Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim
...
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.
Fixes #620
1 year ago
Remi Vichery
b2c2eec76b
Add identity token for all Azure cloud environments
...
* Azure Public Cloud (default)
* Azure China Cloud
* Azure US Gov Cloud
* Azure German Cloud
2 years ago
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2 years ago
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2 years ago
Herman Slatman
c40a4d2694
Contain policy engines inside provisioner Controller
3 years ago
Mariano Cano
674dc3c844
Rename unreleased claim to allowRenewalAfterExpiry for consistency.
3 years ago
Mariano Cano
082734474b
Merge pull request #845 from vijayjt/azure-user-mi-token
...
WIP: Support Azure tokens generated by managed identities
3 years ago
Mariano Cano
c903f00cd4
Rename claim to allowRenewAfterExpiry.
3 years ago
Mariano Cano
259e95947c
Add support for the provisioner controller
...
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
3 years ago
vijayjt
4822516d72
Remove redundant parameter type declaration
3 years ago
vijayjt
e699244291
Support Azure tokens from managed identities not associated with a VM
3 years ago
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
3 years ago
max furman
933b40a02a
Introduce gocritic linter and address warnings
3 years ago
Mariano Cano
aafac179a5
Add test for oidc with preferred usernames.
4 years ago
Mariano Cano
0cf594a003
Validate payload ID.
...
Related to #435
4 years ago
Mariano Cano
7d1686dc53
Add option to specify the AWS IID certificates to use.
...
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.
Fixes #393
4 years ago
Mariano Cano
c94a1c51be
Merge branch 'master' into ssh-cert-templates
4 years ago
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
4 years ago
Mariano Cano
d30a95236d
Use always go.step.sm/crypto
4 years ago
Mariano Cano
aaaa7e9b4e
Merge branch 'master' into cert-templates
4 years ago
Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
4 years ago
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
4 years ago
David Cowden
51f16ee2e0
aws: add tests covering metadata service versions
...
* Add constructor tests for the aws provisioner.
* Add a test to make sure the "v1" logic continues to work.
By and large, v2 is the way to go. However, there are some instances of
things that specifically request metadata service version 1 and so this
adds minimal coverage to make sure we don't accidentally break the path
should anyone need to depend on the former logic.
4 years ago
Josh Hogle
18ac5c07e2
Added support for specifying IMDS version preference
4 years ago
Josh Hogle
8c6a46887b
Added token URL fixes to tests
4 years ago
Josh Hogle
dd27901b12
Moved token URL and TTL to config values
4 years ago
Mariano Cano
4e9bff0986
Add support for OIDC multitoken tenants for azure.
5 years ago
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
5 years ago
Mariano Cano
84ff172093
Add support for backdate to SSH certificates.
5 years ago
Mariano Cano
7db7b1ee4c
Fix some provisioner tests
5 years ago
max furman
8f07ff6a39
Add kubernetes service account provisioner
5 years ago
max furman
d368791606
Add x5c provisioner capabilities
5 years ago
Mariano Cano
a16b2125bc
Fix tests.
5 years ago
max furman
e3826dd1c3
Add ACME CA capabilities
5 years ago
Mariano Cano
d231bfb764
Update jwk and oidc tests.
5 years ago
Mariano Cano
b0240772da
Add tests for SSH certs with JWK provisioners.
5 years ago
Mariano Cano
900ab9cc12
Allow custom common names in cloud identity provisioners.
5 years ago
Mariano Cano
e66272d6f0
Fix panic when max-age is set to zero.
...
Fixes #81
5 years ago
Mariano Cano
37dff5124b
Fix audience tests.
...
Fixes smallstep/step#156
5 years ago
Mariano Cano
536ec36b9e
Add support for instance age check in AWS.
...
Fixes smallstep/step#164
5 years ago
Mariano Cano
c431538ff2
Add support for instance age check in GCP.
...
Fixes smallstep/step#164
5 years ago
Mariano Cano
0a756ce9d0
Use on GCP audiences with the format https://<ca-url>#<provisioner-type>/<provisioner-name>
...
Fixes smallstep/step#156
5 years ago
Mariano Cano
803d81d332
Improve azure unit tests.
6 years ago
Mariano Cano
4c5fec06bf
Require TenantID in azure, add some tests.
6 years ago
Mariano Cano
81bfd2c1cb
Add tests for AWS provisioner
...
Fixes #68
6 years ago
Mariano Cano
5defd8289d
Add missing config in tests.
6 years ago
Mariano Cano
1ea4b0ad64
Add unit test for GCP provider
6 years ago
max furman
ab4d569f36
Add /revoke API with interface db backend
6 years ago
Mariano Cano
7378ed27ac
Refactor claims so they can be totally omitted if only the parent is set.
6 years ago
Mariano Cano
60880d1f0a
Add domains and check emails properly.
6 years ago