4f31a9a33b
Reload users upon AddUser on peers ( #6975 )
...
Also migrate ReloadFormat to notification subsystem,
remove GetConfig() we do not use this API anymore
2018-12-18 14:39:21 -08:00
7e879a45d5
Add policy claim support for JWT ( #6660 )
...
This way temporary credentials can use canned
policies on the server without configuring OPA.
2018-10-29 11:08:59 -07:00
bf66e9a529
Reload etcd users and policies properly ( #6694 )
...
Currently there was a bug in how we reload users and policies
which leads to users/policies going missing due to wrong path
construction.
Fixes #6693
2018-10-24 17:40:06 -07:00
fde8c38638
Add default canned policies ( #6690 )
2018-10-24 17:14:27 -07:00
b251454dd6
Fix toggling users status ( #6640 )
2018-10-16 14:55:23 -07:00
1e7e5e297c
Add canned policy support ( #6637 )
...
This PR adds an additional API where we can create
a new set of canned policies which can be used with one
or many users.
2018-10-16 12:48:19 -07:00
23b166b318
Remove applying custom policies with STS access keys ( #6626 )
...
Move away from allowing custom policies, all policies in
STS come from OPA otherwise they fail.
2018-10-15 12:44:03 -07:00
3ef3fefd54
Add ListUsers API to list all configured users in IAM ( #6619 )
2018-10-13 12:48:43 +05:30
143e7fe300
Add etcd support to support STS on gateway mode ( #6531 )
2018-10-12 11:32:18 -07:00
54ae364def
Introduce STS client grants API and OPA policy integration ( #6168 )
...
This PR introduces two new features
- AWS STS compatible STS API named AssumeRoleWithClientGrants
```
POST /?Action=AssumeRoleWithClientGrants&Token=<jwt>
```
This API endpoint returns temporary access credentials, access
tokens signature types supported by this API
- RSA keys
- ECDSA keys
Fetches the required public key from the JWKS endpoints, provides
them as rsa or ecdsa public keys.
- External policy engine support, in this case OPA policy engine
- Credentials are stored on disks
2018-10-09 14:00:01 -07:00
Harshavardhana