Commit graph

483 commits

Author SHA1 Message Date
Mariano Cano
64f26c0f40 Enforce a duration for identity certificates. 2020-03-30 17:33:04 -07:00
Mariano Cano
fa416336a8 Add context to tests. 2020-03-10 19:17:32 -07:00
Mariano Cano
c49a9d5e33 Add context parameter to all SSH methods. 2020-03-10 19:01:45 -07:00
Mariano Cano
f868e07a76 Allow to use custom principals on cloud provisioners.
Fixes #203
2020-03-05 14:33:42 -08:00
Mariano Cano
59fc8cdd2d Fix typo in comments. 2020-02-27 10:48:16 -08:00
Mariano Cano
5c8c741fab Fix linting issues. 2020-02-14 11:46:31 -08:00
Mariano Cano
05cc1437b7 Remove unnecessary parse of certificate. 2020-02-13 17:48:43 -08:00
Mariano Cano
2d4f369db2 Add options to set root and federated certificates using x509.Certificate 2020-02-12 15:36:24 -08:00
Mariano Cano
43bd8113aa Remove unnecessary comments. 2020-02-11 14:46:18 -08:00
Mariano Cano
4eaeede77d Fix unit tests. 2020-02-11 14:05:37 -08:00
Mariano Cano
21bd339b86 Merge branch 'master' into kms 2020-02-11 13:20:35 -08:00
Mariano Cano
7846696fbb Fix return sign options on ssh sign. 2020-01-29 11:58:47 -08:00
max furman
d482ae2fb5 Remove test that is no longer implemented by the method. 2020-01-28 13:29:40 -08:00
max furman
397a181d10 Add backdate validation to sshCertValidityValidator. 2020-01-28 13:29:40 -08:00
max furman
df60fe3f0d Remove all references to old apiError. 2020-01-28 13:29:40 -08:00
max furman
1cb8bb3ae1 Simplify statuscoder error generators. 2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
Mariano Cano
895d3054a3 Remove the use of custom x509 package.
Upgrade cli dependency.
2020-01-28 13:29:39 -08:00
Mariano Cano
144acb9ee3 Remove debug statement. 2020-01-28 13:29:39 -08:00
Mariano Cano
06411d1715 Add tests of profileLimitDuration with backdate. 2020-01-28 13:29:39 -08:00
Mariano Cano
8297e5c717 Add tests for backdate and sshDefaultDuration 2020-01-28 13:29:39 -08:00
Mariano Cano
93b65bee7c Add unit test for profileDefaultDuration. 2020-01-28 13:29:39 -08:00
Mariano Cano
74b5d7f984 Add backdate support on ssh rekey. 2020-01-28 13:29:39 -08:00
Mariano Cano
84ff172093 Add support for backdate to SSH certificates. 2020-01-28 13:29:39 -08:00
Mariano Cano
5565d61bf3 Add fault tolerance against clock skew accross system on TLS certificates. 2020-01-28 13:29:39 -08:00
max furman
b9f6aacb0f Move api errors to their own package and modify the typedef 2020-01-28 13:29:39 -08:00
Mariano Cano
f033422ffa Allow no provisioners. 2020-01-28 13:29:39 -08:00
Mariano Cano
f4615d6258 Addapt test to api change. 2020-01-28 13:29:39 -08:00
max furman
3ac388612a Use x5cInsecure token for /ssh/check-host endpoint 2020-01-28 13:29:39 -08:00
Mariano Cano
08eac1b00d Make sure to define the KeyID from the token if available. 2020-01-28 13:29:39 -08:00
Mariano Cano
de3ba58455 Store renew certificate in the database. 2020-01-28 13:29:39 -08:00
Mariano Cano
caa2b8dbb7 Add leeway in identity not before. 2020-01-28 13:29:39 -08:00
max furman
9caadbb341 Fix authority calling wrong revoke method 2020-01-28 13:29:39 -08:00
Mariano Cano
f26103d150 Make test compilable. 2020-01-28 13:29:39 -08:00
Mariano Cano
557a45abfa Update template tests. 2020-01-28 13:29:39 -08:00
max furman
656f35e522 Use an actual Hosts type when returning ssh hosts 2020-01-28 13:29:39 -08:00
