github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 18:18:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,893 Commits 1 Branch 0 Tags
b4cddb424b040affc2c8d21f119c4e35c33c443a
Commit Graph

57 Commits

Author SHA1 Message Date
Mariano Cano
88f161818d Merge pull request #1558 from adantop/feat/support-gcp-ssh-user-certs-opt-2 
Allowing GCP provisioner to issue SSH User Certificates - Option 2
 2024-07-23 11:13:51 -07:00
Mariano Cano
ffbbdf6f04 Update api/ssh.go 
Co-authored-by: Max <mx.furman@gmail.com>
 2024-07-11 12:35:39 -07:00
Mariano Cano
955338a80d Create identity uri on any provisioner 
This commit allows the creation of the identity certificate with the
host URI using any provisioner. Before, only the K8SSA provisioner could
create an identity certificate with the URI.
 2024-07-11 12:27:15 -07:00
Mariano Cano
f3f484cee2 Log errors using slog.Logger 
This commit allows logging errors in a slog.Logger injected in the
context. This type of logger is not currently used directly in step-ca,
but this will change in the future.
 2024-05-15 15:40:40 -07:00
adantop
e8af03cd36 Allow User Certs for Service Accounts in the GCP provisioner 
adding tests

linting

refactor to generate just the sign options

fix linting and adding toggle for user and host certs

resolving linting error
 2024-05-08 08:34:58 -06:00
Herman Slatman
2a8b80a3e1 Merge branch 'master' into herman/webhook-request-id 2024-02-27 12:17:10 +01:00
Max
9f84f7ce35 Allow for identity certificate signing (in sshSign) by skipping validators (#1572) 
- skip urisValidator for identity certificate signing. Implemented
  by building the validator with the context in a hacky way.
 2023-10-06 14:02:19 -07:00
Herman Slatman
9e3807eaa3 Use SignWithContext in the critical paths 2023-09-19 16:34:29 +02:00
Herman Slatman
4c56877d97 Add SSH certificate logging to renew and rekey too 2023-05-05 11:06:01 +02:00
Herman Slatman
922f702da3 Add logging for SSH certificate issuance 2023-05-04 15:33:06 +02:00
Mariano Cano
1be74eca62 Merge branch 'master' into ssh-renew-provisioner 2022-05-23 14:31:15 -07:00
Mariano Cano
6b3a8f22f3 Add provisioner to SSH renewals 
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
 2022-05-20 14:41:44 -07:00
Mariano Cano
a6b8e65d69 Retrieve the authority from the context in api methods. 2022-04-26 12:58:40 -07:00
Panagiotis Siatras
00634fb648 api/render, api/log: initial implementation of the packages (#860) 
* api/render: initial implementation of the package

