Commit graph

45 commits

Author SHA1 Message Date
Bobby Rullo
59dc4a9400 dexctl: remove api driver
API Driver is dead: This API turns out to not be super useful, requiring
an existing client to create other clients is weird.

Long live API Driver? Let's use Dynamic Client API and the bootstrap API
to create a better API Driver! LONG LIVE API DRIVER.
2016-06-15 11:42:50 -07:00
Eric Chiang
b7674744ee *: don't let generated comment become package comment 2016-06-10 12:40:58 -07:00
Alexandr Burdiyan
24134e18ea Add connector id to the registration error message
Right now it is not clear what connector is failing. It will be easier to debug with more specific error message.

Related to #400.
2016-06-09 13:19:21 +02:00
Bobby Rullo
f9dbc8a3d2 db, client: add data model for trusted peers
Trusted Peers are clients that are authorized to mint tokens
for another client.
2016-06-07 17:16:09 -07:00
Eric Chiang
35ea3d9ae1 *: add ability to set and list connectors from admin API
closes #360
2016-06-01 09:31:47 -07:00
Evan Cordell
73d9742c8b client manager: accept full client when creating 2016-05-24 14:44:04 -05:00
Evan Cordell
a418e1c4e7 client: add client manager
adds a client manager to handle business logic, leaving the repo
for basic crud operations. Also adds client to the test script
2016-05-19 16:20:12 -07:00
Evan Cordell
3da98fcb8e client: add transaction support 2016-05-19 16:17:01 -07:00
Bobby Rullo
9c403aba41 fix dexctl 2016-04-20 14:31:28 -07:00
Bobby Rullo
399b15abeb integration, *: Improve tests for admin api
* TestCreateClient was missing test coverage on error cases
* Fixed bug where 500s were being reported for bad requests
* changed function signature of NewAdminAPI back to old way of passing
  in lots of repos: passing in a DbMap made it difficult to test
* added swappable ID and Secret generators when creating Clients
2016-04-20 14:31:27 -07:00
Bobby Rullo
e5948ab3ce *: ClientIdentityXXX -> ClientXXX
Get rid of all outdated "ClientIdentity" terminology.
2016-04-20 14:31:27 -07:00
Eric Chiang
b10645f58d *: add client registration endpoint to admin API 2016-04-05 11:37:26 -07:00
Eric Chiang
6120f7ac05 *: add isAdmin option to client repo when creating a client 2016-04-05 11:29:58 -07:00
Eric Chiang
07af73f367 *: don't allow sqlite3 if --no-db flag not specified 2016-02-12 13:19:05 -08:00
Eric Chiang
907f536e74 Merge pull request #273 from ericchiang/version
cmd: add version to command worker and overlord, print go version
2016-02-05 09:30:48 -08:00
Eric Chiang
232a6103f9 Merge pull request #285 from ericchiang/api_docs
add generated documentation for APIs
2016-02-01 16:26:05 -08:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Eric Chiang
c7ed4fdd60 pkg,cmd: add document generator tool 2016-02-01 16:09:23 -08:00
Eric Chiang
04cd1851aa server: add dynamic client registration 2016-02-01 16:06:46 -08:00
Eric Chiang
ec3bc7f258 *: allow dexctl set-connector-configs to read from stdin
Closes #276
2016-01-19 08:59:34 -08:00
Eric Chiang
0deccc7050 cmd: add version to command worker and overlord, print go version
Closes #272
2016-01-15 11:15:32 -08:00
Eric Chiang
5e44b6bc27 *: update all to accommodate changes to go-oidc
Update dex to comply with the changes to fieldnames and types of
the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00
Eric Chiang
22c20e4e32 cmd: add version subcommand to dexctl
closes #220
2015-12-28 15:56:43 -08:00
Eric Chiang
8e5115ce73 cmd: use spf13/cobra for dexctl cli logic 2015-12-28 15:55:11 -08:00
Eric Chiang
3776c74c15 cmd: reduce backoff max when worker is waiting for connectors
fixes #177
2015-12-22 10:25:27 -08:00
Eric Chiang
49389c9b90 cmd, db: verify at least one secret is passed to --key-secrets
Passing an empty list to the overlord or worker's --key-secrets
flag currently causes an out of range panic. Always check to ensure
there's at least one element passed.

