vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Commit graph

  • cc063ded3e Evan Cordell 2016-04-29 10:51:22 -05:00
  • a6f6a114c2 service key worker to refresh automatic keys Evan Cordell 2016-04-29 10:51:22 -05:00
  • 91478bcdc0 Evan Cordell 2016-04-29 09:14:50 -05:00
  • 2242c6773d Add 'Automatic' ServiceKeyApprovalType Evan Cordell 2016-04-29 09:14:50 -05:00
  • 160ff3e95d Evan Cordell 2016-04-28 20:10:28 -05:00
  • c766727d1d address review comments - more inline documentation - don't explicitly specify audience - approver is optional in generate_key - ADD -> RUN for better caching of jwtproxy Evan Cordell 2016-04-28 20:10:28 -05:00
  • f18329bad4 Evan Cordell 2016-04-28 16:37:28 -05:00
  • 9df650688b Install jwtproxy in /usr/local/bin Evan Cordell 2016-04-28 16:37:28 -05:00
  • 859fa9cc58 Evan Cordell 2016-04-28 16:20:32 -05:00
  • 97ad9684d7 Use jwtproxy binary from github Evan Cordell 2016-04-28 16:20:32 -05:00
  • fbde28e39f Evan Cordell 2016-04-28 14:29:21 -05:00
  • d2aa4be29e Explicitly set jwtproxy audience Evan Cordell 2016-04-28 14:29:21 -05:00
  • 8fd28b8998 Evan Cordell 2016-04-28 09:04:41 -05:00
  • 0c2ecec9a9 Don't check for client certs when talking to clair Evan Cordell 2016-04-28 09:04:41 -05:00
  • 25b8af32d0 Evan Cordell 2016-04-28 09:04:22 -05:00
  • 4d0627f83d Turn down logging on jwtproxy Evan Cordell 2016-04-28 09:04:22 -05:00
  • 6795b80ae9 Evan Cordell 2016-04-28 09:04:04 -05:00
  • 47a52a47eb Remove unneeded service key expiration Evan Cordell 2016-04-28 09:04:04 -05:00
  • 4b9a3275fb Evan Cordell 2016-04-27 14:37:48 -05:00
  • 9ffc32f680 Generate preshared key on boot Evan Cordell 2016-04-27 14:37:48 -05:00
  • 3db741e1e0 Evan Cordell 2016-04-27 12:48:15 -05:00
  • f30a9e56f3 Be really sure about proxy protocol Evan Cordell 2016-04-27 12:48:15 -05:00
  • d67b8968af Evan Cordell 2016-04-27 12:10:03 -05:00
  • cf5f7aa476 Create JWK formatted key on startup Evan Cordell 2016-04-27 12:10:03 -05:00
  • 8edbd5070c Evan Cordell 2016-04-27 10:07:24 -05:00
  • 8595140f38 Use signer proxy for all http(s) requests Evan Cordell 2016-04-27 10:07:24 -05:00
  • 2b51e845d7 Evan Cordell 2016-04-27 08:30:05 -05:00
  • f4d2fae5d8 Separate jwtproxy signer config from secscan config Evan Cordell 2016-04-27 08:30:05 -05:00
  • da5023bc64 Evan Cordell 2016-04-26 19:46:25 -05:00
  • 474884acd7 Don't require certs for clair anymore Evan Cordell 2016-04-26 19:46:25 -05:00
  • 88ceb61899 Evan Cordell 2016-04-26 12:21:12 -05:00
  • 822b253b85 Add message when no approval user exists Evan Cordell 2016-04-26 12:21:12 -05:00
  • a2345d9dcd Evan Cordell 2016-04-26 12:00:14 -05:00
  • e499c4a8ef Actually go through signer proxy Evan Cordell 2016-04-26 12:00:14 -05:00
  • e816839ea6 Evan Cordell 2016-04-26 08:30:31 -05:00
  • 52590687ae Dockerfile fixes Evan Cordell 2016-04-26 08:30:31 -05:00
  • 0231e89648 Evan Cordell 2016-04-27 13:39:01 -05:00
  • 668ce2c7cd Generate private key on startup Evan Cordell 2016-04-27 13:39:01 -05:00
  • 1c9fbd4c7b Evan Cordell 2016-04-25 16:13:38 -05:00
  • 85667a9cf6 Creat mitm certs on boot Evan Cordell 2016-04-25 16:13:38 -05:00
  • bab3d428f8 Evan Cordell 2016-04-25 11:13:58 -05:00
  • 6754131350 Optional tests (on by default) and better load order to reduce build time Evan Cordell 2016-04-25 11:13:58 -05:00
  • 8e27c240ac Evan Cordell 2016-04-22 20:34:17 -05:00
  • 492dcf4781 Verify that jwt was issued by clair Evan Cordell 2016-04-22 20:34:17 -05:00
  • 4e327fbfb0 Evan Cordell 2016-04-22 20:27:47 -05:00
  • 118f2d0ce5 Add mitm certs to jwtproxy Evan Cordell 2016-04-22 20:27:47 -05:00
  • d28b9fce0e Evan Cordell 2016-04-21 15:27:00 -05:00
  • 9e7a501dae Authenticate in the other direction with jwtproxy Evan Cordell 2016-04-21 15:27:00 -05:00
  • f9fcd04367 Evan Cordell 2016-04-21 11:40:16 -05:00
  • da0a988650 Configure jwtproxy from stack/conf yaml Evan Cordell 2016-04-21 11:40:16 -05:00