* acme/api: refactored to support api/render

* authority/admin: refactored to support api/render

* ca: refactored to support api/render

* api: refactored to support api/render

* api/render: implemented Error

* api: refactored to support api/render.Error

* acme/api: refactored to support api/render.Error

* authority/admin: refactored to support api/render.Error

* ca: refactored to support api/render.Error

* ca: fixed broken tests

* api/render, api/log: moved error logging to this package

* acme: refactored Error so that it implements render.RenderableError

* authority/admin: refactored Error so that it implements render.RenderableError

* api/render: implemented RenderableError

* api/render: added test coverage for Error

* api/render: implemented statusCodeFromError

* api: refactored RootsPEM to work with render.Error

* acme, authority/admin: fixed pointer receiver name for consistency

* api/render, errs: moved StatusCoder & StackTracer to the render package
 2022-03-30 11:22:22 +03:00
Panagiotis Siatras
29092b9d8a api: refactored to use the read package 2022-03-18 20:20:59 +02:00
Mariano Cano
b5db3f5706 Modify errs.ForbiddenErr to always return an error to the cli. 2021-11-23 11:52:55 -08:00
Mariano Cano
668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 2021-11-18 18:44:58 -08:00
Mariano Cano
8c8db0d4b7 Modify errs.BadRequestErr() to always return an error to the client. 2021-11-18 18:17:36 -08:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
max furman
7b5d6968a5 first commit 2021-05-19 15:20:16 -07:00
Mariano Cano
e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 2020-08-10 11:26:51 -07:00
Mariano Cano
3b19bb9796 Add TemplateData to SSHSignRequest. 
Add some omitempty tags.
 2020-07-30 17:45:03 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 2020-07-22 18:24:45 -07:00
Mariano Cano
b0ff731d18 Add support for user provisioner certificates on OIDC provisioners. 
OIDC provisioners create an SSH certificate with two principals. This
was avoiding the creationg of user provisioner certificates for those
provisioners.

Fixes smallstep/cli#268
 2020-04-23 19:42:55 -07:00
Mariano Cano
bfe1f4952d Rename interface to CertificateEnforcer and add tests. 2020-03-31 11:41:36 -07:00
Mariano Cano
64f26c0f40 Enforce a duration for identity certificates. 2020-03-30 17:33:04 -07:00
Mariano Cano
c49a9d5e33 Add context parameter to all SSH methods. 2020-03-10 19:01:45 -07:00
max furman
1cb8bb3ae1 Simplify statuscoder error generators. 2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 2020-01-28 13:29:40 -08:00
max furman
b9f6aacb0f Move api errors to their own package and modify the typedef 2020-01-28 13:29:39 -08:00
max furman
3ac388612a Use x5cInsecure token for /ssh/check-host endpoint 2020-01-28 13:29:39 -08:00
Mariano Cano
f6ffa2cc43 Check at the cert type instead of at the body. 2020-01-28 13:29:39 -08:00
Mariano Cano
7b81bec8aa Use default duration for host certificates identity files. 2020-01-28 13:29:39 -08:00
Mariano Cano
3a16835cdd Make identity duration the same as the SSH cert. 2020-01-28 13:29:39 -08:00
max furman
656f35e522 Use an actual Hosts type when returning ssh hosts 2020-01-28 13:29:39 -08:00
max furman
f92bb06b6c change func def for getSSHHosts 
* continue to return all hosts if injection method not specified
 2020-01-28 13:28:16 -08:00
Mariano Cano
11c8639782 Add identity certificate in ssh response. 2020-01-28 13:28:16 -08:00
max furman
d940ab7c20 Add getSSHHosts injection func 2020-01-28 13:28:16 -08:00
Mariano Cano
8bf3bf701e Add support for /ssh/bastion method. 2020-01-28 13:28:16 -08:00
max furman
54e3cf7322 Add multiuse capability to k8ssa provisioners 2020-01-28 13:28:16 -08:00
max furman
29853ae016 sshpop provisioner + ssh renew | revoke | rekey first pass 2020-01-28 13:28:16 -08:00
max furman
5616386eed Add SSH getHosts api 2020-01-28 13:28:16 -08:00
Mariano Cano
d880a98295 Add tests for ssh api methods. 2020-01-28 13:28:16 -08:00
Mariano Cano
a713277453 Fix return of host configurations. 2020-01-28 13:28:16 -08:00
Mariano Cano
37f17213bb Add initial support for check-host endpoint. 2020-01-28 13:28:16 -08:00
Mariano Cano
d08db4df23 Rename SSH methods. 2020-01-28 13:28:16 -08:00
Mariano Cano
b5bc249e1c Add support for multiple ssh roots. 
Fixes #125
 2020-01-28 13:28:16 -08:00
Mariano Cano
91130b9c3f Add support for user data in templates. 2020-01-28 13:28:16 -08:00
Mariano Cano
a35988ff08 Add initial support for ssh config. 
Related to smallstep/cli#170
 2020-01-28 13:28:16 -08:00
Mariano Cano
961be1fbc7 Add endpoint to return the SSH public keys. 
Related to smallstep/ca-component#195
 2020-01-28 13:28:16 -08:00