Mariano Cano
|
21bd339b86
|
Merge branch 'master' into kms
|
2020-02-11 13:20:35 -08:00 |
|
Mariano Cano
|
7846696fbb
|
Fix return sign options on ssh sign.
|
2020-01-29 11:58:47 -08:00 |
|
max furman
|
d482ae2fb5
|
Remove test that is no longer implemented by the method.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
397a181d10
|
Add backdate validation to sshCertValidityValidator.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
df60fe3f0d
|
Remove all references to old apiError.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
1cb8bb3ae1
|
Simplify statuscoder error generators.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
dccbdf3a90
|
Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
|
2020-01-28 13:29:40 -08:00 |
|
Mariano Cano
|
895d3054a3
|
Remove the use of custom x509 package.
Upgrade cli dependency.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
144acb9ee3
|
Remove debug statement.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
06411d1715
|
Add tests of profileLimitDuration with backdate.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
8297e5c717
|
Add tests for backdate and sshDefaultDuration
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
93b65bee7c
|
Add unit test for profileDefaultDuration.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
74b5d7f984
|
Add backdate support on ssh rekey.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
84ff172093
|
Add support for backdate to SSH certificates.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
5565d61bf3
|
Add fault tolerance against clock skew accross system on TLS certificates.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
b9f6aacb0f
|
Move api errors to their own package and modify the typedef
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
f033422ffa
|
Allow no provisioners.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
f4615d6258
|
Addapt test to api change.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
3ac388612a
|
Use x5cInsecure token for /ssh/check-host endpoint
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
08eac1b00d
|
Make sure to define the KeyID from the token if available.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
de3ba58455
|
Store renew certificate in the database.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
caa2b8dbb7
|
Add leeway in identity not before.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
9caadbb341
|
Fix authority calling wrong revoke method
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
f26103d150
|
Make test compilable.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
557a45abfa
|
Update template tests.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
656f35e522
|
Use an actual Hosts type when returning ssh hosts
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
03bb26fb91
|
Add missing version.go file.
|
2020-01-28 13:28:17 -08:00 |
|
Mariano Cano
|
c60641701b
|
Add version endpoint.
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
f92bb06b6c
|
change func def for getSSHHosts
* continue to return all hosts if injection method not specified
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
11c8639782
|
Add identity certificate in ssh response.
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
d940ab7c20
|
Add getSSHHosts injection func
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
414a94b210
|
Instrument getIdentity func for OIDC ssh provisioner
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
3d970b45c8
|
remove printfs
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
f74cd04a6a
|
Add WithGetIdentityFunc option and attr to authority
* Add Identity type to provisioner
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
8bf3bf701e
|
Add support for /ssh/bastion method.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
a6edcd0a3d
|
Make test to compile, they still fail.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
000885dea7
|
Move Option type to a new file.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
a86dc78b5d
|
Add missing comment.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
7db7b1ee4c
|
Fix some provisioner tests
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
29be322b1c
|
Make audiences compatible with the old version.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
39ae5636fe
|
Complete AuthDB interface.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
d4627d1282
|
Make provisioner tests compile, they are still failing.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
a8a6d0ada3
|
Fix indentation.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
cf592fa0e1
|
Remove global check for number of k8sSA provisioners.
This was causing a bug in the reload of the ca.
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
5788ac3f4f
|
sshpop token should not allow renew/rekey of user ssh certs
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
54e3cf7322
|
Add multiuse capability to k8ssa provisioners
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
29853ae016
|
sshpop provisioner + ssh renew | revoke | rekey first pass
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
c04f1e1bd4
|
sshpop first pass
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
5616386eed
|
Add SSH getHosts api
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
c7e4cc96a4
|
Change default user duration to 16h.
|
2020-01-28 13:28:16 -08:00 |
|