max furman
|
8f07ff6a39
|
Add kubernetes service account provisioner
|
5 years ago |
Max
|
0a96062b76
|
Merge pull request #128 from jkralik/returnCertChain
Change api of functions Authority.Sign, Authority.Renew
|
5 years ago |
max furman
|
d368791606
|
Add x5c provisioner capabilities
|
5 years ago |
Jozef Kralik
|
bc6074f596
|
Change api of functions Authority.Sign, Authority.Renew
Returns certificate chain instead of 2 members.
Implements #126
|
5 years ago |
Mariano Cano
|
59526d3225
|
Merge pull request #105 from smallstep/okta-support
Address support on OIDC provisioners
|
5 years ago |
Mariano Cano
|
39b41b5e83
|
Merge pull request #107 from smallstep/ssh-valid-after
Truncate to seconds ValidAfter
|
5 years ago |
Mariano Cano
|
d59a5b222f
|
Truncate to seconds to avoid rounding up times.
It can cause that certs are not valid yet, if they are used right away.
|
5 years ago |
max furman
|
fe7973c060
|
wip
|
5 years ago |
Mariano Cano
|
adc1d54b0d
|
Define valid after as 1m before now.
It avoids errors with immediate use of cert.
|
5 years ago |
Mariano Cano
|
72f1a61f06
|
Increase coverage.
|
5 years ago |
Mariano Cano
|
b7045f27a9
|
Increase coverage.
|
5 years ago |
Mariano Cano
|
a16b2125bc
|
Fix tests.
|
5 years ago |
Mariano Cano
|
6c4abfabbb
|
Make /.well-known/openid-configuration optional
|
5 years ago |
Mariano Cano
|
3527ee6940
|
Add support for listenAddress parameter if OIDC provisioners.
Fixes smallstep/cli#150
|
5 years ago |
max furman
|
44e864030d
|
Remove debug logging
|
5 years ago |
max furman
|
e3826dd1c3
|
Add ACME CA capabilities
|
5 years ago |
max furman
|
d204469280
|
Add a few more validity checks to default ssh cert validator
|
5 years ago |
Mariano Cano
|
396b4222aa
|
Implement validator for ssh keys.
Fixes #100
|
5 years ago |
max furman
|
61d52a8510
|
Small fixes associated with PR review
* additions and grammar edits to documentation
* clarification of error msgs
|
5 years ago |
Mariano Cano
|
10e7b81b9f
|
Merge branch 'master' into ssh-ca
|
5 years ago |
max furman
|
ac234771c7
|
Remove unknown provisioner WARNning and leave TODO
|
5 years ago |
max furman
|
ca8daf5f12
|
Update comment and warn
|
5 years ago |
Mariano Cano
|
9200f11ed8
|
Skip unsupported provisioners.
|
5 years ago |
Max
|
5dac2459c3
|
Merge pull request #96 from smallstep/max/2084
Enforce >= 2048 bit rsa keys in CSRs
|
5 years ago |
max furman
|
d3e74a0d2e
|
switch from metalinter to golangci-lint
|
5 years ago |
max furman
|
2b41faa9cf
|
Enforce >= 2048 bit rsa keys at the provisioner layer
* Fixes #94
* In the future this should be configurable by provisioner
|
5 years ago |
max furman
|
635c59ed24
|
Accept emails SANs
|
5 years ago |
Mariano Cano
|
db4baa0487
|
Add tests for authority sign ssh methods.
|
5 years ago |
Mariano Cano
|
34e1e3380a
|
Fix lint errors.
|
5 years ago |
Mariano Cano
|
57a529cc1a
|
Allow to enable the SSH CA per provisioner
|
5 years ago |
Mariano Cano
|
e71072d389
|
Add experimental support for provisioning users.
|
5 years ago |
Mariano Cano
|
390aecca0b
|
Check for error creating signers.
|
5 years ago |
Mariano Cano
|
004ea12212
|
Allow to use custom SSH user/host key files.
