Commit graph

253 commits

Author SHA1 Message Date
vishalnayak 2a2dc0befb Added allow_instance_migration to the role tag 2016-04-28 11:43:48 -04:00
vishalnayak 4161d3ef4f Change all time references to UTC 2016-04-28 10:19:29 -04:00
vishalnayak e591632630 Fix the deadlock issue 2016-04-28 01:01:33 -04:00
vishalnayak 4712533f1d minor updates 2016-04-28 00:35:49 -04:00
vishalnayak e6a9a5957d Refactor locks around config tidy endpoints 2016-04-27 22:32:43 -04:00
vishalnayak b75a6e2f0f Fix locking around config/client 2016-04-27 22:25:15 -04:00
vishalnayak 0e97b57beb Fix the list response of role tags 2016-04-27 22:03:11 -04:00
vishalnayak 779d73ce2b Removed existence check on blacklist/roletags, docs fixes 2016-04-27 21:29:32 -04:00
vishalnayak d44326ded6 Remove unnecessary lock switching around flushCachedEC2Clients 2016-04-27 20:13:56 -04:00
vishalnayak e1080f86ed Remove recreate parameter from clientEC2 2016-04-27 20:01:39 -04:00
vishalnayak 441477f342 Added ami_id to token metadata 2016-04-27 11:32:05 -04:00
vishalnayak 7144fd54f9 Added tests 2016-04-26 23:40:11 -04:00
vishalnayak 88942b0503 Added tests 2016-04-26 10:22:29 -04:00
vishalnayak 5a676a129e Added tests 2016-04-26 10:22:29 -04:00
vishalnayak e16f256b14 Added tests 2016-04-26 10:22:29 -04:00
vishalnayak 3a4021d6c4 Added tests 2016-04-26 10:22:29 -04:00
vishalnayak de1a1be564 tidy endpoint fixes 2016-04-26 10:22:29 -04:00
vishalnayak 044d01fd69 HMAC Key per AMI ID and avoided secondary call to AWS to fetch the tags 2016-04-26 10:22:29 -04:00
vishalnayak 5996c3e9d8 Rework and refactoring 2016-04-26 10:22:29 -04:00
vishalnayak 3aeae62c00 Added mutex locking for config/certificate endpoint 2016-04-26 10:22:29 -04:00
vishalnayak 21854776af Added cooldown period for periodic tidying operation 2016-04-26 10:22:29 -04:00
vishalnayak 9aa8fb6cc1 Support periodic tidy callback and config endpoints. 2016-04-26 10:22:29 -04:00
vishalnayak 2810196e0f Use fullsailor/pkcs7 package instead of its fork. Fix tests 2016-04-26 10:22:29 -04:00
vishalnayak 5a2e1340df Removed redundant AWS public certificate. Docs update. 2016-04-26 10:22:29 -04:00
vishalnayak a456f2c3f6 Removed region parameter from config/client endpoint.
Region to create ec2 client objects is fetched from the identity document.
Maintaining a map of cached clients indexed by region.
2016-04-26 10:22:29 -04:00
vishalnayak 790b143c75 Instance ID can optionally be accepted as a the role tag parameter. 2016-04-26 10:22:29 -04:00
vishalnayak 58c485f519 Support providing multiple certificates.
Append all the certificates to the PKCS#7 parser during signature verification.
2016-04-26 10:22:29 -04:00
vishalnayak 9d4a7c5901 Docs update 2016-04-26 10:22:29 -04:00
vishalnayak ba9c86c92d Added acceptance test for login endpoint 2016-04-26 10:22:29 -04:00
vishalnayak c2c1a5eedc Added test case TestBackend_PathBlacklistRoleTag 2016-04-26 10:22:29 -04:00
vishalnayak 85c9176cb4 Return 4xx error at appropriate places 2016-04-26 10:22:29 -04:00
vishalnayak 1841ef0ebf Tested pathImageTag 2016-04-26 10:22:29 -04:00
vishalnayak 80e3063334 Tested parseRoleTagValue 2016-04-26 10:22:29 -04:00
vishalnayak dab1a00313 Make client nonce optional even during first login, when disallow_reauthentication is set 2016-04-26 10:22:29 -04:00
vishalnayak e0cf8c5608 Rename 'name' to 'ami_id' for clarity 2016-04-26 10:22:29 -04:00
vishalnayak 092feca996 Moved HMAC parsing inside parseRoleTagValue 2016-04-26 10:22:29 -04:00
vishalnayak ddfdf37d33 Properly handle empty client nonce case when disallow_reauthentication is set 2016-04-26 10:22:29 -04:00
vishalnayak b8d9b18193 Added disallow_reauthentication feature 2016-04-26 10:22:29 -04:00
vishalnayak a1d07cbff5 Remove todo and change clientNonce length limit to 128 chars 2016-04-26 10:22:28 -04:00
Jeff Mitchell bb276d350a Fix typo 2016-04-26 10:22:28 -04:00
Jeff Mitchell a5aadc908d Add environment and EC2 instance metadata role providers for AWS creds. 2016-04-26 10:22:28 -04:00
vishalnayak 012f9273f7 Remove certificate verification 2016-04-26 10:22:28 -04:00
vishalnayak 41cc7c4a15 Test path config/certificate 2016-04-26 10:22:28 -04:00
vishalnayak 5ff8d0cf96 Add existence check verification to config/client testcase 2016-04-26 10:22:28 -04:00
vishalnayak 3286194384 Testing pathImage 2016-04-26 10:22:28 -04:00
Jeff Mitchell a8082a9a6e allow_instance_reboot -> allow_instance_migration 2016-04-26 10:22:28 -04:00
Jeff Mitchell 075a81214e Update image output to show allow_instance_reboot value and keep policies in a list 2016-04-26 10:22:28 -04:00
vishalnayak 91433fedf2 Changed the blacklist URL pattern to optionally accept base64 encoded role tags 2016-04-26 10:22:28 -04:00
vishalnayak efcc07967e Accept instance_id in the URL for whitelist endpoint 2016-04-26 10:22:28 -04:00
Jeff Mitchell cf56895772 Switch around some logic to be more consistent/readable and respect max
TTL on initial token issuance.
2016-04-26 10:22:28 -04:00
vishalnayak 338054d49e Return un-expired entries from blacklist and whitelist 2016-04-26 10:22:28 -04:00
vishalnayak b6bd30b9fb Test ConfigClient 2016-04-26 10:22:28 -04:00
vishalnayak d3adc85886 AWS EC2 instances authentication backend 2016-04-26 10:22:28 -04:00