diff --git a/command/ca/bootstrap.go b/command/ca/bootstrap.go index 0d2895f7..75778256 100644 --- a/command/ca/bootstrap.go +++ b/command/ca/bootstrap.go @@ -22,10 +22,11 @@ import ( func bootstrapCommand() cli.Command { return cli.Command{ - Name: "bootstrap", - Action: command.ActionFunc(bootstrapAction), - Usage: "initialize the environment to use the CA commands", - UsageText: `**step ca bootstrap** [**--ca-url**=] [**--fingerprint**=] [**--install**] [**--redirect-url**=]`, + Name: "bootstrap", + Action: command.ActionFunc(bootstrapAction), + Usage: "initialize the environment to use the CA commands", + UsageText: `**step ca bootstrap** [**--ca-url**=] [**--fingerprint**=] [**--install**] + [**--team**=name] [**--team-url**=url] [**--redirect-url**=]`, Description: `**step ca bootstrap** downloads the root certificate from the certificate authority and sets up the current environment to use it. @@ -34,15 +35,46 @@ create a configuration file in <$STEPPATH/configs/defaults.json> with the CA url, the root certificate location and its fingerprint. After the bootstrap, ca commands do not need to specify the flags ---ca-url, --root or --fingerprint if we want to use the same environment.`, +--ca-url, --root or --fingerprint if we want to use the same environment. + +## EXAMPLES + +Bootstrap using the CA url and a fingerprint: +''' +$ step ca bootstrap --ca-url https://ca.example.org \ + --fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097 +''' + +Bootstrap and install the root certificate +''' +$ step ca bootstrap --ca-url https://ca.example.org \ + --fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097 \ + --install +''' + +Bootstrap using a team name: +''' +$ step ca bootstrap --team superteam +''' + +Bootstrap using a team in your environment, this requires an HTTP(S) server +serving a JSON file like: +''' +{"url":"https://ca.example.org","fingerprint":"d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097"} +''' + +''' +$ step ca bootstrap --team superteam --team-url https://config.example.org/superteam +'''`, Flags: []cli.Flag{ flags.CaURL, fingerprintFlag, - flags.Team, cli.BoolFlag{ Name: "install", Usage: "Install the root certificate into the system truststore.", }, + flags.Team, + flags.TeamURL, flags.RedirectURL, flags.Force, }, diff --git a/command/ssh/config.go b/command/ssh/config.go index c45299d7..3a0b2873 100644 --- a/command/ssh/config.go +++ b/command/ssh/config.go @@ -28,10 +28,10 @@ func configCommand() cli.Command { Action: command.ActionFunc(configAction), Usage: "configures ssh to be used with certificates", UsageText: `**step ssh config** - [**--team=name] [**--host**] [**--set=**] + [**--team**=name] [**--host**] [**--set**=] [**--dry-run**] [**--roots**] [**--federation**] [**--force**] [**--ca-url**=] [**--root**=] - [**--offline**] [**--ca-config**=] [**--team-url=**]`, + [**--offline**] [**--ca-config**=] [**--team-url**=]`, Description: `**step ssh config** configures SSH to be used with certificates. It also supports flags to inspect the root certificates used to sign the certificates. @@ -65,19 +65,12 @@ Apply configuration templates with custom variables: $ step ssh config --set User=joe --set Bastion=bastion.example.com '''`, Flags: []cli.Flag{ - cli.StringFlag{ - Name: "team", - Usage: "The team used to bootstrap the environment.", - }, cli.BoolFlag{ Name: "host", Usage: `Configures a SSH server instead of a client.`, }, - cli.StringFlag{ - Name: "team-url", - Usage: `The step queries to retrieve initial team configuration. Only used with -the --team option. If the url contains "<>" placeholders, they are replaced with the team name.`, - }, + flags.Team, + flags.TeamURL, cli.BoolFlag{ Name: "roots", Usage: `Prints the public keys used to verify user or host certificates.`, diff --git a/flags/flags.go b/flags/flags.go index 4cef7066..fa23802d 100644 --- a/flags/flags.go +++ b/flags/flags.go @@ -214,6 +214,12 @@ be stored in the 'sshpop' header.`, Usage: "The team used to bootstrap the environment.", } + TeamURL = cli.StringFlag{ + Name: "team-url", + Usage: `The step queries to retrieve initial team configuration. Only used with +the --team option. If the url contains "\<\>" placeholders, they are replaced with the team name.`, + } + RedirectURL = cli.StringFlag{ Name: "redirect-url", Usage: "Terminal OAuth redirect .",