Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta
...
exposing authority configuration for provisioner cli commands
2 years ago
max furman
25b8d196d8
Couple changes in response to PR
...
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
admins when not using Admin API
2 years ago
max furman
4cb74e7d8b
fix linter warnings
2 years ago
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container
2 years ago
max furman
b91affdd34
exposing authority configuration for provisioner cli commands
2 years ago
Herman Slatman
3eecc4f7bb
Improve test coverage for reloadPolicyEngines
2 years ago
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny
2 years ago
Mariano Cano
b7e11da480
Merge branch 'master' into feat/linkedra
2 years ago
Herman Slatman
034b7943fe
Merge branch 'master' into herman/allow-deny
2 years ago
Carl Tashian
150eee70df
Updates based on Herman's feedback
3 years ago
Carl Tashian
43f2c655b9
More info on startup
3 years ago
Herman Slatman
96f4c49b0c
Improve how policy errors are returned and used
3 years ago
Herman Slatman
571b21abbc
Fix (most) PR comments
3 years ago
Carl Tashian
1ba1584c7a
Formatted.
3 years ago
Carl Tashian
a13e58e340
Update GetAuthorityInfo -> GetInfo
3 years ago
Carl Tashian
90cb6315b1
Progress.
3 years ago
Carl Tashian
055e75f394
Progress?
3 years ago
Herman Slatman
0e052fe299
Add authority policy API
3 years ago
Mariano Cano
580a9c1476
Get linked RA configuration using the linked ca client.
3 years ago
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
3 years ago
Carl Tashian
25cc9a1728
Update authority/authority.go
...
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
3 years ago
Carl Tashian
baf3c40fef
Print some basic configuration info on startup
3 years ago
Herman Slatman
101ca6a2d3
Check admin subjects before changing policy
3 years ago
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy
3 years ago
Mariano Cano
79349b4d7c
Add options to use custom renewal methods.
3 years ago
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level
3 years ago
max furman
a79d4af19b
change return value of generateProvisionerConfig to value
...
- always used as value (rather than pointer)
3 years ago
Mariano Cano
d384b534c7
Merge pull request #814 from smallstep/x509-enforcer
...
Authority enforcer option
3 years ago
Mariano Cano
300c19f8b9
Add a custom enforcer that can be used to modify a cert.
3 years ago
Herman Slatman
64680bb16d
Fix PR comments
3 years ago
Herman Slatman
3612eefc31
Cleanup
3 years ago
Herman Slatman
9c6580ccd2
Fix macOS SCEP client issues
...
Fixes #746
3 years ago
Herman Slatman
2d357da99b
Add tests for ACME revocation
3 years ago
max furman
933b40a02a
Introduce gocritic linter and address warnings
3 years ago
Mariano Cano
9fb6df3abb
Fix ssh template variables when CA is injected using options.
3 years ago
Mariano Cano
aedd7fcc05
Be able to start a SSH host or SSH user only CA
...
In previous versions if the host or user CA is not configured, the
start of step-ca was crashing. This allows to configure a user or
host only ssh ca.
3 years ago
Mariano Cano
6729c79253
Add support for setting individual password for ssh and tls keys
...
This change add the following flags:
* --ssh-host-password-file
* --ssh-user-password-file
Fixes #693
3 years ago
Mariano Cano
492ff4b632
Ask for the first provisioner password if none is provided.
3 years ago
Mariano Cano
91a369f618
Automatically enable admin properly on linked cas.
3 years ago
Mariano Cano
26122a2cbf
Enable admin automatically if a token is provided.
3 years ago
Mariano Cano
8fb5340dc9
Use a token at start time to configure linkedca.
...
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
3 years ago
Mariano Cano
dd9850ce4c
Add working implementation of the linkedca.
...
Replaces the authority adminDB with a new impmentation that users the
linkedca client to retrieve the data.
Note that this implementation still hardcodes the endpoint to localhost.
3 years ago
max furman
1df21b9b6a
Addressing comments in PR review
...
- added a bit of validation to admin create and update
- using protojson where possible in admin api
- fixing a few instances of admin -> acme in errors
3 years ago
max furman
77fdfc9fa3
Merge branch 'master' into max/cert-mgr-crud
3 years ago
max furman
9fdef64709
Admin level API for provisioner mgmt v1
3 years ago
Herman Slatman
13fe7a0121
Make serving SCEP endpoints optional
...
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.
The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
3 years ago
Herman Slatman
97b88c4d58
Address (most) PR comments
3 years ago
Herman Slatman
be528da709
Make tests green
3 years ago
Herman Slatman
57a62964b1
Make tests not fail hard on ECDSA keys
...
All tests for the Authority failed because the test data
contains ECDSA keys. ECDSA keys are no crypto.Decrypter,
resulting in a failure when instantiating the Authority.
3 years ago
Herman Slatman
491c2b8d93
Improve initialization of SCEP authority
3 years ago