Herman Slatman
c169defc73
Merge pull request #1136 from smallstep/herman/ignore-empty-acme-meta
2022-11-08 09:56:00 +01:00
Herman Slatman
920c4f02c5
Add additional properties to provisioner converters
2022-11-07 22:34:35 +01:00
Mariano Cano
c7f226bcec
Add support for renew when using stepcas
...
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.
The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.
Fixes #1021 for stepcas
2022-11-04 16:42:07 -07:00
Mariano Cano
bd1938b0da
Add support for storing or sending attestation data to linkedca
2022-10-06 12:22:19 -07:00
Andrew Reed
7101fbb0ee
Provisioner webhooks ( #1001 )
2022-09-29 19:16:26 -05:00
Mariano Cano
906c5067b9
Include attestation roots on provisioner converters
2022-09-29 16:12:55 -07:00
max furman
f3d1863ec6
A few more linter errors
2022-09-20 21:01:55 -07:00
Mariano Cano
f0a24bd8ca
Add acme property to enable challenges
...
Fixes #1027
2022-09-20 19:01:53 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2022-09-20 16:35:41 -07:00
Mariano Cano
bb0210e875
Fix typo in linkedca variable
2022-09-09 14:34:32 -07:00
Mariano Cano
66407139e5
Add methods to convert attestation formats
2022-09-08 17:49:24 -07:00
Mariano Cano
59c5219a07
Use a type for acme challenges
2022-09-08 12:34:06 -07:00
Mariano Cano
f1c63bc38d
Fix challenge mapping
2022-08-24 19:30:28 -07:00
Mariano Cano
bca311b05e
Add acme property to enable challenges
...
Fixes #1027
2022-08-23 17:11:40 -07:00
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta
...
exposing authority configuration for provisioner cli commands
2022-05-19 22:53:59 -07:00
Herman Slatman
c695b23e24
Fix check for admin not belonging to policy
2022-05-12 16:33:32 +02:00
max furman
25b8d196d8
Couple changes in response to PR
...
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
admins when not using Admin API
2022-05-11 17:04:43 -07:00
Herman Slatman
60d8b22d89
Change context retrievers to MustTFromContext
2022-05-05 11:05:57 +02:00
max furman
b91affdd34
exposing authority configuration for provisioner cli commands
2022-04-25 10:23:07 -07:00
Herman Slatman
a2cfbe3d54
Fix (part of) PR comments
2022-04-21 12:14:03 +02:00
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny
2022-04-18 21:54:55 +02:00
Herman Slatman
d6be9450be
Merge branch 'master' into herman/allow-deny
2022-04-15 11:57:05 +02:00
Mariano Cano
d3b6bc3c75
Merge branch 'master' into fix/adminra
2022-04-13 17:44:23 -07:00
Mariano Cano
674dc3c844
Rename unreleased claim to allowRenewalAfterExpiry for consistency.
2022-04-13 15:11:54 -07:00
Mariano Cano
00cd0f5f21
Apply suggestions from code review
...
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-04-12 14:44:55 -07:00
Mariano Cano
1d1e095447
Add tests for LoadProvisionerByCertificate.
2022-04-08 13:06:29 -07:00
Mariano Cano
dfdc9c06ed
Fix linter error importShadow
2022-04-07 18:33:13 -07:00
Mariano Cano
c55b27a2fc
Refactor admin token to use with RAs.
2022-04-07 18:14:43 -07:00
Mariano Cano
db337debcd
Load provisioner from the database instead of the extension.
2022-04-05 19:25:47 -07:00
Mariano Cano
df8ffb35af
Remove unnecessary database in provisioner config.
2022-04-05 17:39:06 -07:00
Herman Slatman
96f4c49b0c
Improve how policy errors are returned and used
2022-04-04 13:58:16 +02:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
2022-03-24 12:36:12 +01:00
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy
2022-03-15 15:56:04 +01:00
Mariano Cano
c903f00cd4
Rename claim to allowRenewAfterExpiry.
2022-03-14 15:40:01 -07:00
Mariano Cano
79349b4d7c
Add options to use custom renewal methods.
2022-03-10 13:01:08 -08:00
Mariano Cano
6f46cdb432
Merge pull request #829 from vijayjt/new-azure-token-authz-options
...
Add subscription and object ID validation options to Azure provisioner
2022-02-28 14:31:28 -08:00
max furman
a79d4af19b
change return value of generateProvisionerConfig to value
...
- always used as value (rather than pointer)
2022-02-28 11:04:40 -08:00
max furman
6030f8bc2e
Validate provisioner configuration before storing in DB
2022-02-28 10:48:01 -08:00
vijayjt
b128e37090
Add SubscriptionIDs and ObjectIDs to provisioner-linkedca conversion functions
2022-02-25 11:06:48 +00:00
Herman Slatman
c7c5c3c94e
Merge branch 'master' into herman/scep-macos-renewal-fixes
2022-01-31 13:20:16 +01:00
Herman Slatman
3b72d241e0
Add LinkedCA integration for improved SCEP provisioner
2022-01-21 16:07:50 +01:00
Herman Slatman
8838961b68
Merge branch 'master' into hs/acme-eab
2022-01-20 11:05:28 +01:00
Mariano Cano
de549adf2d
Do not add extra new lines when creating nebula provisioners
2022-01-07 11:24:59 -08:00
Mariano Cano
6a1d0cb9f8
Add linkedca conversions.
2022-01-04 18:42:57 -08:00
Herman Slatman
d0c23973cc
Merge branch 'master' into hs/acme-eab
2021-12-06 13:01:23 +01:00
max furman
7fac8c96c3
Merge branch 'master' into max/context
2021-11-17 11:40:01 -08:00
max furman
ed4b56732e
updates after rebase to keep up with master
2021-11-16 21:47:14 -08:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
Herman Slatman
a98fe03e80
Merge branch 'master' into hs/acme-eab
2021-08-27 12:50:19 +02:00
Mariano Cano
492ff4b632
Ask for the first provisioner password if none is provided.
2021-08-10 17:30:33 -07:00