github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 10:18:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,280 Commits 1 Branch 0 Tags
07fa3454c6c88e9052d2d75e58350bd86d51b239
Commit Graph

90 Commits

Author SHA1 Message Date
Carl Tashian
3e4393e127 Update copy for linked CA init 2025-02-20 13:22:41 +00:00
Herman Slatman
f4736325fa Use github.com/smallstep/linkedca @ v0.23.0 2025-01-03 18:24:19 +01:00
Herman Slatman
b45b73f4cc Use github.com/smallstep/cli-utils instead of go.step.sm/cli-utils 2024-10-28 10:53:44 +01:00
Herman Slatman
2e560caf68 Add some basic tests for GenerateConfig 
So far the `GenerateConfig` method wasn't tested. This commit adds
a couple of basic tests for this method. It's not fully covered yet,
nor are all properties being checked, but it provides a starting
point for refactoring the CA (configuration) initialization process.
 2023-10-02 15:58:31 +02:00
Herman Slatman
991a9a6223 Merge branch 'master' into herman/fix-init-with-duplicate-provisioner-name 2023-10-02 14:17:53 +02:00
Herman Slatman
3c084822b3 Prevent invalid provisioner name on step ca init 
An unfortunate combination of `--provisioner acme` and the `--acme`
flags on `step ca init` could lead to an invalidat CA configuration.
This commit prevent this case from happening. A similar error could
occur for the `sshpop` provisioner, so a fix was implemented for that
case too.

The fix doesn't catch all cases, e.g. it doesn't check for multiple
provisioners having the same `acme-` or `sshpop-` prefix. The code
that is called is intended to be only called from a `step ca init`
invocation, so should work for these cases, but might not if the
methods are invoked at other times.
 2023-10-02 13:30:35 +02:00
Mariano Cano
c7c7decd5e Add support for the disableSmallstepExtensions claim 
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
 2023-07-27 15:05:01 -07:00
Mariano Cano
ce4fd3d514 Fix tabs instead of spaces in helm chart 2023-05-25 14:22:56 -07:00
max furman
8b256f0351 address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Mariano Cano
4fd9a9b92b Disable database if WithNoDB() option is passed 
This commit removes the database from the configuration if the ca was
initialized with the "--no-db" flag.

Fixes #1292
 2023-02-24 15:40:48 -08:00
Herman Slatman
a9359522e6 Add provisioner and super admin subject output to ca init 
When initializing a CA with `--remote-management`, it wasn't made
clear that the default JWK provisioner is used when authenticating
for administration purposes and that a default `step` user is
created to login with. This commit adds some additional information
to the CLI output on completion of `ca init`.
 2022-10-25 11:48:17 +02:00
Herman Slatman
fd38dd34f9 Fix PR comments 2022-10-24 14:51:27 +02:00
Herman Slatman
49718f1bbb Fix some comments 2022-10-21 11:48:59 +02:00
Herman Slatman
d981b9e0dc Add --admin-subject flag to ca init 
The first super admin subject can now be provided through the
`--admin-subject` flag when initializing a CA.

It's not yet possible to configure the subject of the first
super admin when provisioners are migrated from `ca.json` to the
database. This effectively limits usage of the flag to scenarios
in which the provisioners are written to the database immediately,
so when `--remote-management` is enabled. It currently also doesn't
work with Helm deployments, because there's no mechanism yet to
pass this type of option to the Helm chart.