  • 04bee3bc32 Evan Cordell 2016-04-18 12:56:03 -05:00
  • adc86456b5 Secure the correct endpoint Evan Cordell 2016-04-18 12:56:03 -05:00
  • 06fdbbc86a Evan Cordell 2016-04-18 11:42:17 -05:00
  • 8c8ee9c2be Add jwtproxy and configure verifier for /secscan/notify Evan Cordell 2016-04-18 11:42:17 -05:00
  • 29b56169fb Joseph Schorr 2016-04-27 17:44:59 -04:00
  • 6091db983b Hide expired keys outside of their staleness window Joseph Schorr 2016-04-27 17:44:59 -04:00
  • 87c85f72e2 Joseph Schorr 2016-04-27 17:44:44 -04:00
  • a55e92bc95 Add UI support for multiple operations on keys Joseph Schorr 2016-04-27 17:44:44 -04:00
  • 24f8edfe8c Jimmy Zelinskie 2016-04-27 14:48:12 -04:00
  • 726cb5fe6a key server: 403 on expired approved keys (#1410) Jimmy Zelinskie 2016-04-27 14:48:12 -04:00
  • e7f274d6c6 Joseph Schorr 2016-04-26 15:16:55 -04:00
  • 4f63a50a17 Change account-less logs to use a user and not null Joseph Schorr 2016-04-26 15:16:55 -04:00
  • 1ce7f5d7fc Jimmy Zelinskie 2016-04-18 17:43:28 -04:00
  • 5cb6ba4d12 keyserver migration: fix constraint name Jimmy Zelinskie 2016-04-18 17:43:28 -04:00
  • 339c6fbc30 Joseph Schorr 2016-04-14 16:56:15 -04:00
  • 28a80ef6a9 Make sure to verify service names on key creation Joseph Schorr 2016-04-14 16:56:15 -04:00
  • 6f564f30fc Joseph Schorr 2016-04-14 16:14:23 -04:00
  • dc9bcec9ce Add pre shared generation tool Joseph Schorr 2016-04-14 16:14:23 -04:00
  • 61ce060c97 Jimmy Zelinskie 2016-04-14 15:40:42 -04:00
  • ca5794ba18 key server: use total_seconds() for cache headers Jimmy Zelinskie 2016-04-14 15:40:42 -04:00
  • 5ff63d7174 Joseph Schorr 2016-04-14 15:04:32 -04:00
  • 5d6e5a42e8 Add delete logging and tests for logging Joseph Schorr 2016-04-14 15:04:32 -04:00
  • 98d0236881 Jimmy Zelinskie 2016-04-13 15:50:56 -04:00
  • 6aa7040f39 keyserver: add cache-control headers Jimmy Zelinskie 2016-04-13 15:50:56 -04:00
  • df22ebb4e5 Joseph Schorr 2016-04-13 13:59:07 -04:00
  • bc08ac2749 Fix timeouts in the JWT endpoint tests Joseph Schorr 2016-04-13 13:59:07 -04:00
  • 3c06184ac2 Joseph Schorr 2016-04-12 19:17:19 -04:00
  • 522cf68c5d Lots of smaller fixes: Joseph Schorr 2016-04-12 19:17:19 -04:00
  • 7e2c9ab601 Jimmy Zelinskie 2016-04-12 17:59:22 -04:00
  • 2805dad64f test_endpoints: update to use JWT headers Jimmy Zelinskie 2016-04-12 17:59:22 -04:00
  • 3f73865dbe Jimmy Zelinskie 2016-04-12 17:59:11 -04:00
  • d0bd70fb36 endpoints.web: add missing import Jimmy Zelinskie 2016-04-12 17:59:11 -04:00
  • 9544d298c0 Jimmy Zelinskie 2016-04-12 17:58:52 -04:00
  • 370ac3ecd0 service keys: add rotation_duration field Jimmy Zelinskie 2016-04-12 17:58:52 -04:00
  • 2b3cf57b97 Jimmy Zelinskie 2016-04-12 13:36:17 -04:00
  • 6577ac3e62 mv JWK-canonicalization util.security.fingerprint Jimmy Zelinskie 2016-04-12 13:36:17 -04:00
  • df1b83d013 Jimmy Zelinskie 2016-04-11 18:35:46 -04:00
  • 4020ab9f55 service keys: delete notifications by prefix Jimmy Zelinskie 2016-04-11 18:35:46 -04:00
  • f24202b745 Jimmy Zelinskie 2016-04-11 18:22:47 -04:00
  • fca258d8bf endpoints: remove /keys Jimmy Zelinskie 2016-04-11 18:22:47 -04:00
  • 23aee685fe Joseph Schorr 2016-04-11 12:05:37 -04:00
  • 6a00025545 Add a maximum width on the friendly name and service name columns Joseph Schorr 2016-04-11 12:05:37 -04:00
  • bbaa8621c3 Jimmy Zelinskie 2016-04-11 12:04:42 -04:00
  • 9f4a4092da keyserver: get signer kid from unverified headers Jimmy Zelinskie 2016-04-11 12:04:42 -04:00
  • 08e27e8866 Joseph Schorr 2016-04-08 17:48:44 -04:00
  • 08017c5111 Further UI updates Joseph Schorr 2016-04-08 17:48:44 -04:00
  • 1763d2a898 Joseph Schorr 2016-04-08 17:31:20 -04:00
  • a4a01e76c0 Fix up the migration to include the additional changes needed Joseph Schorr 2016-04-08 17:31:20 -04:00
  • 85aa5c3b28 Jimmy Zelinskie 2016-04-06 20:03:48 -04:00
  • dfe9a8e4e1 keyserver: tests! Jimmy Zelinskie 2016-04-06 20:03:48 -04:00