Commit graph

3262 commits

Author SHA1 Message Date
Mariano Cano
aed1738ad0
Upgrade pkcs7 to the latest patches branch
smallstep/pkcs7@patches includes now support for generic Decrypter
methods, so KMS can be used instead of a key in disk with SCIM
2022-10-24 11:07:28 -07:00
Max
c407354c70
Merge pull request #1137 from smallstep/dependabot/go_modules/google.golang.org/api-0.100.0
Bump google.golang.org/api from 0.99.0 to 0.100.0
2022-10-24 09:18:31 -07:00
Max
25340c2bf6
Merge pull request #1138 from smallstep/dependabot/go_modules/github.com/stretchr/testify-1.8.1
Bump github.com/stretchr/testify from 1.8.0 to 1.8.1
2022-10-24 09:14:13 -07:00
dependabot[bot]
3e96113162
Bump github.com/stretchr/testify from 1.8.0 to 1.8.1
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-24 15:45:07 +00:00
dependabot[bot]
016973fd2b
Bump google.golang.org/api from 0.99.0 to 0.100.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.99.0 to 0.100.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.99.0...v0.100.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-24 15:44:56 +00:00
Herman Slatman
e90fe4bfa0
Update CHANGELOG.md with provisioner migration 2022-10-24 16:34:34 +02:00
Herman Slatman
9d04e7d1dc
Remove period in log output 2022-10-24 15:33:48 +02:00
Herman Slatman
54c560f620
Improve configuration file initialization log output 2022-10-24 15:22:37 +02:00
Herman Slatman
fd38dd34f9
Fix PR comments 2022-10-24 14:51:27 +02:00
Herman Slatman
49718f1bbb
Fix some comments 2022-10-21 11:48:59 +02:00
Herman Slatman
70da534893
Merge branch 'master' into herman/remote-management-helm 2022-10-21 11:09:57 +02:00
Mariano Cano
398213af51
Merge pull request #1123 from smallstep/renew-raw-subject
Use RawSubject on renew and rekey
2022-10-20 10:41:46 -07:00
Mariano Cano
caf0628b8c
Merge pull request #1122 from smallstep/fix-1114
Split build and download in Dockerfiles
2022-10-19 19:16:38 -07:00
Mariano Cano
aefdfc7be7
Use RawSubject on renew and rekey
Renew was not replicating exactly the subject because extra names
gets decoded into pkix.Name.Names, the non-default ones should be
added to pkix.Name.ExtraNames. Instead of doing that, this commit
sets the RawSubject that will also keep the order.

Fixes #1106
2022-10-19 19:10:50 -07:00
Mariano Cano
18555a3cb2
Split build and download in Dockerfiles
On systems with low resources the command `go mod download` can fail.
This causes long builds of the docker images. This change adds a new
layer in the docker build splitting the build and download in two
steps.

Fixes #1114
2022-10-19 17:57:50 -07:00
Mariano Cano
53f2ecdad9
Merge pull request #1121 from smallstep/fix-1115
Use sh instead of bash in .version.sh script
2022-10-19 16:39:37 -07:00
Mariano Cano
d07c9accea
Use sh instead of bash in .version.sh script
Fixes #1115
2022-10-19 16:28:31 -07:00
Max
7b45968198
Merge pull request #1119 from smallstep/max/common-triage 2022-10-18 18:16:49 -07:00
max furman
91775f6d67
[action] move oss triage wofkow to common workflows 2022-10-18 11:57:47 -07:00
Max
361e2b2907
Merge pull request #1116 from smallstep/max/docs-revocation-link
Update revocation docs link
2022-10-17 13:58:19 -07:00
Max
c103458ee9
Merge pull request #1110 from smallstep/dependabot/go_modules/google.golang.org/api-0.99.0
Bump google.golang.org/api from 0.98.0 to 0.99.0
2022-10-17 13:52:05 -07:00
max furman
e436c36f8b
Update revocation docs link 2022-10-17 13:45:00 -07:00
dependabot[bot]
b83f268b4d
Bump google.golang.org/api from 0.98.0 to 0.99.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.98.0 to 0.99.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.98.0...v0.99.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-17 20:39:12 +00:00
Max
f410ef6628
Merge pull request #1112 from smallstep/dependabot/go_modules/github.com/googleapis/gax-go/v2-2.6.0
Bump github.com/googleapis/gax-go/v2 from 2.5.1 to 2.6.0
2022-10-17 13:37:29 -07:00
dependabot[bot]
c3f6dcf7e7
Bump github.com/googleapis/gax-go/v2 from 2.5.1 to 2.6.0
Bumps [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/googleapis/gax-go/releases)
- [Commits](https://github.com/googleapis/gax-go/compare/v2.5.1...v2.6.0)