Mariano Cano
03bb26fb91 Add missing version.go file. 2020-01-28 13:28:17 -08:00
Mariano Cano
c60641701b Add version endpoint. 2020-01-28 13:28:16 -08:00
max furman
f92bb06b6c change func def for getSSHHosts
* continue to return all hosts if injection method not specified
2020-01-28 13:28:16 -08:00
Mariano Cano
11c8639782 Add identity certificate in ssh response. 2020-01-28 13:28:16 -08:00
max furman
d940ab7c20 Add getSSHHosts injection func 2020-01-28 13:28:16 -08:00
max furman
414a94b210 Instrument getIdentity func for OIDC ssh provisioner 2020-01-28 13:28:16 -08:00
max furman
3d970b45c8 remove printfs 2020-01-28 13:28:16 -08:00
max furman
f74cd04a6a Add WithGetIdentityFunc option and attr to authority
* Add Identity type to provisioner
2020-01-28 13:28:16 -08:00
Mariano Cano
8bf3bf701e Add support for /ssh/bastion method. 2020-01-28 13:28:16 -08:00
Mariano Cano
a6edcd0a3d Make test to compile, they still fail. 2020-01-28 13:28:16 -08:00
Mariano Cano
000885dea7 Move Option type to a new file. 2020-01-28 13:28:16 -08:00
Mariano Cano
a86dc78b5d Add missing comment. 2020-01-28 13:28:16 -08:00
Mariano Cano
7db7b1ee4c Fix some provisioner tests 2020-01-28 13:28:16 -08:00
Mariano Cano
29be322b1c Make audiences compatible with the old version. 2020-01-28 13:28:16 -08:00
Mariano Cano
39ae5636fe Complete AuthDB interface. 2020-01-28 13:28:16 -08:00
Mariano Cano
d4627d1282 Make provisioner tests compile, they are still failing. 2020-01-28 13:28:16 -08:00
Mariano Cano
a8a6d0ada3 Fix indentation. 2020-01-28 13:28:16 -08:00
Mariano Cano
cf592fa0e1 Remove global check for number of k8sSA provisioners.
This was causing a bug in the reload of the ca.
2020-01-28 13:28:16 -08:00
max furman
5788ac3f4f sshpop token should not allow renew/rekey of user ssh certs 2020-01-28 13:28:16 -08:00
max furman
54e3cf7322 Add multiuse capability to k8ssa provisioners 2020-01-28 13:28:16 -08:00
max furman
29853ae016 sshpop provisioner + ssh renew | revoke | rekey first pass 2020-01-28 13:28:16 -08:00
max furman
c04f1e1bd4 sshpop first pass 2020-01-28 13:28:16 -08:00
max furman
5616386eed Add SSH getHosts api 2020-01-28 13:28:16 -08:00
Mariano Cano
c7e4cc96a4 Change default user duration to 16h. 2020-01-28 13:28:16 -08:00
Mariano Cano
c729c5f925 Fix list of user ssh public keys. 2020-01-28 13:28:16 -08:00
Mariano Cano
ee22778264 Fix lint error. 2020-01-28 13:28:16 -08:00
Mariano Cano
8939caace4 Add tests for ssh authority methods. 2020-01-28 13:28:16 -08:00
Mariano Cano
4f06f3901e Add some ssh related tests. 2020-01-28 13:28:16 -08:00
Mariano Cano
08850d5334 Add support for federated keys. 2020-01-28 13:28:16 -08:00
Mariano Cano
37f17213bb Add initial support for check-host endpoint. 2020-01-28 13:28:16 -08:00
Mariano Cano
d08db4df23 Rename SSH methods. 2020-01-28 13:28:16 -08:00
Mariano Cano
b5bc249e1c Add support for multiple ssh roots.
Fixes #125
2020-01-28 13:28:16 -08:00
Mariano Cano
91130b9c3f Add support for user data in templates. 2020-01-28 13:28:16 -08:00
Mariano Cano
a35988ff08 Add initial support for ssh config.
Related to smallstep/cli#170
2020-01-28 13:28:16 -08:00
Mariano Cano
d4c47cf3e1 Fix tests. 2020-01-28 13:28:16 -08:00
Mariano Cano
961be1fbc7 Add endpoint to return the SSH public keys.
