Commit graph

2871 commits

Author SHA1 Message Date
Herman Slatman
3eecc4f7bb
Improve test coverage for reloadPolicyEngines 2022-04-19 17:10:13 +02:00
Herman Slatman
72bbe53376
Add additional policy options 2022-04-19 14:41:36 +02:00
Herman Slatman
9a21208f22
Add deduplication of policy configuration values 2022-04-19 13:21:37 +02:00
Herman Slatman
f2f9cb899e
Add conditional defaults to policy protobuf request bodies 2022-04-19 12:09:45 +02:00
Herman Slatman
6532c93303
Improve read.ProtoJSON bad protobuf body error handling 2022-04-19 12:07:57 +02:00
Herman Slatman
647538e9e8
Merge branch 'herman/allow-deny' into herman/allow-deny-options 2022-04-19 10:32:16 +02:00
Herman Slatman
ad2de16299
Merge branch 'master' into herman/allow-deny 2022-04-19 10:26:31 +02:00
Herman Slatman
7f9034d22a
Add additional policy options 2022-04-19 10:24:52 +02:00
Mariano Cano
d61cd98a3e
Merge pull request #894 from smallstep/ahmet2mir-feat/vault
Vault CAS
2022-04-18 17:55:03 -07:00
Mariano Cano
fe9c3cf753
Merge branch 'master' into ahmet2mir-feat/vault 2022-04-18 15:35:26 -07:00
Mariano Cano
b99692fdaa
Merge pull request #901 from smallstep/fix/admin-token
Drop any query string from the admin tokens
2022-04-18 15:30:42 -07:00
Mariano Cano
4770b405ba Drop any query string from the admin tokens
This commit makes sure the admin token audience is passed without
a query string (or any fragment).
2022-04-18 15:18:23 -07:00
Herman Slatman
def9438ad6
Improve handling of bad JSON protobuf bodies 2022-04-18 23:38:13 +02:00
Herman Slatman
2ca5c0170f
Fix flaky test behavior for protobuf messages 2022-04-18 22:39:47 +02:00
Herman Slatman
ff8cb19b78
Fix usage of URL in generateAdminToken 2022-04-18 21:59:06 +02:00
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny 2022-04-18 21:54:55 +02:00
Herman Slatman
82e0033428
Remove Adder options 2022-04-18 21:47:39 +02:00
Herman Slatman
8d15a027a7
Fix if-else linting issue 2022-04-18 21:47:13 +02:00
Mariano Cano
50a271edca
Merge pull request #888 from smallstep/fix/adminra
Fix/adminra
2022-04-18 12:46:41 -07:00
Mariano Cano
c066694c0c Allow renew token issuer to be the provisioner name.
For consistency with AuthorizeAdminToken, AuthorizeRenewToken will
allow the issuer to be either the fixed string 'step-ca-client/1.0'
or the provisioner name.
2022-04-18 12:38:09 -07:00
Herman Slatman
99702d3648
Fix case of no authority policy existing 2022-04-18 21:14:30 +02:00
Mariano Cano
3aebe8d019 Add missing comma in comment. 2022-04-15 12:19:32 -07:00
Herman Slatman
d6be9450be
Merge branch 'master' into herman/allow-deny 2022-04-15 11:57:05 +02:00
Herman Slatman
a9f033ece5
Fix JSON property name for ACME policy 2022-04-15 10:58:40 +02:00
Herman Slatman
30d5d89a13
Improve test coverage for Policy Admin API 2022-04-15 10:43:25 +02:00
Mariano Cano
d3b6bc3c75 Merge branch 'master' into fix/adminra 2022-04-13 17:44:23 -07:00
Mariano Cano
ad5aedfa60 Fix backward compatibility in AuthorizeAdminToken
This commit validates both new and old issuers.
2022-04-13 16:00:15 -07:00
Mariano Cano
5f714f2485 Fix tests for AuthorizeRenewToken 2022-04-13 15:59:37 -07:00
Mariano Cano
6331041b2b
Merge pull request #898 from smallstep/fix/claim-name
Rename unreleased claim to allowRenewalAfterExpiry for consistency.
2022-04-13 15:19:49 -07:00
Mariano Cano
674dc3c844 Rename unreleased claim to allowRenewalAfterExpiry for consistency. 2022-04-13 15:11:54 -07:00
Mariano Cano
4e4d4e882f Use a fixed string for renewal token issuer. 2022-04-13 14:50:06 -07:00
Mariano Cano
3694ba30dc Store certificate and provisioner in one transaction. 2022-04-12 18:42:27 -07:00
Mariano Cano
0a5dc237df Fix typo in comment. 2022-04-12 17:56:39 -07:00
Max
0dc5646e31
add Postgres to available databases in README 2022-04-12 15:21:18 -07:00
Mariano Cano
00cd0f5f21
Apply suggestions from code review
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-04-12 14:44:55 -07:00
Mariano Cano
1c24863d2f Update changelog. 2022-04-12 14:41:25 -07:00
Mariano Cano
e29c85bbd4 Use errors and fmt instead of pkg/errors. 2022-04-12 14:04:46 -07:00
Mariano Cano
ea5f7f2acc
Fix SANs for step-ca certificate
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-04-12 13:57:55 -07:00
Mariano Cano
c4ff0f1cc3 Add codecov token.
It shouldn't be necessary for public repos, but GitHub actions
error suggests to add it.
2022-04-12 11:19:43 -07:00
Mariano Cano
25d0ca258d Upgrade codecov to v2 2022-04-12 11:19:43 -07:00
Mariano Cano
76c483c36f Add missing comments. 2022-04-12 11:15:28 -07:00
Mariano Cano
48bc20c9f3 Unify json parameters. 2022-04-12 11:11:36 -07:00
Mariano Cano
790a19c6f6
make json names uniform
Co-authored-by: Ahmet Demir <ahmet2mir+github@gmail.com>
2022-04-12 10:01:22 -07:00
Mariano Cano
26e40068c8 Remove unnecessary dependencies. 2022-04-11 18:49:14 -07:00
Mariano Cano
967d9136ca Cleanup Vault CAS integration 2022-04-11 18:44:13 -07:00
Mariano Cano
9134bad22c Run go mod tidy. 2022-04-11 14:59:22 -07:00
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault 2022-04-11 14:57:45 -07:00
Mariano Cano
1880b4b2d0 Add codecov token.
It shouldn't be necessary for public repos, but GitHub actions
error suggests to add it.
2022-04-11 14:21:14 -07:00
Mariano Cano
435bb8123b Upgrade codecov to v2 2022-04-11 14:14:02 -07:00
Mariano Cano
c8c59d68f5 Allow mTLS renewals if the provisioner extension does not exists.
This fixes a backward compatibility issue with with the new
LoadProvisionerByCertificate.
2022-04-11 12:19:42 -07:00