max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
Mariano Cano
ed26e97487
Fix tests.
2020-01-28 13:29:39 -08:00
Mariano Cano
c1bd1561dd
Renew identity certificate in /ssh/rekey and /ssh/renew
2020-01-28 13:29:39 -08:00
max furman
b9f6aacb0f
Move api errors to their own package and modify the typedef
2020-01-28 13:29:39 -08:00
Mariano Cano
dedf6b17be
Addapt tests to the api change.
2020-01-28 13:29:39 -08:00
max furman
3ac388612a
Use x5cInsecure token for /ssh/check-host endpoint
2020-01-28 13:29:39 -08:00
Mariano Cano
f0eb12372b
Add missing unit tests for ssh.
2020-01-28 13:29:39 -08:00
Mariano Cano
f6ffa2cc43
Check at the cert type instead of at the body.
2020-01-28 13:29:39 -08:00
Mariano Cano
5d7829b198
Replace /ssh/get-hosts to /ssh/hosts
2020-01-28 13:29:39 -08:00
Mariano Cano
d8b3e05a3f
Add error marshaling tests.
2020-01-28 13:29:39 -08:00
Mariano Cano
7b81bec8aa
Use default duration for host certificates identity files.
2020-01-28 13:29:39 -08:00
Mariano Cano
b179ad3662
Fix api tests.
2020-01-28 13:29:39 -08:00
Mariano Cano
3a16835cdd
Make identity duration the same as the SSH cert.
2020-01-28 13:29:39 -08:00
Mariano Cano
4f08a7816f
Fix extra write header.
2020-01-28 13:29:39 -08:00
max furman
656f35e522
Use an actual Hosts type when returning ssh hosts
2020-01-28 13:29:39 -08:00
Mariano Cano
c60641701b
Add version endpoint.
2020-01-28 13:28:16 -08:00
max furman
f92bb06b6c
change func def for getSSHHosts
...
* continue to return all hosts if injection method not specified
2020-01-28 13:28:16 -08:00
Mariano Cano
11c8639782
Add identity certificate in ssh response.
2020-01-28 13:28:16 -08:00
max furman
d940ab7c20
Add getSSHHosts injection func
2020-01-28 13:28:16 -08:00
Mariano Cano
8bf3bf701e
Add support for /ssh/bastion method.
2020-01-28 13:28:16 -08:00
max furman
54e3cf7322
Add multiuse capability to k8ssa provisioners
2020-01-28 13:28:16 -08:00
Mariano Cano
0ae9bab21e
Fix api tests.
2020-01-28 13:28:16 -08:00
max furman
29853ae016
sshpop provisioner + ssh renew | revoke | rekey first pass
2020-01-28 13:28:16 -08:00
max furman
862d704f6b
get-hosts fixes
2020-01-28 13:28:16 -08:00
max furman
5616386eed
Add SSH getHosts api
2020-01-28 13:28:16 -08:00
Mariano Cano
385bf0a14a
Fix lint, add keys to fields.
2020-01-28 13:28:16 -08:00
Mariano Cano
d880a98295
Add tests for ssh api methods.
2020-01-28 13:28:16 -08:00
Mariano Cano
a713277453
Fix return of host configurations.
2020-01-28 13:28:16 -08:00
Mariano Cano
37f17213bb
Add initial support for check-host endpoint.
2020-01-28 13:28:16 -08:00
Mariano Cano
d08db4df23
Rename SSH methods.
2020-01-28 13:28:16 -08:00
Mariano Cano
b5bc249e1c
Add support for multiple ssh roots.
...
Fixes #125
2020-01-28 13:28:16 -08:00
Mariano Cano
91130b9c3f
Add support for user data in templates.
2020-01-28 13:28:16 -08:00
Mariano Cano
a35988ff08
Add initial support for ssh config.
...
Related to smallstep/cli#170
2020-01-28 13:28:16 -08:00
Mariano Cano
b000b59ee6
Fix HTTP method for /ssh/sign
2020-01-28 13:28:16 -08:00
Mariano Cano
961be1fbc7
Add endpoint to return the SSH public keys.
...
Related to smallstep/ca-component#195
2020-01-28 13:28:16 -08:00
Mariano Cano
a197158426
Add initial implementation of ssh config.
2020-01-28 13:28:16 -08:00
Jozef Kralik
bc6074f596
Change api of functions Authority.Sign, Authority.Renew
...
Returns certificate chain instead of 2 members.
Implements #126
2019-10-09 22:23:00 +02:00
max furman
fe7973c060
wip
2019-09-19 13:17:45 -07:00
max furman
e3826dd1c3
Add ACME CA capabilities
2019-09-13 15:48:33 -07:00
max furman
61d52a8510
Small fixes associated with PR review
...