---
updated-dependencies:
- dependency-name: github.com/googleapis/gax-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-17 17:18:04 +00:00
Herman Slatman
f7d153efa7
Merge pull request #1109 from smallstep/herman/remove-acme-revoke-authorization-todo
Remove TODO and clarify ACME revoke authorization method docs
2022-10-17 19:14:18 +02:00
Max
70828b882f
Merge pull request #1111 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.8.1
Bump github.com/hashicorp/vault/api from 1.8.0 to 1.8.1
2022-10-17 10:12:23 -07:00
Max
a7db13d47b
Merge pull request #1113 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.50.1
Bump google.golang.org/grpc from 1.50.0 to 1.50.1
2022-10-17 10:10:29 -07:00
dependabot[bot]
9ee11fd850
Bump google.golang.org/grpc from 1.50.0 to 1.50.1
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.50.0...v1.50.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-17 15:58:52 +00:00
dependabot[bot]
3676c59599
Bump github.com/hashicorp/vault/api from 1.8.0 to 1.8.1
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-17 15:58:43 +00:00
Herman Slatman
cbc0864370
Remove TODO and clarify ACME revoke authorization method docs 2022-10-17 12:38:53 +02:00
Herman Slatman
d981b9e0dc
Add --admin-subject flag to ca init
The first super admin subject can now be provided through the
`--admin-subject` flag when initializing a CA.

It's not yet possible to configure the subject of the first
super admin when provisioners are migrated from `ca.json` to the
database. This effectively limits usage of the flag to scenarios
in which the provisioners are written to the database immediately,
so when `--remote-management` is enabled. It currently also doesn't
work with Helm deployments, because there's no mechanism yet to
pass this type of option to the Helm chart.

This commit partially addresses https://github.com/smallstep/cli/issues/697
2022-10-14 16:03:41 +02:00
Herman Slatman
57001168a5
Add default SSHPOP provisioner to Helm template output 2022-10-14 14:07:13 +02:00
Herman Slatman
c423e2f664
Improve Helm test data to be more realistic 2022-10-14 13:52:27 +02:00
Herman Slatman
459bfc4c4f
Add gibberish test key bytes to Helm tests 2022-10-14 01:45:07 +02:00
Herman Slatman
3262ffd43b
Add X.509 intermedaite and root certificates to Helm tests 2022-10-14 01:06:43 +02:00
Herman Slatman
1a5523f5c0
Add default JWK to the Helm tests 2022-10-14 00:09:32 +02:00
Herman Slatman
da5d2b405c
Merge branch 'master' into herman/remote-management-helm 2022-10-13 23:36:50 +02:00
Max
65b5a636df
Merge pull request #1104 from smallstep/max/err-assert
Fix err assert linter warnings - upgrade outdated package
2022-10-13 10:03:03 -07:00
max furman
7203739369
Fix err assert linter warnings - upgrade outdated package 2022-10-12 16:32:26 -07:00
Herman Slatman
6516384160
Trigger CI 2022-10-12 15:54:32 +02:00
Mariano Cano
e0994bed9d
Merge pull request #1102 from smallstep/yubikey-no-ca
Add test simulating YubiKey v5.2.4
2022-10-11 16:11:24 -07:00
Mariano Cano
a7e597450a
Update acme/challenge_test.go
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-10-11 10:04:42 -07:00
Herman Slatman
317efa4568
Add some TODOs for improvingin PKI initialization maintainability 2022-10-11 17:39:35 +02:00
Herman Slatman
8616d3160f
Add tests for writing the Helm template 2022-10-11 17:18:19 +02:00
Herman Slatman
674206320c
Write updated CA configuration after migrating provisioners 2022-10-11 14:12:06 +02:00
Herman Slatman
b5837f20c9
Merge branch 'master' into herman/remote-management-helm 2022-10-11 12:20:12 +02:00
Herman Slatman
c9ee4a9f9d
Disable initialization log output if started with --quiet 2022-10-11 12:19:48 +02:00
Mariano Cano
7a78c76199
Add test simulating YubiKey v5.2.4
There are YubiKeys v5.2.4 where the attestation intermediate (f9)
does not have a basic constraint extension, so that certificate
is not marked as a CA. The test and CA in this commit imitates
that use case. Currently the test case returns an error as we
don't support it. But if we change the verification to support
this use case, the test should change accordingly.
2022-10-10 18:27:11 -07:00
Max
b142fc70f7
Merge pull request #1099 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.50.0
Bump google.golang.org/grpc from 1.49.0 to 1.50.0
2022-10-10 09:39:11 -07:00