Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Move NTokenValidator to vespa-athenz + load pub keys from file | Bjørn Christian Seime | 2018-07-25 | 6 | -49/+232 | |
| | | | | | | | - Move NTokenValidator from controller-server to vespa-athenz - Remodel ZmsKeystore as AthenzTruststore - Use file-backed truststore on controller (replaces download of public keys) - Remove ZmsClient.getPublicKey/getPublicKeys | |||||
* | Write private keys in PKCS#1 | Morten Tokle | 2018-07-25 | 2 | -3/+15 | |
| | ||||||
* | Parse errors from ZTS | Bjørn Christian Seime | 2018-07-10 | 3 | -11/+45 | |
| | ||||||
* | Revert "Move NTokenValidator to vespa-athenz + load pub keys from file" | Harald Musum | 2018-07-09 | 6 | -232/+49 | |
| | ||||||
* | Move NTokenValidator to vespa-athenz + load pub keys from file | Bjørn Christian Seime | 2018-07-09 | 6 | -49/+232 | |
| | | | | | | | - Move NTokenValidator from controller-server to vespa-athenz - Remodel ZmsKeystore as AthenzTruststore - Use file-backed truststore on controller (replaces download of public keys) - Remove ZmsClient.getPublicKey/getPublicKeys | |||||
* | Add getTenantDomains to vespa-athenz ZtsClient | Bjørn Christian Seime | 2018-07-05 | 3 | -0/+54 | |
| | ||||||
* | Rename 'AccessCheckResult' -> 'AuthorizationResult' | Bjørn Christian Seime | 2018-06-21 | 3 | -9/+9 | |
| | ||||||
* | Add new Athenz security filter based on ZPE | Bjørn Christian Seime | 2018-06-20 | 1 | -0/+58 | |
| | | | | | - Allow flexible configuration of filter using a resource mapper - Add helper class to extract role and identity from role certificates | |||||
* | Add roles to AthenzPrincipal | Bjørn Christian Seime | 2018-06-20 | 1 | -3/+19 | |
| | ||||||
* | Remove unused class | Bjørn Christian Seime | 2018-06-20 | 1 | -27/+0 | |
| | ||||||
* | Add wrapper for ZPE | Bjørn Christian Seime | 2018-06-20 | 4 | -0/+100 | |
| | ||||||
* | Add data type for resource name | Bjørn Christian Seime | 2018-06-20 | 2 | -0/+95 | |
| | ||||||
* | Parse role token and add getter for identity | Bjørn Christian Seime | 2018-06-20 | 1 | -6/+24 | |
| | ||||||
* | Add method to ZtsClient to retrieve identity certificate | Bjørn Christian Seime | 2018-06-15 | 18 | -57/+323 | |
| | ||||||
* | Specify scheme and port for configserver endpoint | Bjørn Christian Seime | 2018-06-14 | 1 | -1/+1 | |
| | ||||||
* | Cache tenant certificate and private key to disk | Bjørn Christian Seime | 2018-06-13 | 2 | -25/+71 | |
| | ||||||
* | Add utility methods for reading/writing SIA credentials | Bjørn Christian Seime | 2018-06-13 | 1 | -0/+73 | |
| | ||||||
* | Remove support for ntokens | Bjørn Christian Seime | 2018-06-13 | 3 | -16/+9 | |
| | ||||||
* | Remove deprecated ZtsClient | Bjørn Christian Seime | 2018-06-13 | 5 | -106/+71 | |
| | | | | | | | - Replace use of old ZtsClient with DefaultZtsClient - Add caching of role tokens - Add constructor to AthenzRole taking only strings - Change new ZtsClient interface to use AthenzRole for getRoleToken | |||||
* | Use pascal case for constants | Bjørn Christian Seime | 2018-06-13 | 1 | -3/+3 | |
| | ||||||
* | Separate generating and validating signature to separate class | Bjørn Christian Seime | 2018-06-12 | 3 | -1/+137 | |
| | | | | | - Move signature logic to IdentityDocumentSigner - Stop using fields from deprecated IdentityDocument to generate signature | |||||
* | Deprecate identityDocument field | Bjørn Christian Seime | 2018-06-12 | 4 | -7/+7 | |
| | ||||||
* | Merge pull request #5991 from vespa-engine/bjorncs/aws-ready-identity-provider | Morten Tokle | 2018-06-12 | 10 | -400/+101 | |
|\ | | | | | Bjorncs/aws ready identity provider | |||||
| * | Use dns suffix and zts uri from config | Bjørn Christian Seime | 2018-06-11 | 3 | -7/+13 | |
