Commit Graph

2776 Commits (backports)
 

Author SHA1 Message Date
Herman Slatman bfa4d809fd
Improve middleware test coverage 2 years ago
Herman Slatman 6da243c34d
Add policy precheck for all admins 2 years ago
Herman Slatman 628d7448de
Don't return policy in provisioner JSON 2 years ago
Herman Slatman 2fbdf7d5b0
Merge branch 'master' into herman/allow-deny 2 years ago
Herman Slatman 0e052fe299
Add authority policy API 2 years ago
Panagiotis Siatras 00634fb648
api/render, api/log: initial implementation of the packages (#860)
* api/render: initial implementation of the package

* acme/api: refactored to support api/render

* authority/admin: refactored to support api/render

* ca: refactored to support api/render

* api: refactored to support api/render

* api/render: implemented Error

* api: refactored to support api/render.Error

* acme/api: refactored to support api/render.Error

* authority/admin: refactored to support api/render.Error

* ca: refactored to support api/render.Error

* ca: fixed broken tests

* api/render, api/log: moved error logging to this package

* acme: refactored Error so that it implements render.RenderableError

* authority/admin: refactored Error so that it implements render.RenderableError

* api/render: implemented RenderableError

* api/render: added test coverage for Error

* api/render: implemented statusCodeFromError

* api: refactored RootsPEM to work with render.Error

* acme, authority/admin: fixed pointer receiver name for consistency

* api/render, errs: moved StatusCoder & StackTracer to the render package
2 years ago
Mariano Cano abf5fc32a3 Format comment. 2 years ago
Mariano Cano b42c1dfe64
Merge pull request #879 from smallstep/feat/WithX509SignerFunc
Add authority.WithX509SignerFunc
2 years ago
Mariano Cano c480936ba4 Split comments. 2 years ago
Mariano Cano 0b388942e8 Upgrade linkedca package. 2 years ago
Mariano Cano 955d4cf80d Add authority.WithX509SignerFunc
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.

This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.

Fixes #874
2 years ago
Mariano Cano 8d1ce3133a Merge branch 'master' into feat/linkedra 2 years ago
Mariano Cano 6851842841 Fix unit tests. 2 years ago
Mariano Cano 580a9c1476 Get linked RA configuration using the linked ca client. 2 years ago
Herman Slatman 4cde2696e5 Update cloud.google.com/go/kms 2 years ago
Andrew Reed 52d7f084d2 Add /roots.pem handler (#866)
* Add /roots.pem handler

* Review changes

* Remove no peer cert test case
2 years ago
Mariano Cano 750e9ee2f8 Attempt to fix TestBootstrapClientServerRotation
This change attempts to fix the test TestBootstrapClientServerRotation.
Due to the backdate, the renew options get too large, causing
continuous renewals, and random errors. After experimenting with
different options, truncating durations to seconds have shown better
results than rounding or just use the plain time.
2 years ago
Panagiotis Siatras 27c1d0afc3 add --context flag to step-ca command (#851)
* added the --context flag

* apply the context and allow for different ca.json

* amended usage for consistency

* added an extra example

* added an extra example

* reordered and reworded examples
2 years ago
Panagiotis Siatras a852223717 scep: remove Interface and the dependency to pkg/errors (#872)
* scep: documented the package

* scep/api: removed some top level constants

* scep: removed dependency to pkg/errors

* scep/api: documented the package
2 years ago
Panagiotis Siatras bca74cb6a7 scep: minor cleanup (#867)
* api, scep: removed scep.Error

* scep/api: replaced nextHTTP with http.HandlerFunc

* scep/api: renamed writeSCEPResponse to writeResponse

* scep/api: renamed decodeSCEPRequest to decodeRequest

* scep/api: renamed writeError to fail

* scep/api: replaced pkg/errors with errors

* scep/api: formatted imports

* scep/api: do not export SCEPRequest & SCEPResponse

* scep/api: do not export Handler

* api: flush errors better
2 years ago
vijayjt 37207793f9 Pass in the resource name regardless of if its a VM or managed identity 2 years ago
vijayjt 7e47c70af2 Remove redundant parameter type declaration 2 years ago
vijayjt 7b605b2d16 Support Azure tokens from managed identities not associated with a VM 2 years ago
Mariano Cano 76ea1635a7 Change golang to Go 2 years ago
Mariano Cano 5ab79f53be Fix linter errors 2 years ago
Mariano Cano 161a4b28be Change go version to 1.17 and 1.18 2 years ago
Herman Slatman c50800eb01 Add armv5 build for (cloud|aws)kms 2 years ago
Herman Slatman 76e5347923 Add armv5 build to GoReleaser configuration 2 years ago
Panagiotis Siatras 17d7fd70cd api/log: initial implementation of the package (#859)
* api/log: initial implementation of the package

