boundary

Commit Graph

Author	SHA1	Message	Date
Jeff Mitchell	c689af4306	Implement a TOFU mechanism on auth to worker (#348 ) This sets us up to better support multiple connections per session at some future point.	6 years ago
Jim	e119466233	stop oplogging tokens and allow for a time skew (#343 )	6 years ago
Jeff Mitchell	60396e4384	Properly populate ScopeInfo from group member actions (#340 )	6 years ago
Jeff Mitchell	ff0d49b6e4	Use previous method of getting recovery wrapper	6 years ago
Jeff Mitchell	f8237fb945	Move some packages into SDK, out of internal	6 years ago
Jeff Mitchell	36f975a952	Add some recovery KMS functions needed for external clients (#339 )	6 years ago
Jeff Mitchell	f94f21fd97	Update API codes (#336 )	6 years ago
Todd Knight	99d5456d7a	Scopes type field and types in updates allowed (#335 )	6 years ago
Todd Knight	c3ecea172d	Generate new version of SDK resources and Add Tests (#331 )	6 years ago
Jim	96e4b1cdba	add option db.WithSkipVetForWrite(true) so the db tests don't get intercepted by app validation (#332 )	6 years ago
Todd Knight	1c2c078e0a	Adding Authz checks that support new pathing (#328 )	6 years ago
Jim	3d944a616f	fix name typo (#330 )	6 years ago
Jeff Mitchell	23156afa11	Add in most of the proxy flow (#326 )	6 years ago
Jeff Mitchell	1822c47ef5	Migrate KMS code to the new database DEKs (#324 )	6 years ago
Todd Knight	c55153ff3d	Fix allowed scope checks and added tests for creating in global scope. (#327 )	6 years ago
Michael Gaffney	4ae3a52056	Define session database schema (#322 ) * Define session database schema * Update comments * Add insert trigger for session state * Add canceling state and update foreign keys to 'set null' on delete	6 years ago
Todd Knight	37e56ab46b	Pathing updated to support new and old styles (#323 )	6 years ago
Jim	f29869b715	support for additional deks: oplog, session and token and new CreateKeysTx() (#321 )	6 years ago
Jeff Mitchell	ee35a92f7f	Fix space issue in protobuf that apparently doesn't matter? Also apparently postgres migrations weren't run.	6 years ago
Jim	f3dd62d5d8	database DEKs (#317 )	6 years ago
Todd Knight	544e78b593	Target Handler and SDK CRUDL & add\|set\|remove-host-sets methods. (#310 )	6 years ago
Todd Knight	24ec9620ca	fix: Correct missed name updates to OutgoingInterceptor.	6 years ago
Jeff Mitchell	c4522aa813	Update host sets and auth system to new paradigm (#319 )	6 years ago
Todd Knight	0aba6db720	Enable Split Cookies (#318 )	6 years ago
Jeff Mitchell	a4c20164f3	Add add/remove/set hosts functions to host-sets command (#316 )	6 years ago
Jim	09112d1e96	refactor and remove kms/common pkg (#315 )	6 years ago
Jeff Mitchell	514856c020	Fix broken CLI output	6 years ago
Jeff Mitchell	b8c8d29008	Switch ordering of CLI create/update vs static commands (#314 )	6 years ago
Jeff Mitchell	1f065316ee	Initial (#313 )	6 years ago
Jeff Mitchell	20aef738c4	Add host-catalogs CLI command. (#312 )	6 years ago
Jeff Mitchell	17ecb6f2ce	Separate accounts/host catalogs/host sets into their own packages (#311 )	6 years ago
Jeff Mitchell	936c970635	Remove unneeded and breaking test	6 years ago
Jeff Mitchell	28df6eb7b0	Update config encrypt/decrypt CLI command (#309 ) This updates the command to our emergent standards. It also enables using a separate config file for a config kms, which allows non-string values to be encrypted. This allowed some nice cleanup as well.	6 years ago
Jeff Mitchell	274afa6b02	Shave off an IAM lookup if the user is the anonymous user (#305 ) * Shave off an IAM lookup if the user is the anonymous user * Fix build * If authz failures are turned off, make the token type unknown instead of invalid * Change returned token format when authz failures are disabled * Change logic back * Fix logic	6 years ago
Jeff Mitchell	b53812a5c1	Add ability to skip automatic auth method creation (#306 ) This is useful if you, for instance, want Terraform to be 100% responsible for creation of resources (outside of the static ones that cannot be removed or modified, like u_anon). This will mean using the recovery mechanism for initial setup, but that isn't an issue once TF supports that :-)	6 years ago
Jeff Mitchell	490be8a7e4	Add ability to skip role creation on scope create (#308 ) * Initial work on scope creation skipping * Fix things	6 years ago
Todd Knight	e4da5e9ab5	add\|set\|remove-hosts for host-sets SDK and API (#304 ) * Adding ability to add host set members. * Adding SDK and API for add\|set\|remove hosts.	6 years ago
Jim	fcb61d4b67	targets repo (#298 )	6 years ago
Michael Gaffney	58dec98ea2	Rename table from servers to server (#307 )	6 years ago
Michael Gaffney	9ca8a4ec20	Host set members (#301 ) * Update host set member test * Add ListSetMembers method signature and doc * Move repository methods for host set members to new file * Add TestSetMembers * Implement ListSetMembers * Return hosts from ListSetMembers * Implement AddSetMembers * Implement DeleteSetMembers * Use sql.QueryContext not sql.Query * Implement SetSetMembers * Refactor: extract getHosts method * Refactor: extract createMembers method * Refactor: extract common functions * Return correct count of changed In SetSetMembers, retrieving the current list of hosts in the set happens after the transaction to modify the set has completed. This retrieval can result in an error but the number of modified rows is not effected. * Make list set members an unexported method * Get hosts within the same transaction as mutations of the set * Return hosts of set from LookupSet method * Return hosts of set from UpdateSet method * Remove listSetMembers * Fix merge conflict * Add NOTE and TODOs about using new pattern in "SetMembers" methods	6 years ago
Jeff Mitchell	39721047e4	Fix CORS test	6 years ago
Michael Gaffney	de162c5533	Replace and remove ErrNilParameter with ErrInvalidParameter (#295 )	6 years ago
Jeff Mitchell	8f579c75c3	paum -> ampw (#303 )	6 years ago
Jeff Mitchell	74544f6324	Encrypt tokens on the way out and decrypt on the way in (#302 ) * Encrypt tokens on the way out and decrypt on the way in This isn't a security feature related to tokens specifically; it's so that we can discard cryptographically bad tokens before we ever hit the DB. This way we can't pass through a DDoS to the database due to fetching obviously invalid token values. I'm using base58 to encode the resulting value as there aren't great base62 options, and allowing base64 / and + values can hamper usability by creating copying/highlighting breaks.	6 years ago
Jeff Mitchell	647d5502b5	Change ListServers to use SeachWhere (#300 )	6 years ago
Jeff Mitchell	ac4d9fa311	Add nonce storage and replay prevention test (#293 )	6 years ago
Jeff Mitchell	a1490228b8	Add address to worker status tracing	6 years ago
Todd Knight	c4d3414016	Add Host Set CUDLR handler and SDK (#290 )	6 years ago
Todd Knight	e423b6589e	Request Validation logic moved into a helper (#296 ) * Move all the validation logic into a helper tool. * Adding tests for verifier helpers.	6 years ago
Jeff Mitchell	414a2ab2c3	Remove some dead, dead, dead, dead code	6 years ago

1 2 3 4 5 ...

307 Commits (rm-tribal)