Commit graph

1455 commits

Author SHA1 Message Date
Mariano Cano
d46990d4c4 Add support for step ca init with a RA. 2020-10-19 18:42:03 -07:00
Mariano Cano
ef92a3a6d7 Move cas options under authority. 2020-10-19 18:08:51 -07:00
Mariano Cano
6838233416
Merge pull request #395 from smallstep/aws-identity-cert
Add option to specify the AWS IID certificates to use.
2020-10-15 17:14:20 -07:00
Mariano Cano
6a7b564ef9 Unify indent type.
This change changes the indentation used by `step ca init` to be
consistent with Config.Save used by `step ca provisioner *`.
2020-10-13 18:53:45 -07:00
Mariano Cano
7d1686dc53 Add option to specify the AWS IID certificates to use.
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.

Fixes #393
2020-10-13 17:51:24 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas
Support for CAS Interface and CloudCAS
2020-10-05 18:09:01 -07:00
Mariano Cano
3e0ab8fba7 Fix typo. 2020-10-05 18:00:50 -07:00
Mariano Cano
d64427487d Add comment about the missing error check. 2020-10-05 17:39:44 -07:00
Mariano Cano
8381e9bd17 Fix typos. 2020-10-05 17:20:22 -07:00
Carl Tashian
329f401e58
Update cas.md
Needed to run two commands to set up IAM roles because passing `--role` twice only uses the second value passed.
2020-09-29 15:46:53 -07:00
Carl Tashian
3f55f22b2e
Update cas.md
Added `--location` flag to a couple of the commands
2020-09-29 15:24:15 -07:00
Carl Tashian
c963883d60
Merge pull request #377 from smallstep/gh-discussions
Change Gitter links to GH Discussions tab
2020-09-28 14:10:12 -07:00
Mariano Cano
7d779e12db Change service account name. 2020-09-24 12:45:19 -07:00
Mariano Cano
52d857a302 Update CloudCAS instructions. 2020-09-24 12:43:25 -07:00
Mariano Cano
066c7ee10b Fix iam permissions. 2020-09-24 12:37:29 -07:00
Carl Tashian
fd07e25e61 Change Gitter links to GH Discussions tab 2020-09-23 16:36:37 -07:00
Mariano Cano
42ce78ed43 Add initial docs for CAS. 2020-09-22 13:32:48 -07:00
Mariano Cano
072adc906e Print root fingerprint for CloudCAS. 2020-09-22 13:23:48 -07:00
Mariano Cano
8e6d7accf8 Do not add the CRL distribution points extension.
This extension is added by CloudCAS.
2020-09-21 17:09:46 -07:00
Mariano Cano
38fa780775 Add interface to get root certificate from CAS.
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
2020-09-21 15:27:20 -07:00
Mariano Cano
fa099f2ae2 Change method name. 2020-09-21 15:11:25 -07:00
Mariano Cano
d0086fe9ba
Merge pull request #375 from smallstep/admin-templates
Use new admin template for K8ssa and admin-OIDC provisioners.
2020-09-21 13:58:09 -07:00
Mariano Cano
4c8bf87dc1 Use new admin template for K8ssa and admin-OIDC provisioners.
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
2020-09-21 12:49:16 -07:00
Mariano Cano
309d9ddcc4
Merge pull request #374 from smallstep/missing-token-ids
Create a hash of a token if a token id is empty.
2020-09-21 10:02:58 -07:00
Mariano Cano
d79b4e709e Create a hash of a token if a token id is empty. 2020-09-18 16:25:08 -07:00
Mariano Cano
656315bd61
Merge pull request #371 from smallstep/bundle-awskms-init
Add step-awskms-init to the binary releases.
2020-09-18 11:12:26 -07:00
Mariano Cano
c2fd6a8421 Add step-awskms-init to the binary releases.
Fixes 332
2020-09-18 11:01:54 -07:00
Mariano Cano
4f3b24af8f
Merge pull request #370 from smallstep/yubi-management-key
Make the YubiKey management key configurable.
2020-09-17 16:15:24 -07:00
Mariano Cano
f100b2d0e3 Make the YubiKey management key configurable.
With this change the default management key is not required as the
user is able to set its own.

Fixes #323
2020-09-17 16:07:32 -07:00
Mariano Cano
a332c40530 Merge branch 'master' into cas 2020-09-17 14:46:52 -07:00
Mariano Cano
87bbcee239 Update go.sum 2020-09-17 11:17:46 -07:00
Mariano Cano
9573b47efb
Merge pull request #369 from acipia/master
avoid using yubikey attestation cert
2020-09-17 11:15:49 -07:00
max furman
3e874a1e72 Fix RHEL/CentOS install docs 2020-09-16 20:53:58 -07:00
Mariano Cano
884a6f5dd0 Skip test on CI. 2020-09-16 14:03:26 -07:00
Mariano Cano
91aa1e87f1 Do not use go 1.15 methods. 2020-09-16 13:51:49 -07:00
Mariano Cano
60515d92c5 Remove unnecessary properties. 2020-09-16 13:31:26 -07:00
Pierre Laden
692f7692a2 fix #2 indentation 2020-09-16 22:26:53 +02:00
Pierre Laden
290d5ee979 fix gofmt complain 2020-09-16 22:15:42 +02:00
Pierre Laden
179e793f1a - provide PINpolicy always to piv-go to avoid trying to use attestation cert, which we might not have
- bump piv-go version to 1.6.0
2020-09-16 21:59:48 +02:00
Mariano Cano
f2dd5c48cc Fix linting errors. 2020-09-16 12:41:43 -07:00
Mariano Cano
8957e5e5a2 Add missing tests 2020-09-16 12:34:42 -07:00
Mariano Cano
e146b3fe16 Add Unit tests for softcas. 2020-09-15 19:37:02 -07:00
Mariano Cano
1550a21f68 Fix unit tests. 2020-09-15 18:14:21 -07:00
Mariano Cano
e17ce39e3a Add support for Revoke using CAS. 2020-09-15 18:14:03 -07:00
Mariano Cano
144ffe73dd Complete unit tests for Google CAS. 2020-09-15 17:23:11 -07:00
Mariano Cano
f7d066fca8 Fix key usages. 2020-09-15 15:19:59 -07:00
Mariano Cano
01e6495f43 Add most of cloudcas unit tests and minor fixes. 2020-09-14 19:13:40 -07:00
Mariano Cano
8eff4e77a8 Comment request structs. 2020-09-14 19:12:49 -07:00
Mariano Cano
bd8dd9da41 Do not read issuer and signer twice. 2020-09-10 19:13:17 -07:00
Mariano Cano
aad8f9e582 Pass issuer and signer to softCAS options.
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
2020-09-10 19:09:46 -07:00