Commit graph

65 commits

Author SHA1 Message Date
Mariano Cano
6b3a8f22f3 Add provisioner to SSH renewals
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2022-05-20 14:41:44 -07:00
Mariano Cano
293586079a Store provisioner with SignSSH
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
2022-05-18 18:33:53 -07:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container 2022-04-26 13:12:16 +02:00
Herman Slatman
76112c2da1
Improve error creation and testing for core policy engine 2022-04-26 01:47:07 +02:00
Herman Slatman
3fa96ebf13
Improve policy errors returned to client 2022-04-24 13:11:32 +02:00
Herman Slatman
571b21abbc
Fix (most) PR comments 2022-03-31 16:12:29 +02:00
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level 2022-03-08 13:26:07 +01:00
Herman Slatman
0475a4d26f
Refactor extraction of JSON template syntax errors 2022-01-12 10:41:36 +01:00
Herman Slatman
a5455d3572
Improve errors related to template execution failures (slightly) 2022-01-10 15:49:37 +01:00
Mariano Cano
031d4d7000 Return BadRequest when validating sign options. 2021-11-23 17:52:17 -08:00
Mariano Cano
bb26799583 Modify errs.Wrap with forbidden errors. 2021-11-23 12:04:51 -08:00
Mariano Cano
668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 2021-11-18 18:44:58 -08:00
Mariano Cano
8c8db0d4b7 Modify errs.BadRequestErr() to always return an error to the client. 2021-11-18 18:17:36 -08:00
Mariano Cano
8ce807a6cb Modify errs.BadRequest() calls to always send an error to the client. 2021-11-18 15:12:44 -08:00
max furman
922d239171 Simplify conditional 2021-11-16 21:47:14 -08:00
max furman
a7d144996f SSH backwards compat updates
- use existence of new value in data map as boolean
- add tests for backwards and forwards compatibility
- fix old tests that used static dir locations
2021-11-16 21:47:14 -08:00
max furman
507be61e8c Use a more distint map key to indicate template version
- make the key a variable that can be reused on the CLI side.
2021-11-16 21:47:14 -08:00
max furman
f426c152a9 backwards compatibility for version of cli older than v0.18.0 2021-11-16 21:47:14 -08:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
f7542a5bd9 Move check of ssh revocation from provisioner to the authority. 2021-07-21 15:22:57 -07:00
Mariano Cano
71f8019243 Store x509 and ssh certificates on linkedca if enabled. 2021-07-20 18:16:24 -07:00
max furman
7b5d6968a5 first commit 2021-05-19 15:20:16 -07:00
Mariano Cano
4d375a06f5 Make clearer what's an unsigned cert. 2020-08-28 14:29:18 -07:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
Mariano Cano
e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 2020-08-10 11:26:51 -07:00
Mariano Cano
c4bbc81d9f Fix authority tests. 2020-08-03 18:36:05 -07:00
Mariano Cano
a78f7e8913 Add template support on k8ssa provisioner. 2020-07-30 17:45:03 -07:00
Mariano Cano
c1fc45c872 Simplify SSH modifiers with options.
It also changes the behavior of the request options to modify only
the validity of the certificate.
2020-07-30 17:45:03 -07:00
Mariano Cano
d7e590908e Use sshutil for ssh renewing and rekeying. 2020-07-30 17:45:02 -07:00
Mariano Cano
b66d123572 Use sshutil for SSH certificate signing. 2020-07-30 17:45:02 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
Mariano Cano
39650637d4
Merge pull request #297 from smallstep/no-bastion-bastion
Do not return bastion for the configured bastion host.
2020-06-23 11:45:25 -07:00
Mariano Cano
b0fdd0b2be Do not return bastion for the configured bastion host.
Fixes #296
2020-06-19 12:37:08 -07:00
Mariano Cano
e3ae751b57 Use templates from authority instead of config. 2020-06-16 17:57:35 -07:00
Mariano Cano
237baa5169 Check for required variables in templates.
Fixes smallstep/cli#232
2020-06-16 17:26:54 -07:00
Mariano Cano
9832d1538b Avoid nil pointer panic on step ssh config with no templates. 2020-06-15 17:25:47 -07:00
Mariano Cano
b0ff731d18 Add support for user provisioner certificates on OIDC provisioners.
OIDC provisioners create an SSH certificate with two principals. This
was avoiding the creationg of user provisioner certificates for those
provisioners.

Fixes smallstep/cli#268
2020-04-23 19:42:55 -07:00
Mariano Cano
c49a9d5e33 Add context parameter to all SSH methods. 2020-03-10 19:01:45 -07:00
max furman
397a181d10 Add backdate validation to sshCertValidityValidator. 2020-01-28 13:29:40 -08:00
max furman
1cb8bb3ae1 Simplify statuscoder error generators. 2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
Mariano Cano
74b5d7f984 Add backdate support on ssh rekey. 2020-01-28 13:29:39 -08:00
Mariano Cano
84ff172093 Add support for backdate to SSH certificates. 2020-01-28 13:29:39 -08:00
max furman
b9f6aacb0f Move api errors to their own package and modify the typedef 2020-01-28 13:29:39 -08:00
max furman
3ac388612a Use x5cInsecure token for /ssh/check-host endpoint 2020-01-28 13:29:39 -08:00
max furman
656f35e522 Use an actual Hosts type when returning ssh hosts 2020-01-28 13:29:39 -08:00
max furman
f92bb06b6c change func def for getSSHHosts
* continue to return all hosts if injection method not specified
2020-01-28 13:28:16 -08:00
Mariano Cano
11c8639782 Add identity certificate in ssh response. 2020-01-28 13:28:16 -08:00
max furman
d940ab7c20 Add getSSHHosts injection func 2020-01-28 13:28:16 -08:00
Mariano Cano
8bf3bf701e Add support for /ssh/bastion method. 2020-01-28 13:28:16 -08:00