Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds certificate ID File flags for provisioning in VCert CLI #490

Merged
merged 3 commits into from
May 28, 2024
Merged

Adds certificate ID File flags for provisioning in VCert CLI #490

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a10a907
adds certificate ID File flags for provisioning in VCert CLI
luispresuelVenafi May 28, 2024
011af0b
rearranges flags in documentation so they are in alphabetical order
luispresuelVenafi May 28, 2024
65cf690
removes unneeded debug print
luispresuelVenafi May 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 12 additions & 11 deletions README-CLI-CLOUD.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,17 +229,18 @@ vcert provisioning cloudkeystore -p vcp -t <access token> [--certificate-id <cer
```
Options:

| Command | Description |
|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--certificate-id` | The id of the certificate to be provisioned to a cloud keystore. |
| `--pickup-id` | Use to specify the unique identifier of the certificate returned by the enroll or renew actions if `--no-pickup` was used or a timeout occurred. Required when `--pickup-id-file` is not specified. |
| `--pickup-id-file` | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
| `--certificate-name` | Use to specify Cloud Keystore Certificate Name if it supports it |
| `--keystore-id` | The id of the cloud keystore where the certificate will be provisioned. |
| `--provider-name` | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag. |
| `--keystore-name` | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag. |
| `--file` | Use to specify a file name and a location where the output should be written. Example: --file /path-to/provision-output |
| `--format` | The format of the operation output: text or JSON. Defaults to text. |
| Command | Description |
|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--certificate-id` | The id of the certificate to be provisioned to a cloud keystore. |
| `--certificate-id-file` | Use to specify a file name that contains the unique identifier of the certificate. Required when `--certificate-id` is not specified. |
| `--certificate-name` | Use to specify Cloud Keystore Certificate Name if it supports it |
| `--file` | Use to specify a file name and a location where the output should be written. Example: --file /path-to/provision-output |
| `--format` | The format of the operation output: text or JSON. Defaults to text. |
luispresuelVenafi marked this conversation as resolved.
Show resolved Hide resolved
| `--keystore-id` | The id of the cloud keystore where the certificate will be provisioned. |
| `--keystore-name` | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag. |
| `--pickup-id-file` | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
| `--pickup-id` | Use to specify the unique identifier of the certificate returned by the enroll or renew actions. Required when `--pickup-id-file` is not specified. |
| `--provider-name` | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag. |

## Parameters for Applying Certificate Policy
API key:
Expand Down
1 change: 1 addition & 0 deletions cmd/vcert/args.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,7 @@ type commandFlags struct {
sshFileCertEnroll string
sshFileGetConfig string
certificateID string
certificateIDFile string
keystoreID string
providerName string
keystoreName string
Expand Down
39 changes: 28 additions & 11 deletions cmd/vcert/cmdCloudKeystores.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,18 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
if err != nil {
return err
}
var flagsP *commandFlags
flagsP, err = gettingIDsFromFiles(&flags)
if err != nil {
return err
}

err = setTLSConfig()
if err != nil {
return err
}

cfg, err := buildConfig(c, &flags)
cfg, err := buildConfig(c, flagsP)
if err != nil {
return fmt.Errorf("failed to build vcert config: %s", err)
}
Expand All @@ -53,22 +59,14 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
var options *endpoint.ProvisioningOptions

log.Printf("fetching keystore information for provided keystore information from flags. KeystoreID: %s, KeystoreName: %s, ProviderName: %s", flags.keystoreID, flags.keystoreName, flags.providerName)
getKeystoreReq := buildGetCloudKeystoreRequest(&flags)
getKeystoreReq := buildGetCloudKeystoreRequest(flagsP)
cloudKeystore, err := connector.(*cloud.Connector).GetCloudKeystore(getKeystoreReq)
if err != nil {
return err
}
log.Printf("successfully fetched keystore")

if flags.pickupIDFile != "" {
bytes, err := os.ReadFile(flags.pickupIDFile)
if err != nil {
return fmt.Errorf("failed to read Pickup ID value: %s", err)
}
flags.pickupID = strings.TrimSpace(string(bytes))
}

req, options = fillProvisioningRequest(req, *cloudKeystore, &flags)
req, options = fillProvisioningRequest(req, *cloudKeystore, flagsP)

metadata, err := connector.ProvisionCertificate(req, options)
if err != nil {
Expand All @@ -94,3 +92,22 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
}
return nil
}

func gettingIDsFromFiles(flags *commandFlags) (*commandFlags, error) {
if flags.pickupIDFile != "" {
fmt.Printf("pickupIDFILE is not empty string")
luispresuelVenafi marked this conversation as resolved.
Show resolved Hide resolved
bytes, err := os.ReadFile(flags.pickupIDFile)
if err != nil {
return nil, fmt.Errorf("failed to read Pickup ID value: %s", err)
}
flags.pickupID = strings.TrimSpace(string(bytes))
}
if flags.certificateIDFile != "" {
bytes, err := os.ReadFile(flags.certificateIDFile)
if err != nil {
return nil, fmt.Errorf("failed to read Certificate ID value: %s", err)
}
flags.certificateID = strings.TrimSpace(string(bytes))
}
return flags, nil
}
8 changes: 8 additions & 0 deletions cmd/vcert/flags.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -714,6 +714,13 @@ var (
Destination: &flags.certificateID,
}

flagCertificateIDFile = &cli.StringFlag{
Name: "certificate-id-file",
Usage: "Use to specify the file name from where to read or write the Certificate ID. " +
"Either --certificate-id or --certificate-id-file is required.",
Destination: &flags.certificateIDFile,
}

flagKeystoreID = &cli.StringFlag{
Name: "keystore-id",
Usage: "The id of the cloud keystore where the certificate will be provisioned.",
Expand Down Expand Up @@ -900,6 +907,7 @@ var (
credentialsFlags,
flagPlatform,
flagCertificateID,
flagCertificateIDFile,
flagProvisionPickupID,
flagPickupIDFile,
flagKeystoreCertName,
Expand Down
13 changes: 11 additions & 2 deletions cmd/vcert/validators.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -732,8 +732,8 @@ func validateProvisionFlags(commandName string) error {
return fmt.Errorf("unexpected output format: %s", flags.format)
}

if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" {
return fmt.Errorf("please, provide any of --certificate-id or --pickup-id or --pickup-id-file")
if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" && flags.certificateIDFile == "" {
return fmt.Errorf("please, provide any of --certificate-id or --certificate-id-file or --pickup-id or --pickup-id-file")
}

if flags.pickupIDFile != "" {
Expand All @@ -745,6 +745,15 @@ func validateProvisionFlags(commandName string) error {
}
}

if flags.certificateIDFile != "" {
if flags.pickupID != "" {
luispresuelVenafi marked this conversation as resolved.
Show resolved Hide resolved
return fmt.Errorf("both --certificate-id and --pickup-id-file options cannot be specified at the same time")
}
if flags.certificateID != "" {
return fmt.Errorf("both --certificate-id and --certificate-id-file options cannot be specified at the same time")
}
}

if flags.keystoreID == "" {
if flags.keystoreName == "" || flags.providerName == "" {
return fmt.Errorf("any of keystore ID or both Provider Name and Keystore Name must be provided for provisioning")
Expand Down