Mariano Cano
|
64f26c0f40
|
Enforce a duration for identity certificates.
|
2020-03-30 17:33:04 -07:00 |
|
Mariano Cano
|
fa416336a8
|
Add context to tests.
|
2020-03-10 19:17:32 -07:00 |
|
Mariano Cano
|
c49a9d5e33
|
Add context parameter to all SSH methods.
|
2020-03-10 19:01:45 -07:00 |
|
Mariano Cano
|
f868e07a76
|
Allow to use custom principals on cloud provisioners.
Fixes #203
|
2020-03-05 14:33:42 -08:00 |
|
Mariano Cano
|
59fc8cdd2d
|
Fix typo in comments.
|
2020-02-27 10:48:16 -08:00 |
|
Mariano Cano
|
5c8c741fab
|
Fix linting issues.
|
2020-02-14 11:46:31 -08:00 |
|
Mariano Cano
|
05cc1437b7
|
Remove unnecessary parse of certificate.
|
2020-02-13 17:48:43 -08:00 |
|
Mariano Cano
|
2d4f369db2
|
Add options to set root and federated certificates using x509.Certificate
|
2020-02-12 15:36:24 -08:00 |
|
Mariano Cano
|
43bd8113aa
|
Remove unnecessary comments.
|
2020-02-11 14:46:18 -08:00 |
|
Mariano Cano
|
4eaeede77d
|
Fix unit tests.
|
2020-02-11 14:05:37 -08:00 |
|
Mariano Cano
|
21bd339b86
|
Merge branch 'master' into kms
|
2020-02-11 13:20:35 -08:00 |
|
Mariano Cano
|
7846696fbb
|
Fix return sign options on ssh sign.
|
2020-01-29 11:58:47 -08:00 |
|
max furman
|
d482ae2fb5
|
Remove test that is no longer implemented by the method.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
397a181d10
|
Add backdate validation to sshCertValidityValidator.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
df60fe3f0d
|
Remove all references to old apiError.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
1cb8bb3ae1
|
Simplify statuscoder error generators.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
dccbdf3a90
|
Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
|
2020-01-28 13:29:40 -08:00 |
|
Mariano Cano
|
895d3054a3
|
Remove the use of custom x509 package.
Upgrade cli dependency.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
144acb9ee3
|
Remove debug statement.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
06411d1715
|
Add tests of profileLimitDuration with backdate.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
8297e5c717
|
Add tests for backdate and sshDefaultDuration
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
93b65bee7c
|
Add unit test for profileDefaultDuration.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
74b5d7f984
|
Add backdate support on ssh rekey.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
84ff172093
|
Add support for backdate to SSH certificates.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
5565d61bf3
|
Add fault tolerance against clock skew accross system on TLS certificates.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
b9f6aacb0f
|
Move api errors to their own package and modify the typedef
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
f033422ffa
|
Allow no provisioners.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
f4615d6258
|
Addapt test to api change.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
3ac388612a
|
Use x5cInsecure token for /ssh/check-host endpoint
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
08eac1b00d
|
Make sure to define the KeyID from the token if available.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
de3ba58455
|
Store renew certificate in the database.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
caa2b8dbb7
|
Add leeway in identity not before.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
9caadbb341
|
Fix authority calling wrong revoke method
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
f26103d150
|
Make test compilable.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
557a45abfa
|
Update template tests.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
656f35e522
|
Use an actual Hosts type when returning ssh hosts
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
03bb26fb91
|
Add missing version.go file.
|
2020-01-28 13:28:17 -08:00 |
|
Mariano Cano
|
c60641701b
|
Add version endpoint.
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
f92bb06b6c
|
change func def for getSSHHosts
* continue to return all hosts if injection method not specified
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
11c8639782
|
Add identity certificate in ssh response.
