This is an automated email from the ASF dual-hosted git repository.
lahirujayathilake pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
from 590e1bb54 Removed deprecated modules
new 65bd0a2a2 initial signer service implementation
new d1e8bc5f4 maintain a denied list for the extensions in client config
and move the force-command to the certificate issuance
new 0457b2528 add SSH extension validation and resolution logic with tests
new 5ee5dfccb Add source of truth validation against LDAP and caching logic
new 857c280e4 Add defaultSubject support in dev mode configuration
new 76aa5b79b LDAP connection pooling
new a4500c229 migrate to openbao from hashicorp vault
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
compose/dbinit/init-db.sh | 2 +
signer/.gitignore | 5 +
signer/README.md | 276 ++++++++++++++
signer/config.example.yaml | 62 +++
signer/go.mod | 58 +++
signer/go.sum | 200 ++++++++++
signer/internal/audit/logger.go | 151 ++++++++
signer/internal/auth/client_auth.go | 99 +++++
signer/internal/auth/client_auth_test.go | 81 ++++
signer/internal/auth/oidc_validator.go | 302 +++++++++++++++
signer/internal/auth/oidc_validator_test.go | 457 +++++++++++++++++++++++
signer/internal/cert/extensions.go | 121 ++++++
signer/internal/cert/extensions_test.go | 188 ++++++++++
signer/internal/cert/rsa_ecdsa_signing_test.go | 210 +++++++++++
signer/internal/cert/signer.go | 106 ++++++
signer/internal/cert/signer_test.go | 248 ++++++++++++
signer/internal/cert/ssh_key.go | 237 ++++++++++++
signer/internal/cert/ssh_key_test.go | 306 +++++++++++++++
signer/internal/config/config.go | 252 +++++++++++++
signer/internal/config/config_test.go | 122 ++++++
signer/internal/handler/admin.go | 88 +++++
signer/internal/handler/ca_public_key.go | 93 +++++
signer/internal/handler/ca_public_key_test.go | 78 ++++
signer/internal/handler/certificates.go | 185 +++++++++
signer/internal/handler/certificates_test.go | 238 ++++++++++++
signer/internal/handler/common.go | 26 ++
signer/internal/handler/health.go | 119 ++++++
signer/internal/handler/jwks.go | 102 +++++
signer/internal/handler/revoke.go | 110 ++++++
signer/internal/handler/revoke_test.go | 53 +++
signer/internal/handler/sign.go | 324 ++++++++++++++++
signer/internal/handler/sign_test.go | 85 +++++
signer/internal/handler/userinfo.go | 55 +++
signer/internal/handler/userinfo_test.go | 93 +++++
signer/internal/httputil/context.go | 95 +++++
signer/internal/httputil/context_test.go | 92 +++++
signer/internal/metrics/metrics.go | 56 +++
signer/internal/metrics/metrics_test.go | 62 +++
signer/internal/policy/enforcer.go | 106 ++++++
signer/internal/policy/enforcer_test.go | 182 +++++++++
signer/internal/policy/key_type.go | 17 +
signer/internal/server/bearer_middleware_test.go | 125 +++++++
signer/internal/server/cors.go | 50 +++
signer/internal/server/cors_test.go | 125 +++++++
signer/internal/server/middleware.go | 150 ++++++++
signer/internal/server/middleware_test.go | 124 ++++++
signer/internal/server/routes.go | 84 +++++
signer/internal/server/server.go | 82 ++++
signer/internal/store/certificate_query.go | 176 +++++++++
signer/internal/store/client_config.go | 81 ++++
signer/internal/store/db.go | 57 +++
signer/internal/store/issuance_log.go | 76 ++++
signer/internal/store/revocation.go | 58 +++
signer/internal/validation/comanage.go | 30 ++
signer/internal/validation/dispatcher.go | 197 ++++++++++
signer/internal/validation/dispatcher_test.go | 219 +++++++++++
signer/internal/validation/ldap.go | 194 ++++++++++
signer/internal/validation/ldap_test.go | 310 +++++++++++++++
signer/internal/validation/noop.go | 30 ++
signer/internal/validation/validator.go | 38 ++
