eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions

- Added kingfisher.temporal.1 rule for Temporal Cloud API keys (namespace-scoped and user-scoped JWT formats) with Temporal-specific pattern matching.

Browse source 
- Added Temporal Cloud active credential validation via GET https://saas-api.tmprl.cloud/cloud/current-identity using bearer auth, so Temporal keys validate against provider APIs instead of generic OIDC discovery.
- Fixed JWT issuer normalization to treat bare host issuers (e.g. iss: temporal.io) as HTTPS URLs during discovery, avoiding low-level URL builder failures.
- Added crates/kingfisher-rules/build.rs to ensure embedded rule assets rebuild when files under crates/kingfisher-rules/data change.
This commit is contained in:
Mick Grove 2026-02-11 23:33:35 -08:00
commit 57845eebcd
3 changed files with 43998 additions and 25576 deletions
Download patch file Download diff file Expand all files Collapse all files

2
LICENSE
View file

@ -198,4 +198,4 @@
distributed under the License is distributed on an "AS IS" BASIS, distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.

44588
THIRD_PARTY_NOTICES
View file

File diff suppressed because one or more lines are too long

2
nextest.toml
View file

@ -1,3 +1,3 @@
[profile.default] [profile.default]
# Hard limit: kill any single test that runs longer than 5 minutes # Hard limit: kill any single test that runs longer than 5 minutes
test-timeout = "5m" test-timeout = "10m"