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
d940ab7c20
|
Add getSSHHosts injection func
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
414a94b210
|
Instrument getIdentity func for OIDC ssh provisioner
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
3d970b45c8
|
remove printfs
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
f74cd04a6a
|
Add WithGetIdentityFunc option and attr to authority
* Add Identity type to provisioner
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
8bf3bf701e
|
Add support for /ssh/bastion method.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
a6edcd0a3d
|
Make test to compile, they still fail.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
000885dea7
|
Move Option type to a new file.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
a86dc78b5d
|
Add missing comment.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
7db7b1ee4c
|
Fix some provisioner tests
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
29be322b1c
|
Make audiences compatible with the old version.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
39ae5636fe
|
Complete AuthDB interface.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
d4627d1282
|
Make provisioner tests compile, they are still failing.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
a8a6d0ada3
|
Fix indentation.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
cf592fa0e1
|
Remove global check for number of k8sSA provisioners.
This was causing a bug in the reload of the ca.
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
5788ac3f4f
|
sshpop token should not allow renew/rekey of user ssh certs
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
54e3cf7322
|
Add multiuse capability to k8ssa provisioners
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
29853ae016
|
sshpop provisioner + ssh renew | revoke | rekey first pass
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
c04f1e1bd4
|
sshpop first pass
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
5616386eed
|
Add SSH getHosts api
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
c7e4cc96a4
|
Change default user duration to 16h.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
c729c5f925
|
Fix list of user ssh public keys.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
ee22778264
|
Fix lint error.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
8939caace4
|
Add tests for ssh authority methods.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
4f06f3901e
|
Add some ssh related tests.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
08850d5334
|
Add support for federated keys.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
37f17213bb
|
Add initial support for check-host endpoint.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
d08db4df23
|
Rename SSH methods.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
b5bc249e1c
|
Add support for multiple ssh roots.
Fixes #125
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
91130b9c3f
|
Add support for user data in templates.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
a35988ff08
|
Add initial support for ssh config.
Related to smallstep/cli#170
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
d4c47cf3e1
|
Fix tests.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
961be1fbc7
|
Add endpoint to return the SSH public keys.
Related to smallstep/ca-component#195
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
a197158426
|
Add initial implementation of ssh config.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
69a1b68283
|
Merge branch 'ssh' into kms
|
2020-01-27 15:41:14 -08:00 |
|
max furman
|
92c48949d7
|
Remove test that is no longer implemented by the method.
|
2020-01-24 13:47:15 -08:00 |
|
max furman
|
1e5763031b
|
Add backdate validation to sshCertValidityValidator.
|
2020-01-24 13:46:54 -08:00 |
|
max furman
|
99e5bf4782
|
Remove all references to old apiError.
|
2020-01-24 13:46:41 -08:00 |
|
max furman
|
b265877050
|
Simplify statuscoder error generators.
|
2020-01-24 13:46:11 -08:00 |
|
max furman
|
c387b21808
|
Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
|
2020-01-22 17:25:23 -08:00 |
|
Mariano Cano
|
9021951f1a
|
Fix types.
|
2020-01-14 18:47:05 -08:00 |
|
Mariano Cano
|
9641ab33b8
|
Use crypto.Signer instead of ssh.Signer in SSH options.
|
2020-01-14 18:38:29 -08:00 |
|
Mariano Cano
|
e98d7832b9
|
Add options to read the roots and federated roots from a bundle.
|
2020-01-10 18:33:48 -08:00 |
|
Mariano Cano
|
44eccc6bd8
|
Merge branch 'ssh' into kms
|
2020-01-10 17:49:52 -08:00 |
|
Mariano Cano
|
085ae82163
|
Remove the use of custom x509 package.
Upgrade cli dependency.
|
2020-01-10 10:58:49 -08:00 |
|
Mariano Cano
|
c62526b39f
|
Add wip support for kms.
|
2020-01-09 18:42:26 -08:00 |
|
Mariano Cano
|
77af30bfa3
|
Remove debug statement.
|
2020-01-08 11:46:33 -08:00 |
|
Mariano Cano
|
f46dc03111
|
Add tests of profileLimitDuration with backdate.
|
2020-01-06 14:34:59 -08:00 |
|
Mariano Cano
|
165a91858e
|
Add tests for backdate and sshDefaultDuration
|
2020-01-06 14:21:13 -08:00 |
|
Mariano Cano
|
7e33aeb8d3
|
Add unit test for profileDefaultDuration.
