Merge remote-tracking branch 'refs/remotes/origin/master' into refact…

…or-cloud-provisioning # Conflicts: # cmd/vcert/cmdCloudKeystores.go
Venafi · May 24, 2024 · 630848c · 630848c
2 parents bb03b77 + 78ecbb6
commit 630848c
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 8 deletions.
diff --git a/README-CLI-CLOUD.md b/README-CLI-CLOUD.md
@@ -35,6 +35,7 @@ Use these links to quickly jump to a relevant section lower on this page:
   - [Certificate Retrieval Parameters](#certificate-retrieval-parameters)
   - [Certificate Renewal Parameters](#certificate-renewal-parameters)
   - [Certificate Retire Parameters](#certificate-retire-parameters)
+  - [Certificate Provisioning Parameters](#certificate-provisioning-parameters)
   - [Parameters for Applying Certificate Policy](#parameters-for-applying-certificate-policy)
   - [Parameters for Viewing Certificate Policy](#parameters-for-viewing-certificate-policy)
   - [Examples](#examples)
@@ -217,6 +218,29 @@ Options:
 | `--id`         | Use to specify the unique identifier of the certificate to retire.  Value may be specified as a string or read from a file using the `file:` prefix.            |
 | `--thumbprint` | Use to specify the SHA1 thumbprint of the certificate to retire. Value may be specified as a string or read from the certificate file using the `file:` prefix. |
 
+## Certificate Provisioning Parameters
+API key:
+```
+vcert provisioning cloudkeystore -p vcp -k <api key> [--certificate-id <certificate id> | --pickup-id <request id> | --pickup-id-file <file name>] [ --keystore-id <keystore id> | --keystore-name <keystore name> --provider-name <provider name>]
+```
+Access token:
+```
+vcert provisioning cloudkeystore -p vcp -t <access token> [--certificate-id <certificate id> | --pickup-id <request id> | --pickup-id-file <file name>] [ --keystore-id <keystore id> | --keystore-name <keystore name> --provider-name <provider name>]
+```
+Options:
+
+| Command              | Description                                                                                                                                                                                                            |
+|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `--certificate-id`   | The id of the certificate to be provisioned to a cloud keystore.                                                                                                                                                       |
+| `--pickup-id`        | Use to specify the unique identifier of the certificate returned by the enroll or renew actions if `--no-pickup` was used or a timeout occurred. Required when `--pickup-id-file` is not specified.                    |
+| `--pickup-id-file`   | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
+| `--certificate-name` | Use to specify Cloud Keystore Certificate Name if it supports it                                                                                                                                                       |
+| `--keystore-id`      | The id of the cloud keystore where the certificate will be provisioned.                                                                                                                                                |
+| `--provider-name`    | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.                                                                     |
+| `--keystore-name`    | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.                                                                                                   |
+| `--file`             | Use to specify a file name and a location where the output should be written. Example: --file /path-to/provision-output                                                                                                |
+| `--format`           | The format of the operation output: text or JSON. Defaults to text.                                                                                                                                                    |
+
 ## Parameters for Applying Certificate Policy
 API key:
 ```

diff --git a/cmd/vcert/flags.go b/cmd/vcert/flags.go
@@ -907,7 +907,7 @@ var (
 		flagKeystoreName,
 		flagKeystoreID,
 		flagProvisionFormat,
-		flagProvisionOutputFile, // TODO: implement this flag
+		flagProvisionOutputFile,
 	)
 
 	commonCredFlags = []cli.Flag{flagConfig, flagProfile, flagUrl, flagToken, flagTrustBundle}

diff --git a/cmd/vcert/result_writer.go b/cmd/vcert/result_writer.go
@@ -447,13 +447,18 @@ func outputJSON(resp interface{}) error {
 	return err
 }
 
-func (r *ProvisioningResult) Flush(format string) error {
+func (r *ProvisioningResult) Flush(format string, filePath string) error {
 
 	result, err := r.Format(format)
 	if err != nil {
 		return err
 	}
 
+	if filePath != "" {
+		err = r.WriteFile(result, filePath)
+		return err
+	}
+
 	_, err = fmt.Fprint(os.Stdout, result)
 	if err != nil {
 		return fmt.Errorf("failed to print provisioning result to STDOUT: %w", err)
@@ -462,6 +467,14 @@ func (r *ProvisioningResult) Flush(format string) error {
 	return nil
 }
 
+func (r *ProvisioningResult) WriteFile(result string, filePath string) error {
+	err := os.WriteFile(filePath, []byte(result), 0600)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func (r *ProvisioningResult) Format(format string) (string, error) {
 	result := ""
 	switch strings.ToLower(format) {

diff --git a/cmd/vcert/validators.go b/cmd/vcert/validators.go
@@ -732,8 +732,17 @@ func validateProvisionFlags(commandName string) error {
 		return fmt.Errorf("unexpected output format: %s", flags.format)
 	}
 
-	if flags.certificateID == "" && flags.provisionPickupID == "" {
-		return fmt.Errorf("please, provide any of certificate-id or pickup-id")
+	if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" {
+		return fmt.Errorf("please, provide any of --certificate-id or --pickup-id or --pickup-id-file")
+	}
+
+	if flags.pickupIDFile != "" {
+		if flags.pickupID != "" {
+			return fmt.Errorf("both --pickup-id and --pickup-id-file options cannot be specified at the same time")
+		}
+		if flags.certificateID != "" {
+			return fmt.Errorf("both --certificate-id and --pickup-id-file options cannot be specified at the same time")
+		}
 	}
 
 	if flags.keystoreID == "" {

diff --git a/pkg/domain/workflow.go b/pkg/domain/workflow.go
@@ -2,9 +2,9 @@ package domain
 
 type WorkFlowResponseData struct {
 	Result       interface{} `json:"result"`
-	WorkflowId   string      `json:"workflowId"`
+	WorkflowID   string      `json:"workflowId"`
 	WorkflowName string      `json:"workflowName"`
-	WsClientId   string      `json:"wsClientId"`
+	WsClientID   string      `json:"wsClientId"`
 }
 
 type WorkflowResponse struct {
@@ -19,6 +19,6 @@ type WorkflowResponse struct {
 	EventKind       string               `json:"eventkind"`
 	EventResource   string               `json:"eventresource"`
 	Recipient       string               `json:"recipient"`
-	CorrelationId   string               `json:"correlationid"`
+	CorrelationID   string               `json:"correlationid"`
 	Stream          string               `json:"stream"`
 }
diff --git a/pkg/venafi/cloud/cloudproviders.go b/pkg/venafi/cloud/cloudproviders.go
@@ -49,7 +49,7 @@ func (c *Connector) ProvisionCertificate(req *domain.ProvisioningRequest, option
 
 	reqData := *req
 
-	if reqData.Timeout == 0 {
+	if reqData.Timeout <= 0 {
 		reqData.Timeout = util.DefaultTimeout * time.Second
 	}