Josh Drake
904f416d20
Include authorization principal in provisioner webhooks.
2023-07-24 00:30:05 -05:00
Mariano Cano
71fcdf8a0a
Fix linter errors from #1404
2023-05-25 16:55:00 -07:00
Ruslan Nugmanov
1031324273
add AWS public certificates for me-central-1 and ap-southeast-3
...
As per https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-signature.html
2023-05-25 13:47:13 +01:00
max furman
8b256f0351
address linter warning for go 1.19
2023-05-09 23:47:28 -07:00
Andrew Reed
7101fbb0ee
Provisioner webhooks ( #1001 )
2022-09-29 19:16:26 -05:00
max furman
7c5e5b2b87
Even more linter fixes
2022-09-20 21:48:04 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2022-09-20 16:35:41 -07:00
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2022-08-18 17:46:20 -07:00
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19)
...
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
2022-06-16 01:28:59 +07:00
Mariano Cano
e7d7eb1a94
Add provisioner as a signOption for SSH
2022-05-18 18:42:42 -07:00
Herman Slatman
5e9bce508d
Unexport GetPolicy()
2022-05-05 12:32:53 +02:00
Herman Slatman
c40a4d2694
Contain policy engines inside provisioner Controller
2022-04-22 01:20:38 +02:00
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny
2022-04-08 16:01:56 +02:00
Herman Slatman
613c99f00f
Fix linting issues
2022-03-24 13:10:49 +01:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
2022-03-24 12:36:12 +01:00
Mariano Cano
b401376829
Add current provisioner to AuthorizeSign SignOptions.
...
The original provisioner cannot be retrieved from a certificate
if a linked ra is used.
2022-03-21 19:21:40 -07:00
Mariano Cano
259e95947c
Add support for the provisioner controller
...
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
2022-03-09 18:43:45 -08:00
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level
2022-03-08 13:26:07 +01:00
Herman Slatman
88c7b63c9d
Split SSH user and cert policy configuration and execution
2022-02-01 15:18:39 +01:00
Herman Slatman
512b8d6730
Refactor instantiation of policy engines
...
Instead of using the `base` struct, the x509 and SSH policy
engines are now added to each provisioner directly.
2022-01-25 16:45:25 +01:00
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine
2022-01-03 12:25:24 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
40e77f6e9a
Initialize required variables on GetIdentityToken
...
Fixes smallstep/cli#465
2021-08-26 17:56:40 -07:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00
max furman
638766c615
wip
2021-05-19 18:23:20 -07:00
Mariano Cano
5017b7d21f
Recalculate token id instead of validating it.
2020-12-17 14:52:34 -08:00
Mariano Cano
0cf594a003
Validate payload ID.
...
Related to #435
2020-12-17 13:35:14 -08:00
Mariano Cano
39b23c057d
Add all AWS certificates used to verify base64 signatures.
2020-10-28 17:47:44 -07:00
Mariano Cano
7d1686dc53
Add option to specify the AWS IID certificates to use.
...
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.
Fixes #393
2020-10-13 17:51:24 -07:00
Mariano Cano
c94a1c51be
Merge branch 'master' into ssh-cert-templates
2020-08-24 15:08:28 -07:00
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
Mariano Cano
aaaa7e9b4e
Merge branch 'master' into cert-templates
2020-08-14 10:45:41 -07:00
Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
2020-08-10 11:26:51 -07:00
Mariano Cano
f437b86a7b
Merge branch 'cert-templates' into ssh-cert-templates
2020-08-05 18:43:07 -07:00
Mariano Cano
c8d225a763
Use x509util from go.step.sm/crypto/x509util
2020-08-05 16:02:46 -07:00
Mariano Cano
9822305bb6
Use only the IID template on IID provisioners.
...
Use always sshutil.DefaultIIDCertificate and require at least one
principal on IID provisioners.
2020-08-03 15:11:42 -07:00
Mariano Cano
aa657cdb4b
Use SSHOptions inside provisioner options.
2020-07-30 18:44:52 -07:00
Mariano Cano
6c36ceb158
Add initial template support for iid provisisioners.
2020-07-30 17:45:03 -07:00
David Cowden
86efe7aff0
aws: use http.NoBody instead of nil
...
It's a little more descriptive.
2020-07-22 18:39:46 -07:00
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
David Cowden
51f16ee2e0
aws: add tests covering metadata service versions
...
* Add constructor tests for the aws provisioner.
* Add a test to make sure the "v1" logic continues to work.
By and large, v2 is the way to go. However, there are some instances of
things that specifically request metadata service version 1 and so this
adds minimal coverage to make sure we don't accidentally break the path
should anyone need to depend on the former logic.
2020-07-22 16:52:06 -07:00
David Cowden
5efe5f3573
metadata-v2: pull in joshathysolate-master
...
Taking of this PR to get it across the goal line.
2020-07-22 04:15:34 -07:00
Mariano Cano
02c4f9817d
Set full token payload instead of only the known properties.
2020-07-21 14:21:54 -07:00
Mariano Cano
eb8886d828
Add CR subject as iid default subject.
...
Add a minimal subject with just a common name to iid provisioners
in case we want to use it.
2020-07-21 14:18:06 -07:00
Mariano Cano
a44f0ca866
Add token payload.
2020-07-21 14:18:06 -07:00
Mariano Cano
13b704aeed
Add template support for AWS provisioner.
2020-07-21 14:18:05 -07:00
max furman
1951669e13
wip
2020-06-23 11:10:45 -07:00
Josh Hogle
e9b500daf2
Updated error message
2020-05-20 14:43:25 -04:00
Josh Hogle
044d00045a
Fixed missing initialization of IMDS versions
2020-05-20 13:24:45 -04:00