Age | Commit message (Collapse) | Author |
|
Remove certs from the agent when they expire
|
|
Add AWS S3 and Google GCS virtual filesystems
|
|
|
|
This allows the signing key to be read directly from S3 using a path like
/s3/<bucket>/<path/to/signing.key> or /gcs/<bucket>/<path/to/signing.key>.
|
|
|
|
This is backward-compatible with the JSON config format - this is a
non-breaking change.
HCL treats config blocks as repeated fields so the config has to be
unmarshalled into a struct comprised of []Server, []Auth, []SSH first.
|
|
|
|
|
|
To allow for easier development on localhost where one cannot get a
root-CA signed TLS certificate, add a new validate_tls_certificate
option to the configuration file which optionally allows for certificate
chain checking to be disabled.
|
|
|
|
|
|
|
|
|
|
Fail loudly if either the google_opts domain value or github_opts organization
values are not set in the configuration. The lack of these values means that
a) in the Google case any @gmail.com address will be allowed
b) the Github case any Github user will be allowed.
This was previously documented but left as a foot-gun in the code.
Future commits will allow for explicit wildcards to be set.
|
|
|
|
|