max furman
b91affdd34
exposing authority configuration for provisioner cli commands
2 years ago
Mariano Cano
fe9c3cf753
Merge branch 'master' into ahmet2mir-feat/vault
2 years ago
Mariano Cano
c066694c0c
Allow renew token issuer to be the provisioner name.
...
For consistency with AuthorizeAdminToken, AuthorizeRenewToken will
allow the issuer to be either the fixed string 'step-ca-client/1.0'
or the provisioner name.
2 years ago
Mariano Cano
d3b6bc3c75
Merge branch 'master' into fix/adminra
2 years ago
Mariano Cano
ad5aedfa60
Fix backward compatibility in AuthorizeAdminToken
...
This commit validates both new and old issuers.
2 years ago
Mariano Cano
5f714f2485
Fix tests for AuthorizeRenewToken
2 years ago
Mariano Cano
674dc3c844
Rename unreleased claim to allowRenewalAfterExpiry for consistency.
2 years ago
Mariano Cano
4e4d4e882f
Use a fixed string for renewal token issuer.
2 years ago
Mariano Cano
0a5dc237df
Fix typo in comment.
2 years ago
Mariano Cano
00cd0f5f21
Apply suggestions from code review
...
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2 years ago
Mariano Cano
ea5f7f2acc
Fix SANs for step-ca certificate
...
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2 years ago
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault
3 years ago
Mariano Cano
c8c59d68f5
Allow mTLS renewals if the provisioner extension does not exists.
...
This fixes a backward compatibility issue with with the new
LoadProvisionerByCertificate.
3 years ago
Panagiotis Siatras
f2cf9cf828
authority/status: removed the package ( #892 )
3 years ago
Mariano Cano
af8fcf5b01
Use always LoadProvisionerByCertificate on authority package
3 years ago
Mariano Cano
1d1e095447
Add tests for LoadProvisionerByCertificate.
3 years ago
Mariano Cano
dfdc9c06ed
Fix linter error importShadow
3 years ago
Mariano Cano
8abd568f03
Merge branch 'master' into fix/adminra
3 years ago
Mariano Cano
b7e11da480
Merge branch 'master' into feat/linkedra
3 years ago
Mariano Cano
c55b27a2fc
Refactor admin token to use with RAs.
3 years ago
Mariano Cano
db337debcd
Load provisioner from the database instead of the extension.
3 years ago
Mariano Cano
df8ffb35af
Remove unnecessary database in provisioner config.
3 years ago
Carl Tashian
150eee70df
Updates based on Herman's feedback
3 years ago
Carl Tashian
4b9f44982d
Merge branch 'master' into startup-info
3 years ago
Carl Tashian
43f2c655b9
More info on startup
3 years ago
Carl Tashian
1ba1584c7a
Formatted.
3 years ago
Carl Tashian
a13e58e340
Update GetAuthorityInfo -> GetInfo
3 years ago
Carl Tashian
90cb6315b1
Progress.
3 years ago
Carl Tashian
055e75f394
Progress?
3 years ago
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages ( #860 )
...
* api/render: initial implementation of the package
* acme/api: refactored to support api/render
* authority/admin: refactored to support api/render
* ca: refactored to support api/render
* api: refactored to support api/render
* api/render: implemented Error
* api: refactored to support api/render.Error
* acme/api: refactored to support api/render.Error
* authority/admin: refactored to support api/render.Error
* ca: refactored to support api/render.Error
* ca: fixed broken tests
* api/render, api/log: moved error logging to this package
* acme: refactored Error so that it implements render.RenderableError
* authority/admin: refactored Error so that it implements render.RenderableError
* api/render: implemented RenderableError
* api/render: added test coverage for Error
* api/render: implemented statusCodeFromError
* api: refactored RootsPEM to work with render.Error
* acme, authority/admin: fixed pointer receiver name for consistency
* api/render, errs: moved StatusCoder & StackTracer to the render package
3 years ago
Mariano Cano
955d4cf80d
Add authority.WithX509SignerFunc
...
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.
This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.
Fixes #874
3 years ago
Mariano Cano
6851842841
Fix unit tests.
3 years ago
Mariano Cano
580a9c1476
Get linked RA configuration using the linked ca client.
3 years ago
vijayjt
37207793f9
Pass in the resource name regardless of if its a VM or managed identity
3 years ago
vijayjt
7e47c70af2
Remove redundant parameter type declaration
3 years ago
vijayjt
7b605b2d16
Support Azure tokens from managed identities not associated with a VM
3 years ago
Mariano Cano
5ab79f53be
Fix linter errors
3 years ago
Mariano Cano
082734474b
Merge pull request #845 from vijayjt/azure-user-mi-token
...
WIP: Support Azure tokens generated by managed identities
3 years ago
Carl Tashian
25cc9a1728
Update authority/authority.go
...
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
3 years ago
Mariano Cano
9d027c17d0
Send current provisioner on PostCertificate
3 years ago
Mariano Cano
b401376829
Add current provisioner to AuthorizeSign SignOptions.
...
The original provisioner cannot be retrieved from a certificate
if a linked ra is used.
3 years ago
vijayjt
24a963766e
Pass in the resource name regardless of if its a VM or managed identity
3 years ago
Carl Tashian
baf3c40fef
Print some basic configuration info on startup
3 years ago
Mariano Cano
ad8a813abe
Fix linter errors
3 years ago
Panagiotis Siatras
4fb38afc57
authority/admin/api: refactored to use the read package
3 years ago
Mariano Cano
6d532045dc
Fix validity check for sshpop provisioner.
3 years ago
Mariano Cano
c903f00cd4
Rename claim to allowRenewAfterExpiry.
3 years ago
Mariano Cano
4690fa64ed
Add public methods to retrieve the provisioner extensions.
3 years ago
Mariano Cano
616490a9c6
Refactor renew after expiry token authorization
...
This changes adds a new authority method that authorizes the
renew after expiry tokens.
3 years ago
Mariano Cano
79349b4d7c
Add options to use custom renewal methods.
3 years ago