Herman Slatman
|
6e1f8dd7ab
|
Refactor policy engines into container
|
2022-04-26 13:12:16 +02:00 |
|
Herman Slatman
|
571b21abbc
|
Fix (most) PR comments
|
2022-03-31 16:12:29 +02:00 |
|
Herman Slatman
|
7c541888ad
|
Refactor configuration of allow/deny on authority level
|
2022-03-08 13:26:07 +01:00 |
|
Herman Slatman
|
88c7b63c9d
|
Split SSH user and cert policy configuration and execution
|
2022-02-01 15:18:39 +01:00 |
|
Herman Slatman
|
512b8d6730
|
Refactor instantiation of policy engines
Instead of using the `base` struct, the x509 and SSH policy
engines are now added to each provisioner directly.
|
2022-01-25 16:45:25 +01:00 |
|
Herman Slatman
|
066bf32086
|
Fix part of PR comments
|
2022-01-25 15:00:07 +01:00 |
|
Herman Slatman
|
1e808b61e5
|
Merge logic for X509 and SSH policy
|
2022-01-17 23:36:13 +01:00 |
|
Herman Slatman
|
9539729bd9
|
Add initial implementation of x509 and SSH allow/deny policy engine
|
2022-01-03 12:25:24 +01:00 |
|
Mariano Cano
|
e0fee84694
|
Add comment about public key validator.
|
2021-12-03 15:24:42 -08:00 |
|
Mariano Cano
|
c3f98fd04d
|
Change some bad requests to forbidded.
Change in the sign options bad requests to forbidded if is the
provisioner the one adding a restriction, e.g. list of dns names,
validity, ...
|
2021-11-24 11:32:35 -08:00 |
|
Mariano Cano
|
a33709ce8d
|
Fix sign ssh options tests.
|
2021-11-23 18:06:18 -08:00 |
|
Mariano Cano
|
1da7ea6646
|
Return always http errors in sign ssh options.
|
2021-11-23 17:52:39 -08:00 |
|
Mariano Cano
|
b6ebd118fc
|
Update temporal solution for sending message to users
|
2021-11-18 18:47:55 -08:00 |
|
Mariano Cano
|
668d3ea6c7
|
Modify errs.Wrap() with bad request to send messages to users.
|
2021-11-18 18:44:58 -08:00 |
|
Mariano Cano
|
1aadd63cef
|
Use always badRequest on duration errors.
|
2021-11-17 12:00:54 -08:00 |
|
Mariano Cano
|
41fec1577d
|
Report duration errors directly to the cli.
|
2021-11-17 11:46:57 -08:00 |
|
Mariano Cano
|
141c519171
|
Simplify check of principals in a case insensitive way
Fixes #679
|
2021-09-08 16:00:33 -07:00 |
|
Fearghal O Floinn
|
7a94b0c157
|
Converts group and subgroup to lowercase for comparison.
Fixes #679
|
2021-09-08 12:24:49 +01:00 |
|
Mariano Cano
|
d30a95236d
|
Use always go.step.sm/crypto
|
2020-08-14 15:33:50 -07:00 |
|
Mariano Cano
|
8d89bbd62f
|
Remove unused code.
|
2020-08-03 18:39:02 -07:00 |
|
Mariano Cano
|
c4bbc81d9f
|
Fix authority tests.
|
2020-08-03 18:36:05 -07:00 |
|
Mariano Cano
|
413af88aad
|
Fix provisioning tests.
|
2020-08-03 18:10:29 -07:00 |
|
Mariano Cano
|
9822305bb6
|
Use only the IID template on IID provisioners.
Use always sshutil.DefaultIIDCertificate and require at least one
principal on IID provisioners.
|
2020-08-03 15:11:42 -07:00 |
|
Mariano Cano
|
a78f7e8913
|
Add template support on k8ssa provisioner.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
e0dce54338
|
Add missing argument.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
c1fc45c872
|
Simplify SSH modifiers with options.
It also changes the behavior of the request options to modify only
the validity of the certificate.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
570ede45e7
|
Do not enforce number of principals or extensions.
|
2020-07-30 17:45:02 -07:00 |
|
Mariano Cano
|
631f1612a1
|
Add TemplateData to SignSSHOptions.
|
2020-07-30 17:45:02 -07:00 |
|
Mariano Cano
|
6c64fb3ed2
|
Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
|
2020-07-22 18:24:45 -07:00 |
|
max furman
|
397a181d10
|
Add backdate validation to sshCertValidityValidator.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
1cb8bb3ae1
|
Simplify statuscoder error generators.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
dccbdf3a90
|
Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
|
2020-01-28 13:29:40 -08:00 |
|
Mariano Cano
|
144acb9ee3
|
Remove debug statement.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
84ff172093
|
Add support for backdate to SSH certificates.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
414a94b210
|
Instrument getIdentity func for OIDC ssh provisioner
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
7db7b1ee4c
|
Fix some provisioner tests
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
54e3cf7322
|
Add multiuse capability to k8ssa provisioners
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
d368791606
|
Add x5c provisioner capabilities
|
2019-10-14 14:51:37 -07:00 |
|
Mariano Cano
|
d59a5b222f
|
Truncate to seconds to avoid rounding up times.
It can cause that certs are not valid yet, if they are used right away.
|
2019-09-19 13:42:24 -07:00 |
|
Mariano Cano
|
adc1d54b0d
|
Define valid after as 1m before now.
It avoids errors with immediate use of cert.
|
2019-09-19 12:37:41 -07:00 |
|
max furman
|
e3826dd1c3
|
Add ACME CA capabilities
|
2019-09-13 15:48:33 -07:00 |
|
max furman
|
d204469280
|
Add a few more validity checks to default ssh cert validator
|
2019-09-12 19:27:59 -07:00 |
|
Mariano Cano
|
396b4222aa
|
Implement validator for ssh keys.
Fixes #100
|
2019-09-10 17:04:13 -07:00 |
|
max furman
|
61d52a8510
|
Small fixes associated with PR review
* additions and grammar edits to documentation
* clarification of error msgs
|
2019-09-08 21:05:36 -07:00 |
|
Mariano Cano
|
34e1e3380a
|
Fix lint errors.
|
2019-08-05 16:14:25 -07:00 |
|
Mariano Cano
|
e71072d389
|
Add experimental support for provisioning users.
|
2019-08-02 17:48:34 -07:00 |
|
Mariano Cano
|
a8f4ad1b8e
|
Set default SSH options if no user options are given.
|
2019-07-31 17:03:33 -07:00 |
|
Mariano Cano
|
780eeb5487
|
Remove debug print.
|
2019-07-30 16:56:30 -07:00 |
|
Mariano Cano
|
221d323b68
|
Fix containsAllMembers
|
2019-07-29 18:16:52 -07:00 |
|
Mariano Cano
|
7583f1c739
|
Do not require all principals, allow subgroups.
|
2019-07-29 17:54:13 -07:00 |
|