Related to smallstep/ca-component#195
2020-01-28 13:28:16 -08:00
Mariano Cano
a197158426 Add initial implementation of ssh config. 2020-01-28 13:28:16 -08:00
Mariano Cano
69a1b68283 Merge branch 'ssh' into kms 2020-01-27 15:41:14 -08:00
max furman
92c48949d7 Remove test that is no longer implemented by the method. 2020-01-24 13:47:15 -08:00
max furman
1e5763031b Add backdate validation to sshCertValidityValidator. 2020-01-24 13:46:54 -08:00
max furman
99e5bf4782 Remove all references to old apiError. 2020-01-24 13:46:41 -08:00
max furman
b265877050 Simplify statuscoder error generators. 2020-01-24 13:46:11 -08:00
max furman
c387b21808 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-22 17:25:23 -08:00
Mariano Cano
9021951f1a Fix types. 2020-01-14 18:47:05 -08:00
Mariano Cano
9641ab33b8 Use crypto.Signer instead of ssh.Signer in SSH options. 2020-01-14 18:38:29 -08:00
Mariano Cano
e98d7832b9 Add options to read the roots and federated roots from a bundle. 2020-01-10 18:33:48 -08:00
Mariano Cano
44eccc6bd8 Merge branch 'ssh' into kms 2020-01-10 17:49:52 -08:00
Mariano Cano
085ae82163 Remove the use of custom x509 package.
Upgrade cli dependency.
2020-01-10 10:58:49 -08:00
Mariano Cano
c62526b39f Add wip support for kms. 2020-01-09 18:42:26 -08:00
Mariano Cano
77af30bfa3 Remove debug statement. 2020-01-08 11:46:33 -08:00
Mariano Cano
f46dc03111 Add tests of profileLimitDuration with backdate. 2020-01-06 14:34:59 -08:00
Mariano Cano
165a91858e Add tests for backdate and sshDefaultDuration 2020-01-06 14:21:13 -08:00
Mariano Cano
7e33aeb8d3 Add unit test for profileDefaultDuration. 2020-01-06 12:19:00 -08:00
Mariano Cano
f06db4099e Add backdate support on ssh rekey. 2020-01-03 18:30:17 -08:00
Mariano Cano
935d0d4542 Add support for backdate to SSH certificates. 2020-01-03 18:22:52 -08:00
Mariano Cano
e67ccd9e3d Add fault tolerance against clock skew accross system on TLS certificates. 2020-01-02 17:48:28 -08:00
max furman
f9ef5070f9 Move api errors to their own package and modify the typedef 2019-12-17 14:26:02 -08:00
Mariano Cano
6d6f496331 Allow no provisioners. 2019-12-16 11:22:24 -08:00
Mariano Cano
96b6989658 Addapt test to api change. 2019-12-11 18:21:20 -08:00
Max
1f42637ba1
Merge pull request #143 from smallstep/expired-cert
Expired cert
2019-12-11 14:55:21 -08:00
max furman
1e17ec7d33 Use x5cInsecure token for /ssh/check-host endpoint 2019-12-11 14:54:29 -08:00
Mariano Cano
e841a86b48 Make sure to define the KeyID from the token if available. 2019-12-10 16:34:01 -08:00
Mariano Cano
8eeb82d0ce Store renew certificate in the database. 2019-12-10 13:10:45 -08:00
Mariano Cano
50152391a3 Add leeway in identity not before. 2019-12-09 16:55:25 -08:00
max furman
55237d635c Fix authority calling wrong revoke method 2019-12-03 12:39:57 -05:00
Mariano Cano
92d1db1616 Make test compilable. 2019-11-26 18:53:36 -08:00
Mariano Cano
5d35586402 Update template tests. 2019-11-26 18:53:36 -08:00
max furman
c2a3bcfab5 resolving merge 2019-11-20 17:26:04 -08:00
max furman
927784237d Use an actual Hosts type when returning ssh hosts 2019-11-20 17:23:51 -08:00
Mariano Cano
7a06a60f88 Add missing version.go file. 2019-11-20 17:02:06 -08:00
Mariano Cano
2f18a26d4f Add version endpoint. 2019-11-20 17:01:31 -08:00
max furman
35912cc906 change func def for getSSHHosts
* continue to return all hosts if injection method not specified
2019-11-20 12:59:48 -08:00
Mariano Cano
3fda081e42 Add identity certificate in ssh response. 2019-11-20 11:52:20 -08:00
max furman
c407a9319b Add getSSHHosts injection func 2019-11-20 11:32:27 -08:00
max furman
8b2105a8f9 Instrument getIdentity func for OIDC ssh provisioner 2019-11-19 13:32:58 -08:00
max furman
f25a2a43eb remove printfs 2019-11-15 11:59:12 -08:00
max furman
6ca1df5081 Add WithGetIdentityFunc option and attr to authority
* Add Identity type to provisioner
2019-11-14 20:38:39 -08:00
Mariano Cano
86a0558587 Add support for /ssh/bastion method. 2019-11-14 18:24:58 -08:00
Mariano Cano
8585b29711 Make test to compile, they still fail. 2019-11-14 18:07:16 -08:00
Mariano Cano
43b663e0c3 Move Option type to a new file. 2019-11-14 15:29:04 -08:00
Mariano Cano
be93c9e1f4 Add missing comment. 2019-11-14 15:27:12 -08:00
Mariano Cano
fcccb06696 Fix some provisioner tests 2019-11-14 15:26:37 -08:00
Mariano Cano
2cb6bd880b Make audiences compatible with the old version. 2019-11-14 15:18:49 -08:00
Mariano Cano
efc2180c4a Complete AuthDB interface. 2019-11-14 10:49:13 -08:00
Mariano Cano
a4fd76f1a8 Make provisioner tests compile, they are still failing. 2019-11-14 10:48:06 -08:00
Mariano Cano
0c3b9ebf45 Fix indentation. 2019-11-13 11:18:05 -08:00
Mariano Cano
69a7058ff0 Remove global check for number of k8sSA provisioners.
