Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2022-08-18 17:46:20 -07:00
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny
2022-04-08 16:01:56 +02:00
Mariano Cano
b7e11da480
Merge branch 'master' into feat/linkedra
2022-04-07 18:19:04 -07:00
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny
2022-03-30 14:50:14 +02:00
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages ( #860 )
...
* api/render: initial implementation of the package
* acme/api: refactored to support api/render
* authority/admin: refactored to support api/render
* ca: refactored to support api/render
* api: refactored to support api/render
* api/render: implemented Error
* api: refactored to support api/render.Error
* acme/api: refactored to support api/render.Error
* authority/admin: refactored to support api/render.Error
* ca: refactored to support api/render.Error
* ca: fixed broken tests
* api/render, api/log: moved error logging to this package
* acme: refactored Error so that it implements render.RenderableError
* authority/admin: refactored Error so that it implements render.RenderableError
* api/render: implemented RenderableError
* api/render: added test coverage for Error
* api/render: implemented statusCodeFromError
* api: refactored RootsPEM to work with render.Error
* acme, authority/admin: fixed pointer receiver name for consistency
* api/render, errs: moved StatusCoder & StackTracer to the render package
2022-03-30 11:22:22 +03:00
Mariano Cano
6851842841
Fix unit tests.
2022-03-28 15:06:56 -07:00
vijayjt
7b605b2d16
Support Azure tokens from managed identities not associated with a VM
2022-03-28 14:55:39 -07:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
2022-03-24 12:36:12 +01:00
Mariano Cano
082734474b
Merge pull request #845 from vijayjt/azure-user-mi-token
...
WIP: Support Azure tokens generated by managed identities
2022-03-23 17:18:51 -07:00
Mariano Cano
4690fa64ed
Add public methods to retrieve the provisioner extensions.
2022-03-11 14:59:42 -08:00
Mariano Cano
389815642d
Fix tests: certs are truncated to seconds.
2022-03-10 10:46:28 -08:00
Mariano Cano
259e95947c
Add support for the provisioner controller
...
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
2022-03-09 18:43:45 -08:00
Herman Slatman
af53a17bb4
Merge branch 'master' into herman/allow-deny
2022-03-07 14:13:13 +01:00
vijayjt
e699244291
Support Azure tokens from managed identities not associated with a VM
2022-03-07 11:24:58 +00:00
vijayjt
4a10f2c584
Rename new fields as per feedback to remove AAD from the name
2022-02-24 09:26:45 +00:00
vijayjt
8b68bedffa
Add support for validation of certificate requests using Azure subscription and AAD object IDs. See #735
2022-02-22 17:20:18 +00:00
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine
2022-01-03 12:25:24 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
9e5762fe06
Allow the reuse of azure token if DisableTrustOnFirstUse is true
...
Azure caches tokens for 24h and we cannot issue a new certificate
for the same instance in that period of time.
The meaning of this parameter is to allow the signing of multiple
certificate in one instance. This is possible in GCP, because we
get a new token, and is possible in AWS because we can generate
a new one. On Azure there was no other way to do it unless you
wait for 24h.
Fixes #656
2021-08-11 11:50:54 -07:00
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
Mariano Cano
0c8376a7f6
Fix existing unit tests.
2020-07-21 14:21:54 -07:00
max furman
71d87b4e61
wip
2020-06-24 23:25:15 -07:00
Mariano Cano
f868e07a76
Allow to use custom principals on cloud provisioners.
...
Fixes #203
2020-03-05 14:33:42 -08:00
max furman
1cb8bb3ae1
Simplify statuscoder error generators.
2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
Mariano Cano
7db7b1ee4c
Fix some provisioner tests
2020-01-28 13:28:16 -08:00
Mariano Cano
d4627d1282
Make provisioner tests compile, they are still failing.
2020-01-28 13:28:16 -08:00
Mariano Cano
396b4222aa
Implement validator for ssh keys.
...
Fixes #100
2019-09-10 17:04:13 -07:00
Mariano Cano
10e7b81b9f
Merge branch 'master' into ssh-ca
2019-09-05 23:06:01 +02:00
max furman
2b41faa9cf
Enforce >= 2048 bit rsa keys at the provisioner layer
...
* Fixes #94
* In the future this should be configurable by provisioner
2019-08-27 14:44:59 -07:00
Mariano Cano
7983aa8661
Add azure ssh tests.
2019-07-31 18:16:17 -07:00
Mariano Cano
f8cacc11b1
Fix tests.
2019-07-29 18:24:34 -07:00
Mariano Cano
900ab9cc12
Allow custom common names in cloud identity provisioners.
2019-07-15 15:52:36 -07:00
Mariano Cano
423d505d04
Replace subscriptions with resource groups.
2019-05-08 17:11:55 -07:00
Mariano Cano
803d81d332
Improve azure unit tests.
2019-05-08 12:47:45 -07:00
Mariano Cano
4c5fec06bf
Require TenantID in azure, add some tests.
2019-05-07 19:07:49 -07:00