Commit graph

3371 commits

Author SHA1 Message Date
Herman Slatman
1c38113e44
Add ACME Subproblem for more detailed ACME client-side errors
When validating an ACME challenge (`device-attest-01` in this case,
but it's also true for others), and validation fails, the CA didn't
return a lot of information about why the challenge had failed. By
introducing the ACME `Subproblem` type, an ACME `Error` can include
some additional information about what went wrong when validating
the challenge.

This is a WIP commit. The `Subproblem` isn't created in many code
paths yet, just for the `step` format at the moment. Will probably
follow up with some more improvements to how the ACME error is
handled. Also need to cleanup some debug things (q.Q)
2023-01-26 13:29:31 +01:00
Herman Slatman
64d9ad7b38
Validate Subject Common Name for Orders with Permanent Identifier 2023-01-20 16:54:55 +01:00
Max
5bab65aa49
Merge pull request #1232 from smallstep/dependabot/go_modules/github.com/urfave/cli-1.22.11
Bump github.com/urfave/cli from 1.22.10 to 1.22.11
2023-01-18 14:09:29 -08:00
Max
925f32e82f
Merge pull request #1231 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.52.0
Bump google.golang.org/grpc from 1.51.0 to 1.52.0
2023-01-18 14:08:53 -08:00
Max
466fe8280e
Merge pull request #1230 from smallstep/dependabot/go_modules/google.golang.org/api-0.107.0
Bump google.golang.org/api from 0.106.0 to 0.107.0
2023-01-18 14:08:31 -08:00
dependabot[bot]
fb39fccf6a
Bump github.com/urfave/cli from 1.22.10 to 1.22.11
Bumps [github.com/urfave/cli](https://github.com/urfave/cli) from 1.22.10 to 1.22.11.
- [Release notes](https://github.com/urfave/cli/releases)
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/urfave/cli/compare/v1.22.10...v1.22.11)

