Commit graph

170 commits

Author SHA1 Message Date
Mariano Cano
77af30bfa3 Remove debug statement. 2020-01-08 11:46:33 -08:00
Mariano Cano
f46dc03111 Add tests of profileLimitDuration with backdate. 2020-01-06 14:34:59 -08:00
Mariano Cano
165a91858e Add tests for backdate and sshDefaultDuration 2020-01-06 14:21:13 -08:00
Mariano Cano
7e33aeb8d3 Add unit test for profileDefaultDuration. 2020-01-06 12:19:00 -08:00
Mariano Cano
935d0d4542 Add support for backdate to SSH certificates. 2020-01-03 18:22:52 -08:00
Mariano Cano
e67ccd9e3d Add fault tolerance against clock skew accross system on TLS certificates. 2020-01-02 17:48:28 -08:00
Mariano Cano
e841a86b48 Make sure to define the KeyID from the token if available. 2019-12-10 16:34:01 -08:00
max furman
55237d635c Fix authority calling wrong revoke method 2019-12-03 12:39:57 -05:00
max furman
8b2105a8f9 Instrument getIdentity func for OIDC ssh provisioner 2019-11-19 13:32:58 -08:00
max furman
f25a2a43eb remove printfs 2019-11-15 11:59:12 -08:00
max furman
6ca1df5081 Add WithGetIdentityFunc option and attr to authority
* Add Identity type to provisioner
2019-11-14 20:38:39 -08:00
Mariano Cano
be93c9e1f4 Add missing comment. 2019-11-14 15:27:12 -08:00
Mariano Cano
fcccb06696 Fix some provisioner tests 2019-11-14 15:26:37 -08:00
Mariano Cano
a4fd76f1a8 Make provisioner tests compile, they are still failing. 2019-11-14 10:48:06 -08:00
Mariano Cano
69a7058ff0 Remove global check for number of k8sSA provisioners.
This was causing a bug in the reload of the ca.
2019-11-08 17:44:39 -08:00
max furman
e679deddd7 sshpop token should not allow renew/rekey of user ssh certs 2019-11-07 21:39:36 -08:00
max furman
946094d2b7 Add multiuse capability to k8ssa provisioners 2019-11-06 15:54:04 -08:00
max furman
a9ea292bd4 sshpop provisioner + ssh renew | revoke | rekey first pass 2019-11-05 16:41:42 -08:00
max furman
b5f15531d8 sshpop first pass 2019-11-05 16:41:17 -08:00
max furman
8f07ff6a39 Add kubernetes service account provisioner 2019-10-29 17:42:50 -07:00
max furman
d368791606 Add x5c provisioner capabilities 2019-10-14 14:51:37 -07:00
Mariano Cano
59526d3225
Merge pull request #105 from smallstep/okta-support
Address support on OIDC provisioners
2019-09-20 15:33:11 -07:00
Mariano Cano
39b41b5e83
Merge pull request #107 from smallstep/ssh-valid-after
Truncate to seconds ValidAfter
2019-09-19 15:27:28 -07:00
Mariano Cano
d59a5b222f Truncate to seconds to avoid rounding up times.
It can cause that certs are not valid yet, if they are used right away.
2019-09-19 13:42:24 -07:00
max furman
fe7973c060 wip 2019-09-19 13:17:45 -07:00
Mariano Cano
adc1d54b0d Define valid after as 1m before now.
It avoids errors with immediate use of cert.
2019-09-19 12:37:41 -07:00
Mariano Cano
72f1a61f06 Increase coverage. 2019-09-18 18:08:26 -07:00
Mariano Cano
b7045f27a9 Increase coverage. 2019-09-18 17:13:58 -07:00
Mariano Cano
a16b2125bc Fix tests. 2019-09-18 16:04:43 -07:00
Mariano Cano
6c4abfabbb Make /.well-known/openid-configuration optional 2019-09-18 15:54:10 -07:00
Mariano Cano
3527ee6940 Add support for listenAddress parameter if OIDC provisioners.
Fixes smallstep/cli#150
2019-09-18 15:25:28 -07:00
max furman
44e864030d Remove debug logging 2019-09-16 10:45:33 -07:00
max furman
e3826dd1c3 Add ACME CA capabilities 2019-09-13 15:48:33 -07:00
max furman
d204469280 Add a few more validity checks to default ssh cert validator 2019-09-12 19:27:59 -07:00
Mariano Cano
396b4222aa Implement validator for ssh keys.
Fixes #100
2019-09-10 17:04:13 -07:00
max furman
61d52a8510 Small fixes associated with PR review
* additions and grammar edits to documentation
* clarification of error msgs
2019-09-08 21:05:36 -07:00
Mariano Cano
10e7b81b9f Merge branch 'master' into ssh-ca 2019-09-05 23:06:01 +02:00
max furman
ac234771c7 Remove unknown provisioner WARNning and leave TODO 2019-08-29 10:49:52 -07:00
max furman
ca8daf5f12 Update comment and warn 2019-08-28 17:28:03 -07:00
Mariano Cano
9200f11ed8 Skip unsupported provisioners. 2019-08-28 17:25:39 -07:00
max furman
2b41faa9cf Enforce >= 2048 bit rsa keys at the provisioner layer
* Fixes #94
* In the future this should be configurable by provisioner
2019-08-27 14:44:59 -07:00
max furman
635c59ed24 Accept emails SANs 2019-08-23 15:59:30 -07:00
Mariano Cano
34e1e3380a Fix lint errors. 2019-08-05 16:14:25 -07:00
Mariano Cano
57a529cc1a Allow to enable the SSH CA per provisioner 2019-08-05 11:40:27 -07:00
Mariano Cano
e71072d389 Add experimental support for provisioning users. 2019-08-02 17:48:34 -07:00
Mariano Cano
dc657565a7 Add SSH test for GCP. 2019-07-31 18:22:21 -07:00
Mariano Cano
7983aa8661 Add azure ssh tests. 2019-07-31 18:16:17 -07:00
Mariano Cano
2cac85a8c8 Add aws tests. 2019-07-31 18:11:46 -07:00
Mariano Cano
f8a71899fd Add missing file. 2019-07-31 17:46:28 -07:00
Mariano Cano
d231bfb764 Update jwk and oidc tests. 2019-07-31 17:04:17 -07:00