Andrew Reed
7101fbb0ee
Provisioner webhooks ( #1001 )
2 years ago
max furman
4c7a2ce3eb
Fix errors.As linter warnings
2 years ago
max furman
7c5e5b2b87
Even more linter fixes
2 years ago
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2 years ago
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2 years ago
Mariano Cano
a627f21440
Fix AuthorizeSSHSign tests with extra SignOption
2 years ago
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny
2 years ago
Mariano Cano
b7e11da480
Merge branch 'master' into feat/linkedra
2 years ago
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny
2 years ago
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages ( #860 )
...
* api/render: initial implementation of the package
* acme/api: refactored to support api/render
* authority/admin: refactored to support api/render
* ca: refactored to support api/render
* api: refactored to support api/render
* api/render: implemented Error
* api: refactored to support api/render.Error
* acme/api: refactored to support api/render.Error
* authority/admin: refactored to support api/render.Error
* ca: refactored to support api/render.Error
* ca: fixed broken tests
* api/render, api/log: moved error logging to this package
* acme: refactored Error so that it implements render.RenderableError
* authority/admin: refactored Error so that it implements render.RenderableError
* api/render: implemented RenderableError
* api/render: added test coverage for Error
* api/render: implemented statusCodeFromError
* api: refactored RootsPEM to work with render.Error
* acme, authority/admin: fixed pointer receiver name for consistency
* api/render, errs: moved StatusCoder & StackTracer to the render package
2 years ago
Mariano Cano
6851842841
Fix unit tests.
2 years ago
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
2 years ago
Mariano Cano
4690fa64ed
Add public methods to retrieve the provisioner extensions.
2 years ago
Mariano Cano
389815642d
Fix tests: certs are truncated to seconds.
2 years ago
Mariano Cano
259e95947c
Add support for the provisioner controller
...
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
2 years ago
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine
2 years ago
max furman
933b40a02a
Introduce gocritic linter and address warnings
3 years ago
Mariano Cano
40e77f6e9a
Initialize required variables on GetIdentityToken
...
Fixes smallstep/cli#465
3 years ago
Mariano Cano
5017b7d21f
Recalculate token id instead of validating it.
3 years ago
Mariano Cano
0cf594a003
Validate payload ID.
...
Related to #435
3 years ago
Mariano Cano
7d1686dc53
Add option to specify the AWS IID certificates to use.
...
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.
Fixes #393
4 years ago
Mariano Cano
c94a1c51be
Merge branch 'master' into ssh-cert-templates
4 years ago
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
4 years ago
Mariano Cano
aaaa7e9b4e
Merge branch 'master' into cert-templates
4 years ago
Mariano Cano
413af88aad
Fix provisioning tests.
4 years ago
David Cowden
2b121efc8f
aws: test constructor with empty IDMS string array
4 years ago
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
4 years ago
David Cowden
dc39eef721
aws: test badIDMS functional path
...
The existing test only covers the constructor logic. Also test the live
code path that is executed when a bad IDMS version is supplied.
4 years ago
David Cowden
51f16ee2e0
aws: add tests covering metadata service versions
...
* Add constructor tests for the aws provisioner.
* Add a test to make sure the "v1" logic continues to work.
By and large, v2 is the way to go. However, there are some instances of
things that specifically request metadata service version 1 and so this
adds minimal coverage to make sure we don't accidentally break the path
should anyone need to depend on the former logic.
4 years ago
David Cowden
5efe5f3573
metadata-v2: pull in joshathysolate-master
...
Taking of this PR to get it across the goal line.
4 years ago
Mariano Cano
0c8376a7f6
Fix existing unit tests.
4 years ago
max furman
71d87b4e61
wip
4 years ago
Josh Hogle
8c6a46887b
Added token URL fixes to tests
4 years ago
Mariano Cano
f868e07a76
Allow to use custom principals on cloud provisioners.
...
Fixes #203
4 years ago
max furman
1cb8bb3ae1
Simplify statuscoder error generators.
4 years ago
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
4 years ago
Mariano Cano
7db7b1ee4c
Fix some provisioner tests
4 years ago
Mariano Cano
d4627d1282
Make provisioner tests compile, they are still failing.
4 years ago
Mariano Cano
396b4222aa
Implement validator for ssh keys.
...
Fixes #100
5 years ago
Mariano Cano
10e7b81b9f
Merge branch 'master' into ssh-ca
5 years ago
max furman
2b41faa9cf
Enforce >= 2048 bit rsa keys at the provisioner layer
...
* Fixes #94
* In the future this should be configurable by provisioner
5 years ago
Mariano Cano
2cac85a8c8
Add aws tests.
5 years ago
Mariano Cano
f8cacc11b1
Fix tests.
5 years ago
Mariano Cano
3e69194cc4
Fix lint error
5 years ago
Mariano Cano
900ab9cc12
Allow custom common names in cloud identity provisioners.
5 years ago
Mariano Cano
37dff5124b
Fix audience tests.
...
Fixes smallstep/step#156
5 years ago
Mariano Cano
536ec36b9e
Add support for instance age check in AWS.
...
Fixes smallstep/step#164
5 years ago
Mariano Cano
32d2d6b75a
Remove debug code.
5 years ago
Mariano Cano
89eeada2a2
Add support for loading azure tokens by tenant id.
5 years ago
Mariano Cano
81bfd2c1cb
Add tests for AWS provisioner
...
Fixes #68
5 years ago