signer/internal/validation/validator_test.go | 65 ++++
signer/internal/vault/client.go | 441 ++++++++++++++++++++++
signer/main.go | 223 +++++++++++
signer/migrations/001_initial_schema.up.sql | 81 ++++
64 files changed, 8758 insertions(+)
create mode 100644 signer/.gitignore
create mode 100644 signer/README.md
create mode 100644 signer/config.example.yaml
create mode 100644 signer/go.mod
create mode 100644 signer/go.sum
create mode 100644 signer/internal/audit/logger.go
create mode 100644 signer/internal/auth/client_auth.go
create mode 100644 signer/internal/auth/client_auth_test.go
create mode 100644 signer/internal/auth/oidc_validator.go
create mode 100644 signer/internal/auth/oidc_validator_test.go
create mode 100644 signer/internal/cert/extensions.go
create mode 100644 signer/internal/cert/extensions_test.go
create mode 100644 signer/internal/cert/rsa_ecdsa_signing_test.go
create mode 100644 signer/internal/cert/signer.go
create mode 100644 signer/internal/cert/signer_test.go
create mode 100644 signer/internal/cert/ssh_key.go
create mode 100644 signer/internal/cert/ssh_key_test.go
create mode 100644 signer/internal/config/config.go
create mode 100644 signer/internal/config/config_test.go
create mode 100644 signer/internal/handler/admin.go
create mode 100644 signer/internal/handler/ca_public_key.go
create mode 100644 signer/internal/handler/ca_public_key_test.go
create mode 100644 signer/internal/handler/certificates.go
create mode 100644 signer/internal/handler/certificates_test.go
create mode 100644 signer/internal/handler/common.go
create mode 100644 signer/internal/handler/health.go
create mode 100644 signer/internal/handler/jwks.go
create mode 100644 signer/internal/handler/revoke.go
create mode 100644 signer/internal/handler/revoke_test.go
create mode 100644 signer/internal/handler/sign.go
create mode 100644 signer/internal/handler/sign_test.go
create mode 100644 signer/internal/handler/userinfo.go
create mode 100644 signer/internal/handler/userinfo_test.go
create mode 100644 signer/internal/httputil/context.go
create mode 100644 signer/internal/httputil/context_test.go
create mode 100644 signer/internal/metrics/metrics.go
create mode 100644 signer/internal/metrics/metrics_test.go
create mode 100644 signer/internal/policy/enforcer.go
create mode 100644 signer/internal/policy/enforcer_test.go
create mode 100644 signer/internal/policy/key_type.go
create mode 100644 signer/internal/server/bearer_middleware_test.go
create mode 100644 signer/internal/server/cors.go
create mode 100644 signer/internal/server/cors_test.go
create mode 100644 signer/internal/server/middleware.go
create mode 100644 signer/internal/server/middleware_test.go
create mode 100644 signer/internal/server/routes.go
create mode 100644 signer/internal/server/server.go
create mode 100644 signer/internal/store/certificate_query.go
create mode 100644 signer/internal/store/client_config.go
create mode 100644 signer/internal/store/db.go
create mode 100644 signer/internal/store/issuance_log.go
create mode 100644 signer/internal/store/revocation.go
create mode 100644 signer/internal/validation/comanage.go
create mode 100644 signer/internal/validation/dispatcher.go
create mode 100644 signer/internal/validation/dispatcher_test.go
create mode 100644 signer/internal/validation/ldap.go
create mode 100644 signer/internal/validation/ldap_test.go
create mode 100644 signer/internal/validation/noop.go
create mode 100644 signer/internal/validation/validator.go
create mode 100644 signer/internal/validation/validator_test.go
create mode 100644 signer/internal/vault/client.go
create mode 100644 signer/main.go
create mode 100644 signer/migrations/001_initial_schema.up.sql
