max furman
c7a6385913
Add authz capabilities table to provisioners doc
2020-06-24 14:13:03 -07:00
Mariano Cano
39650637d4
Merge pull request #297 from smallstep/no-bastion-bastion
...
Do not return bastion for the configured bastion host.
2020-06-23 11:45:25 -07:00
Mariano Cano
e9a0ad4ec7
Merge pull request #291 from smallstep/template-variables
...
Add support for required template variables
2020-06-23 11:44:47 -07:00
Mariano Cano
fcfc4e9b2b
Fix ssh federated template variables.
2020-06-23 11:14:26 -07:00
Mariano Cano
b0fdd0b2be
Do not return bastion for the configured bastion host.
...
Fixes #296
2020-06-19 12:37:08 -07:00
Max
be030309a4
Update issue templates
2020-06-18 13:52:16 -07:00
Max
5f27b31be5
Update issue templates
2020-06-18 13:46:59 -07:00
Mariano Cano
528d0910ab
Add omitempty to requires property.
2020-06-16 19:03:33 -07:00
Mariano Cano
907162be44
Add test for DefaultTemplates.
2020-06-16 18:44:47 -07:00
Mariano Cano
f82a248617
Add test with backfill.
2020-06-16 18:26:41 -07:00
Mariano Cano
ff32746312
Add test case for error executing template.
2020-06-16 18:21:44 -07:00
Mariano Cano
e3ae751b57
Use templates from authority instead of config.
2020-06-16 17:57:35 -07:00
Mariano Cano
a845b56283
Remove the template path if we load the defaults.
2020-06-16 17:56:22 -07:00
Mariano Cano
237baa5169
Check for required variables in templates.
...
Fixes smallstep/cli#232
2020-06-16 17:26:54 -07:00
Mariano Cano
6c844a0618
Load default templates if no templates are configured.
2020-06-16 17:26:18 -07:00
Mariano Cano
b583d8d658
Move default templates to the template package.
2020-06-16 17:24:47 -07:00
Max
2ebfc73f77
Merge pull request #290 from smallstep/max/profileLimit
...
Update profileLimitDuration validator ...
2020-06-16 13:04:34 -07:00
max furman
7d5cf34ce5
Update profileLimitDuration validator ...
...
- respect notBefore of the provisioner
- modify/fix the reported errors
2020-06-16 12:16:43 -07:00
Mariano Cano
72bb6e159f
Merge pull request #287 from smallstep/nil-templates
...
Avoid nil pointer panic on step ssh config with no templates.
Fixes #289
2020-06-16 12:12:35 -07:00
max furman
54be8889cd
Correct attribute names for SSH claims in provisioner docs
2020-06-16 10:58:58 -07:00
Max
6ee30c3a41
Merge pull request #288 from smallstep/max/rhel-doc
...
Add RHEL/Centos install documentation and a section on systemctl configuration
2020-06-15 20:23:04 -07:00
max furman
aaec9931f4
Add RHEL/Centos install docs and a section on systemctl config
2020-06-15 20:19:44 -07:00
Mariano Cano
9832d1538b
Avoid nil pointer panic on step ssh config with no templates.
2020-06-15 17:25:47 -07:00
Mariano Cano
91bf74551b
Merge pull request #176 from moqmar/patch/ports-below-1024
...
Let step-ca bind to ports < 1024
Fixes #170
2020-06-15 15:53:52 -07:00
Mariano Cano
88add85e42
Merge pull request #286 from smallstep/ksm-imports
...
Move load of kms to main package.
2020-06-14 14:44:37 -07:00
Mariano Cano
ddb4ca7a74
Move load of kms to main package.
...
With this change packages that import the authority won't load by
default all the supported kms with all its dependencies.
Fixes #228
2020-06-12 14:55:35 -07:00
Miclain K Keffeler
2d45f61987
Merge pull request #1 from mkkeffeler/mkkeffeler-docs
...
