Commit graph

303 commits

Author SHA1 Message Date
max furman
1e5763031b Add backdate validation to sshCertValidityValidator. 2020-01-24 13:46:54 -08:00
max furman
99e5bf4782 Remove all references to old apiError. 2020-01-24 13:46:41 -08:00
max furman
b265877050 Simplify statuscoder error generators. 2020-01-24 13:46:11 -08:00
max furman
c387b21808 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-22 17:25:23 -08:00
Mariano Cano
085ae82163 Remove the use of custom x509 package.
Upgrade cli dependency.
2020-01-10 10:58:49 -08:00
Mariano Cano
77af30bfa3 Remove debug statement. 2020-01-08 11:46:33 -08:00
Mariano Cano
f46dc03111 Add tests of profileLimitDuration with backdate. 2020-01-06 14:34:59 -08:00
Mariano Cano
165a91858e Add tests for backdate and sshDefaultDuration 2020-01-06 14:21:13 -08:00
Mariano Cano
7e33aeb8d3 Add unit test for profileDefaultDuration. 2020-01-06 12:19:00 -08:00
Mariano Cano
f06db4099e Add backdate support on ssh rekey. 2020-01-03 18:30:17 -08:00
Mariano Cano
935d0d4542 Add support for backdate to SSH certificates. 2020-01-03 18:22:52 -08:00
Mariano Cano
e67ccd9e3d Add fault tolerance against clock skew accross system on TLS certificates. 2020-01-02 17:48:28 -08:00
max furman
f9ef5070f9 Move api errors to their own package and modify the typedef 2019-12-17 14:26:02 -08:00
Mariano Cano
6d6f496331 Allow no provisioners. 2019-12-16 11:22:24 -08:00
Mariano Cano
96b6989658 Addapt test to api change. 2019-12-11 18:21:20 -08:00
Max
1f42637ba1
Merge pull request #143 from smallstep/expired-cert
Expired cert
2019-12-11 14:55:21 -08:00
max furman
1e17ec7d33 Use x5cInsecure token for /ssh/check-host endpoint 2019-12-11 14:54:29 -08:00
Mariano Cano
e841a86b48 Make sure to define the KeyID from the token if available. 2019-12-10 16:34:01 -08:00
Mariano Cano
8eeb82d0ce Store renew certificate in the database. 2019-12-10 13:10:45 -08:00
Mariano Cano
50152391a3 Add leeway in identity not before. 2019-12-09 16:55:25 -08:00
max furman
55237d635c Fix authority calling wrong revoke method 2019-12-03 12:39:57 -05:00
Mariano Cano
92d1db1616 Make test compilable. 2019-11-26 18:53:36 -08:00
Mariano Cano
5d35586402 Update template tests. 2019-11-26 18:53:36 -08:00
max furman
c2a3bcfab5 resolving merge 2019-11-20 17:26:04 -08:00
max furman
927784237d Use an actual Hosts type when returning ssh hosts 2019-11-20 17:23:51 -08:00
Mariano Cano
7a06a60f88 Add missing version.go file. 2019-11-20 17:02:06 -08:00
Mariano Cano
2f18a26d4f Add version endpoint. 2019-11-20 17:01:31 -08:00
max furman
35912cc906 change func def for getSSHHosts
* continue to return all hosts if injection method not specified
2019-11-20 12:59:48 -08:00
Mariano Cano
3fda081e42 Add identity certificate in ssh response. 2019-11-20 11:52:20 -08:00
max furman
c407a9319b Add getSSHHosts injection func 2019-11-20 11:32:27 -08:00
max furman
8b2105a8f9 Instrument getIdentity func for OIDC ssh provisioner 2019-11-19 13:32:58 -08:00
max furman
f25a2a43eb remove printfs 2019-11-15 11:59:12 -08:00
max furman
6ca1df5081 Add WithGetIdentityFunc option and attr to authority
* Add Identity type to provisioner
2019-11-14 20:38:39 -08:00
Mariano Cano
86a0558587 Add support for /ssh/bastion method. 2019-11-14 18:24:58 -08:00
Mariano Cano
8585b29711 Make test to compile, they still fail. 2019-11-14 18:07:16 -08:00
Mariano Cano
43b663e0c3 Move Option type to a new file. 2019-11-14 15:29:04 -08:00
Mariano Cano
be93c9e1f4 Add missing comment. 2019-11-14 15:27:12 -08:00
Mariano Cano
fcccb06696 Fix some provisioner tests 2019-11-14 15:26:37 -08:00
Mariano Cano
2cb6bd880b Make audiences compatible with the old version. 2019-11-14 15:18:49 -08:00
Mariano Cano
efc2180c4a Complete AuthDB interface. 2019-11-14 10:49:13 -08:00
Mariano Cano
a4fd76f1a8 Make provisioner tests compile, they are still failing. 2019-11-14 10:48:06 -08:00
Mariano Cano
0c3b9ebf45 Fix indentation. 2019-11-13 11:18:05 -08:00
Mariano Cano
69a7058ff0 Remove global check for number of k8sSA provisioners.
This was causing a bug in the reload of the ca.
2019-11-08 17:44:39 -08:00
max furman
e679deddd7 sshpop token should not allow renew/rekey of user ssh certs 2019-11-07 21:39:36 -08:00
max furman
946094d2b7 Add multiuse capability to k8ssa provisioners 2019-11-06 15:54:04 -08:00
max furman
a9ea292bd4 sshpop provisioner + ssh renew | revoke | rekey first pass 2019-11-05 16:41:42 -08:00
max furman
b5f15531d8 sshpop first pass 2019-11-05 16:41:17 -08:00
max furman
64b69374fa Add SSH getHosts api 2019-11-05 16:41:17 -08:00
Mariano Cano
cf2b9301c0 Change default user duration to 16h. 2019-11-05 16:41:17 -08:00
Mariano Cano
e5da24f269 Fix list of user ssh public keys. 2019-11-05 16:41:17 -08:00