|
2020-01-06 12:19:00 -08:00 |
|
Mariano Cano
|
f06db4099e
|
Add backdate support on ssh rekey.
|
2020-01-03 18:30:17 -08:00 |
|
Mariano Cano
|
935d0d4542
|
Add support for backdate to SSH certificates.
|
2020-01-03 18:22:52 -08:00 |
|
Mariano Cano
|
e67ccd9e3d
|
Add fault tolerance against clock skew accross system on TLS certificates.
|
2020-01-02 17:48:28 -08:00 |
|
max furman
|
f9ef5070f9
|
Move api errors to their own package and modify the typedef
|
2019-12-17 14:26:02 -08:00 |
|
Mariano Cano
|
6d6f496331
|
Allow no provisioners.
|
2019-12-16 11:22:24 -08:00 |
|
Mariano Cano
|
96b6989658
|
Addapt test to api change.
|
2019-12-11 18:21:20 -08:00 |
|
Max
|
1f42637ba1
|
Merge pull request #143 from smallstep/expired-cert
Expired cert
|
2019-12-11 14:55:21 -08:00 |
|
max furman
|
1e17ec7d33
|
Use x5cInsecure token for /ssh/check-host endpoint
|
2019-12-11 14:54:29 -08:00 |
|
Mariano Cano
|
e841a86b48
|
Make sure to define the KeyID from the token if available.
|
2019-12-10 16:34:01 -08:00 |
|
Mariano Cano
|
8eeb82d0ce
|
Store renew certificate in the database.
|
2019-12-10 13:10:45 -08:00 |
|
Mariano Cano
|
50152391a3
|
Add leeway in identity not before.
|
2019-12-09 16:55:25 -08:00 |
|
max furman
|
55237d635c
|
Fix authority calling wrong revoke method
|
2019-12-03 12:39:57 -05:00 |
|
Mariano Cano
|
92d1db1616
|
Make test compilable.
|
2019-11-26 18:53:36 -08:00 |
|
Mariano Cano
|
5d35586402
|
Update template tests.
|
2019-11-26 18:53:36 -08:00 |
|
max furman
|
c2a3bcfab5
|
resolving merge
|
2019-11-20 17:26:04 -08:00 |
|
max furman
|
927784237d
|
Use an actual Hosts type when returning ssh hosts
|
2019-11-20 17:23:51 -08:00 |
|
Mariano Cano
|
7a06a60f88
|
Add missing version.go file.
|
2019-11-20 17:02:06 -08:00 |
|
Mariano Cano
|
2f18a26d4f
|
Add version endpoint.
|
2019-11-20 17:01:31 -08:00 |
|
max furman
|
35912cc906
|
change func def for getSSHHosts
* continue to return all hosts if injection method not specified
|
2019-11-20 12:59:48 -08:00 |
|
Mariano Cano
|
3fda081e42
|
Add identity certificate in ssh response.
|
2019-11-20 11:52:20 -08:00 |
|
max furman
|
c407a9319b
|
Add getSSHHosts injection func
|
2019-11-20 11:32:27 -08:00 |
|
max furman
|
8b2105a8f9
|
Instrument getIdentity func for OIDC ssh provisioner
|
2019-11-19 13:32:58 -08:00 |
|
max furman
|
f25a2a43eb
|
remove printfs
|
2019-11-15 11:59:12 -08:00 |
|
max furman
|
6ca1df5081
|
Add WithGetIdentityFunc option and attr to authority
* Add Identity type to provisioner
|
2019-11-14 20:38:39 -08:00 |
|
Mariano Cano
|
86a0558587
|
Add support for /ssh/bastion method.
|
2019-11-14 18:24:58 -08:00 |
|
Mariano Cano
|
8585b29711
|
Make test to compile, they still fail.
|
2019-11-14 18:07:16 -08:00 |
|
Mariano Cano
|
43b663e0c3
|
Move Option type to a new file.
|
2019-11-14 15:29:04 -08:00 |
|
Mariano Cano
|
be93c9e1f4
|
Add missing comment.
