Mariano Cano
40e77f6e9a
Initialize required variables on GetIdentityToken
...
Fixes smallstep/cli#465
3 years ago
max furman
9fdef64709
Admin level API for provisioner mgmt v1
3 years ago
max furman
638766c615
wip
3 years ago
Mariano Cano
5017b7d21f
Recalculate token id instead of validating it.
4 years ago
Mariano Cano
0cf594a003
Validate payload ID.
...
Related to #435
4 years ago
Mariano Cano
39b23c057d
Add all AWS certificates used to verify base64 signatures.
4 years ago
Mariano Cano
7d1686dc53
Add option to specify the AWS IID certificates to use.
...
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.
Fixes #393
4 years ago
Mariano Cano
c94a1c51be
Merge branch 'master' into ssh-cert-templates
4 years ago
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
4 years ago
Mariano Cano
aaaa7e9b4e
Merge branch 'master' into cert-templates
4 years ago
Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
4 years ago
Mariano Cano
f437b86a7b
Merge branch 'cert-templates' into ssh-cert-templates
4 years ago
Mariano Cano
c8d225a763
Use x509util from go.step.sm/crypto/x509util
4 years ago
Mariano Cano
9822305bb6
Use only the IID template on IID provisioners.
...
Use always sshutil.DefaultIIDCertificate and require at least one
principal on IID provisioners.
4 years ago
Mariano Cano
aa657cdb4b
Use SSHOptions inside provisioner options.
4 years ago
Mariano Cano
6c36ceb158
Add initial template support for iid provisisioners.
4 years ago
David Cowden
86efe7aff0
aws: use http.NoBody instead of nil
...
It's a little more descriptive.
4 years ago
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
4 years ago
David Cowden
51f16ee2e0
aws: add tests covering metadata service versions
...
* Add constructor tests for the aws provisioner.
* Add a test to make sure the "v1" logic continues to work.
By and large, v2 is the way to go. However, there are some instances of
things that specifically request metadata service version 1 and so this
adds minimal coverage to make sure we don't accidentally break the path
should anyone need to depend on the former logic.
4 years ago
David Cowden
5efe5f3573
metadata-v2: pull in joshathysolate-master
...
Taking of this PR to get it across the goal line.
4 years ago
Mariano Cano
02c4f9817d
Set full token payload instead of only the known properties.
4 years ago
Mariano Cano
eb8886d828
Add CR subject as iid default subject.
...
Add a minimal subject with just a common name to iid provisioners
in case we want to use it.
4 years ago
Mariano Cano
a44f0ca866
Add token payload.
4 years ago
Mariano Cano
13b704aeed
Add template support for AWS provisioner.
4 years ago
max furman
1951669e13
wip
4 years ago
Josh Hogle
e9b500daf2
Updated error message
4 years ago
Josh Hogle
044d00045a
Fixed missing initialization of IMDS versions
4 years ago
Josh Hogle
18ac5c07e2
Added support for specifying IMDS version preference
4 years ago
Josh Hogle
dd27901b12
Moved token URL and TTL to config values
4 years ago
Josh Hogle
bbbe4738c7
Added status code checking
4 years ago
Josh Hogle
af0f21d744
added support for IMDSv2 API
4 years ago
Mariano Cano
f868e07a76
Allow to use custom principals on cloud provisioners.
...
Fixes #203
5 years ago
max furman
1cb8bb3ae1
Simplify statuscoder error generators.
5 years ago
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
5 years ago
Mariano Cano
84ff172093
Add support for backdate to SSH certificates.
5 years ago
max furman
29853ae016
sshpop provisioner + ssh renew | revoke | rekey first pass
5 years ago
max furman
d368791606
Add x5c provisioner capabilities
5 years ago
Mariano Cano
396b4222aa
Implement validator for ssh keys.
...
Fixes #100
5 years ago
Mariano Cano
10e7b81b9f
Merge branch 'master' into ssh-ca
5 years ago
max furman
2b41faa9cf
Enforce >= 2048 bit rsa keys at the provisioner layer
...
* Fixes #94
* In the future this should be configurable by provisioner
5 years ago
Mariano Cano
57a529cc1a
Allow to enable the SSH CA per provisioner
5 years ago
Mariano Cano
a8f4ad1b8e
Set default SSH options if no user options are given.
5 years ago
Mariano Cano
7d670b20ea
Add support of ssh host certinficates in AWS provisioner.
5 years ago
Mariano Cano
f01286bb48
Add support for SSH certificates to OIDC.
...
Update the interface for all the provisioners.
5 years ago
Mariano Cano
900ab9cc12
Allow custom common names in cloud identity provisioners.
5 years ago
Mariano Cano
8f8c862c04
Fix spelling errors.
5 years ago
Mariano Cano
37dff5124b
Fix audience tests.
...
Fixes smallstep/step#156
5 years ago
Mariano Cano
2491593cdd
Add ca-url based audience for AWS tokens
...
Fixes smallstep/step#156
5 years ago
Mariano Cano
6e4a09651a
Add comments with links to cloud docs.
5 years ago
Mariano Cano
536ec36b9e
Add support for instance age check in AWS.
...
Fixes smallstep/step#164
5 years ago