Mariano Cano
9408d0f24b
Send RA provisioner information to the CA
2022-08-02 19:28:49 -07:00
Mariano Cano
94f5b92513
Use proper context in authority package
2022-05-23 15:31:43 -07:00
Mariano Cano
26dd97e718
Merge branch 'master' into context-authority
2022-05-23 12:36:16 -07:00
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta
...
exposing authority configuration for provisioner cli commands
2022-05-19 22:53:59 -07:00
max furman
25b8d196d8
Couple changes in response to PR
...
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
admins when not using Admin API
2022-05-11 17:04:43 -07:00
Mariano Cano
8942422973
Add GetID() and add authority to initial context
2022-05-10 16:51:09 -07:00
Mariano Cano
d461918eb0
Merge branch 'master' into context-authority
2022-05-06 13:21:41 -07:00
max furman
4cb74e7d8b
fix linter warnings
2022-04-30 13:08:28 -07:00
Mariano Cano
48e2fabeb8
Add authority.MustFromContext
2022-04-27 11:38:06 -07:00
Mariano Cano
9628fa3562
Add methods to store and retrieve an authority from the context.
2022-04-26 12:54:54 -07:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container
2022-04-26 13:12:16 +02:00
max furman
b91affdd34
exposing authority configuration for provisioner cli commands
2022-04-25 10:23:07 -07:00
Herman Slatman
3eecc4f7bb
Improve test coverage for reloadPolicyEngines
2022-04-19 17:10:13 +02:00
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny
2022-04-08 16:01:56 +02:00
Mariano Cano
b7e11da480
Merge branch 'master' into feat/linkedra
2022-04-07 18:19:04 -07:00
Herman Slatman
034b7943fe
Merge branch 'master' into herman/allow-deny
2022-04-07 14:12:20 +02:00
Carl Tashian
150eee70df
Updates based on Herman's feedback
2022-04-05 10:59:25 -07:00
Carl Tashian
43f2c655b9
More info on startup
2022-04-04 12:16:37 -07:00
Herman Slatman
96f4c49b0c
Improve how policy errors are returned and used
2022-04-04 13:58:16 +02:00
Herman Slatman
571b21abbc
Fix (most) PR comments
2022-03-31 16:12:29 +02:00
Carl Tashian
1ba1584c7a
Formatted.
2022-03-30 16:08:10 -07:00
Carl Tashian
a13e58e340
Update GetAuthorityInfo -> GetInfo
2022-03-30 16:07:16 -07:00
Carl Tashian
90cb6315b1
Progress.
2022-03-30 16:05:26 -07:00
Carl Tashian
055e75f394
Progress?
2022-03-30 15:48:42 -07:00
Herman Slatman
0e052fe299
Add authority policy API
2022-03-30 14:21:39 +02:00
Mariano Cano
580a9c1476
Get linked RA configuration using the linked ca client.
2022-03-28 14:55:40 -07:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
2022-03-24 12:36:12 +01:00
Carl Tashian
25cc9a1728
Update authority/authority.go
...
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-03-22 07:38:09 -07:00
Carl Tashian
baf3c40fef
Print some basic configuration info on startup
2022-03-21 16:55:09 -07:00
Herman Slatman
101ca6a2d3
Check admin subjects before changing policy
2022-03-21 15:53:59 +01:00
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy
2022-03-15 15:56:04 +01:00
Mariano Cano
79349b4d7c
Add options to use custom renewal methods.
2022-03-10 13:01:08 -08:00
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level
2022-03-08 13:26:07 +01:00
max furman
a79d4af19b
change return value of generateProvisionerConfig to value
...
- always used as value (rather than pointer)
2022-02-28 11:04:40 -08:00
Mariano Cano
d384b534c7
Merge pull request #814 from smallstep/x509-enforcer
...
Authority enforcer option
2022-02-03 10:53:04 -08:00
Mariano Cano
300c19f8b9
Add a custom enforcer that can be used to modify a cert.
2022-02-02 14:36:58 -08:00
Herman Slatman
64680bb16d
Fix PR comments
2022-01-19 11:31:33 +01:00
Herman Slatman
3612eefc31
Cleanup
2022-01-18 15:54:18 +01:00
Herman Slatman
9c6580ccd2
Fix macOS SCEP client issues
...
Fixes #746
2022-01-14 10:48:23 +01:00
Herman Slatman
2d357da99b
Add tests for ACME revocation
2021-11-26 17:27:42 +01:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
9fb6df3abb
Fix ssh template variables when CA is injected using options.
2021-09-28 18:50:45 -07:00
Mariano Cano
aedd7fcc05
Be able to start a SSH host or SSH user only CA
...
In previous versions if the host or user CA is not configured, the
start of step-ca was crashing. This allows to configure a user or
host only ssh ca.
2021-09-28 15:07:09 -07:00
Mariano Cano
6729c79253
Add support for setting individual password for ssh and tls keys
...
This change add the following flags:
* --ssh-host-password-file
* --ssh-user-password-file
Fixes #693
2021-09-16 11:55:41 -07:00
Mariano Cano
492ff4b632
Ask for the first provisioner password if none is provided.
2021-08-10 17:30:33 -07:00
Mariano Cano
91a369f618
Automatically enable admin properly on linked cas.
2021-08-02 12:13:39 -07:00
Mariano Cano
26122a2cbf
Enable admin automatically if a token is provided.
2021-08-02 11:48:37 -07:00
Mariano Cano
8fb5340dc9
Use a token at start time to configure linkedca.
...
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
2021-07-19 19:28:06 -07:00
Mariano Cano
dd9850ce4c
Add working implementation of the linkedca.
...
Replaces the authority adminDB with a new impmentation that users the
linkedca client to retrieve the data.
Note that this implementation still hardcodes the endpoint to localhost.
2021-07-12 18:11:00 +02:00
max furman
1df21b9b6a
Addressing comments in PR review
...
- added a bit of validation to admin create and update
- using protojson where possible in admin api
- fixing a few instances of admin -> acme in errors
2021-07-06 17:14:13 -07:00