|
5 years ago |
Mariano Cano
|
dc657565a7
|
Add SSH test for GCP.
|
5 years ago |
Mariano Cano
|
7983aa8661
|
Add azure ssh tests.
|
5 years ago |
Mariano Cano
|
2cac85a8c8
|
Add aws tests.
|
5 years ago |
Mariano Cano
|
f8a71899fd
|
Add missing file.
|
5 years ago |
Mariano Cano
|
d231bfb764
|
Update jwk and oidc tests.
|
5 years ago |
Mariano Cano
|
a8f4ad1b8e
|
Set default SSH options if no user options are given.
|
5 years ago |
Mariano Cano
|
c17375a10a
|
Create convenient method to mock the timeduration.
|
5 years ago |
Mariano Cano
|
4c1a11c1bc
|
Add Unix method to TimeDuration.
|
5 years ago |
Mariano Cano
|
b0240772da
|
Add tests for SSH certs with JWK provisioners.
|
5 years ago |
Mariano Cano
|
780eeb5487
|
Remove debug print.
|
5 years ago |
Mariano Cano
|
ad91842d06
|
Add test for SanitizeSSHUserPrincipal
|
5 years ago |
Mariano Cano
|
f8cacc11b1
|
Fix tests.
|
5 years ago |
Mariano Cano
|
b827a59e96
|
Add SSH host certificate support for GCP provisioner.
|
5 years ago |
Mariano Cano
|
221d323b68
|
Fix containsAllMembers
|
5 years ago |
Mariano Cano
|
18a285e847
|
Change azure ssh key id.
|
5 years ago |
Mariano Cano
|
aef52e4334
|
Add support for SSH host certificates in azure.
|
5 years ago |
Mariano Cano
|
7d670b20ea
|
Add support of ssh host certinficates in AWS provisioner.
|
5 years ago |
Mariano Cano
|
7583f1c739
|
Do not require all principals, allow subgroups.
|
5 years ago |
Mariano Cano
|
41b97372e6
|
Rename function to SanitizeSSHUserPrincipal
|
5 years ago |
Mariano Cano
|
53f62f871c
|
Set not extensions to host certificates.
|
5 years ago |
Mariano Cano
|
48c98dea2a
|
Make SanitizeSSHPrincipal a public function.
|
5 years ago |
Mariano Cano
|
f01286bb48
|
Add support for SSH certificates to OIDC.
Update the interface for all the provisioners.
|
5 years ago |
Mariano Cano
|
7a64a84761
|
Pass the given context.
|
5 years ago |
Mariano Cano
|
e1cd5ee8c3
|
Add context to the Authorize method.
Fix tests.
|
5 years ago |
Mariano Cano
|
2127d09ef3
|
Rename context type to apiCtx.
It will conflict with the context package.
|
5 years ago |
Mariano Cano
|
082ebda85b
|
Merge branch 'master' of github.com:smallstep/certificates into ssh-ca
|
5 years ago |
Mariano Cano
|
d7221e15ac
|
Always marshal timeduration as a string
|
5 years ago |
Mariano Cano
|
3ff410c695
|
fix ssh validity modifier
|
5 years ago |
Mariano Cano
|
1c8f610ca9
|
Add initial implementation of an SSH CA using the JWK provisioner.
Fixes smallstep/ca-component#187
|
5 years ago |
Mariano Cano
|
f5beed3b96
|
Merge pull request #83 from matteo-s/oidc-groups
Add option for checking group membership declared in JWT token
|
5 years ago |
Mariano Cano
|
3e69194cc4
|
Fix lint error
|
5 years ago |
Mariano Cano
|
900ab9cc12
|
Allow custom common names in cloud identity provisioners.
|
5 years ago |
Mariano Cano
|
5f4217ca4c
|
Simplify abs, it performs even better.
|
5 years ago |
Matteo Saloni
|
1919cfdff3
|
Add option for checking group membership declared in JWT token
|
5 years ago |
Mariano Cano
|
e66272d6f0
|
Fix panic when max-age is set to zero.
