Commit graph

2995 commits

Author SHA1 Message Date
Mariano Cano
26dd97e718 Merge branch 'master' into context-authority 2022-05-23 12:36:16 -07:00
Mariano Cano
02fd0e7170
Merge pull request #913 from delamart/master
Vault Kubernetes Auth
2022-05-23 12:08:01 -07:00
Erik DeLamarter
07984a968f
better error messages
Co-authored-by: Mariano Cano <mariano.cano@gmail.com>
2022-05-21 21:11:52 +02:00
Erik De Lamarter
9ec154aab0
rewrite and improve secret-id config 2022-05-21 21:06:15 +02:00
Erik De Lamarter
6989c7f146
vault auth unit tests 2022-05-21 21:06:15 +02:00
Erik De Lamarter
6c44291d8d
refactor vault auth 2022-05-21 21:06:15 +02:00
Erik De Lamarter
dec1067add
vault kubernetes auth 2022-05-21 21:06:14 +02:00
Mariano Cano
6b3a8f22f3 Add provisioner to SSH renewals
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2022-05-20 14:41:44 -07:00
Mariano Cano
3c4d0412ef
Merge pull request #941 from smallstep/ssh-provisioner
Report SSH provisioner
2022-05-20 12:24:30 -07:00
Mariano Cano
eebbd65dd5 Fix linter error 2022-05-20 12:03:36 -07:00
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta
exposing authority configuration for provisioner cli commands
2022-05-19 22:53:59 -07:00
max furman
5443aa073a gofmt -s 2022-05-19 22:46:25 -07:00
max furman
8ca9442fe9 Add -s to make fmt and bump golangci-lint to 1.45.2 2022-05-19 22:40:47 -07:00
Max
586e4fd3b5
Update authority/options.go
Co-authored-by: Mariano Cano <mariano@smallstep.com>
2022-05-19 22:26:20 -07:00
Mariano Cano
1ad75a3bdb Skip failing test for now
This test fails randomly on VMs, there's an issue to fix this so
skipping it for now
2022-05-19 18:51:51 -07:00
Mariano Cano
dd985ce154 Clarify errors when sending renewed certificates 2022-05-19 18:41:13 -07:00
Mariano Cano
a627f21440 Fix AuthorizeSSHSign tests with extra SignOption 2022-05-18 18:51:36 -07:00
Mariano Cano
e7d7eb1a94 Add provisioner as a signOption for SSH 2022-05-18 18:42:42 -07:00
Mariano Cano
293586079a Store provisioner with SignSSH
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
2022-05-18 18:33:53 -07:00
Mariano Cano
c8d7ad7ab9 Fix store certificates methods with new interface 2022-05-18 18:33:22 -07:00
Mariano Cano
de99c3cac0 Report provisioner and parent on linkedca 2022-05-18 18:30:53 -07:00
Mariano Cano
20b2c6a201 Extract cert storer methods from AuthDB
To be able to extend the AuthDB with methods that also extend the
provisioner we need to either create a new method or to split the
interface. This change splits the interface so we can have a cleaner
implementation.
2022-05-18 18:27:37 -07:00
Herman Slatman
9e05cc4d51
Merge pull request #940 from smallstep/herman/improve-renew-expired-cert-error
Improve error message when client renews with expired certificate
2022-05-19 01:46:01 +02:00
Herman Slatman
479eda7339
Improve error message when client renews with expired certificate
When a client provides an expired certificate and `AllowAfterExpiry`
is not enabled, the client would get a rather generic error with
instructions to view the CA logs. Viewing the CA logs can be done
when running `step-ca`, but they can't be accessed easily in the
hosted solution.

This commit returns a slightly more informational message to the
client in this specific situation.
2022-05-19 01:25:30 +02:00
max furman
fff00aca78 Updates to issue templates 2022-05-18 15:56:40 -07:00
max furman
bfb406bf70 Fixes for PR review 2022-05-18 09:43:32 -07:00
Herman Slatman
14524d7916
Merge pull request #938 from smallstep/herman/update-crypto-0.16.2
Update go.step.sm/crypto to v0.16.2
2022-05-18 09:15:18 +02:00
Herman Slatman
d1ab1d5431
Merge branch 'master' into herman/update-crypto-0.16.2 2022-05-18 09:11:38 +02:00
Herman Slatman
984e4fcff8
Merge pull request #932 from smallstep/herman/pkcs7-patches
Use github.com/smallstep/pkcs7 fork with (selected) patches applied
2022-05-18 09:10:48 +02:00
Herman Slatman
b75ce3acbd
Update to go.step.sm/crypto v0.16.2
This patch release of go.step.sm/crypto fixes an issue with
not all `Subject` names being available for usage in a template
as `ExtraNames`.
2022-05-17 23:39:01 +02:00
Mariano Cano
400b1ece0b Remove scep handler after merge. 2022-05-12 17:39:36 -07:00
Mariano Cano
898ca41268 Merge branch 'master' into context-authority 2022-05-12 17:14:46 -07:00
Herman Slatman
ea084d71fb
Merge pull request #933 from smallstep/herman/allow-deny
Fix check for admin not belonging to provisioner that policy applies to
2022-05-12 16:42:26 +02:00
Herman Slatman
c695b23e24
Fix check for admin not belonging to policy 2022-05-12 16:33:32 +02:00
max furman
25b8d196d8 Couple changes in response to PR
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
  admins when not using Admin API
2022-05-11 17:04:43 -07:00
Mariano Cano
d0c0733691
Merge pull request #924 from vijayjt/vijayt/helmchart-kms
Allow KMS type to be specified in the helm chart values YAML
2022-05-11 14:14:25 -07:00
Herman Slatman
7030dbb7a1
Use github.com/smallstep/pkcs7 fork with patches applied 2022-05-11 21:18:47 +02:00
Herman Slatman
d51913f62a
Merge pull request #917 from smallstep/herman/scep-get
Add SCEP GET requests
2022-05-11 15:32:45 +02:00
Mariano Cano
8942422973 Add GetID() and add authority to initial context 2022-05-10 16:51:09 -07:00
Herman Slatman
688ae837a4
Add some tests for SCEP request decoding 2022-05-07 00:26:18 +02:00
Herman Slatman
c9a89d13ee
Merge branch 'master' into herman/scep-get 2022-05-06 23:49:53 +02:00
Mariano Cano
1e03bbb1af Change types in the ACMEAdminResponder 2022-05-06 14:11:10 -07:00
Mariano Cano
f639bfc53b Use contexts on the new PolicyAdminResponder 2022-05-06 14:05:08 -07:00
Mariano Cano
d461918eb0 Merge branch 'master' into context-authority 2022-05-06 13:21:41 -07:00
Herman Slatman
65090daac3
Merge pull request #788 from smallstep/herman/allow-deny
Add allow/deny policy for x509 SANs and SSH Principals
2022-05-06 19:11:34 +02:00
Herman Slatman
cc26a0b394
Explicitly disable wildcard Common Name constraint 2022-05-06 13:58:48 +02:00
Herman Slatman
0f4ffa504a
Fix linting issues 2022-05-06 13:23:09 +02:00
Herman Slatman
7104299119
Add full policy validation in API 2022-05-06 13:12:13 +02:00
Mariano Cano
2ea0c70344 Move acme context middleware to deprecated handler 2022-05-05 12:25:07 -07:00
Herman Slatman
ed231d29e2
Update to go.step.sm/linkedca@v0.16.1 2022-05-05 15:57:47 +02:00