Skip to content

Commit

Permalink
adds certificate ID File flags for provisioning in VCert CLI
Browse files Browse the repository at this point in the history
  • Loading branch information
luispresuelVenafi committed May 28, 2024
1 parent 78ecbb6 commit a10a907
Show file tree
Hide file tree
Showing 5 changed files with 60 additions and 24 deletions.
23 changes: 12 additions & 11 deletions README-CLI-CLOUD.md
Original file line number Diff line number Diff line change
Expand Up @@ -229,17 +229,18 @@ vcert provisioning cloudkeystore -p vcp -t <access token> [--certificate-id <cer
```
Options:

| Command | Description |
|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--certificate-id` | The id of the certificate to be provisioned to a cloud keystore. |
| `--pickup-id` | Use to specify the unique identifier of the certificate returned by the enroll or renew actions if `--no-pickup` was used or a timeout occurred. Required when `--pickup-id-file` is not specified. |
| `--pickup-id-file` | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
| `--certificate-name` | Use to specify Cloud Keystore Certificate Name if it supports it |
| `--keystore-id` | The id of the cloud keystore where the certificate will be provisioned. |
| `--provider-name` | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag. |
| `--keystore-name` | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag. |
| `--file` | Use to specify a file name and a location where the output should be written. Example: --file /path-to/provision-output |
| `--format` | The format of the operation output: text or JSON. Defaults to text. |
| Command | Description |
|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--certificate-id` | The id of the certificate to be provisioned to a cloud keystore. |
| `--certificate-id-file` | Use to specify a file name that contains the unique identifier of the certificate. Required when `--certificate-id` is not specified. |
| `--pickup-id` | Use to specify the unique identifier of the certificate returned by the enroll or renew actions. Required when `--pickup-id-file` is not specified. |
| `--pickup-id-file` | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
| `--certificate-name` | Use to specify Cloud Keystore Certificate Name if it supports it |
| `--keystore-id` | The id of the cloud keystore where the certificate will be provisioned. |
| `--provider-name` | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag. |
| `--keystore-name` | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag. |
| `--file` | Use to specify a file name and a location where the output should be written. Example: --file /path-to/provision-output |
| `--format` | The format of the operation output: text or JSON. Defaults to text. |

## Parameters for Applying Certificate Policy
API key:
Expand Down
1 change: 1 addition & 0 deletions cmd/vcert/args.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,7 @@ type commandFlags struct {
sshFileCertEnroll string
sshFileGetConfig string
certificateID string
certificateIDFile string
keystoreID string
providerName string
keystoreName string
Expand Down
39 changes: 28 additions & 11 deletions cmd/vcert/cmdCloudKeystores.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,18 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
if err != nil {
return err
}
var flagsP *commandFlags
flagsP, err = gettingIDsFromFiles(&flags)
if err != nil {
return err
}

err = setTLSConfig()
if err != nil {
return err
}

cfg, err := buildConfig(c, &flags)
cfg, err := buildConfig(c, flagsP)
if err != nil {
return fmt.Errorf("failed to build vcert config: %s", err)
}
Expand All @@ -53,22 +59,14 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
var options *endpoint.ProvisioningOptions

log.Printf("fetching keystore information for provided keystore information from flags. KeystoreID: %s, KeystoreName: %s, ProviderName: %s", flags.keystoreID, flags.keystoreName, flags.providerName)
getKeystoreReq := buildGetCloudKeystoreRequest(&flags)
getKeystoreReq := buildGetCloudKeystoreRequest(flagsP)
cloudKeystore, err := connector.(*cloud.Connector).GetCloudKeystore(getKeystoreReq)
if err != nil {
return err
}
log.Printf("successfully fetched keystore")

if flags.pickupIDFile != "" {
bytes, err := os.ReadFile(flags.pickupIDFile)
if err != nil {
return fmt.Errorf("failed to read Pickup ID value: %s", err)
}
flags.pickupID = strings.TrimSpace(string(bytes))
}

req, options = fillProvisioningRequest(req, *cloudKeystore, &flags)
req, options = fillProvisioningRequest(req, *cloudKeystore, flagsP)

metadata, err := connector.ProvisionCertificate(req, options)
if err != nil {
Expand All @@ -94,3 +92,22 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
}
return nil
}

func gettingIDsFromFiles(flags *commandFlags) (*commandFlags, error) {
if flags.pickupIDFile != "" {
fmt.Printf("pickupIDFILE is not empty string")
bytes, err := os.ReadFile(flags.pickupIDFile)
if err != nil {
return nil, fmt.Errorf("failed to read Pickup ID value: %s", err)
}
flags.pickupID = strings.TrimSpace(string(bytes))
}
if flags.certificateIDFile != "" {
bytes, err := os.ReadFile(flags.certificateIDFile)
if err != nil {
return nil, fmt.Errorf("failed to read Certificate ID value: %s", err)
}
flags.certificateID = strings.TrimSpace(string(bytes))
}
return flags, nil
}
8 changes: 8 additions & 0 deletions cmd/vcert/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -714,6 +714,13 @@ var (
Destination: &flags.certificateID,
}

flagCertificateIDFile = &cli.StringFlag{
Name: "certificate-id-file",
Usage: "Use to specify the file name from where to read or write the Certificate ID. " +
"Either --certificate-id or --certificate-id-file is required.",
Destination: &flags.certificateIDFile,
}

flagKeystoreID = &cli.StringFlag{
Name: "keystore-id",
Usage: "The id of the cloud keystore where the certificate will be provisioned.",
Expand Down Expand Up @@ -900,6 +907,7 @@ var (
credentialsFlags,
flagPlatform,
flagCertificateID,
flagCertificateIDFile,
flagProvisionPickupID,
flagPickupIDFile,
flagKeystoreCertName,
Expand Down
13 changes: 11 additions & 2 deletions cmd/vcert/validators.go
Original file line number Diff line number Diff line change
Expand Up @@ -732,8 +732,8 @@ func validateProvisionFlags(commandName string) error {
return fmt.Errorf("unexpected output format: %s", flags.format)
}

if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" {
return fmt.Errorf("please, provide any of --certificate-id or --pickup-id or --pickup-id-file")
if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" && flags.certificateIDFile == "" {
return fmt.Errorf("please, provide any of --certificate-id or --certificate-id-file or --pickup-id or --pickup-id-file")
}

if flags.pickupIDFile != "" {
Expand All @@ -745,6 +745,15 @@ func validateProvisionFlags(commandName string) error {
}
}

if flags.certificateIDFile != "" {
if flags.pickupID != "" {
return fmt.Errorf("both --certificate-id and --pickup-id-file options cannot be specified at the same time")
}
if flags.certificateID != "" {
return fmt.Errorf("both --certificate-id and --certificate-id-file options cannot be specified at the same time")
}
}

if flags.keystoreID == "" {
if flags.keystoreName == "" || flags.providerName == "" {
return fmt.Errorf("any of keystore ID or both Provider Name and Keystore Name must be provided for provisioning")
Expand Down

0 comments on commit a10a907

Please sign in to comment.