RHEL/CentOS Example
2020-06-03 08:58:25 -05:00
Miclain K Keffeler
195cdd664a
RHEL/CentOS Example
2020-06-03 08:57:35 -05:00
Max
0b528d2507
Merge pull request #283 from smallstep/max/empty-oids-nil
...
Always convert empty list to nil when saving orderIDs index.
2020-06-01 20:00:10 -07:00
max furman
41a1a053d8
Always convert empty list to nil when saving orderIDs index.
2020-06-01 18:04:51 -07:00
Max
619f6f6ce0
Merge pull request #281 from smallstep/max/acmeOrders
...
Only retain `pending' orders in the `acme_account_orders_index`
2020-06-01 13:16:05 -07:00
max furman
704a510a2a
Remove non-pending orders from the acme_orders_by_account index ...
...
- Each acme account has an index in this table. Before this change, the
index would grow unchecked as orders accumulate. This change removes
orders that have moved out of the 'PENDING' state.
2020-06-01 12:56:50 -07:00
max furman
c4f1eea5dc
Correct badger file loading mode documentation.
2020-05-29 10:04:58 -07:00
David Cowden
30bfba48d5
Merge branch 'dcow/key-change-error'
...
Fixes: https://github.com/smallstep/certificates/pull/276
2020-05-28 17:10:06 -07:00
max furman
d9a1fb7e5d
Recommend badgerV2 in badger extra options documentation.
2020-05-28 15:00:55 -07:00
David Cowden
a26b5f322d
acme/api: Brush up documentation on key-change
...
Add more specific wording describing what a 501 means and add more color
explaining how official vs unofficial error types should be handled.
2020-05-28 11:22:37 -07:00
Mariano Cano
2ca63a9ff5
Merge pull request #267 from smallstep/awskms
...
AWS KMS support
2020-05-26 16:00:34 -07:00
Mariano Cano
26c89cf779
Rename method.
2020-05-26 14:34:47 -07:00
Mariano Cano
7a985b1470
Fix usage, remove unsupported flag.
2020-05-26 14:26:05 -07:00
Mariano Cano
df3e9c0cd6
Add full version of the license.
2020-05-26 12:21:09 -07:00
Mariano Cano
4ac51dd508
Merge pull request #274 from smallstep/oidc-raw-locals
...
Allow dots and other symbols in principals for OIDC
2020-05-26 11:28:30 -07:00
Mariano Cano
6c9cd7050c
Add test with query strings.
2020-05-26 11:13:07 -07:00
Mariano Cano
dfe8e11e44
Remove anchor from link.
2020-05-26 10:55:26 -07:00
Mariano Cano
3246a3e81f
Add missing test case.
2020-05-26 10:22:15 -07:00
David Cowden
b26e6e42b3
acme: Return 501 for the key-change route
...
RFC 8555 § 7.3.5 is not listed as optional but we do not currently
support it. Rather than 404, return a 501 to inform clients that this
functionality is not yet implemented.
The notImplmented error type is not an official error registered in the
ietf:params:acme:error namespace, so prefix if with step:acme:error. An
ACME server is allowed to return other errors and clients should display
the message detail to users.
Fixes: https://github.com/smallstep/certificates/issues/209
2020-05-26 01:47:08 -07:00
Max
ab0f2aedcc
Merge pull request #268 from smallstep/max/acme-nbf
...
Set nbf and nbf for ACME orders even when they are not set in the request.
Closes #92
2020-05-22 10:38:01 -07:00
max furman
6e69f99310
Always set nbf and naf for new ACME orders ...
...
- Use the default value from the ACME provisioner if values are not
defined in the request.
2020-05-22 10:31:58 -07:00
Mariano Cano
0b5fd156e8
Add a third principal on OIDC tokens with the raw local part of the email.
...
For the email first.last@example.com it will create the principals
["firstlast", "first.last", "first.last@example.com"]
Fixes #253 , #254
2020-05-21 12:09:11 -07:00
Mariano Cano
7104588fcb
Fix linter error.
2020-05-20 17:58:37 -07:00
Mariano Cano
f006cca87a
Use Go 1.14.
2020-05-20 17:45:57 -07:00