Fixes #81
|
5 years ago |
Mariano Cano
|
578beec25d
|
Merge pull request #65 from smallstep/cloud-identities
Cloud identities
|
5 years ago |
Mariano Cano
|
8f8c862c04
|
Fix spelling errors.
|
5 years ago |
Mariano Cano
|
b88a2f1373
|
Fix provisioner id in LoadByCertificate
|
5 years ago |
Mariano Cano
|
37dff5124b
|
Fix audience tests.
Fixes smallstep/step#156
|
5 years ago |
Mariano Cano
|
2491593cdd
|
Add ca-url based audience for AWS tokens
Fixes smallstep/step#156
|
5 years ago |
Mariano Cano
|
4fa9e9333d
|
Add NewDuration constructor.
|
5 years ago |
Mariano Cano
|
37f2096dff
|
Add Stringer interface to provisioner.Type.
Add missing file.
|
5 years ago |
Mariano Cano
|
6e4a09651a
|
Add comments with links to cloud docs.
|
5 years ago |
Mariano Cano
|
536ec36b9e
|
Add support for instance age check in AWS.
Fixes smallstep/step#164
|
5 years ago |
Mariano Cano
|
c431538ff2
|
Add support for instance age check in GCP.
Fixes smallstep/step#164
|
5 years ago |
Mariano Cano
|
4cef086c00
|
Allow to use emails as service accounts on GCP
Fixes smallstep/step#163
|
5 years ago |
Mariano Cano
|
0a756ce9d0
|
Use on GCP audiences with the format https://<ca-url>#<provisioner-type>/<provisioner-name>
Fixes smallstep/step#156
|
5 years ago |
Mariano Cano
|
a54bf925eb
|
Add filtering by GCP Project ID.
Fixes smallstep/step#155
|
5 years ago |
Mariano Cano
|
54d0186d1f
|
Change condition to fail if the length is not the expected.
|
5 years ago |
Mariano Cano
|
dbd3131068
|
Fix comments.
|
5 years ago |
Mariano Cano
|
9f39cb5f2a
|
Add test.
|
5 years ago |
Mariano Cano
|
fb6a1afd89
|
Fix typo.
|
5 years ago |
Mariano Cano
|
3a1a4c5ea9
|
Do not allow reload with database configuration changes.
Fixes #smallstep/ca-component#170
|
5 years ago |
Mariano Cano
|
cf07c8f4c0
|
Fix typos.
|
5 years ago |
Mariano Cano
|
54570095d4
|
Merge branch 'master' into cloud-identities
|
6 years ago |
Mariano Cano
|
423d505d04
|
Replace subscriptions with resource groups.
|
6 years ago |
Mariano Cano
|
32d2d6b75a
|
Remove debug code.
|
6 years ago |
Mariano Cano
|
e0aaa1a577
|
Use tenant id in azures's provisioner x509 extension.
|
6 years ago |
Mariano Cano
|
89eeada2a2
|
Add support for loading azure tokens by tenant id.
|
6 years ago |
Mariano Cano
|
803d81d332
|
Improve azure unit tests.
|
6 years ago |
Mariano Cano
|
4c5fec06bf
|
Require TenantID in azure, add some tests.
|
6 years ago |
Mariano Cano
|
12937c6b75
|
Remove pkcs7 related variables and structs.
|
6 years ago |
Mariano Cano
|
6412b1a79b
|
Add first version of Asure support.
Fixes #69
|
6 years ago |
max furman
|
81db527f12
|
NoopDB -> SimpleDB
|
6 years ago |
max furman
|
b73fe8c157
|
Add used OTT to DB during authToken step
|
6 years ago |
Mariano Cano
|
70196b2331
|
Add skeleton for the Azure provisioner.
Related to #69
|
6 years ago |
Mariano Cano
|
81bfd2c1cb
|
Add tests for AWS provisioner
Fixes #68
|
6 years ago |