New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Amazonlinux make bug #72
Comments
This error appears because the Using the last |
russell-lewis
added a commit
to russell-lewis/bless
that referenced
this issue
Jul 13, 2018
russell-lewis
added a commit
that referenced
this issue
Jul 13, 2018
Thanks for the issue. Fixed in #73 |
acmcelwee
added a commit
to datadotworld/bless
that referenced
this issue
Nov 29, 2018
* Allows username validation against IAM groups This change gives the option to validate the remote username against the IAM groups containing the user invoking the lambda function. This is an optional feature which is used in conjunction with kmsauth. For example, if there were two groups of users, you could put your admins in the ssh-admin IAM group to allow them to generate certificates with a remote_username of 'admin'. Users with fewer permissions could be in the ssh-user group to allow them to generate certificates for the 'user' account. The group name is configurable, however they must all be in a consistent format, and must all contain the relevant remote_username once. * Compressed CA private key support * Fixing Netflix#72 thanks @Immortalin and @tuxinaut . * Add support for loading ED25519 public keys * Add certificate builder and test ED25519 signed by RSA * Allowing BLESS lambda to accept ed25519 keys, completing https://gith… (Netflix#74) * Allowing BLESS lambda to accept ed25519 keys, completing Netflix#71 . Thanks @jnewbigin . * Moving BLESS to python 3.6. (Netflix#75) * Moving BLESS to python 3.6. You just need to rebuild, publish, and switch your lambda runtime from 2.7 to 3.6. * Moving TravisCI to Python3.6 as well. * bless_client.py: fix argv unpacking when using a kmsauth token (Netflix#63) * Add the FileSync flag to the zip command (Netflix#76) * Make lambda_configs dir optional for publish make target (Netflix#69) * Adding a blacklisted remote_usernames option. This would prevent particular SSH Authorized Principals from being included in a BLESS certificate. * Refactored BLESS to cache KMS decrypt results for the ca private key password. * Bumping to Release v.0.3.0 Features include: Python 3.6 Lambda support Caching of the KMS decrypted CA Private Key Password. Compressed CA Private Key support, allowing RSA 4096 keys to be set in the Lambda Environment. Issue certificates for ED25519 public keys (RSA CA). New option to validate the remote username against the IAM groups of the calling user. Updated dependencies.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The text was updated successfully, but these errors were encountered: