Herman Slatman
922f702da3
Add logging for SSH certificate issuance
2023-05-04 15:33:06 +02:00
Mariano Cano
1be74eca62
Merge branch 'master' into ssh-renew-provisioner
2022-05-23 14:31:15 -07:00
Mariano Cano
6b3a8f22f3
Add provisioner to SSH renewals
...
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2022-05-20 14:41:44 -07:00
Mariano Cano
a6b8e65d69
Retrieve the authority from the context in api methods.
2022-04-26 12:58:40 -07:00
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages ( #860 )
...
* api/render: initial implementation of the package
* acme/api: refactored to support api/render
* authority/admin: refactored to support api/render
* ca: refactored to support api/render
* api: refactored to support api/render
* api/render: implemented Error
* api: refactored to support api/render.Error
* acme/api: refactored to support api/render.Error
* authority/admin: refactored to support api/render.Error
* ca: refactored to support api/render.Error
* ca: fixed broken tests
* api/render, api/log: moved error logging to this package
* acme: refactored Error so that it implements render.RenderableError
* authority/admin: refactored Error so that it implements render.RenderableError
* api/render: implemented RenderableError
* api/render: added test coverage for Error
* api/render: implemented statusCodeFromError
* api: refactored RootsPEM to work with render.Error
* acme, authority/admin: fixed pointer receiver name for consistency
* api/render, errs: moved StatusCoder & StackTracer to the render package
2022-03-30 11:22:22 +03:00
Panagiotis Siatras
29092b9d8a
api: refactored to use the read package
2022-03-18 20:20:59 +02:00
Mariano Cano
b5db3f5706
Modify errs.ForbiddenErr to always return an error to the cli.
2021-11-23 11:52:55 -08:00
Mariano Cano
668d3ea6c7
Modify errs.Wrap() with bad request to send messages to users.
2021-11-18 18:44:58 -08:00
Mariano Cano
8c8db0d4b7
Modify errs.BadRequestErr() to always return an error to the client.
2021-11-18 18:17:36 -08:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
max furman
7b5d6968a5
first commit
2021-05-19 15:20:16 -07:00
Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
2020-08-10 11:26:51 -07:00
Mariano Cano
3b19bb9796
Add TemplateData to SSHSignRequest.
...
Add some omitempty tags.
2020-07-30 17:45:03 -07:00
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
Mariano Cano
b0ff731d18
Add support for user provisioner certificates on OIDC provisioners.
...
OIDC provisioners create an SSH certificate with two principals. This
was avoiding the creationg of user provisioner certificates for those
provisioners.
Fixes smallstep/cli#268
2020-04-23 19:42:55 -07:00
Mariano Cano
bfe1f4952d
Rename interface to CertificateEnforcer and add tests.
2020-03-31 11:41:36 -07:00
Mariano Cano
64f26c0f40
Enforce a duration for identity certificates.
2020-03-30 17:33:04 -07:00
Mariano Cano
c49a9d5e33
Add context parameter to all SSH methods.
2020-03-10 19:01:45 -07:00
max furman
1cb8bb3ae1
Simplify statuscoder error generators.
2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
max furman
b9f6aacb0f
Move api errors to their own package and modify the typedef
2020-01-28 13:29:39 -08:00
max furman
3ac388612a
Use x5cInsecure token for /ssh/check-host endpoint
2020-01-28 13:29:39 -08:00
Mariano Cano
f6ffa2cc43
Check at the cert type instead of at the body.
2020-01-28 13:29:39 -08:00
Mariano Cano
7b81bec8aa
Use default duration for host certificates identity files.
2020-01-28 13:29:39 -08:00
Mariano Cano
3a16835cdd
Make identity duration the same as the SSH cert.
2020-01-28 13:29:39 -08:00
max furman
656f35e522
Use an actual Hosts type when returning ssh hosts
2020-01-28 13:29:39 -08:00
max furman
f92bb06b6c
change func def for getSSHHosts
...
* continue to return all hosts if injection method not specified
2020-01-28 13:28:16 -08:00
Mariano Cano
11c8639782
Add identity certificate in ssh response.
2020-01-28 13:28:16 -08:00
max furman
d940ab7c20
Add getSSHHosts injection func
2020-01-28 13:28:16 -08:00
Mariano Cano
8bf3bf701e
Add support for /ssh/bastion method.
2020-01-28 13:28:16 -08:00
max furman
54e3cf7322
Add multiuse capability to k8ssa provisioners
2020-01-28 13:28:16 -08:00
max furman
29853ae016
sshpop provisioner + ssh renew | revoke | rekey first pass
2020-01-28 13:28:16 -08:00
max furman
5616386eed
Add SSH getHosts api
2020-01-28 13:28:16 -08:00
Mariano Cano
d880a98295
Add tests for ssh api methods.
2020-01-28 13:28:16 -08:00
Mariano Cano
a713277453
Fix return of host configurations.
2020-01-28 13:28:16 -08:00
Mariano Cano
37f17213bb
Add initial support for check-host endpoint.
2020-01-28 13:28:16 -08:00
Mariano Cano
d08db4df23
Rename SSH methods.
2020-01-28 13:28:16 -08:00
Mariano Cano
b5bc249e1c
Add support for multiple ssh roots.
...
Fixes #125
2020-01-28 13:28:16 -08:00
Mariano Cano
91130b9c3f
Add support for user data in templates.
2020-01-28 13:28:16 -08:00
Mariano Cano
a35988ff08
Add initial support for ssh config.
...
Related to smallstep/cli#170
2020-01-28 13:28:16 -08:00
Mariano Cano
961be1fbc7
Add endpoint to return the SSH public keys.
...
Related to smallstep/ca-component#195
2020-01-28 13:28:16 -08:00
Mariano Cano
a197158426
Add initial implementation of ssh config.
2020-01-28 13:28:16 -08:00
max furman
61d52a8510
Small fixes associated with PR review
...
* additions and grammar edits to documentation
* clarification of error msgs
2019-09-08 21:05:36 -07:00
Mariano Cano
ca74bb1de5
Add ssh api tests.
2019-08-05 16:06:05 -07:00
Mariano Cano
e71072d389
Add experimental support for provisioning users.
2019-08-02 17:48:34 -07:00
Mariano Cano
ba2ba54928
Adapt api package to new interfaces.
2019-07-29 12:52:13 -07:00
Mariano Cano
d008d2d4d1
Use default base64 encoding for public key
2019-07-25 18:42:32 -07:00
Mariano Cano
1c8f610ca9
Add initial implementation of an SSH CA using the JWK provisioner.
...
Fixes smallstep/ca-component#187
2019-07-23 18:46:43 -07:00