TrueCloudLab/certificates

Author	SHA1	Message	Date
Mariano Cano	6b3a8f22f3	Add provisioner to SSH renewals This commit allows to report the provisioner to the linkedca when a SSH certificate is renewed.	2022-05-20 14:41:44 -07:00
Mariano Cano	293586079a	Store provisioner with SignSSH This change also allows to store the old certificate on renewal on linkedca or if the db interface supports it.	2022-05-18 18:33:53 -07:00
Herman Slatman	6e1f8dd7ab	Refactor policy engines into container	2022-04-26 13:12:16 +02:00
Herman Slatman	76112c2da1	Improve error creation and testing for core policy engine	2022-04-26 01:47:07 +02:00
Herman Slatman	3fa96ebf13	Improve policy errors returned to client	2022-04-24 13:11:32 +02:00
Herman Slatman	571b21abbc	Fix (most) PR comments	2022-03-31 16:12:29 +02:00
Herman Slatman	7c541888ad	Refactor configuration of allow/deny on authority level	2022-03-08 13:26:07 +01:00
Herman Slatman	0475a4d26f	Refactor extraction of JSON template syntax errors	2022-01-12 10:41:36 +01:00
Herman Slatman	a5455d3572	Improve errors related to template execution failures (slightly)	2022-01-10 15:49:37 +01:00
Mariano Cano	031d4d7000	Return BadRequest when validating sign options.	2021-11-23 17:52:17 -08:00
Mariano Cano	bb26799583	Modify errs.Wrap with forbidden errors.	2021-11-23 12:04:51 -08:00
Mariano Cano	668d3ea6c7	Modify errs.Wrap() with bad request to send messages to users.	2021-11-18 18:44:58 -08:00
Mariano Cano	8c8db0d4b7	Modify errs.BadRequestErr() to always return an error to the client.	2021-11-18 18:17:36 -08:00
Mariano Cano	8ce807a6cb	Modify errs.BadRequest() calls to always send an error to the client.	2021-11-18 15:12:44 -08:00
max furman	922d239171	Simplify conditional	2021-11-16 21:47:14 -08:00
max furman	a7d144996f	SSH backwards compat updates - use existence of new value in data map as boolean - add tests for backwards and forwards compatibility - fix old tests that used static dir locations	2021-11-16 21:47:14 -08:00
max furman	507be61e8c	Use a more distint map key to indicate template version - make the key a variable that can be reused on the CLI side.	2021-11-16 21:47:14 -08:00
max furman	f426c152a9	backwards compatibility for version of cli older than v0.18.0	2021-11-16 21:47:14 -08:00
max furman	933b40a02a	Introduce gocritic linter and address warnings	2021-10-08 14:59:57 -04:00
Mariano Cano	f7542a5bd9	Move check of ssh revocation from provisioner to the authority.	2021-07-21 15:22:57 -07:00
Mariano Cano	71f8019243	Store x509 and ssh certificates on linkedca if enabled.	2021-07-20 18:16:24 -07:00
max furman	7b5d6968a5	first commit	2021-05-19 15:20:16 -07:00
Mariano Cano	4d375a06f5	Make clearer what's an unsigned cert.	2020-08-28 14:29:18 -07:00
Mariano Cano	ba918100d0	Use go.step.sm/crypto/jose Replace use of github.com/smallstep/cli/crypto with the new package go.step.sm/crypto/jose.	2020-08-24 14:44:11 -07:00
Mariano Cano	e83e47a91e	Use sshutil and randutil from go.step.sm/crypto.	2020-08-10 11:26:51 -07:00
Mariano Cano	c4bbc81d9f	Fix authority tests.	2020-08-03 18:36:05 -07:00
Mariano Cano	a78f7e8913	Add template support on k8ssa provisioner.	2020-07-30 17:45:03 -07:00
Mariano Cano	c1fc45c872	Simplify SSH modifiers with options. It also changes the behavior of the request options to modify only the validity of the certificate.	2020-07-30 17:45:03 -07:00
Mariano Cano	d7e590908e	Use sshutil for ssh renewing and rekeying.	2020-07-30 17:45:02 -07:00
Mariano Cano	b66d123572	Use sshutil for SSH certificate signing.	2020-07-30 17:45:02 -07:00
Mariano Cano	6c64fb3ed2	Rename provisioner options structs: * provisioner.ProvisionerOptions => provisioner.Options * provisioner.Options => provisioner.SignOptions * provisioner.SSHOptions => provisioner.SingSSHOptions	2020-07-22 18:24:45 -07:00
Mariano Cano	39650637d4	Merge pull request #297 from smallstep/no-bastion-bastion Do not return bastion for the configured bastion host.	2020-06-23 11:45:25 -07:00
Mariano Cano	b0fdd0b2be	Do not return bastion for the configured bastion host. Fixes #296	2020-06-19 12:37:08 -07:00
Mariano Cano	e3ae751b57	Use templates from authority instead of config.	2020-06-16 17:57:35 -07:00
Mariano Cano	237baa5169	Check for required variables in templates. Fixes smallstep/cli#232	2020-06-16 17:26:54 -07:00
Mariano Cano	9832d1538b	Avoid nil pointer panic on step ssh config with no templates.	2020-06-15 17:25:47 -07:00
Mariano Cano	b0ff731d18	Add support for user provisioner certificates on OIDC provisioners. OIDC provisioners create an SSH certificate with two principals. This was avoiding the creationg of user provisioner certificates for those provisioners. Fixes smallstep/cli#268	2020-04-23 19:42:55 -07:00
Mariano Cano	c49a9d5e33	Add context parameter to all SSH methods.	2020-03-10 19:01:45 -07:00
max furman	397a181d10	Add backdate validation to sshCertValidityValidator.	2020-01-28 13:29:40 -08:00
max furman	1cb8bb3ae1	Simplify statuscoder error generators.	2020-01-28 13:29:40 -08:00
max furman	dccbdf3a90	Introduce generalized statusCoder errors and loads of ssh unit tests. * StatusCoder api errors that have friendly user messages. * Unit tests for SSH sign/renew/rekey/revoke across all provisioners.	2020-01-28 13:29:40 -08:00
Mariano Cano	74b5d7f984	Add backdate support on ssh rekey.	2020-01-28 13:29:39 -08:00
Mariano Cano	84ff172093	Add support for backdate to SSH certificates.	2020-01-28 13:29:39 -08:00
max furman	b9f6aacb0f	Move api errors to their own package and modify the typedef	2020-01-28 13:29:39 -08:00
max furman	3ac388612a	Use x5cInsecure token for /ssh/check-host endpoint	2020-01-28 13:29:39 -08:00
max furman	656f35e522	Use an actual Hosts type when returning ssh hosts	2020-01-28 13:29:39 -08:00
max furman	f92bb06b6c	change func def for getSSHHosts * continue to return all hosts if injection method not specified	2020-01-28 13:28:16 -08:00
Mariano Cano	11c8639782	Add identity certificate in ssh response.	2020-01-28 13:28:16 -08:00
max furman	d940ab7c20	Add getSSHHosts injection func	2020-01-28 13:28:16 -08:00
Mariano Cano	8bf3bf701e	Add support for /ssh/bastion method.	2020-01-28 13:28:16 -08:00

1 2

65 commits