Fixes #130
Fixes #217
2015-12-16 20:28:21 -08:00
bobbyrullo
521aeae3db Merge pull request #199 from ericchiang/validate_connector
api: validate local connector existence before creating user
2015-12-07 17:44:22 -08:00
Eric Chiang
f43655a8c3 user/manager: connector must exists when creating remote identity
Add ConnectorConfigRepo to UserManager. When trying to create a
RemoteIdentity, validate that the connector ID exists.

Fixes #198
2015-12-07 17:34:08 -08:00
Eric Chiang
d518447282 user: move user manager to it's own package
This commit moves the user.Manage to its own package (user/manager)
so it can import the connector package in a later commit.

For clarity, it renames "Manager" to "UserManager" using gorname.

This commit has no functional changes.
2015-12-07 15:34:14 -08:00
Brian Waldon
b14ce73fa0 *: use example.com in place of coreos.com
Align with RFC2606 for example email addresses, using example.com
in place of coreos.com where appropriate.
2015-12-07 14:55:29 -08:00
George Tankersley
07a4d4441e pkg/crypto: replace old crypto with new crypto 2015-10-29 13:45:25 -07:00
Bobby Rullo
55040c55fa server, integration, cmd: Protect Admin API
Admin API now requires a 128 byte base64 encoded secret to be passed in
Authorization header, closing up a potential security hole for those
who expose this service.
2015-10-01 13:15:45 -07:00
Bobby Rullo
d3d6a75b91 fixup - Code review changes. 2015-09-30 17:07:00 -07:00
Bobby Rullo
bf9517fdaa server,cmd: Add flag for disabling registation
For situations where admins add users.
2015-09-30 16:35:58 -07:00
Bobby Rullo
510293a984 fixup 2015-09-18 17:25:06 -07:00
Bobby Rullo
3cd0d84e31 cmd/dex-worker: wait 'til connectors are available
Otherwise, if worker starts without connectors, and then connectors are
added workers have to be restarted to pick up the changes.
2015-09-18 17:11:58 -07:00
Giulio Iotti
472e4a02a4 *: Remove unnecessary else statements
Whenever it makes the code easier to follow, use early return to
avoid else statements.
2015-09-04 22:45:32 +03:00
Bobby Rullo
f1820cda14 cmd,server,static/html: Configurable name, logo
fixes #47
2015-09-02 18:00:28 -07:00
Bobby Rullo
62aa12fa6c cmd/dex-overlord: was using the wrong err 2015-09-01 17:07:10 -07:00
Bobby Rullo
9b64ecb2d7 cmd/dex-overlord: bind admin API on 127.0.0.1
Instead of 0.0.0.0; this is safer, since the admin API is very powerful.

fixes #97
2015-08-31 13:42:16 -07:00
Yifan Gu
3da456efa8 dex-worker: add TLS support.
Add two new flags '--cert-file' and '--key-file'.
If scheme == 'https', then we will use the two new flags to get
the cert/key pair for TLS connection.

Also add '--ca-file' to the example app to allow TLS connection to the
dex-worker using a specified ca file.
2015-08-29 01:42:21 -07:00
Bobby Rullo
d0c199b62c cmd, server: base64 encode multiple secrets
Two things here:

    * key secrets are now base64 encoded strings, so we get the full key
      space

    * we can pass >1 of them in so we can rotate them
2015-08-26 10:43:24 -07:00
Alex Polvi
c7d2393add bug: remote whitespace so eval works 2015-08-24 08:20:04 -07:00
Bobby Rullo
8b6a2699d9 cmd/dex-overlord, db: migrations in overlord
Migrations happen only in the overlord, so there's no thundering herd,
and database initialziation can be more easily controlled.
2015-08-20 11:44:43 -07:00
Bobby Rullo
66fe201c24 *: move original project to dex 2015-08-18 11:26:57 -07:00