Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secrets/ssh: allow algorithm_signer to use the key's default algo #9824

Merged
merged 6 commits into from
Aug 26, 2020
Merged

secrets/ssh: allow algorithm_signer to use the key's default algo #9824

merged 6 commits into from
Aug 26, 2020

Conversation

calvn
Copy link
Member

@calvn calvn commented Aug 25, 2020

This PR allows certificates to be signed using the signer's default algorithm if none is specified in the role's algorithm_signer parameter.

Related to #9096
Fixes #9739
Closes #8414

@calvn calvn added this to the 1.5.3 milestone Aug 25, 2020
@ncabatoff
Copy link
Collaborator

Can you add a case to TestSSHBackend_CA please?

@calvn
Copy link
Member Author

calvn commented Aug 25, 2020

Yes, I'm in the process of adding tests. Opened it in draft mode for early review.

@calvn calvn requested a review from ncabatoff August 25, 2020 21:59
@calvn calvn marked this pull request as ready for review August 26, 2020 05:49
ncabatoff
ncabatoff reviewed Aug 26, 2020
View reviewed changes
Copy link
Collaborator

@ncabatoff ncabatoff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have some test failures on the most recent commit, but it's looking good otherwise!

builtin/logical/ssh/backend_test.go Outdated Show resolved Hide resolved
@calvn calvn requested a review from ncabatoff August 26, 2020 18:39
@calvn calvn merged commit c990068 into master Aug 26, 2020
@mladlow mladlow modified the milestones: 1.5.3, 1.4.6 Aug 26, 2020
ncabatoff pushed a commit that referenced this pull request Aug 26, 2020
@calvn @ncabatoff
secrets/ssh: allow algorithm_signer to use the key's default algo (#9824
2ee88db 
)

* secrets/ssh: allow algorithm_signer to use the key's default algo

* add test for ed25519 key signing

* test: add role upgrade test case

* test: rename and add more test cases

* test: clean up tests cases, fix broken test case on expected error

* test: fix broken test case on expected error
ncabatoff pushed a commit that referenced this pull request Aug 26, 2020
@calvn @ncabatoff
secrets/ssh: allow algorithm_signer to use the key's default algo (#9824
bd8e393 
)

* secrets/ssh: allow algorithm_signer to use the key's default algo

* add test for ed25519 key signing

* test: add role upgrade test case

* test: rename and add more test cases

* test: clean up tests cases, fix broken test case on expected error

* test: fix broken test case on expected error
ncabatoff added a commit that referenced this pull request Aug 26, 2020
@ncabatoff
secrets/ssh: allow algorithm_signer to use the key's default algo (#9824
c2ac761 
) (#9841)
ncabatoff added a commit that referenced this pull request Aug 26, 2020
@ncabatoff
secrets/ssh: allow algorithm_signer to use the key's default algo (#9824
46c56fa 
) (#9840)
@calvn calvn deleted the ssh-algo-signer-fix branch August 27, 2020 00:04
calvn added a commit that referenced this pull request Oct 9, 2020
@calvn
docs/ssh: update algorithm_signer param after #9824
8f04add
calvn added a commit that referenced this pull request Oct 9, 2020
@calvn
docs/ssh: update algorithm_signer param after #9824 (#10126)
c4d336e
github-actions bot pushed a commit that referenced this pull request Oct 9, 2020
@calvn @actions-user
docs/ssh: update algorithm_signer param after #9824 (#10126)
a922438
@lhw lhw mentioned this pull request Nov 2, 2020
Closed
@calvn calvn mentioned this pull request Nov 30, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ncabatoff ncabatoff ncabatoff approved these changes

@briankassouf briankassouf Awaiting requested review from briankassouf

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.4.6
Development

Successfully merging this pull request may close these issues.

Custom SSH CAs using ed25519/ecdsa cannot sign keys SSH CA permit other algorithm than rsa sha1
3 participants
@calvn @ncabatoff @mladlow