---
updated-dependencies:
- dependency-name: github.com/urfave/cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 15:56:04 +00:00
dependabot[bot]
29deb4befa
Bump google.golang.org/grpc from 1.51.0 to 1.52.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.51.0 to 1.52.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.51.0...v1.52.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 15:54:27 +00:00
dependabot[bot]
98cb439b41
Bump google.golang.org/api from 0.106.0 to 0.107.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.106.0 to 0.107.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.106.0...v0.107.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 15:51:18 +00:00
Carl Tashian
cc6b87d1a4
Merge pull request #1228 from smallstep/carl/entrypoint-boolean-fix
Only pass --admin-subject if --remote-management is true; fix  boolean handling
2023-01-11 11:27:59 -08:00
Carl Tashian
2ab9483952
Only pass --admin-subject if --remote-management is true; fix overall boolean handling 2023-01-11 11:19:39 -08:00
Mariano Cano
e4073270f3
Merge pull request #1225 from smallstep/0.23.1-changelog
Upgrade changelog for v0.23.1
2023-01-11 00:40:52 +01:00
Max
627506b519
Merge pull request #1207 from smallstep/max/admin-check
Add IsEnabled method in AdminClient for checking admin API availability
2023-01-10 15:17:00 -08:00
max furman
fd921e5b26
successful isEnabled check should not return error 2023-01-10 15:02:23 -08:00
max furman
0b26698e72
Add IsEnabled method in AdminClient for checking admin API availability 2023-01-10 14:56:36 -08:00
Mariano Cano
bab77f257a
Add changelog line for smallstep/certificates#1223 2023-01-10 12:42:28 -08:00
Carl Tashian
a78ddc7cc5
Merge pull request #1223 from smallstep/carl/docker-pwd
Docker: Generate and use independent provisioner and private key passwords
2023-01-10 12:34:56 -08:00
Mariano Cano
2e86a392a8
Add proper PR links 2023-01-10 12:21:41 -08:00
Mariano Cano
2cd5708103
Upgrade changelog for v0.23.1 2023-01-10 12:15:11 -08:00
Mariano Cano
ad8a95cc10
Merge pull request #1206 from smallstep/oidc-principals
Ignore principals validations with OIDC
2023-01-10 20:33:52 +01:00
Carl Tashian
dc8b196823
Print admin username and pw after init 2023-01-10 09:57:47 -08:00
Carl Tashian
328276eaeb
Shred provisioner password 2023-01-09 18:01:14 -08:00
Carl Tashian
ad5cbd9a0e
Print and delete provisioner password on setup 2023-01-09 17:59:33 -08:00
Carl Tashian
a017238874
No need for PROVISIONER_PWDPATH 2023-01-09 17:23:47 -08:00
Carl Tashian
313bf2354b
Check for existance of pwdpath before copying 2023-01-09 17:08:24 -08:00
Carl Tashian
640bd0b7c7
Tabs to spaces 2023-01-09 16:51:36 -08:00
Carl Tashian
c836c7ab40
Backward compatibility 2023-01-09 16:48:31 -08:00
Carl Tashian
8242895909
Update hsm dockerfile as well 2023-01-09 16:39:34 -08:00
Carl Tashian
844cfd3bad
Generate and use independent provisioner and private key passwords 2023-01-09 16:36:00 -08:00
Max
ac4d5e63ab
Merge pull request #1221 from smallstep/dependabot/go_modules/google.golang.org/api-0.106.0
Bump google.golang.org/api from 0.105.0 to 0.106.0
2023-01-09 09:27:00 -08:00
Max
985a0e4858
Merge pull request #1220 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.5.0
Bump golang.org/x/crypto from 0.4.0 to 0.5.0
2023-01-09 09:26:27 -08:00
Max
762ce06d84
Merge pull request #1219 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.11.0
Bump cloud.google.com/go/security from 1.10.0 to 1.11.0
2023-01-09 09:25:46 -08:00
dependabot[bot]
34dc119cf7
Bump google.golang.org/api from 0.105.0 to 0.106.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.105.0 to 0.106.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.105.0...v0.106.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 17:21:18 +00:00
Max
9cc35d1505
Merge branch 'master' into dependabot/go_modules/golang.org/x/crypto-0.5.0 2023-01-09 09:20:07 -08:00
dependabot[bot]
e7a4a1f43c
Bump cloud.google.com/go/security from 1.10.0 to 1.11.0
Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/asset/v1.10.0...asset/v1.11.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/security
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 17:19:52 +00:00
Max
8ba1b44cd8
Merge pull request #1218 from smallstep/dependabot/go_modules/cloud.google.com/go/longrunning-0.4.0
Bump cloud.google.com/go/longrunning from 0.3.0 to 0.4.0
2023-01-09 09:16:41 -08:00
Max
a063961175
Merge pull request #1217 from smallstep/dependabot/go_modules/golang.org/x/net-0.5.0
Bump golang.org/x/net from 0.4.0 to 0.5.0
2023-01-09 09:15:49 -08:00
dependabot[bot]
dae0ba9008
Bump golang.org/x/crypto from 0.4.0 to 0.5.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 15:09:50 +00:00
dependabot[bot]
32f4908310
Bump cloud.google.com/go/longrunning from 0.3.0 to 0.4.0
Bumps [cloud.google.com/go/longrunning](https://github.com/googleapis/google-cloud-go) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/longrunning
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 15:09:21 +00:00
dependabot[bot]
c5c07be298
Bump golang.org/x/net from 0.4.0 to 0.5.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 15:08:56 +00:00
Herman Slatman
b13b527d18
Merge pull request #1211 from smallstep/herman/ca-client-context-methods
Add `WithContext` methods to the CA client
2022-12-22 11:55:26 +01:00
Herman Slatman
b5961beba9
Fix and/or ignore linting issues 2022-12-21 16:02:26 +01:00
Herman Slatman
319333f936
Add WithContext methods to the CA client 2022-12-21 12:56:56 +01:00
Max
85f6554c5e
Merge pull request #1210 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.4.0
Bump golang.org/x/crypto from 0.3.0 to 0.4.0
2022-12-20 12:23:22 -08:00
Max
001c156b28
Merge pull request #1208 from smallstep/dependabot/go_modules/google.golang.org/api-0.105.0
Bump google.golang.org/api from 0.104.0 to 0.105.0
2022-12-20 12:17:36 -08:00
Max
407496234f
Merge pull request #1209 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.20.2
Bump github.com/newrelic/go-agent/v3 from 3.20.1 to 3.20.2
2022-12-20 12:15:33 -08:00
dependabot[bot]
27a50d50d3
Bump golang.org/x/crypto from 0.3.0 to 0.4.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-19 15:06:33 +00:00
dependabot[bot]
75ffbae5a7
Bump github.com/newrelic/go-agent/v3 from 3.20.1 to 3.20.2
Bumps [github.com/newrelic/go-agent/v3](https://github.com/newrelic/go-agent) from 3.20.1 to 3.20.2.
- [Release notes](https://github.com/newrelic/go-agent/releases)
- [Changelog](https://github.com/newrelic/go-agent/blob/master/CHANGELOG.md)
- [Commits](https://github.com/newrelic/go-agent/compare/v3.20.1...v3.20.2)

---
updated-dependencies:
- dependency-name: github.com/newrelic/go-agent/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-19 15:06:26 +00:00
dependabot[bot]
a4e64665da
Bump google.golang.org/api from 0.104.0 to 0.105.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.104.0 to 0.105.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.104.0...v0.105.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-19 15:06:20 +00:00
Mariano Cano
5d87201abc
Ignore principals validations with OIDC
This commit will ignore principals validation when an OIDC provisioner
is used. When the principals in the server does not match the principals
given the validation was failing, even if the proper principals were set
by templates or webhooks. With this change OIDC will not validate the
principals and just set the default ones (name, name@example.org) plus
the ones in the templates.

This commit also includes a change in the templates to allow to pass
a provisioner to the $(step path)/ssh/config template

Related to #807
2022-12-14 17:51:50 -08:00
Herman Slatman
9007e2ef75
Merge pull request #1201 from smallstep/herman/docker-remote-management
Add env vars for enabling Remote Management and ACME provisioner
2022-12-14 19:32:19 +01:00