Commit graph

13 commits

Author SHA1 Message Date
James Rasell 601588df6b
Merge branch 'main' into f-gh-13120-sso-umbrella-merged-main 2022-08-25 12:14:29 +01:00
James Rasell 7401677e4e
cli: output none when a token has no expiration. 2022-08-24 15:14:49 +01:00
Tim Gross bf57d76ec7
allow ACL policies to be associated with workload identity (#14140)
The original design for workload identities and ACLs allows for operators to
extend the automatic capabilities of a workload by using a specially-named
policy. This has shown to be potentially unsafe because of naming collisions, so
instead we'll allow operators to explicitly attach a policy to a workload
identity.

This changeset adds workload identity fields to ACL policy objects and threads
that all the way down to the command line. It also a new secondary index to the
ACL policy table on namespace and job so that claim resolution can efficiently
query for related policies.
2022-08-22 16:41:21 -04:00
James Rasell 51a7df50bb
cli: add ability to create and view tokens with ACL role links. 2022-08-17 14:49:52 +01:00
James Rasell f6d12a3c00
acl: enable configuration and visualisation of token expiration for users (#13846)
* api: add ACL token expiry params to HTTP API

* cli: allow setting and displaying ACL token expiry
2022-07-20 10:06:23 +02:00
Lance Haig 4bf27d743d
Allow Operator Generated bootstrap token (#12520) 2022-06-03 07:37:24 -04:00
James Rasell 6c9e6e6f20
cli: add json and template flag opts to acl boostrap command. 2021-10-29 09:00:50 +02:00
Tim Gross de6b023af2 command: remove -namespace from help options when not applicable 2020-11-19 16:28:39 -05:00
Nick Ethier 182e3bec1b
command: improve help text when invalid arguments are given 2018-04-18 12:02:11 -04:00
Alex Dadgar c1cc51dbee sync 2017-10-13 14:36:02 -07:00
Chelsea Holland Komlo 8c04423c63 small fixups 2017-09-17 18:17:53 +00:00
Chelsea Holland Komlo 2561f17669 acl policy info 2017-09-17 18:17:17 +00:00
Armon Dadgar 2cacddeff5 command: Add ACL bootstrap command 2017-09-11 10:47:39 -07:00