Commit graph

2176 commits

Author SHA1 Message Date
Carl Tashian
25325b6970 Revert systemd renewer unit change that was incorrect
This reverts commit 75f24a103a.
2021-05-03 16:19:36 -07:00
Mariano Cano
484b30d0a1 Fix IsAdminGroup comment. 2021-04-29 18:47:17 -07:00
Mariano Cano
9cc410b308 Use map[string]struct{} instead of map[string]bool 2021-04-29 18:40:04 -07:00
Mariano Cano
c8eb771a8e Add test for oidc with preferred usernames. 2021-04-29 18:37:48 -07:00
Cristian Le
8b1ab30212 Sanitize usernames 2021-04-30 09:41:06 +09:00
Cristian Le
bf364f0a5f Draft: adding usernames to GetIdentityFunc 2021-04-30 09:14:28 +09:00
Cristian Le
861ef80e0d Rename and reformat to PreferredUsername 2021-04-30 08:44:41 +09:00
Mariano Cano
b9b1ac04d1
Merge pull request #562 from smallstep/renew-db-interface
Renew DB interface and Rekey
2021-04-29 16:28:46 -07:00
Mariano Cano
5846314f88 Add missing Rekey method to the ca.Client
Fixes #315
2021-04-29 16:06:45 -07:00
Mariano Cano
2cbaee9c1d Allow to use an alternative interface to store renewed certs.
This can be useful to know if a certificate has been renewed and
link one certificate with the 'parent'.
2021-04-29 15:55:22 -07:00
Herman Slatman
68d5f6d0d2
Merge branch 'master' into hs/scep 2021-04-29 22:18:00 +02:00
Cristian Le
55fbcfb3be Implement #550
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-04-29 15:44:21 +09:00
Joe Julian
0369151bfa
use InsecureSkipVerify for validation
The server will not yet have a valid certificate so we need to disable
certificate validation in the HTTPGetter.
2021-04-27 08:18:35 -07:00
Mariano Cano
582d6b161d
Merge pull request #531 from smallstep/tls-tunnel
Add experimental support for a TLS over TLS tunnel.
2021-04-26 18:51:33 -07:00
Mariano Cano
1328aa3e47 Fix review comments. 2021-04-26 18:45:46 -07:00
Mariano Cano
d3c6bcbcce
Merge pull request #553 from smallstep/store-chain
Add extension of db.AuthDB to store the fullchain
2021-04-26 14:37:05 -07:00
Mariano Cano
e6833ecee3 Add extension of db.AuthDB to store the fullchain.
Add a temporary solution to allow an extension of an db.AuthDB
interface that logs the fullchain of certificates instead of just
the leaf.
2021-04-26 12:28:51 -07:00
Mariano Cano
50b9aaec57 Add new identity tests. 2021-04-21 18:07:59 -07:00
Mariano Cano
e414d0c8ea Fix unit tests. 2021-04-21 16:20:53 -07:00
Mariano Cano
c5234e9c61 Refactor tls tunnel connections.
New method will use an identity-like file with the configuration
used to create the (m)TLS connection to the tunnel.
2021-04-21 16:20:53 -07:00
Mariano Cano
180b5c3e3c Fix typo. 2021-04-21 16:20:53 -07:00
Mariano Cano
e75a9409a5 Add experimental support for a TLS over TLS tunnel. 2021-04-21 16:20:53 -07:00
Carl Tashian
75f24a103a Sync cert renewer service with docs 2021-04-20 17:04:18 -07:00
Carl Tashian
e50c5bc4b1 Remove pronoun 2021-04-19 12:08:42 -07:00
Mariano Cano
3769a2760a
Merge pull request #543 from smallstep/no-nonce-on-get
Remove the creation on nonce on get acme directory
2021-04-16 13:20:06 -07:00
Herman Slatman
2336936b5c
Fix typo 2021-04-16 15:49:33 +02:00
Herman Slatman
9787728fbd
Mask challenge password after it has been read 2021-04-16 14:09:34 +02:00
Herman Slatman
0487686f69
Merge branch 'master' into hs/scep 2021-04-16 13:25:01 +02:00
Mariano Cano
2e1524ec2f Remove the creation on nonce on get acme directory.
According to RFC 8555, the replay nonces are only required in POST
requests. And of course in the new-nonce request.
2021-04-15 17:54:22 -07:00
max furman
16c20c9279 [action] codecov token not needed for public repos 2021-04-15 15:43:12 -07:00
Max
b7f8f15619
Merge pull request #541 from smallstep/max/ver
VERSION from ENV should always take precedence over CI tags
2021-04-15 15:23:19 -07:00
max furman
78c15805f4 VERSION from ENV should always take precedence over CI tags 2021-04-15 15:16:32 -07:00
Mariano Cano
7688ca18ac
Merge pull request #540 from smallstep/proxy-always
Always specify a Proxy in all custom transports.
2021-04-14 21:05:32 -07:00
Mariano Cano
02a5879cfe Specify always a Proxy in all custom transports.
Fixes #535
2021-04-14 19:35:31 -07:00
Max
0ec75c98cf
Merge pull request #539 from smallstep/max/escaped-route-fix
Use different method for unescpaed paths for the router
2021-04-14 15:43:12 -07:00
max furman
93c3c2bf2e Error handle non existent provisioner downstream and disable debug route logging 2021-04-14 15:35:43 -07:00
max furman
497ec0c79b Fix linter issues 2021-04-14 15:14:27 -07:00
max furman
b1888fd34d Use different method for unescpaed paths for the router 2021-04-14 15:11:15 -07:00
Max
938cd092b4
Merge pull request #536 from smallstep/max/dev
Move golangci-lint to github action and fix debian build action
2021-04-14 13:14:34 -07:00
Mariano Cano
e3e34bd00c Remove dockerignore files that are in the repo.
This was causing a dirty repo and versions with -dev.
2021-04-13 18:24:02 -07:00
max furman
335435decf [action] debian rules syntax 2021-04-13 16:53:30 -07:00
max furman
6a6be84874 [action] debian rules syntax 2021-04-13 16:37:00 -07:00
max furman
39f6a27515 [action] alternate makefile target for dh_auto_build 2021-04-13 16:30:13 -07:00
max furman
ee4d45cf79 [action] remove make bootstrap from debian build process 2021-04-13 16:02:46 -07:00
max furman
f02d97e621 [action] use matrix strategy in release.test | bump to 1.16 2021-04-13 15:53:49 -07:00
max furman
c71d56e4ae [action] use go version matrix for the test / build step 2021-04-13 15:47:26 -07:00
max furman
fa9bceefa2 [action] but golangci-lint timeout 2021-04-13 15:42:54 -07:00
max furman
819d466790 [actions] update test action as well 2021-04-13 15:38:36 -07:00
max furman
42a470d803 Move golangci-lint to github action | update bootstrap
- Update bootstrap to use official golangci-lint install
2021-04-13 15:32:46 -07:00
max furman
72217c972d GO111MODULE should not be necessary in bootstrap 2021-04-13 15:21:45 -07:00