Mariano Cano
|
8e7bf96769
|
Fix error prefix.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
e0dce54338
|
Add missing argument.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
c1fc45c872
|
Simplify SSH modifiers with options.
It also changes the behavior of the request options to modify only
the validity of the certificate.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
ad28f0f59a
|
Move variable where it is used.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
715eb4eacc
|
Add initial support for ssh templates on OIDC.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
c2dc76550c
|
Add ssh certificate template to X5C provisioner.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
380a0d6daf
|
Add ssh certificate templates to JWK provisioner.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
f75a12e10a
|
Add omitempty tag option.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
570ede45e7
|
Do not enforce number of principals or extensions.
|
2020-07-30 17:45:02 -07:00 |
|
Mariano Cano
|
631f1612a1
|
Add TemplateData to SignSSHOptions.
|
2020-07-30 17:45:02 -07:00 |
|
Mariano Cano
|
c6746425a3
|
Add methods to initialize ssh templates in provisioners.
|
2020-07-30 17:45:02 -07:00 |
|
Mariano Cano
|
3e80f41c19
|
Change provisioner options to have X509 as a field.
|
2020-07-30 17:44:22 -07:00 |
|
Mariano Cano
|
6c64fb3ed2
|
Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
|
2020-07-22 18:24:45 -07:00 |
|
Mariano Cano
|
5ac3f8a160
|
Add provisioner options tests.
|
2020-07-21 14:21:54 -07:00 |
|
Mariano Cano
|
02c4f9817d
|
Set full token payload instead of only the known properties.
|
2020-07-21 14:21:54 -07:00 |
|
Mariano Cano
|
0c8376a7f6
|
Fix existing unit tests.
|
2020-07-21 14:21:54 -07:00 |
|
Mariano Cano
|
a7fe0104c4
|
Remove ACME restrictions and add proper template support.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
cf2989a848
|
Add token and subject to K8sSA provisioner to be used in custom
templates.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
71be83b25e
|
Add iss#sub uri in OIDC certificates.
Admin will use the CR template if none is provided.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
c58117b30d
|
Allow to use base64 when defining a template in the ca.json.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
b2ca3176f5
|
Prepend insecure to user and CR variables names.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
b11486f41f
|
Fix option method for template variable.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
04f5053a7a
|
Add template support for x5c.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
eb8886d828
|
Add CR subject as iid default subject.
Add a minimal subject with just a common name to iid provisioners
in case we want to use it.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
e60ea419cc
|
Add template support for gcp provisioner.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
32646c49bf
|
Add templates support to Azure provisioner.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
a44f0ca866
|
Add token payload.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
00fd41a3d0
|
Add template support to K8sSA provisioners.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
13b704aeed
|
Add template support for AWS provisioner.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
49b9aa6e3f
|
Fix log string.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
4795e371bd
|
Add back the support for ca.json DN template.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
e6fed5e0aa
|
Minor fixes and comments.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
81cd288104
|
Enable templates in acme provisioners.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
ca2fb42d68
|
Move options to the provisioner.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
206bc6757a
|
Add initial support for templates in the OIDC provisioner.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
95c3a41bf0
|
Rename UserData to TemplateData and fix unmarshaling.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
9f3acc254b
|
Set the token payload in the JWK provisioner.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
ef0ed0ff95
|
Integrate simple templates in the JWK provisioner.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
9032018cf2
|
Convert x509util.WithOptions to new modifiers.
|
2020-07-21 14:18:04 -07:00 |
|
Carl Tashian
|
912e298043
|
Whitelist -> Allowlist per https://tools.ietf.org/id/draft-knodel-terminology-01.html
|
2020-07-20 15:42:47 -07:00 |
|
max furman
|
accf1be7e9
|
wip
|
2020-06-25 14:02:24 -07:00 |
|
max furman
|
71d87b4e61
|
wip
|
2020-06-24 23:25:15 -07:00 |
|
max furman
|
d25e7f64c2
|
wip
|
2020-06-24 09:58:40 -07:00 |
|
max furman
|
3636ba3228
|
wip
|
2020-06-23 17:13:39 -07:00 |
|
max furman
|
1951669e13
|
wip
|
2020-06-23 11:10:45 -07:00 |
|
max furman
|
7d5cf34ce5
|
Update profileLimitDuration validator ...
- respect notBefore of the provisioner
- modify/fix the reported errors
|
2020-06-16 12:16:43 -07:00 |
|
Mariano Cano
|
4ac51dd508
|
Merge pull request #274 from smallstep/oidc-raw-locals
Allow dots and other symbols in principals for OIDC
|
2020-05-26 11:28:30 -07:00 |
|
Mariano Cano
|
3246a3e81f
|
Add missing test case.
|
2020-05-26 10:22:15 -07:00 |
|
max furman
|
6e69f99310
|
Always set nbf and naf for new ACME orders ...
- Use the default value from the ACME provisioner if values are not
defined in the request.
|
2020-05-22 10:31:58 -07:00 |
|
Mariano Cano
|
0b5fd156e8
|
Add a third principal on OIDC tokens with the raw local part of the email.
For the email first.last@example.com it will create the principals
["firstlast", "first.last", "first.last@example.com"]
Fixes #253, #254
|
2020-05-21 12:09:11 -07:00 |
|