- Jun 14, 2016
-
-
Niall Sheridan authored
Whitelist Google users based on their email address instead of the username part of the email address. Plain gmail (non Google Apps) accounts don't necessarily end in '@gmail.com', and whitelisting on username alone is open to abuse. Skip testing for a Google Apps domain (ui.Hd) if no domain is configured. Principals will still be added as the user part of the email address. For the Github provider, skip checking that the user is a member of an organization is none is configured.
-
Niall Sheridan authored
-
Marco Bonetti authored
Add support for a users whitelist
-
Marco Bonetti authored
-
- Jun 13, 2016
-
-
Niall Sheridan authored
-
Niall Sheridan authored
Fix lint warnings.
-
- Jun 06, 2016
-
-
Niall Sheridan authored
Remove certs from the agent when they expire
-
Niall Sheridan authored
Added support for certificate lifetimes
-
Niall Sheridan authored
update dependencies
-
Niall Sheridan authored
Add AWS S3 and Google GCS virtual filesystems
-
Niall Sheridan authored
Save oauth 'state' identifier in the client
-
- Jun 05, 2016
-
-
Niall Sheridan authored
-
Niall Sheridan authored
-
Niall Sheridan authored
This allows the signing key to be read directly from S3 using a path like /s3/<bucket>/<path/to/signing.key> or /gcs/<bucket>/<path/to/signing.key>.
-
- Jun 02, 2016
-
-
Niall Sheridan authored
-
Niall Sheridan authored
This switch statement doesn't do what I thought it does
-
- Jun 01, 2016
-
-
Niall Sheridan authored
-
- May 29, 2016
-
-
Patrick O'Doherty authored
-
Niall Sheridan authored
Switch from json to hcl configs
-
Niall Sheridan authored
-
Niall Sheridan authored
-
Niall Sheridan authored
-
Niall Sheridan authored
This is backward-compatible with the JSON config format - this is a non-breaking change. HCL treats config blocks as repeated fields so the config has to be unmarshalled into a struct comprised of []Server, []Auth, []SSH first.
-
Niall Sheridan authored
client: use a config file in addition to command-line flags
-
Niall Sheridan authored
Run more CI checks
-
Niall Sheridan authored
Re-enable go 1.5 Run `go build`, `gofmt` and `go vet` in addition to tests.
-
Niall Sheridan authored
-
- May 28, 2016
-
-
Niall Sheridan authored
-
Niall Sheridan authored
-
Patrick O'Doherty authored
-
Patrick O'Doherty authored
To allow for easier development on localhost where one cannot get a root-CA signed TLS certificate, add a new validate_tls_certificate option to the configuration file which optionally allows for certificate chain checking to be disabled.
-
Niall Sheridan authored
-
Niall Sheridan authored
-
Niall Sheridan authored
Set expiry time in the github auth package
-
Niall Sheridan authored
-
Niall Sheridan authored
-
- May 25, 2016
-
-
Patrick O'Doherty authored
Add config.json to a gitignore to prevent it being versioned.
-
- May 24, 2016
-
-
Patrick O'Doherty authored
Don't allow wide-open Google or Github configs
-
Patrick O'Doherty authored
Fail loudly if either the google_opts domain value or github_opts organization values are not set in the configuration. The lack of these values means that a) in the Google case any @gmail.com address will be allowed b) the Github case any Github user will be allowed. This was previously documented but left as a foot-gun in the code. Future commits will allow for explicit wildcards to be set.
-
- May 22, 2016
-
-
Niall Sheridan authored
-