* api: refactored to support api/log

* scep/api: refactored to support api/log

* api/log: documented the package

* api: moved log-related tests to api/log
2 years ago
Herman Slatman 49de04661b
Merge pull request #877 from smallstep/herman/update-google-kms
Update cloud.google.com/go/kms
2 years ago
Andrew Reed d5d70baba7
Add /roots.pem handler (#866)
* Add /roots.pem handler

* Review changes

* Remove no peer cert test case
2 years ago
Herman Slatman 1dbaa62740
Update cloud.google.com/go/kms 2 years ago
Mariano Cano a7959ac563
Merge pull request #871 from smallstep/fix/renewer
Attempt to fix TestBootstrapClientServerRotation
2 years ago
Herman Slatman 23676d3bcc
Merge branch 'master' into herman/allow-deny 2 years ago
Herman Slatman b49307f326
Fix ACME order tests with mock ACME CA 2 years ago
Panagiotis Siatras 6d4d4560df
add --context flag to step-ca command (#851)
* added the --context flag

* apply the context and allow for different ca.json

* amended usage for consistency

* added an extra example

* added an extra example

* reordered and reworded examples
2 years ago
Panagiotis Siatras e27124b037
scep: remove Interface and the dependency to pkg/errors (#872)
* scep: documented the package

* scep/api: removed some top level constants

* scep: removed dependency to pkg/errors

* scep/api: documented the package
2 years ago
Herman Slatman cf34b32e61
Merge branch 'herman/allow-deny-next' into herman/allow-deny 2 years ago
Herman Slatman 9e0edc7b50
Add early authority policy evaluation to ACME order API 2 years ago
Panagiotis Siatras b98f86a515
scep: minor cleanup (#867)
* api, scep: removed scep.Error

* scep/api: replaced nextHTTP with http.HandlerFunc

* scep/api: renamed writeSCEPResponse to writeResponse

* scep/api: renamed decodeSCEPRequest to decodeRequest

* scep/api: renamed writeError to fail

* scep/api: replaced pkg/errors with errors

* scep/api: formatted imports

* scep/api: do not export SCEPRequest & SCEPResponse

* scep/api: do not export Handler

* api: flush errors better
2 years ago
Herman Slatman c45d177d52
Merge pull request #847 from smallstep/herman/allow-deny-next
Refactor allow/deny (WIP)
2 years ago
Herman Slatman 613c99f00f
Fix linting issues 2 years ago
Herman Slatman dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2 years ago
Herman Slatman 6b620c8e9c
Improve protobuf unmarshaling error handling 2 years ago
Mariano Cano ba0b170818 Attempt to fix TestBootstrapClientServerRotation
This change attempts to fix the test TestBootstrapClientServerRotation.
Due to the backdate, the renew options get too large, causing
continuous renewals, and random errors. After experimenting with
different options, truncating durations to seconds have shown better
results than rounding or just use the plain time.
2 years ago
Mariano Cano 082734474b
Merge pull request #845 from vijayjt/azure-user-mi-token
WIP: Support Azure tokens generated by managed identities
2 years ago
Mariano Cano f3bade4547
Merge pull request #861 from smallstep/go/1.18
Change go version to 1.17 and 1.18
2 years ago
Herman Slatman 63acb47704
Merge pull request #870 from smallstep/armv5
Add armv5 build for (cloud|aws)kms
2 years ago
Herman Slatman 904d6712f5
Add armv5 build for (cloud|aws)kms 2 years ago
Herman Slatman afca57958b
Merge pull request #869 from smallstep/armv5
Add armv5 build to GoReleaser configuration
2 years ago