Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-15 18:12:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,322 Commits 39 Branches 223 Tags 44 MiB
1583e53cda
Commit Graph

61 Commits

Author SHA1 Message Date
Max
9f84f7ce35
Allow for identity certificate signing (in sshSign) by skipping validators (#1572) 
- skip urisValidator for identity certificate signing. Implemented
  by building the validator with the context in a hacky way.
 2023-10-06 14:02:19 -07:00
Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim 
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
 2023-07-27 15:05:01 -07:00
Josh Drake
904f416d20
Include authorization principal in provisioner webhooks. 2023-07-24 00:30:05 -05:00
max furman
8b256f0351
address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Andrew Reed
7101fbb0ee
Provisioner webhooks (#1001) 2022-09-29 19:16:26 -05:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
e7d7eb1a94 Add provisioner as a signOption for SSH 2022-05-18 18:42:42 -07:00
Herman Slatman
5e9bce508d
Unexport GetPolicy() 2022-05-05 12:32:53 +02:00
Herman Slatman
c40a4d2694
Contain policy engines inside provisioner Controller 2022-04-22 01:20:38 +02:00
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny 2022-04-08 16:01:56 +02:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2022-03-24 12:36:12 +01:00
Mariano Cano
b401376829 Add current provisioner to AuthorizeSign SignOptions. 
The original provisioner cannot be retrieved from a certificate
if a linked ra is used.
 2022-03-21 19:21:40 -07:00
Mariano Cano
259e95947c Add support for the provisioner controller 
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
 2022-03-09 18:43:45 -08:00
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level 2022-03-08 13:26:07 +01:00
Herman Slatman
88c7b63c9d
Split SSH user and cert policy configuration and execution 2022-02-01 15:18:39 +01:00
Herman Slatman
512b8d6730
Refactor instantiation of policy engines 
Instead of using the `base` struct, the x509 and SSH policy
engines are now added to each provisioner directly.
 2022-01-25 16:45:25 +01:00
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine 2022-01-03 12:25:24 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
max furman
638766c615 wip 2021-05-19 18:23:20 -07:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 2020-08-24 14:44:11 -07:00
Mariano Cano
e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 2020-08-10 11:26:51 -07:00
Mariano Cano
f437b86a7b Merge branch 'cert-templates' into ssh-cert-templates 2020-08-05 18:43:07 -07:00
Mariano Cano
c8d225a763 Use x509util from go.step.sm/crypto/x509util 2020-08-05 16:02:46 -07:00
Mariano Cano
9822305bb6 Use only the IID template on IID provisioners. 
Use always sshutil.DefaultIIDCertificate and require at least one
principal on IID provisioners.
 2020-08-03 15:11:42 -07:00
Mariano Cano
aa657cdb4b Use SSHOptions inside provisioner options. 2020-07-30 18:44:52 -07:00
Mariano Cano
6c36ceb158 Add initial template support for iid provisisioners. 2020-07-30 17:45:03 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 2020-07-22 18:24:45 -07:00
Mariano Cano
02c4f9817d Set full token payload instead of only the known properties. 2020-07-21 14:21:54 -07:00
Mariano Cano
eb8886d828 Add CR subject as iid default subject. 
Add a minimal subject with just a common name to iid provisioners
in case we want to use it.
 2020-07-21 14:18:06 -07:00
Mariano Cano
e60ea419cc Add template support for gcp provisioner. 2020-07-21 14:18:06 -07:00
max furman
1951669e13 wip 2020-06-23 11:10:45 -07:00
Mariano Cano
f868e07a76 Allow to use custom principals on cloud provisioners. 
Fixes #203
 2020-03-05 14:33:42 -08:00
max furman
1cb8bb3ae1 Simplify statuscoder error generators. 2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 2020-01-28 13:29:40 -08:00
Mariano Cano
84ff172093 Add support for backdate to SSH certificates. 2020-01-28 13:29:39 -08:00
max furman
29853ae016 sshpop provisioner + ssh renew | revoke | rekey first pass 2020-01-28 13:28:16 -08:00
max furman
d368791606 Add x5c provisioner capabilities 2019-10-14 14:51:37 -07:00
Mariano Cano
396b4222aa Implement validator for ssh keys. 
Fixes #100
 2019-09-10 17:04:13 -07:00
Mariano Cano
10e7b81b9f Merge branch 'master' into ssh-ca 2019-09-05 23:06:01 +02:00
max furman
2b41faa9cf Enforce >= 2048 bit rsa keys at the provisioner layer 
* Fixes #94
* In the future this should be configurable by provisioner
 2019-08-27 14:44:59 -07:00
Mariano Cano
57a529cc1a Allow to enable the SSH CA per provisioner 2019-08-05 11:40:27 -07:00
Mariano Cano
a8f4ad1b8e Set default SSH options if no user options are given. 2019-07-31 17:03:33 -07:00
Mariano Cano
b827a59e96 Add SSH host certificate support for GCP provisioner. 2019-07-29 18:17:20 -07:00
Mariano Cano
f01286bb48 Add support for SSH certificates to OIDC. 
Update the interface for all the provisioners.
 2019-07-29 15:54:07 -07:00
Mariano Cano
900ab9cc12 Allow custom common names in cloud identity provisioners. 2019-07-15 15:52:36 -07:00
Mariano Cano
6e4a09651a Add comments with links to cloud docs. 2019-06-05 11:04:00 -07:00
Mariano Cano
c431538ff2 Add support for instance age check in GCP. 
Fixes smallstep/step#164
 2019-06-04 15:57:15 -07:00
Mariano Cano
4cef086c00 Allow to use emails as service accounts on GCP 
Fixes smallstep/step#163
 2019-06-03 17:28:39 -07:00