forked from TrueCloudLab/certificates
Add provisioner as a signOption for SSH
This commit is contained in:
parent
293586079a
commit
e7d7eb1a94
9 changed files with 9 additions and 1 deletions
|
@ -747,6 +747,7 @@ func (p *AWS) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
|
|||
signOptions = append(signOptions, templateOptions)
|
||||
|
||||
return append(signOptions,
|
||||
p,
|
||||
// Validate user SignSSHOptions.
|
||||
sshCertOptionsValidator(defaults),
|
||||
// Set the validity bounds if not set.
|
||||
|
|
|
@ -418,6 +418,7 @@ func (p *Azure) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOptio
|
|||
signOptions = append(signOptions, templateOptions)
|
||||
|
||||
return append(signOptions,
|
||||
p,
|
||||
// Validate user SignSSHOptions.
|
||||
sshCertOptionsValidator(defaults),
|
||||
// Set the validity bounds if not set.
|
||||
|
|
|
@ -425,6 +425,7 @@ func (p *GCP) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
|
|||
signOptions = append(signOptions, templateOptions)
|
||||
|
||||
return append(signOptions,
|
||||
p,
|
||||
// Validate user SignSSHOptions.
|
||||
sshCertOptionsValidator(defaults),
|
||||
// Set the validity bounds if not set.
|
||||
|
|
|
@ -257,6 +257,7 @@ func (p *JWK) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
|
|||
}
|
||||
|
||||
return append(signOptions,
|
||||
p,
|
||||
// Set the validity bounds if not set.
|
||||
&sshDefaultDuration{p.ctl.Claimer},
|
||||
// Validate public key
|
||||
|
|
|
@ -275,6 +275,7 @@ func (p *K8sSA) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOptio
|
|||
signOptions := []SignOption{templateOptions}
|
||||
|
||||
return append(signOptions,
|
||||
p,
|
||||
// Require type, key-id and principals in the SignSSHOptions.
|
||||
&sshCertOptionsRequireValidator{CertType: true, KeyID: true, Principals: true},
|
||||
// Set the validity bounds if not set.
|
||||
|
|
|
@ -250,6 +250,7 @@ func (p *Nebula) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOpti
|
|||
}
|
||||
|
||||
return append(signOptions,
|
||||
p,
|
||||
templateOptions,
|
||||
// Checks the validity bounds, and set the validity if has not been set.
|
||||
&sshLimitDuration{p.ctl.Claimer, crt.Details.NotAfter},
|
||||
|
|
|
@ -50,7 +50,7 @@ func (p *noop) AuthorizeRevoke(ctx context.Context, token string) error {
|
|||
}
|
||||
|
||||
func (p *noop) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption, error) {
|
||||
return []SignOption{}, nil
|
||||
return []SignOption{p}, nil
|
||||
}
|
||||
|
||||
func (p *noop) AuthorizeSSHRenew(ctx context.Context, token string) (*ssh.Certificate, error) {
|
||||
|
|
|
@ -434,6 +434,7 @@ func (o *OIDC) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption
|
|||
}
|
||||
|
||||
return append(signOptions,
|
||||
o,
|
||||
// Set the validity bounds if not set.
|
||||
&sshDefaultDuration{o.ctl.Claimer},
|
||||
// Validate public key
|
||||
|
|
|
@ -312,6 +312,7 @@ func (p *X5C) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
|
|||
}
|
||||
|
||||
return append(signOptions,
|
||||
p,
|
||||
// Checks the validity bounds, and set the validity if has not been set.
|
||||
&sshLimitDuration{p.ctl.Claimer, claims.chains[0][0].NotAfter},
|
||||
// Validate public key.
|
||||
|
|
Loading…
Reference in a new issue