Commit graph

922 commits

Author SHA1 Message Date
Herman Slatman
2a7620641f
Fix more PR comments 2022-04-26 10:15:17 +02:00
Herman Slatman
76112c2da1
Improve error creation and testing for core policy engine 2022-04-26 01:47:07 +02:00
Herman Slatman
20f5d12b99
Improve test rigour for reloadPolicyEngines 2022-04-25 11:02:03 +02:00
Herman Slatman
6264e8495c
Improve policy error handling code coverage 2022-04-24 16:29:31 +02:00
Herman Slatman
3fa96ebf13
Improve policy errors returned to client 2022-04-24 13:11:32 +02:00
Herman Slatman
c40a4d2694
Contain policy engines inside provisioner Controller 2022-04-22 01:20:38 +02:00
Herman Slatman
ef110a94df
Change pointer booleans to regular boolean configuration 2022-04-21 23:45:05 +02:00
Herman Slatman
e9f5a1eb98
Improve policy bad request handling 2022-04-21 17:16:02 +02:00
Herman Slatman
b72430f4ea
Block all APIs when using linked deployment mode 2022-04-21 16:18:55 +02:00
Herman Slatman
fb81407d6f
Fix ACME policy comments 2022-04-21 13:21:06 +02:00
Herman Slatman
a2cfbe3d54
Fix (part of) PR comments 2022-04-21 12:14:03 +02:00
Herman Slatman
3eecc4f7bb
Improve test coverage for reloadPolicyEngines 2022-04-19 17:10:13 +02:00
Herman Slatman
72bbe53376
Add additional policy options 2022-04-19 14:41:36 +02:00
Herman Slatman
9a21208f22
Add deduplication of policy configuration values 2022-04-19 13:21:37 +02:00
Herman Slatman
f2f9cb899e
Add conditional defaults to policy protobuf request bodies 2022-04-19 12:09:45 +02:00
Herman Slatman
647538e9e8
Merge branch 'herman/allow-deny' into herman/allow-deny-options 2022-04-19 10:32:16 +02:00
Herman Slatman
ad2de16299
Merge branch 'master' into herman/allow-deny 2022-04-19 10:26:31 +02:00
Herman Slatman
7f9034d22a
Add additional policy options 2022-04-19 10:24:52 +02:00
Mariano Cano
fe9c3cf753
Merge branch 'master' into ahmet2mir-feat/vault 2022-04-18 15:35:26 -07:00
Herman Slatman
def9438ad6
Improve handling of bad JSON protobuf bodies 2022-04-18 23:38:13 +02:00
Herman Slatman
2ca5c0170f
Fix flaky test behavior for protobuf messages 2022-04-18 22:39:47 +02:00
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny 2022-04-18 21:54:55 +02:00
Herman Slatman
8d15a027a7
Fix if-else linting issue 2022-04-18 21:47:13 +02:00
Mariano Cano
c066694c0c Allow renew token issuer to be the provisioner name.
For consistency with AuthorizeAdminToken, AuthorizeRenewToken will
allow the issuer to be either the fixed string 'step-ca-client/1.0'
or the provisioner name.
2022-04-18 12:38:09 -07:00
Herman Slatman
99702d3648
Fix case of no authority policy existing 2022-04-18 21:14:30 +02:00
Herman Slatman
d6be9450be
Merge branch 'master' into herman/allow-deny 2022-04-15 11:57:05 +02:00
Herman Slatman
30d5d89a13
Improve test coverage for Policy Admin API 2022-04-15 10:43:25 +02:00
Mariano Cano
d3b6bc3c75 Merge branch 'master' into fix/adminra 2022-04-13 17:44:23 -07:00
Mariano Cano
ad5aedfa60 Fix backward compatibility in AuthorizeAdminToken
This commit validates both new and old issuers.
2022-04-13 16:00:15 -07:00
Mariano Cano
5f714f2485 Fix tests for AuthorizeRenewToken 2022-04-13 15:59:37 -07:00
Mariano Cano
674dc3c844 Rename unreleased claim to allowRenewalAfterExpiry for consistency. 2022-04-13 15:11:54 -07:00
Mariano Cano
4e4d4e882f Use a fixed string for renewal token issuer. 2022-04-13 14:50:06 -07:00
Mariano Cano
0a5dc237df Fix typo in comment. 2022-04-12 17:56:39 -07:00
Mariano Cano
00cd0f5f21
Apply suggestions from code review
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-04-12 14:44:55 -07:00
Mariano Cano
ea5f7f2acc
Fix SANs for step-ca certificate
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-04-12 13:57:55 -07:00
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault 2022-04-11 14:57:45 -07:00
Mariano Cano
c8c59d68f5 Allow mTLS renewals if the provisioner extension does not exists.
This fixes a backward compatibility issue with with the new
LoadProvisionerByCertificate.
2022-04-11 12:19:42 -07:00
Herman Slatman
256fe113f7
Improve tests for ACME account policy 2022-04-11 15:25:55 +02:00
Panagiotis Siatras
f2cf9cf828
authority/status: removed the package (#892) 2022-04-11 11:56:16 +03:00
Mariano Cano
af8fcf5b01 Use always LoadProvisionerByCertificate on authority package 2022-04-08 14:18:24 -07:00
Mariano Cano
1d1e095447 Add tests for LoadProvisionerByCertificate. 2022-04-08 13:06:29 -07:00
Herman Slatman
0bb15e16f9
Fix missing ACME provisioner option 2022-04-08 16:10:26 +02:00
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny 2022-04-08 16:01:56 +02:00
Mariano Cano
dfdc9c06ed Fix linter error importShadow 2022-04-07 18:33:13 -07:00
Mariano Cano
8abd568f03 Merge branch 'master' into fix/adminra 2022-04-07 18:25:41 -07:00
Mariano Cano
b7e11da480 Merge branch 'master' into feat/linkedra 2022-04-07 18:19:04 -07:00
Mariano Cano
c55b27a2fc Refactor admin token to use with RAs. 2022-04-07 18:14:43 -07:00
Herman Slatman
034b7943fe
Merge branch 'master' into herman/allow-deny 2022-04-07 14:12:20 +02:00
Herman Slatman
7df52dbb76
Add ACME EAB policy 2022-04-07 14:11:53 +02:00
Mariano Cano
db337debcd Load provisioner from the database instead of the extension. 2022-04-05 19:25:47 -07:00