* Use enum type and raise exception for wrong value

…validation in addition to bastion_user.

Added an email and principal validation option.
Updated bless_deploy_example with the new options.

Fixing typos in readme.

Enhancing PR#43.

bastion_user and remote_usernames now have configurable validation schemas.  See bless_request.py:USERNAME_VALIDATION_OPTIONS

…to allow different remote_usernames

added positive test mocking kmsauth sucessfully decrypting a token

…t, so that it better matches the format used when logging.

This change gives the option to validate the remote username against
the IAM groups containing the user invoking the lambda function. This
is an optional feature which is used in conjunction with kmsauth.

For example, if there were two groups of users, you could put your
admins in the ssh-admin IAM group to allow them to generate certificates
with a remote_username of 'admin'. Users with fewer permissions could be
in the ssh-user group to allow them to generate certificates for the 'user'
account.

The group name is configurable, however they must all be in a consistent
format, and must all contain the relevant remote_username once.

Netflix#74)

* Allowing BLESS lambda to accept ed25519 keys, completing Netflix#71 .  Thanks @jnewbigin .

* Moving BLESS to python 3.6.
You just need to rebuild, publish, and switch your lambda runtime from 2.7 to 3.6.

* Moving TravisCI to Python3.6 as well.

Allows username validation against IAM groups

Also cleaned up and added bz2 support to Netflix#67 .

Compressed CA private key support

Features include:
Python 3.6 Lambda support
Caching of the KMS decrypted CA Private Key Password.
Compressed CA Private Key support, allowing RSA 4096 keys to be set in the Lambda Environment.
Issue certificates for ED25519 public keys (RSA CA).
New option to validate the remote username against the IAM groups of the calling user.
Updated dependencies.

I had to go and discover the right link. I'd like to save that trouble for other readers.

Add link to Amazon Linux repository

The flag is not needed and breaks scripts if the input device does not have a TTY

… latest Amazon Linux.

* Plus minor formatting proposals

Netflix#87

Netflix#86

…' into lambda-host-split.

… request schemas.

You can now use bless_lambda_user.lambda_handler_user for user cert requests and bless_lambda_host.lambda_handler_host for host cert requests.  Please note that as implemented, anyone who can call the host lambda can obtain host certs for any hostname.

In addition to bless_lambda.lambda_handler, you can now use bless_lambda_user.lambda_handler_user for user cert requests and bless_lambda_host.lambda_handler_host for host cert requests.  Please note that as implemented, anyone who can call the host lambda can obtain host certs for any hostname.

Features include:
New support for a Host SSH Certificate Lambda.  Please consider how you will control who can obtain host certs for which hostnames before using.
Updated publishing code to build with the latest Amazon Linux 2.
Validated for Python 3.7 Lambda runtime.
Updated dependencies.
Various typo fixes.

Release prep