Commit graph

43 commits

Author SHA1 Message Date
Remi Vichery
b2c2eec76b
Add identity token for all Azure cloud environments
* Azure Public Cloud (default)
* Azure China Cloud
* Azure US Gov Cloud
* Azure German Cloud
2023-03-08 08:18:55 -08:00
Andrew Reed
7101fbb0ee
Provisioner webhooks (#1001) 2022-09-29 19:16:26 -05:00
max furman
4c7a2ce3eb
Fix errors.As linter warnings 2022-09-22 00:04:31 -07:00
max furman
7c5e5b2b87
Even more linter fixes 2022-09-20 21:48:04 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
23b8f45b37 Address gosec warnings
Most if not all false positives
2022-08-18 17:46:20 -07:00
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny 2022-04-08 16:01:56 +02:00
Mariano Cano
b7e11da480 Merge branch 'master' into feat/linkedra 2022-04-07 18:19:04 -07:00
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny 2022-03-30 14:50:14 +02:00
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages (#860)
* api/render: initial implementation of the package

* acme/api: refactored to support api/render

* authority/admin: refactored to support api/render

* ca: refactored to support api/render

* api: refactored to support api/render

* api/render: implemented Error

* api: refactored to support api/render.Error

* acme/api: refactored to support api/render.Error

* authority/admin: refactored to support api/render.Error

* ca: refactored to support api/render.Error

* ca: fixed broken tests

* api/render, api/log: moved error logging to this package

* acme: refactored Error so that it implements render.RenderableError

* authority/admin: refactored Error so that it implements render.RenderableError

* api/render: implemented RenderableError

* api/render: added test coverage for Error

* api/render: implemented statusCodeFromError

* api: refactored RootsPEM to work with render.Error

* acme, authority/admin: fixed pointer receiver name for consistency

* api/render, errs: moved StatusCoder & StackTracer to the render package
2022-03-30 11:22:22 +03:00
Mariano Cano
6851842841 Fix unit tests. 2022-03-28 15:06:56 -07:00
vijayjt
7b605b2d16 Support Azure tokens from managed identities not associated with a VM 2022-03-28 14:55:39 -07:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2022-03-24 12:36:12 +01:00
Mariano Cano
082734474b
Merge pull request #845 from vijayjt/azure-user-mi-token
WIP: Support Azure tokens generated by managed identities
2022-03-23 17:18:51 -07:00
Mariano Cano
4690fa64ed Add public methods to retrieve the provisioner extensions. 2022-03-11 14:59:42 -08:00
Mariano Cano
389815642d Fix tests: certs are truncated to seconds. 2022-03-10 10:46:28 -08:00
Mariano Cano
259e95947c Add support for the provisioner controller
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
2022-03-09 18:43:45 -08:00
Herman Slatman
af53a17bb4
Merge branch 'master' into herman/allow-deny 2022-03-07 14:13:13 +01:00
vijayjt
e699244291 Support Azure tokens from managed identities not associated with a VM 2022-03-07 11:24:58 +00:00
vijayjt
4a10f2c584 Rename new fields as per feedback to remove AAD from the name 2022-02-24 09:26:45 +00:00
vijayjt
8b68bedffa Add support for validation of certificate requests using Azure subscription and AAD object IDs. See #735 2022-02-22 17:20:18 +00:00
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine 2022-01-03 12:25:24 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
9e5762fe06 Allow the reuse of azure token if DisableTrustOnFirstUse is true
Azure caches tokens for 24h and we cannot issue a new certificate
for the same instance in that period of time.

The meaning of this parameter is to allow the signing of multiple
certificate in one instance. This is possible in GCP, because we
get a new token, and is possible in AWS because we can generate
a new one. On Azure there was no other way to do it unless you
wait for 24h.

Fixes #656
2021-08-11 11:50:54 -07:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
Mariano Cano
0c8376a7f6 Fix existing unit tests. 2020-07-21 14:21:54 -07:00
max furman
71d87b4e61 wip 2020-06-24 23:25:15 -07:00
Mariano Cano
f868e07a76 Allow to use custom principals on cloud provisioners.
Fixes #203
2020-03-05 14:33:42 -08:00
max furman
1cb8bb3ae1 Simplify statuscoder error generators. 2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
Mariano Cano
7db7b1ee4c Fix some provisioner tests 2020-01-28 13:28:16 -08:00
Mariano Cano
d4627d1282 Make provisioner tests compile, they are still failing. 2020-01-28 13:28:16 -08:00
Mariano Cano
396b4222aa Implement validator for ssh keys.
Fixes #100
2019-09-10 17:04:13 -07:00
Mariano Cano
10e7b81b9f Merge branch 'master' into ssh-ca 2019-09-05 23:06:01 +02:00
max furman
2b41faa9cf Enforce >= 2048 bit rsa keys at the provisioner layer
* Fixes #94
* In the future this should be configurable by provisioner
2019-08-27 14:44:59 -07:00
Mariano Cano
7983aa8661 Add azure ssh tests. 2019-07-31 18:16:17 -07:00
Mariano Cano
f8cacc11b1 Fix tests. 2019-07-29 18:24:34 -07:00
Mariano Cano
900ab9cc12 Allow custom common names in cloud identity provisioners. 2019-07-15 15:52:36 -07:00
Mariano Cano
423d505d04 Replace subscriptions with resource groups. 2019-05-08 17:11:55 -07:00
Mariano Cano
803d81d332 Improve azure unit tests. 2019-05-08 12:47:45 -07:00
Mariano Cano
4c5fec06bf Require TenantID in azure, add some tests. 2019-05-07 19:07:49 -07:00