a6f6a114c2
|
service key worker to refresh automatic keys
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
2242c6773d
|
Add 'Automatic' ServiceKeyApprovalType
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
c766727d1d
|
address review comments
- more inline documentation
- don't explicitly specify audience
- approver is optional in `generate_key`
- ADD -> RUN for better caching of jwtproxy
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
9df650688b
|
Install jwtproxy in /usr/local/bin
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
97ad9684d7
|
Use jwtproxy binary from github
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
d2aa4be29e
|
Explicitly set jwtproxy audience
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
0c2ecec9a9
|
Don't check for client certs when talking to clair
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
4d0627f83d
|
Turn down logging on jwtproxy
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
47a52a47eb
|
Remove unneeded service key expiration
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
9ffc32f680
|
Generate preshared key on boot
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
f30a9e56f3
|
Be really sure about proxy protocol
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
cf5f7aa476
|
Create JWK formatted key on startup
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
8595140f38
|
Use signer proxy for all http(s) requests
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
f4d2fae5d8
|
Separate jwtproxy signer config from secscan config
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
474884acd7
|
Don't require certs for clair anymore
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
822b253b85
|
Add message when no approval user exists
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
e499c4a8ef
|
Actually go through signer proxy
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
52590687ae
|
Dockerfile fixes
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
668ce2c7cd
|
Generate private key on startup
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
85667a9cf6
|
Creat mitm certs on boot
|
2016-04-29 14:10:33 -04:00 |
|
Evan Cordell
|
6754131350
|
Optional tests (on by default) and better load order to reduce build time
|
2016-04-29 14:10:33 -04:00 |
|