mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
1298 commits 33 branches 197 tags 41 MiB
Commit graph

33 commits

Author SHA1 Message Date
Mariano Cano
9822305bb6 Use only the IID template on IID provisioners. 
Use always sshutil.DefaultIIDCertificate and require at least one
principal on IID provisioners.
 2020-08-03 15:11:42 -07:00
Mariano Cano
a78f7e8913 Add template support on k8ssa provisioner. 2020-07-30 17:45:03 -07:00
Mariano Cano
e0dce54338 Add missing argument. 2020-07-30 17:45:03 -07:00
Mariano Cano
c1fc45c872 Simplify SSH modifiers with options. 
It also changes the behavior of the request options to modify only
the validity of the certificate.
 2020-07-30 17:45:03 -07:00
Mariano Cano
570ede45e7 Do not enforce number of principals or extensions. 2020-07-30 17:45:02 -07:00
Mariano Cano
631f1612a1 Add TemplateData to SignSSHOptions. 2020-07-30 17:45:02 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 2020-07-22 18:24:45 -07:00
max furman
397a181d10 Add backdate validation to sshCertValidityValidator. 2020-01-28 13:29:40 -08:00
max furman
1cb8bb3ae1 Simplify statuscoder error generators. 2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 2020-01-28 13:29:40 -08:00
Mariano Cano
144acb9ee3 Remove debug statement. 2020-01-28 13:29:39 -08:00
Mariano Cano
84ff172093 Add support for backdate to SSH certificates. 2020-01-28 13:29:39 -08:00
max furman
414a94b210 Instrument getIdentity func for OIDC ssh provisioner 2020-01-28 13:28:16 -08:00
Mariano Cano
7db7b1ee4c Fix some provisioner tests 2020-01-28 13:28:16 -08:00
max furman
54e3cf7322 Add multiuse capability to k8ssa provisioners 2020-01-28 13:28:16 -08:00
max furman
d368791606 Add x5c provisioner capabilities 2019-10-14 14:51:37 -07:00
Mariano Cano
d59a5b222f Truncate to seconds to avoid rounding up times. 
It can cause that certs are not valid yet, if they are used right away.
 2019-09-19 13:42:24 -07:00
Mariano Cano
adc1d54b0d Define valid after as 1m before now. 
It avoids errors with immediate use of cert.
 2019-09-19 12:37:41 -07:00
max furman
e3826dd1c3 Add ACME CA capabilities 2019-09-13 15:48:33 -07:00
max furman
d204469280 Add a few more validity checks to default ssh cert validator 2019-09-12 19:27:59 -07:00
Mariano Cano
396b4222aa Implement validator for ssh keys. 
Fixes #100
 2019-09-10 17:04:13 -07:00
max furman
61d52a8510 Small fixes associated with PR review 
* additions and grammar edits to documentation
* clarification of error msgs
 2019-09-08 21:05:36 -07:00
Mariano Cano
34e1e3380a Fix lint errors. 2019-08-05 16:14:25 -07:00
Mariano Cano
e71072d389 Add experimental support for provisioning users. 2019-08-02 17:48:34 -07:00
Mariano Cano
a8f4ad1b8e Set default SSH options if no user options are given. 2019-07-31 17:03:33 -07:00
Mariano Cano
780eeb5487 Remove debug print. 2019-07-30 16:56:30 -07:00
Mariano Cano
221d323b68 Fix containsAllMembers 2019-07-29 18:16:52 -07:00
Mariano Cano
7583f1c739 Do not require all principals, allow subgroups. 2019-07-29 17:54:13 -07:00
Mariano Cano
53f62f871c Set not extensions to host certificates. 2019-07-29 16:36:46 -07:00
Mariano Cano
48c98dea2a Make SanitizeSSHPrincipal a public function. 2019-07-29 16:21:22 -07:00
Mariano Cano
f01286bb48 Add support for SSH certificates to OIDC. 
Update the interface for all the provisioners.
 2019-07-29 15:54:07 -07:00
Mariano Cano
3ff410c695 fix ssh validity modifier 2019-07-25 18:41:32 -07:00
Mariano Cano
1c8f610ca9 Add initial implementation of an SSH CA using the JWK provisioner. 
Fixes smallstep/ca-component#187
 2019-07-23 18:46:43 -07:00