Commit graph

2949 commits

Author SHA1 Message Date
Mariano Cano
ead742ca0f Fix unit test 2022-03-15 12:13:01 -07:00
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy 2022-03-15 15:56:04 +01:00
Mariano Cano
6d532045dc Fix validity check for sshpop provisioner. 2022-03-14 17:31:21 -07:00
Mariano Cano
c903f00cd4 Rename claim to allowRenewAfterExpiry. 2022-03-14 15:40:01 -07:00
Panagiotis Siatras
415276e52b
Merge pull request #850 from smallstep/panos/envrc
git: ignore .envrc files
2022-03-14 13:29:35 +02:00
Panagiotis Siatras
f7a044222e
git: ignore .envrc files 2022-03-14 13:18:44 +02:00
Mariano Cano
6dcde8a743 Fix typo 2022-03-11 15:22:53 -08:00
Mariano Cano
a4dd586a81 Add method to get the CA url from the client. 2022-03-11 15:13:39 -08:00
Mariano Cano
4690fa64ed Add public methods to retrieve the provisioner extensions. 2022-03-11 14:59:42 -08:00
Mariano Cano
236caaa735 Add entry in changelog 2022-03-11 10:51:33 -08:00
Mariano Cano
f8df6a1acc Change variable name for consistency 2022-03-11 10:05:35 -08:00
Mariano Cano
616490a9c6 Refactor renew after expiry token authorization
This changes adds a new authority method that authorizes the
renew after expiry tokens.
2022-03-10 20:21:01 -08:00
Mariano Cano
41ea67ce10 Attempt to fix a bootstrap tests 2022-03-10 13:01:31 -08:00
Mariano Cano
79349b4d7c Add options to use custom renewal methods. 2022-03-10 13:01:08 -08:00
Mariano Cano
389815642d Fix tests: certs are truncated to seconds. 2022-03-10 10:46:28 -08:00
Mariano Cano
8ef8f4f665 Use the provisioner controller in Nebula renewals 2022-03-10 10:45:12 -08:00
Mariano Cano
afb5d36206 Allow to renew certificates using an x5c-like token. 2022-03-09 20:37:41 -08:00
Mariano Cano
259e95947c Add support for the provisioner controller
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
2022-03-09 18:43:45 -08:00
Mariano Cano
3c2ff33ca9 Add provisioner controller tests. 2022-03-09 18:43:27 -08:00
Mariano Cano
fd6a2eeb9c Add provisioner controller
The provisioner controller has the implementation of the identity
function as well as the renew methods with renew after expiry
support.
2022-03-09 18:39:09 -08:00
Mariano Cano
2e715cd505
Merge pull request #848 from smallstep/dep/nosql
Upgrade nosql package
2022-03-09 10:06:34 -08:00
Herman Slatman
3ec9a7310c
Fix ACME order identifier allow/deny check 2022-03-08 14:17:59 +01:00
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level 2022-03-08 13:26:07 +01:00
Herman Slatman
af53a17bb4
Merge branch 'master' into herman/allow-deny 2022-03-07 14:13:13 +01:00
Herman Slatman
a3cda9c3d7
Add configuration for custom path segment
To support SCEP clients that expect a specific path segment in
a SCEP URL, a new "customPath" option was added to the SCEP
provisioner configuration. The configuration can be used to set
a specific path (segment) that the SCEP provisioner will respond to.
2022-03-07 13:24:26 +01:00
vijayjt
4822516d72 Remove redundant parameter type declaration 2022-03-07 12:07:48 +00:00
vijayjt
e699244291 Support Azure tokens from managed identities not associated with a VM 2022-03-07 11:24:58 +00:00
Mariano Cano
3fb5e57f12 Upgrade nosql package
The new version of the package allows filtering out database drivers
using Go tags.
2022-03-04 10:56:09 -08:00
Herman Slatman
ea454f9dfc
Merge pull request #836 from smallstep/herman/acme-eab
Add ACME configuration prerequisites check
2022-03-03 13:10:51 +01:00
Herman Slatman
b6f6bd879c
Fix PR comment and add tests for ACME prerequisites checker 2022-03-03 13:00:20 +01:00
max furman
cc60e72919 changelog update for 0.18.2 2022-03-01 21:01:34 -08:00
Mariano Cano
bf8155f9bd
Merge pull request #840 from smallstep/changelog/PR829
Changeling PR 829
2022-02-28 14:40:45 -08:00
Mariano Cano
b64d1e1ee8 Add entry in changelog. 2022-02-28 14:37:09 -08:00
Mariano Cano
15b1049f19 Fix json tag for Azure.ObjectIDs. 2022-02-28 14:36:37 -08:00
Mariano Cano
6f46cdb432
Merge pull request #829 from vijayjt/new-azure-token-authz-options
Add subscription and object ID validation options to Azure provisioner
2022-02-28 14:31:28 -08:00
Max
18d99b96f3
Merge pull request #838 from smallstep/max/validate-provisioner-before-store
Validate provisioner configuration before storing in DB
2022-02-28 12:53:47 -08:00
max furman
51210dfef9 changelog update 2022-02-28 11:05:59 -08:00
max furman
a79d4af19b change return value of generateProvisionerConfig to value
- always used as value (rather than pointer)
2022-02-28 11:04:40 -08:00
max furman
6030f8bc2e Validate provisioner configuration before storing in DB 2022-02-28 10:48:01 -08:00
Herman Slatman
e47dd0a666
Add ACME configuration prerequisites check 2022-02-28 16:08:00 +01:00
vijayjt
7a32c312bf Update linkedca dependency version 2022-02-25 11:21:32 +00:00
vijayjt
b128e37090 Add SubscriptionIDs and ObjectIDs to provisioner-linkedca conversion functions 2022-02-25 11:06:48 +00:00
vijayjt
4a10f2c584 Rename new fields as per feedback to remove AAD from the name 2022-02-24 09:26:45 +00:00
Max
dedd136407
Merge pull request #831 from smallstep/max/psql
bump nosql for postgres support
2022-02-23 12:51:53 -08:00
max furman
9d885e6914 bump nosql for postgres support 2022-02-22 22:39:30 -08:00
vijayjt
8b68bedffa Add support for validation of certificate requests using Azure subscription and AAD object IDs. See #735 2022-02-22 17:20:18 +00:00
Herman Slatman
c3c6f3da72
Merge branch 'master' into herman/allow-deny 2022-02-22 17:36:56 +01:00
Mariano Cano
c17886323a
Merge pull request #828 from smallstep/update-changelog
Add support for `AuthorizationCrt` in changelog.
2022-02-18 13:23:10 -08:00
Mariano Cano
3a5312c97b Add support for AuthorizationCrt in changelog. 2022-02-18 11:39:44 -08:00
Mariano Cano
28af606526
Merge pull request #827 from smallstep/x5c-template
Make the X5C leaf certificate available to the templates.
2022-02-18 10:19:00 -08:00