This was causing a bug in the reload of the ca.
2019-11-08 17:44:39 -08:00
max furman
e679deddd7 sshpop token should not allow renew/rekey of user ssh certs 2019-11-07 21:39:36 -08:00
max furman
946094d2b7 Add multiuse capability to k8ssa provisioners 2019-11-06 15:54:04 -08:00
max furman
a9ea292bd4 sshpop provisioner + ssh renew | revoke | rekey first pass 2019-11-05 16:41:42 -08:00
max furman
b5f15531d8 sshpop first pass 2019-11-05 16:41:17 -08:00
max furman
64b69374fa Add SSH getHosts api 2019-11-05 16:41:17 -08:00
Mariano Cano
cf2b9301c0 Change default user duration to 16h. 2019-11-05 16:41:17 -08:00
Mariano Cano
e5da24f269 Fix list of user ssh public keys. 2019-11-05 16:41:17 -08:00
Mariano Cano
91ccc3802c Fix lint error. 2019-11-05 16:41:17 -08:00
Mariano Cano
c2e20c7877 Add tests for ssh authority methods. 2019-11-05 16:41:17 -08:00
Mariano Cano
40052a1824 Add some ssh related tests. 2019-11-05 16:41:17 -08:00
Mariano Cano
38d735be6e Add support for federated keys. 2019-11-05 16:41:17 -08:00
Mariano Cano
3ee0dcec93 Add initial support for check-host endpoint. 2019-11-05 16:41:17 -08:00
Mariano Cano
a50d59338e Rename SSH methods. 2019-11-05 16:41:17 -08:00
Mariano Cano
e84489775b Add support for multiple ssh roots.
Fixes #125
2019-11-05 16:41:17 -08:00
Mariano Cano
caa2174efc Add support for user data in templates. 2019-11-05 16:41:17 -08:00
Mariano Cano
7b8bb6deb4 Add initial support for ssh config.
Related to smallstep/cli#170
2019-11-05 16:41:17 -08:00
Mariano Cano
c6a5772356 Fix tests. 2019-11-05 16:41:17 -08:00
Mariano Cano
fe3149cf52 Add endpoint to return the SSH public keys.
Related to smallstep/ca-component#195
2019-11-05 16:41:17 -08:00
Mariano Cano
dc6ffb7670 Add initial implementation of ssh config. 2019-11-05 16:41:17 -08:00
max furman
8f07ff6a39 Add kubernetes service account provisioner 2019-10-29 17:42:50 -07:00
Max
0a96062b76
Merge pull request #128 from jkralik/returnCertChain
Change api of functions Authority.Sign, Authority.Renew
2019-10-18 14:00:18 -07:00
max furman
d368791606 Add x5c provisioner capabilities 2019-10-14 14:51:37 -07:00
Jozef Kralik
bc6074f596 Change api of functions Authority.Sign, Authority.Renew
Returns certificate chain instead of 2 members.

Implements #126
2019-10-09 22:23:00 +02:00
Mariano Cano
59526d3225
Merge pull request #105 from smallstep/okta-support
Address support on OIDC provisioners
2019-09-20 15:33:11 -07:00
Mariano Cano
39b41b5e83
Merge pull request #107 from smallstep/ssh-valid-after
Truncate to seconds ValidAfter
2019-09-19 15:27:28 -07:00
Mariano Cano
d59a5b222f Truncate to seconds to avoid rounding up times.
It can cause that certs are not valid yet, if they are used right away.
2019-09-19 13:42:24 -07:00
max furman
fe7973c060 wip 2019-09-19 13:17:45 -07:00