Add provisioner as a signOption for SSH
This commit is contained in:
parent
293586079a
commit
e7d7eb1a94
9 changed files with 9 additions and 1 deletions
|
@ -747,6 +747,7 @@ func (p *AWS) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
|
||||||
signOptions = append(signOptions, templateOptions)
|
signOptions = append(signOptions, templateOptions)
|
||||||
|
|
||||||
return append(signOptions,
|
return append(signOptions,
|
||||||
|
p,
|
||||||
// Validate user SignSSHOptions.
|
// Validate user SignSSHOptions.
|
||||||
sshCertOptionsValidator(defaults),
|
sshCertOptionsValidator(defaults),
|
||||||
// Set the validity bounds if not set.
|
// Set the validity bounds if not set.
|
||||||
|
|
|
@ -418,6 +418,7 @@ func (p *Azure) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOptio
|
||||||
signOptions = append(signOptions, templateOptions)
|
signOptions = append(signOptions, templateOptions)
|
||||||
|
|
||||||
return append(signOptions,
|
return append(signOptions,
|
||||||
|
p,
|
||||||
// Validate user SignSSHOptions.
|
// Validate user SignSSHOptions.
|
||||||
sshCertOptionsValidator(defaults),
|
sshCertOptionsValidator(defaults),
|
||||||
// Set the validity bounds if not set.
|
// Set the validity bounds if not set.
|
||||||
|
|
|
@ -425,6 +425,7 @@ func (p *GCP) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
|
||||||
signOptions = append(signOptions, templateOptions)
|
signOptions = append(signOptions, templateOptions)
|
||||||
|
|
||||||
return append(signOptions,
|
return append(signOptions,
|
||||||
|
p,
|
||||||
// Validate user SignSSHOptions.
|
// Validate user SignSSHOptions.
|
||||||
sshCertOptionsValidator(defaults),
|
sshCertOptionsValidator(defaults),
|
||||||
// Set the validity bounds if not set.
|
// Set the validity bounds if not set.
|
||||||
|
|
|
@ -257,6 +257,7 @@ func (p *JWK) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
|
||||||
}
|
}
|
||||||
|
|
||||||
return append(signOptions,
|
return append(signOptions,
|
||||||
|
p,
|
||||||
// Set the validity bounds if not set.
|
// Set the validity bounds if not set.
|
||||||
&sshDefaultDuration{p.ctl.Claimer},
|
&sshDefaultDuration{p.ctl.Claimer},
|
||||||
// Validate public key
|
// Validate public key
|
||||||
|
|
|
@ -275,6 +275,7 @@ func (p *K8sSA) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOptio
|
||||||
signOptions := []SignOption{templateOptions}
|
signOptions := []SignOption{templateOptions}
|
||||||
|
|
||||||
return append(signOptions,
|
return append(signOptions,
|
||||||
|
p,
|
||||||
// Require type, key-id and principals in the SignSSHOptions.
|
// Require type, key-id and principals in the SignSSHOptions.
|
||||||
&sshCertOptionsRequireValidator{CertType: true, KeyID: true, Principals: true},
|
&sshCertOptionsRequireValidator{CertType: true, KeyID: true, Principals: true},
|
||||||
// Set the validity bounds if not set.
|
// Set the validity bounds if not set.
|
||||||
|
|
|
@ -250,6 +250,7 @@ func (p *Nebula) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOpti
|
||||||
}
|
}
|
||||||
|
|
||||||
return append(signOptions,
|
return append(signOptions,
|
||||||
|
p,
|
||||||
templateOptions,
|
templateOptions,
|
||||||
// Checks the validity bounds, and set the validity if has not been set.
|
// Checks the validity bounds, and set the validity if has not been set.
|
||||||
&sshLimitDuration{p.ctl.Claimer, crt.Details.NotAfter},
|
&sshLimitDuration{p.ctl.Claimer, crt.Details.NotAfter},
|
||||||
|
|
|
@ -50,7 +50,7 @@ func (p *noop) AuthorizeRevoke(ctx context.Context, token string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *noop) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption, error) {
|
func (p *noop) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption, error) {
|
||||||
return []SignOption{}, nil
|
return []SignOption{p}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *noop) AuthorizeSSHRenew(ctx context.Context, token string) (*ssh.Certificate, error) {
|
func (p *noop) AuthorizeSSHRenew(ctx context.Context, token string) (*ssh.Certificate, error) {
|
||||||
|
|
|
@ -434,6 +434,7 @@ func (o *OIDC) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption
|
||||||
}
|
}
|
||||||
|
|
||||||
return append(signOptions,
|
return append(signOptions,
|
||||||
|
o,
|
||||||
// Set the validity bounds if not set.
|
// Set the validity bounds if not set.
|
||||||
&sshDefaultDuration{o.ctl.Claimer},
|
&sshDefaultDuration{o.ctl.Claimer},
|
||||||
// Validate public key
|
// Validate public key
|
||||||
|
|
|
@ -312,6 +312,7 @@ func (p *X5C) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
|
||||||
}
|
}
|
||||||
|
|
||||||
return append(signOptions,
|
return append(signOptions,
|
||||||
|
p,
|
||||||
// Checks the validity bounds, and set the validity if has not been set.
|
// Checks the validity bounds, and set the validity if has not been set.
|
||||||
&sshLimitDuration{p.ctl.Claimer, claims.chains[0][0].NotAfter},
|
&sshLimitDuration{p.ctl.Claimer, claims.chains[0][0].NotAfter},
|
||||||
// Validate public key.
|
// Validate public key.
|
||||||
|
|
Loading…
Reference in a new issue