This commit partially addresses https://github.com/smallstep/cli/issues/697
 2022-10-14 16:03:41 +02:00
Herman Slatman
57001168a5 Add default SSHPOP provisioner to Helm template output 2022-10-14 14:07:13 +02:00
Herman Slatman
c423e2f664 Improve Helm test data to be more realistic 2022-10-14 13:52:27 +02:00
Herman Slatman
459bfc4c4f Add gibberish test key bytes to Helm tests 2022-10-14 01:45:07 +02:00
Herman Slatman
3262ffd43b Add X.509 intermedaite and root certificates to Helm tests 2022-10-14 01:06:43 +02:00
Herman Slatman
1a5523f5c0 Add default JWK to the Helm tests 2022-10-14 00:09:32 +02:00
Herman Slatman
317efa4568 Add some TODOs for improvingin PKI initialization maintainability 2022-10-11 17:39:35 +02:00
Herman Slatman
8616d3160f Add tests for writing the Helm template 2022-10-11 17:18:19 +02:00
Herman Slatman
acdf080308 Add enableAdmin and enableACME to Helm values.yml generation 2022-09-29 15:08:32 +02:00
max furman
ab0d2503ae Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms 
Fixes #975
 2022-08-08 17:58:18 -07:00
vijayjt
02c0ae81ac Allow KMS type to be specified in the helm chart template if specified on the command line. 2022-05-05 00:10:59 +01:00
Carl Tashian
9848caf49f Create the db directory on step ca init 2022-01-12 12:35:37 -08:00
max furman
7fac8c96c3 Merge branch 'master' into max/context 2021-11-17 11:40:01 -08:00
max furman
d37313bef4 Use 0600 for profile defaults file. 2021-11-16 21:47:14 -08:00
max furman
fcc15174ea Rename templates and create profileConfig dir ahead of time. 2021-11-16 21:47:14 -08:00
max furman
43cba993bb PR fixes 
- Line -> PrependLine
- dont' overwrite profileDefaults
- update ssh/config.tpl to always include includes file
 2021-11-16 21:47:14 -08:00
max furman
3e9830e363 Use profileDefaults in PKI 
- write profile defaults at the same time as authority defaults
 2021-11-16 21:47:14 -08:00
max furman
d777fc23c2 Add ca.WithInsecure and use methods for file names 2021-11-16 21:47:14 -08:00
max furman
ed4b56732e updates after rebase to keep up with master 2021-11-16 21:47:14 -08:00
max furman
7eeebca529 Enable step path contexts in identity and pki paths 2021-11-16 21:47:14 -08:00
max furman
10db335f13 mv pkg config -> step 2021-11-16 21:47:14 -08:00
Mariano Cano
cb4a2a5f9a Use the same method to return the templating functions. 2021-10-27 16:11:47 -07:00
Mariano Cano
0f63d43a91 Remove sprig "env" and "expandenv" functions. 2021-10-27 11:51:37 -07:00
Mariano Cano
a2b03083c8 Fix gocritic warnings. 2021-10-12 15:28:08 -07:00
Mariano Cano
e15b5faf7d Merge branch 'master' into keyvault 2021-10-12 15:15:35 -07:00
Mariano Cano
5d0bd7d155 Fix grammar in comments. 2021-10-12 15:14:01 -07:00
Mariano Cano
781d5fb6e8 Fix creation of ssh certificates on step ca init. 2021-10-08 14:25:24 -07:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
ece67fefff Add support for kms in pki package. 
Adding support to kms in the pki packages opens the door to use
kms implementations in `step ca init`
 2021-10-07 17:28:39 -07:00
Mariano Cano
4fde7b5250 Use badgerv2 the default in helm too. 
Use also port 443 for the ca-url, as we usually access through the
service, this can be overridden by --with-ca-url flag in the cli.
 2021-09-17 12:49:16 -07:00
Mariano Cano
8cb62b6d67 Fix ssh in helm chart values. 2021-08-26 10:20:16 -07:00
Mariano Cano
516b74f43a Add comment about unused code. 2021-08-23 15:33:16 -07:00
Mariano Cano
ff25f4974f Fix comment. 2021-08-23 15:29:18 -07:00
Mariano Cano
b1f59586ab Update message to align with UI. 2021-08-13 11:59:12 -07:00
Mariano Cano
66f6c73655 Update badger driver to use v2 by default. 2021-08-11 11:19:29 -07:00
Mariano Cano
072ba4227c Add deployment type to config. 
This field is ignored except for the start of the ca. If the type
is linked and the token is not passed, it will fail with an error.
 2021-08-10 17:07:15 -07:00