Commit graph

28 commits

Author SHA1 Message Date
Mariano Cano
72e2c4eb2e Render proper policy and constrains errors 2022-09-21 18:35:18 -07:00
max furman
75bb196193
Add concurrency workflow config | fix broken test due to golang ver 2022-09-21 12:26:45 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Herman Slatman
cc26a0b394
Explicitly disable wildcard Common Name constraint 2022-05-06 13:58:48 +02:00
Herman Slatman
d82e51b748
Update AllowWildcardNames configuration name 2022-04-29 15:08:19 +02:00
Herman Slatman
2b7f6931f3
Change Subject Common Name verification
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
2022-04-28 14:49:23 +02:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container 2022-04-26 13:12:16 +02:00
Herman Slatman
76112c2da1
Improve error creation and testing for core policy engine 2022-04-26 01:47:07 +02:00
Herman Slatman
a2cfbe3d54
Fix (part of) PR comments 2022-04-21 12:14:03 +02:00
Herman Slatman
82e0033428
Remove Adder options 2022-04-18 21:47:39 +02:00
Herman Slatman
679e2945f2
Disallow name constraint wildcard notation 2022-04-04 15:35:49 +02:00
Herman Slatman
96f4c49b0c
Improve how policy errors are returned and used 2022-04-04 13:58:16 +02:00
Herman Slatman
d8776d8f7f
Add K8sSA SSH user policy back
According to the docs, the K8sSA provisioner can be configured
to issue SSH user certs.
2022-04-01 15:37:48 +02:00
Herman Slatman
5f0dc42b1e
Fix tests on Go 1.18 due to IDNA deviations
In Go 1.18 the behavior for looking up domains with non-ASCII
characters was changed to be in accordance with UTS#46
(https://unicode.org/reports/tr46/). There's a slight difference
in how IDNA2003 and IDNA2008 process these. Go 1.18 handles
the deviations in accordance with IDNA2008 now.
2022-03-31 17:16:11 +02:00
Herman Slatman
571b21abbc
Fix (most) PR comments 2022-03-31 16:12:29 +02:00
Herman Slatman
613c99f00f
Fix linting issues 2022-03-24 13:10:49 +01:00
Herman Slatman
6b620c8e9c
Improve protobuf unmarshaling error handling 2022-03-24 10:54:45 +01:00
Herman Slatman
101ca6a2d3
Check admin subjects before changing policy 2022-03-21 15:53:59 +01:00
Herman Slatman
88c7b63c9d
Split SSH user and cert policy configuration and execution 2022-02-01 15:18:39 +01:00
Herman Slatman
a7eb27d309
Fix URI domains IDNA support 2022-01-31 15:34:02 +01:00
Herman Slatman
9617edf0c2
Improve internationalized domain name handling
This PR improves internationalized domain name handling according
to rules of IDNA and based on the description in RFC 5280, section 7:
https://datatracker.ietf.org/doc/html/rfc5280#section-7.

Support for internationalized URI(s), so-called IRIs, still needs to
be done.
2022-01-27 17:18:33 +01:00
Herman Slatman
066bf32086
Fix part of PR comments 2022-01-25 15:00:07 +01:00
Herman Slatman
ff08b5055e
Fix linting issues 2022-01-18 14:42:56 +01:00
Herman Slatman
6440870a80
Clean up, improve test cases and coverage 2022-01-18 14:39:21 +01:00
Herman Slatman
1e808b61e5
Merge logic for X509 and SSH policy 2022-01-17 23:36:13 +01:00
Herman Slatman
6bc301339f
Improve test case and code coverage 2022-01-17 22:55:28 +01:00
Herman Slatman
6bc0513468
Add more tests 2022-01-04 15:41:40 +01:00
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine 2022-01-03 12:25:24 +01:00