| | | ||||||
| * | Use mutual TLS auth when communicating with ZTS | Bjørn Christian Seime | 2018-06-11 | 8 | -295/+67 | |
| | | | | | | | | | | - Remove instance register/refresh from ad-hoc ZtsClient implementation - Deprecate ad-hoc ZtsClient | |||||
| * | Use mutual TLS auth when retrieving identity document | Bjørn Christian Seime | 2018-06-11 | 4 | -116/+39 | |
| | | ||||||
* | | Override default timeout for DefaultZtsClient + DefaultIdentityDocumentClient | Bjørn Christian Seime | 2018-06-12 | 2 | -0/+13 | |
|/ | ||||||
* | Cache role ssl token | Morten Tokle | 2018-06-11 | 5 | -20/+86 | |
| | ||||||
* | Add utility methods to (de)serialize signed identity document from/to file | Bjørn Christian Seime | 2018-06-07 | 1 | -1/+22 | |
| | ||||||
* | Allow deserialization of java.time.Instant | Bjørn Christian Seime | 2018-06-07 | 1 | -1/+2 | |
| | ||||||
* | Use identity type to generate identity document | Bjørn Christian Seime | 2018-06-07 | 1 | -6/+0 | |
| | ||||||
* | Add identity type to unique instance id and signed identity document | Bjørn Christian Seime | 2018-06-07 | 8 | -25/+128 | |
| | ||||||
* | Prepare for inlining of 'IdentityDocument' into 'SignedIdentityDocument' | Bjørn Christian Seime | 2018-06-07 | 8 | -20/+89 | |
| | ||||||
* | Add missing '@JsonIgnoreProperties' property to VespaUniqueInstanceIdEntity | Bjørn Christian Seime | 2018-06-04 | 1 | -0/+2 | |
| | ||||||
* | Revert "Prepare for inlining of 'IdentityDocument' into ↵ | Jon Marius Venstad | 2018-06-03 | 8 | -89/+20 | |
| | | | | | | 'SignedIdentityDocument'" This reverts commit 48ea96e26f4cc037f0cf81a303b4617ea8e2441d. | |||||
* | Revert "Add identity type to unique instance id and signed identity document" | Jon Marius Venstad | 2018-06-03 | 8 | -128/+25 | |
| | | | | This reverts commit cfa6d7bb63402b83c84a16411a207e946de33246. | |||||
* | Revert "Use identity type to generate identity document" | Jon Marius Venstad | 2018-06-03 | 1 | -0/+6 | |
| | | | | This reverts commit 78da30192dad43d338b9e3f04263dd7c83094b90. | |||||
* | Revert "Allow deserialization of java.time.Instant" | Jon Marius Venstad | 2018-06-03 | 1 | -2/+1 | |
| | | | | This reverts commit 70050a13fb977db2f9013bfaee9339c662c01320. | |||||
* | Allow deserialization of java.time.Instant | Bjørn Christian Seime | 2018-06-01 | 1 | -1/+2 | |
| | ||||||
* | Use identity type to generate identity document | Bjørn Christian Seime | 2018-05-31 | 1 | -6/+0 | |
| | ||||||
* | Add identity type to unique instance id and signed identity document | Bjørn Christian Seime | 2018-05-31 | 8 | -25/+128 | |
| | ||||||
* | Prepare for inlining of 'IdentityDocument' into 'SignedIdentityDocument' | Bjørn Christian Seime | 2018-05-31 | 8 | -20/+89 | |
| | ||||||
* | Remove unused constants | Bjørn Christian Seime | 2018-05-28 | 1 | -3/+0 | |
| | ||||||
* | Remove deprecated identity-document entity types | Bjørn Christian Seime | 2018-05-28 | 10 | -380/+57 | |
| | ||||||
* | Use SiaUtils in SiaIdentityProvider | Bjørn Christian Seime | 2018-05-24 | 1 | -11/+6 | |
| | ||||||
* | Add SIA utility class | Bjørn Christian Seime | 2018-05-24 | 1 | -0/+39 | |
| | ||||||
* | Add AthenzService constructor taking full name as input | Bjørn Christian Seime | 2018-05-24 | 1 | -0/+11 | |
| | ||||||
* | Merge pull request #5878 from ↵ | Bjørn Christian Seime | 2018-05-22 | 1 | -1/+1 | |
|\ | | | | | | | | | vespa-engine/bjorncs/proper-athenz-identity-provider-config Bjorncs/proper athenz identity provider config | |||||
| * | Add athenzDnsSuffix and ztsUrl to identity config | Bjørn Christian Seime | 2018-05-15 | 1 | -1/+1 | |
| | | ||||||
* | | Remove use of deprecated entity types | Bjørn Christian Seime | 2018-05-16 | 1 | -3/+3 | |
| | |