Max
9f84f7ce35
Allow for identity certificate signing (in sshSign) by skipping validators ( #1572 )
...
- skip urisValidator for identity certificate signing. Implemented
by building the validator with the context in a hacky way.
2023-10-06 14:02:19 -07:00
Josh Drake
ff424fa944
Fix tests.
2023-07-24 15:27:49 -05:00
Mariano Cano
5bfe96d8c7
Send X5C leaf certificate to webhooks
...
This commit adds a new property that will be sent to authorizing and
enriching webhooks when signing certificates using the X5C provisioner.
2023-07-20 13:03:45 -07:00
Mariano Cano
ac35f3489c
Remove unused certificate validators and modifiers
...
With the introduction of certificate templates some certificate
validators and modifiers are not used anymore. This commit deletes the
ones that are not used.
2023-03-31 14:54:49 -07:00
max furman
7203739369
Fix err assert linter warnings - upgrade outdated package
2022-10-12 16:32:26 -07:00
Andrew Reed
7101fbb0ee
Provisioner webhooks ( #1001 )
2022-09-29 19:16:26 -05:00
max furman
7c5e5b2b87
Even more linter fixes
2022-09-20 21:48:04 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2022-09-20 16:35:41 -07:00
Mariano Cano
a627f21440
Fix AuthorizeSSHSign tests with extra SignOption
2022-05-18 18:51:36 -07:00
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny
2022-04-08 16:01:56 +02:00
Mariano Cano
b7e11da480
Merge branch 'master' into feat/linkedra
2022-04-07 18:19:04 -07:00
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny
2022-03-30 14:50:14 +02:00
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages ( #860 )
...
* api/render: initial implementation of the package
* acme/api: refactored to support api/render
* authority/admin: refactored to support api/render
* ca: refactored to support api/render
* api: refactored to support api/render
* api/render: implemented Error
* api: refactored to support api/render.Error
* acme/api: refactored to support api/render.Error
* authority/admin: refactored to support api/render.Error
* ca: refactored to support api/render.Error
* ca: fixed broken tests
* api/render, api/log: moved error logging to this package
* acme: refactored Error so that it implements render.RenderableError
* authority/admin: refactored Error so that it implements render.RenderableError
* api/render: implemented RenderableError
* api/render: added test coverage for Error
* api/render: implemented statusCodeFromError
* api: refactored RootsPEM to work with render.Error
* acme, authority/admin: fixed pointer receiver name for consistency
* api/render, errs: moved StatusCoder & StackTracer to the render package
2022-03-30 11:22:22 +03:00
Mariano Cano
6851842841
Fix unit tests.
2022-03-28 15:06:56 -07:00
Mariano Cano
5ab79f53be
Fix linter errors
2022-03-28 14:55:39 -07:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
2022-03-24 12:36:12 +01:00
Mariano Cano
ad8a813abe
Fix linter errors
2022-03-21 16:53:57 -07:00
Mariano Cano
4690fa64ed
Add public methods to retrieve the provisioner extensions.
2022-03-11 14:59:42 -08:00
Mariano Cano
389815642d
Fix tests: certs are truncated to seconds.
2022-03-10 10:46:28 -08:00
Mariano Cano
259e95947c
Add support for the provisioner controller
...
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
2022-03-09 18:43:45 -08:00
Herman Slatman
88c7b63c9d
Split SSH user and cert policy configuration and execution
2022-02-01 15:18:39 +01:00
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine
2022-01-03 12:25:24 +01:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
Mariano Cano
d30a95236d
Use always go.step.sm/crypto
2020-08-14 15:33:50 -07:00
Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
2020-08-10 11:26:51 -07:00
Mariano Cano
413af88aad
Fix provisioning tests.
2020-08-03 18:10:29 -07:00
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
Mariano Cano
0c8376a7f6
Fix existing unit tests.
2020-07-21 14:21:54 -07:00
max furman
71d87b4e61
wip
2020-06-24 23:25:15 -07:00
max furman
1cb8bb3ae1
Simplify statuscoder error generators.
2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
Mariano Cano
84ff172093
Add support for backdate to SSH certificates.
2020-01-28 13:29:39 -08:00
max furman
414a94b210
Instrument getIdentity func for OIDC ssh provisioner
2020-01-28 13:28:16 -08:00
Mariano Cano
d4627d1282
Make provisioner tests compile, they are still failing.
2020-01-28 13:28:16 -08:00
max furman
d368791606
Add x5c provisioner capabilities
2019-10-14 14:51:37 -07:00