max furman
|
397a181d10
|
Add backdate validation to sshCertValidityValidator.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
1cb8bb3ae1
|
Simplify statuscoder error generators.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
dccbdf3a90
|
Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
|
2020-01-28 13:29:40 -08:00 |
|
Mariano Cano
|
895d3054a3
|
Remove the use of custom x509 package.
Upgrade cli dependency.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
144acb9ee3
|
Remove debug statement.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
06411d1715
|
Add tests of profileLimitDuration with backdate.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
8297e5c717
|
Add tests for backdate and sshDefaultDuration
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
93b65bee7c
|
Add unit test for profileDefaultDuration.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
84ff172093
|
Add support for backdate to SSH certificates.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
5565d61bf3
|
Add fault tolerance against clock skew accross system on TLS certificates.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
08eac1b00d
|
Make sure to define the KeyID from the token if available.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
9caadbb341
|
Fix authority calling wrong revoke method
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
414a94b210
|
Instrument getIdentity func for OIDC ssh provisioner
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
3d970b45c8
|
remove printfs
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
f74cd04a6a
|
Add WithGetIdentityFunc option and attr to authority
* Add Identity type to provisioner
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
a86dc78b5d
|
Add missing comment.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
7db7b1ee4c
|
Fix some provisioner tests
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
d4627d1282
|
Make provisioner tests compile, they are still failing.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
cf592fa0e1
|
Remove global check for number of k8sSA provisioners.
This was causing a bug in the reload of the ca.
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
5788ac3f4f
|
sshpop token should not allow renew/rekey of user ssh certs
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
54e3cf7322
|
Add multiuse capability to k8ssa provisioners
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
29853ae016
|
sshpop provisioner + ssh renew | revoke | rekey first pass
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
c04f1e1bd4
|
sshpop first pass
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
8f07ff6a39
|
Add kubernetes service account provisioner
|
2019-10-29 17:42:50 -07:00 |
|
max furman
|
d368791606
|
Add x5c provisioner capabilities
|
2019-10-14 14:51:37 -07:00 |
|
Mariano Cano
|
59526d3225
|
Merge pull request #105 from smallstep/okta-support
Address support on OIDC provisioners
|
2019-09-20 15:33:11 -07:00 |
|
Mariano Cano
|
39b41b5e83
|
Merge pull request #107 from smallstep/ssh-valid-after
Truncate to seconds ValidAfter
|
2019-09-19 15:27:28 -07:00 |
|
Mariano Cano
|
d59a5b222f
|
Truncate to seconds to avoid rounding up times.
It can cause that certs are not valid yet, if they are used right away.
|
2019-09-19 13:42:24 -07:00 |
|
max furman
|
fe7973c060
|
wip
|
2019-09-19 13:17:45 -07:00 |
|
Mariano Cano
|
adc1d54b0d
|
Define valid after as 1m before now.
It avoids errors with immediate use of cert.
|
2019-09-19 12:37:41 -07:00 |
|
Mariano Cano
|
72f1a61f06
|
Increase coverage.
|
2019-09-18 18:08:26 -07:00 |
|
Mariano Cano
|
b7045f27a9
|
Increase coverage.
|
2019-09-18 17:13:58 -07:00 |
|
Mariano Cano
|
a16b2125bc
|
Fix tests.
|
2019-09-18 16:04:43 -07:00 |
|
Mariano Cano
|
6c4abfabbb
|
Make /.well-known/openid-configuration optional
|
2019-09-18 15:54:10 -07:00 |
|
Mariano Cano
|
3527ee6940
|
Add support for listenAddress parameter if OIDC provisioners.
Fixes smallstep/cli#150
|
2019-09-18 15:25:28 -07:00 |
|
max furman
|
44e864030d
|
Remove debug logging
|
2019-09-16 10:45:33 -07:00 |
|
max furman
|
e3826dd1c3
|
Add ACME CA capabilities
|
2019-09-13 15:48:33 -07:00 |
|
max furman
|
d204469280
|
Add a few more validity checks to default ssh cert validator
|
2019-09-12 19:27:59 -07:00 |
|
Mariano Cano
|
396b4222aa
|
Implement validator for ssh keys.
Fixes #100
|
2019-09-10 17:04:13 -07:00 |
|
max furman
|
61d52a8510
|
Small fixes associated with PR review
* additions and grammar edits to documentation
* clarification of error msgs
|
2019-09-08 21:05:36 -07:00 |
|
Mariano Cano
|
10e7b81b9f
|
Merge branch 'master' into ssh-ca
|
2019-09-05 23:06:01 +02:00 |
|
max furman
|
ac234771c7
|
Remove unknown provisioner WARNning and leave TODO
|
2019-08-29 10:49:52 -07:00 |
|
max furman
|
ca8daf5f12
|
Update comment and warn
|
2019-08-28 17:28:03 -07:00 |
|
Mariano Cano
|
9200f11ed8
|
Skip unsupported provisioners.
|
2019-08-28 17:25:39 -07:00 |
|
max furman
|
2b41faa9cf
|
Enforce >= 2048 bit rsa keys at the provisioner layer
* Fixes #94
* In the future this should be configurable by provisioner
|
2019-08-27 14:44:59 -07:00 |
|
max furman
|
635c59ed24
|
Accept emails SANs
|
2019-08-23 15:59:30 -07:00 |
|
Mariano Cano
|
34e1e3380a
|
Fix lint errors.
|
2019-08-05 16:14:25 -07:00 |
|
Mariano Cano
|
57a529cc1a
|
Allow to enable the SSH CA per provisioner
|
2019-08-05 11:40:27 -07:00 |
|
Mariano Cano
|
e71072d389
|
Add experimental support for provisioning users.
|
2019-08-02 17:48:34 -07:00 |
|
Mariano Cano
|
dc657565a7
|
Add SSH test for GCP.
|
2019-07-31 18:22:21 -07:00 |
|