* additions and grammar edits to documentation
* clarification of error msgs
2019-09-08 21:05:36 -07:00
Mariano Cano
10e7b81b9f
Merge branch 'master' into ssh-ca
2019-09-05 23:06:01 +02:00
max furman
2b41faa9cf
Enforce >= 2048 bit rsa keys at the provisioner layer
...
* Fixes #94
* In the future this should be configurable by provisioner
2019-08-27 14:44:59 -07:00
Mariano Cano
ca74bb1de5
Add ssh api tests.
2019-08-05 16:06:05 -07:00
Mariano Cano
e71072d389
Add experimental support for provisioning users.
2019-08-02 17:48:34 -07:00
Mariano Cano
a44b0a1d52
Fix typo
2019-07-29 15:53:43 -07:00
Mariano Cano
ba2ba54928
Adapt api package to new interfaces.
2019-07-29 12:52:13 -07:00
Mariano Cano
d008d2d4d1
Use default base64 encoding for public key
2019-07-25 18:42:32 -07:00
Mariano Cano
1c8f610ca9
Add initial implementation of an SSH CA using the JWK provisioner.
...
Fixes smallstep/ca-component#187
2019-07-23 18:46:43 -07:00
max furman
ab4d569f36
Add /revoke API with interface db backend
2019-04-10 13:50:35 -07:00
Mariano Cano
64f2615864
Fix tests.
2019-03-25 12:35:21 -07:00
Mariano Cano
00fed1c538
Add initial version of time duration support in sign requests.
2019-03-22 18:55:28 -07:00
Mariano Cano
a97ea87caa
Move options to provisioner so we can set the duration of the cert.
2019-03-07 15:14:18 -08:00
Mariano Cano
aa8385b8ba
Fix api tests.
2019-03-07 13:15:07 -08:00
Mariano Cano
507fd01062
Remove provisioner intermediate type.
2019-03-07 13:07:39 -08:00
Mariano Cano
bcaba4f72a
Fix api tests.
2019-03-06 18:41:01 -08:00
Mariano Cano
bc12036330
Update Authority interface.
2019-03-06 15:01:16 -08:00
Mariano Cano
1c7155298b
Log always the token, even on errors.
2019-02-20 12:34:40 -08:00
Mariano Cano
adbc496b40
Improve tests
2019-02-20 12:18:13 -08:00
Mariano Cano
b974957868
Add certificate information to logs.
...
Fixes smallstep/ca-component#147
2019-02-19 19:48:18 -08:00
Mariano Cano
8252608ca2
Fix mock
2019-01-14 14:33:00 -08:00
Mariano Cano
518b597535
Remove mTLS client requirement in /roots and /federation
2019-01-11 19:08:08 -08:00
Mariano Cano
d296cf95a9
Add mTLS request to get all the root CAs, not the federated ones.
2019-01-07 17:48:56 -08:00
Mariano Cano
37149ed3ea
Add method to get all the certs.
2019-01-04 16:51:37 -08:00
max furman
c74fcd57a7
ca-component -> certificates
...
* fix redundant error check
* add README
2018-10-31 21:36:01 -07:00
max furman
0d9dd2d14b
provisioner issuer -> name
2018-10-29 18:00:30 -07:00
Mariano Cano
e54086662f
Add tests with cursors.
2018-10-25 19:28:45 -07:00
Mariano Cano
99cab73360
Remove unused import /provisioners/jwk-set-by-issuer
2018-10-25 18:55:18 -07:00
Mariano Cano
0ccf775f2e
Add support for cursors in the api.
2018-10-25 18:53:13 -07:00
max furman
ee7db4006a
change sign + authorize authority api | add provisioners
...
* authorize returns []interface{}
- operators in this list can conform to any interface the user decides
- our implementation has a combination of certificate claim validators
and certificate template modifiers.
* provisioners can set and enforce tls cert options
2018-10-18 22:26:39 -07:00
Mariano Cano
f938ab113b
Add /re-sign endpoint for compatibility with old code.
2018-10-24 16:31:28 -07:00
max furman
828798418c
gofmt
2018-10-15 15:27:14 -07:00
max furman
0b5f6487e1
change provisioners api
...
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
2018-10-11 23:03:00 -07:00
Mariano Cano
ed13132037
Add unit tests for provisioner endpoints.
2018-10-09 11:30:39 -07:00
Mariano Cano
ff67c17893
Add provisioners endpoints.
2018-10-08 19:06:30 -07:00
max furman
c284a2c0ab
first commit
2018-10-05 21:48:36 +00:00