Commit graph

46 commits

Author SHA1 Message Date
Mariano Cano
c3f98fd04d Change some bad requests to forbidded.
Change in the sign options bad requests to forbidded if is the
provisioner the one adding a restriction, e.g. list of dns names,
validity, ...
2021-11-24 11:32:35 -08:00
Mariano Cano
a33709ce8d Fix sign ssh options tests. 2021-11-23 18:06:18 -08:00
Mariano Cano
1da7ea6646 Return always http errors in sign ssh options. 2021-11-23 17:52:39 -08:00
Mariano Cano
b6ebd118fc Update temporal solution for sending message to users 2021-11-18 18:47:55 -08:00
Mariano Cano
668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 2021-11-18 18:44:58 -08:00
Mariano Cano
1aadd63cef Use always badRequest on duration errors. 2021-11-17 12:00:54 -08:00
Mariano Cano
41fec1577d Report duration errors directly to the cli. 2021-11-17 11:46:57 -08:00
Mariano Cano
141c519171 Simplify check of principals in a case insensitive way
Fixes #679
2021-09-08 16:00:33 -07:00
Fearghal O Floinn
7a94b0c157 Converts group and subgroup to lowercase for comparison.
Fixes #679
2021-09-08 12:24:49 +01:00
Mariano Cano
d30a95236d Use always go.step.sm/crypto 2020-08-14 15:33:50 -07:00
Mariano Cano
8d89bbd62f Remove unused code. 2020-08-03 18:39:02 -07:00
Mariano Cano
c4bbc81d9f Fix authority tests. 2020-08-03 18:36:05 -07:00
Mariano Cano
413af88aad Fix provisioning tests. 2020-08-03 18:10:29 -07:00
Mariano Cano
9822305bb6 Use only the IID template on IID provisioners.
Use always sshutil.DefaultIIDCertificate and require at least one
principal on IID provisioners.
2020-08-03 15:11:42 -07:00
Mariano Cano
a78f7e8913 Add template support on k8ssa provisioner. 2020-07-30 17:45:03 -07:00
Mariano Cano
e0dce54338 Add missing argument. 2020-07-30 17:45:03 -07:00
Mariano Cano
c1fc45c872 Simplify SSH modifiers with options.
It also changes the behavior of the request options to modify only
the validity of the certificate.
2020-07-30 17:45:03 -07:00
Mariano Cano
570ede45e7 Do not enforce number of principals or extensions. 2020-07-30 17:45:02 -07:00
Mariano Cano
631f1612a1 Add TemplateData to SignSSHOptions. 2020-07-30 17:45:02 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
max furman
397a181d10 Add backdate validation to sshCertValidityValidator. 2020-01-28 13:29:40 -08:00
max furman
1cb8bb3ae1 Simplify statuscoder error generators. 2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
Mariano Cano
144acb9ee3 Remove debug statement. 2020-01-28 13:29:39 -08:00
Mariano Cano
84ff172093 Add support for backdate to SSH certificates. 2020-01-28 13:29:39 -08:00
max furman
414a94b210 Instrument getIdentity func for OIDC ssh provisioner 2020-01-28 13:28:16 -08:00
Mariano Cano
7db7b1ee4c Fix some provisioner tests 2020-01-28 13:28:16 -08:00
max furman
54e3cf7322 Add multiuse capability to k8ssa provisioners 2020-01-28 13:28:16 -08:00
max furman
d368791606 Add x5c provisioner capabilities 2019-10-14 14:51:37 -07:00
Mariano Cano
d59a5b222f Truncate to seconds to avoid rounding up times.
It can cause that certs are not valid yet, if they are used right away.
2019-09-19 13:42:24 -07:00
Mariano Cano
adc1d54b0d Define valid after as 1m before now.
It avoids errors with immediate use of cert.
2019-09-19 12:37:41 -07:00
max furman
e3826dd1c3 Add ACME CA capabilities 2019-09-13 15:48:33 -07:00
max furman
d204469280 Add a few more validity checks to default ssh cert validator 2019-09-12 19:27:59 -07:00
Mariano Cano
396b4222aa Implement validator for ssh keys.
Fixes #100
2019-09-10 17:04:13 -07:00
max furman
61d52a8510 Small fixes associated with PR review
* additions and grammar edits to documentation
* clarification of error msgs
2019-09-08 21:05:36 -07:00
Mariano Cano
34e1e3380a Fix lint errors. 2019-08-05 16:14:25 -07:00
Mariano Cano
e71072d389 Add experimental support for provisioning users. 2019-08-02 17:48:34 -07:00
Mariano Cano
a8f4ad1b8e Set default SSH options if no user options are given. 2019-07-31 17:03:33 -07:00
Mariano Cano
780eeb5487 Remove debug print. 2019-07-30 16:56:30 -07:00
Mariano Cano
221d323b68 Fix containsAllMembers 2019-07-29 18:16:52 -07:00
Mariano Cano
7583f1c739 Do not require all principals, allow subgroups. 2019-07-29 17:54:13 -07:00
Mariano Cano
53f62f871c Set not extensions to host certificates. 2019-07-29 16:36:46 -07:00
Mariano Cano
48c98dea2a Make SanitizeSSHPrincipal a public function. 2019-07-29 16:21:22 -07:00
Mariano Cano
f01286bb48 Add support for SSH certificates to OIDC.
Update the interface for all the provisioners.
2019-07-29 15:54:07 -07:00
Mariano Cano
3ff410c695 fix ssh validity modifier 2019-07-25 18:41:32 -07:00
Mariano Cano
1c8f610ca9 Add initial implementation of an SSH CA using the JWK provisioner.
Fixes smallstep/ca-component#187
2019-07-23 18:46:43 -07:00