Panagiotis Siatras
dd1ff9c15b
Implementation of the Prometheus endpoint ( #1669 )
...
Implementation of the http://{metricsAddress}/metrics Prometheus endpoint.
9 months ago
Mariano Cano
30ce9e65f7
Write configuration only if encoding succeeds
...
This commit fixes a problem when the ca.json is truncated if the
encoding of the configuration fails. This can happen by adding a new
provisioner with bad template data.
Related to smallstep/cli#994
1 year ago
Mariano Cano
cce7d9e839
Address comments from code review
1 year ago
Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim
...
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.
Fixes #620
1 year ago
max furman
8b256f0351
address linter warning for go 1.19
1 year ago
Mariano Cano
002a058807
Use idpURL in json
2 years ago
Mariano Cano
be4cd17b40
Add omit empty to IDPurl
2 years ago
foleyjohnm
d6f9b3336d
Update config.go
2 years ago
foleyjohnm
c79d4e9316
adding CRLIDP config
2 years ago
Mariano Cano
59775fff0c
Merge branch 'master' into crl-support
2 years ago
Mariano Cano
8200d19894
Improve CRL implementation
...
This commit adds some changes to PR #731 , some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL
This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
2 years ago
Herman Slatman
54c560f620
Improve configuration file initialization log output
2 years ago
Herman Slatman
674206320c
Write updated CA configuration after migrating provisioners
2 years ago
Raal Goff
f7df865687
refactor crl config, add some tests
2 years ago
Mariano Cano
4e19aa4c52
Add cache duration if crl is set
2 years ago
Mariano Cano
0829f37fe8
Define a default crl cache duration
2 years ago
Raal Goff
d2483f3a70
Merge branch 'master' into crl-support
...
# Conflicts:
# authority/config/config.go
2 years ago
Mariano Cano
5e0be92273
Allow option to skip the validation of config
2 years ago
Mariano Cano
369b8f81c3
Use go.step.sm/crypto/kms
...
Fixes #975
2 years ago
max furman
99c9155467
disableSSHHostsListAPI -> disableGetSSHHosts
2 years ago
max furman
fb7f57a8df
Add attribute to disable SSH Hosts list API
2 years ago
Raal Goff
60671b07d7
Merge branch 'master' into crl-support
...
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
2 years ago
Herman Slatman
ad2de16299
Merge branch 'master' into herman/allow-deny
3 years ago
Mariano Cano
fe9c3cf753
Merge branch 'master' into ahmet2mir-feat/vault
3 years ago
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny
3 years ago
Herman Slatman
d6be9450be
Merge branch 'master' into herman/allow-deny
3 years ago
Mariano Cano
d3b6bc3c75
Merge branch 'master' into fix/adminra
3 years ago
Mariano Cano
674dc3c844
Rename unreleased claim to allowRenewalAfterExpiry for consistency.
3 years ago
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault
3 years ago
Mariano Cano
c55b27a2fc
Refactor admin token to use with RAs.
3 years ago
Raal Goff
d417ce3232
implement changes from review
3 years ago
Herman Slatman
571b21abbc
Fix (most) PR comments
3 years ago
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
3 years ago
Mariano Cano
c903f00cd4
Rename claim to allowRenewAfterExpiry.
3 years ago
Mariano Cano
616490a9c6
Refactor renew after expiry token authorization
...
This changes adds a new authority method that authorizes the
renew after expiry tokens.
3 years ago
Mariano Cano
fd6a2eeb9c
Add provisioner controller
...
The provisioner controller has the implementation of the identity
function as well as the renew methods with renew after expiry
support.
3 years ago
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level
3 years ago
Mariano Cano
c0525381eb
Merge branch 'master' into feat/vault
3 years ago
Herman Slatman
716b946e7a
Normalize IPv6 hostname addresses
3 years ago
Ahmet DEMIR
68b980d689
feat(authority): avoid hardcoded cn in authority csr
3 years ago
Mariano Cano
da2802504b
Use Default min version if not specified.
3 years ago
Mariano Cano
072ba4227c
Add deployment type to config.
...
This field is ignored except for the start of the ca. If the type
is linked and the token is not passed, it will fail with an error.
3 years ago
Mariano Cano
384be6e205
Do not show provisioners if they are not required.
...
For deployment types like linked ca, the list of provisioners in
the ca.json are not required, so we should tag the json as omitempty.
3 years ago
Mariano Cano
4f27f4b002
Change default ciphersuites to newer names.
3 years ago
Mariano Cano
0730a165fd
Add collection of files and authority template.
3 years ago
Mariano Cano
49c1427d15
Use authorityId instead of authorityID.
...
In json or javascript world authorityId, userId, ... are more common
than authorityID, ...
3 years ago
max furman
9fdef64709
Admin level API for provisioner mgmt v1
3 years ago
max furman
1726076ea2
wip
3 years ago
max furman
5d09d04d14
wip
3 years ago
max furman
af3cf7dae9
first steps
3 years ago