|
2019-11-14 15:27:12 -08:00 |
|
Mariano Cano
|
fcccb06696
|
Fix some provisioner tests
|
2019-11-14 15:26:37 -08:00 |
|
Mariano Cano
|
2cb6bd880b
|
Make audiences compatible with the old version.
|
2019-11-14 15:18:49 -08:00 |
|
Mariano Cano
|
efc2180c4a
|
Complete AuthDB interface.
|
2019-11-14 10:49:13 -08:00 |
|
Mariano Cano
|
a4fd76f1a8
|
Make provisioner tests compile, they are still failing.
|
2019-11-14 10:48:06 -08:00 |
|
Mariano Cano
|
0c3b9ebf45
|
Fix indentation.
|
2019-11-13 11:18:05 -08:00 |
|
Mariano Cano
|
69a7058ff0
|
Remove global check for number of k8sSA provisioners.
This was causing a bug in the reload of the ca.
|
2019-11-08 17:44:39 -08:00 |
|
max furman
|
e679deddd7
|
sshpop token should not allow renew/rekey of user ssh certs
|
2019-11-07 21:39:36 -08:00 |
|
max furman
|
946094d2b7
|
Add multiuse capability to k8ssa provisioners
|
2019-11-06 15:54:04 -08:00 |
|
max furman
|
a9ea292bd4
|
sshpop provisioner + ssh renew | revoke | rekey first pass
|
2019-11-05 16:41:42 -08:00 |
|
max furman
|
b5f15531d8
|
sshpop first pass
|
2019-11-05 16:41:17 -08:00 |
|
max furman
|
64b69374fa
|
Add SSH getHosts api
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
cf2b9301c0
|
Change default user duration to 16h.
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
e5da24f269
|
Fix list of user ssh public keys.
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
91ccc3802c
|
Fix lint error.
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
c2e20c7877
|
Add tests for ssh authority methods.
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
40052a1824
|
Add some ssh related tests.
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
38d735be6e
|
Add support for federated keys.
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
3ee0dcec93
|
Add initial support for check-host endpoint.
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
a50d59338e
|
Rename SSH methods.
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
e84489775b
|
Add support for multiple ssh roots.
Fixes #125
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
caa2174efc
|
Add support for user data in templates.
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
7b8bb6deb4
|
Add initial support for ssh config.
Related to smallstep/cli#170
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
c6a5772356
|
Fix tests.
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
fe3149cf52
|
Add endpoint to return the SSH public keys.
Related to smallstep/ca-component#195
|
2019-11-05 16:41:17 -08:00 |
|
Mariano Cano
|
dc6ffb7670
|
Add initial implementation of ssh config.
|
2019-11-05 16:41:17 -08:00 |
|
max furman
|
8f07ff6a39
|
Add kubernetes service account provisioner
|
2019-10-29 17:42:50 -07:00 |
|
Max
|
0a96062b76
|
Merge pull request #128 from jkralik/returnCertChain
Change api of functions Authority.Sign, Authority.Renew
|
2019-10-18 14:00:18 -07:00 |
|
max furman
|
d368791606
|
Add x5c provisioner capabilities
|
2019-10-14 14:51:37 -07:00 |
|
Jozef Kralik
|
bc6074f596
|
Change api of functions Authority.Sign, Authority.Renew
Returns certificate chain instead of 2 members.
Implements #126
|
2019-10-09 22:23:00 +02:00 |
|
Mariano Cano
|
59526d3225
|
Merge pull request #105 from smallstep/okta-support
Address support on OIDC provisioners
|
2019-09-20 15:33:11 -07:00 |
|
Mariano Cano
|
39b41b5e83
|
Merge pull request #107 from smallstep/ssh-valid-after
Truncate to seconds ValidAfter
|
2019-09-19 15:27:28 -07:00 |
|
Mariano Cano
|
d59a5b222f
|
Truncate to seconds to avoid rounding up times.
It can cause that certs are not valid yet, if they are used right away.
|
2019-09-19 13:42:24 -07:00 |
|
max furman
|
fe7973c060
|
wip
|
2019-09-19 13:17:45 -07:00 |
|