Merge branch 'master' into dependabot/go_modules/github.com/Azure/azu…

…re-sdk-for-go/sdk/azidentity-1.6.0
smallstep · Jun 13, 2024 · 93ca1e2 · 93ca1e2
2 parents 7bc9d15 + d6973c9
commit 93ca1e2
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -25,6 +25,22 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ---
 
+## [0.26.2] - 2024-06-13
+
+### Added
+
+- Add provisionerID to ACME accounts (smallstep/certificates#1830)
+- Enable verifying ACME provisioner using provisionerID if available (smallstep/certificates#1844)
+- Add methods to Authority to get intermediate certificates (smallstep/certificates#1848)
+- Add GetX509Signer method (smallstep/certificates#1850)
+
+### Changed
+
+- Make ISErrNotFound more flexible (smallstep/certificates#1819)
+- Log errors using slog.Logger (smallstep/certificates#1849)
+- Update hardcoded AWS certificates (smallstep/certificates#1881)
+
+
 ## [0.26.1] - 2024-04-22
 
 ### Added

diff --git a/acme/api/order.go b/acme/api/order.go
@@ -226,6 +226,7 @@ func isIdentifierAllowed(acmePolicy policy.X509Policy, identifier acme.Identifie
 
 func newACMEPolicyEngine(eak *acme.ExternalAccountKey) (policy.X509Policy, error) {
 	if eak == nil {
+		//nolint:nilnil,nolintlint // expected values
 		return nil, nil
 	}
 	return policy.NewX509PolicyEngine(eak.Policy)

diff --git a/authority/policy/policy.go b/authority/policy/policy.go
@@ -21,6 +21,7 @@ type HostPolicy policy.SSHNamePolicyEngine
 func NewX509PolicyEngine(policyOptions X509PolicyOptionsInterface) (X509Policy, error) {
 	// return early if no policy engine options to configure
 	if policyOptions == nil {
+		//nolint:nilnil,nolintlint // expected values
 		return nil, nil
 	}
 
@@ -50,6 +51,7 @@ func NewX509PolicyEngine(policyOptions X509PolicyOptionsInterface) (X509Policy,
 
 	// ensure no policy engine is returned when no name options were provided
 	if len(options) == 0 {
+		//nolint:nilnil,nolintlint // expected values
 		return nil, nil
 	}
 
@@ -93,6 +95,7 @@ func NewSSHHostPolicyEngine(policyOptions SSHPolicyOptionsInterface) (HostPolicy
 func newSSHPolicyEngine(policyOptions SSHPolicyOptionsInterface, typ sshPolicyEngineType) (policy.SSHNamePolicyEngine, error) {
 	// return early if no policy engine options to configure
 	if policyOptions == nil {
+		//nolint:nilnil,nolintlint // expected values
 		return nil, nil
 	}
 
@@ -134,6 +137,7 @@ func newSSHPolicyEngine(policyOptions SSHPolicyOptionsInterface, typ sshPolicyEn
 
 	// ensure no policy engine is returned when no name options were provided
 	if len(options) == 0 {
+		//nolint:nilnil,nolintlint // expected values
 		return nil, nil
 	}
 

diff --git a/authority/provisioner/oidc.go b/authority/provisioner/oidc.go
@@ -93,6 +93,8 @@ type OIDC struct {
 	ListenAddress         string   `json:"listenAddress,omitempty"`
 	Claims                *Claims  `json:"claims,omitempty"`
 	Options               *Options `json:"options,omitempty"`
+	Scopes                []string `json:"scopes,omitempty"`
+	AuthParams            []string `json:"authParams,omitempty"`
 	configuration         openIDConfiguration
 	keyStore              *keyStore
 	ctl                   *Controller

diff --git a/authority/provisioners.go b/authority/provisioners.go
@@ -918,6 +918,8 @@ func ProvisionerToCertificates(p *linkedca.Provisioner) (provisioner.Interface,
 			Domains:               cfg.Domains,
 			Groups:                cfg.Groups,
 			ListenAddress:         cfg.ListenAddress,
+			Scopes:                cfg.Scopes,
+			AuthParams:            cfg.AuthParams,
 			Claims:                claims,
 			Options:               options,
 		}, nil
@@ -1066,6 +1068,8 @@ func ProvisionerToLinkedca(p provisioner.Interface) (*linkedca.Provisioner, erro
 						Groups:                p.Groups,
 						ListenAddress:         p.ListenAddress,
 						TenantId:              p.TenantID,
+						Scopes:                p.Scopes,
+						AuthParams:            p.AuthParams,
 					},
 				},
 			},

diff --git a/go.mod b/go.mod
@@ -34,7 +34,7 @@ require (
 	github.com/urfave/cli v1.22.15
 	go.step.sm/cli-utils v0.9.0
 	go.step.sm/crypto v0.47.0
-	go.step.sm/linkedca v0.20.1
+	go.step.sm/linkedca v0.21.1
 	golang.org/x/crypto v0.24.0
 	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81
 	golang.org/x/net v0.26.0

diff --git a/go.sum b/go.sum
@@ -494,8 +494,8 @@ go.step.sm/cli-utils v0.9.0 h1:55jYcsQbnArNqepZyAwcato6Zy2MoZDRkWW+jF+aPfQ=
 go.step.sm/cli-utils v0.9.0/go.mod h1:Y/CRoWl1FVR9j+7PnAewufAwKmBOTzR6l9+7EYGAnp8=
 go.step.sm/crypto v0.47.0 h1:LWxiKWiN0Y/A5+dq+fTIAvFYAL8oe3PQmCurjtn6ZBU=
 go.step.sm/crypto v0.47.0/go.mod h1:0NMEfYrFfV5jqs8aJY5wRqIShBV8y/fyDLTseyv5xhY=
-go.step.sm/linkedca v0.20.1 h1:bHDn1+UG1NgRrERkWbbCiAIvv4lD5NOFaswPDTyO5vU=
-go.step.sm/linkedca v0.20.1/go.mod h1:Vaq4+Umtjh7DLFI1KuIxeo598vfBzgSYZUjgVJ7Syxw=
+go.step.sm/linkedca v0.21.1 h1:2pM0qk48Rd8mre5V/Zch3AsaXUpyZAxsICKYB/gV2kc=
+go.step.sm/linkedca v0.21.1/go.mod h1:dOKdF4HSn73YUEkfS5/FECngZmBtj2Il5DTKWXY4S6Y=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=