crypt/step-ca-cli
1
0
Fork 0
mirror of https://github.com/smallstep/cli.git synced 2025-08-09 03:22:43 +03:00
Code Activity

Improve the step ca bootstrap to fully support the --team flag.

Browse Source
This commit is contained in:
Mariano Cano
2020-04-23 18:07:15 -07:00
parent 10c39b83b7
commit 2585d5ab8d
3 changed files with 48 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
command/ca/bootstrap.go
View File

@@ -25,7 +25,8 @@ func bootstrapCommand() cli.Command {
Name: "bootstrap", Name: "bootstrap",
Action: command.ActionFunc(bootstrapAction), Action: command.ActionFunc(bootstrapAction),
Usage: "initialize the environment to use the CA commands", Usage: "initialize the environment to use the CA commands",
UsageText: `**step ca bootstrap** [**--ca-url**=<uri>] [**--fingerprint**=<fingerprint>] [**--install**] [**--redirect-url**=<url>]`, UsageText: `**step ca bootstrap** [**--ca-url**=<uri>] [**--fingerprint**=<fingerprint>] [**--install**]
[**--team**=name] [**--team-url**=url] [**--redirect-url**=<url>]`,
Description: `**step ca bootstrap** downloads the root certificate from the certificate Description: `**step ca bootstrap** downloads the root certificate from the certificate
authority and sets up the current environment to use it. authority and sets up the current environment to use it.
@@ -34,15 +35,46 @@ create a configuration file in <$STEPPATH/configs/defaults.json> with the CA
url, the root certificate location and its fingerprint. url, the root certificate location and its fingerprint.
After the bootstrap, ca commands do not need to specify the flags After the bootstrap, ca commands do not need to specify the flags
--ca-url, --root or --fingerprint if we want to use the same environment.`, --ca-url, --root or --fingerprint if we want to use the same environment.
## EXAMPLES
Bootstrap using the CA url and a fingerprint:
'''
$ step ca bootstrap --ca-url https://ca.example.org \
--fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097
'''
Bootstrap and install the root certificate
'''
$ step ca bootstrap --ca-url https://ca.example.org \
--fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097 \
--install
'''
Bootstrap using a team name:
'''
$ step ca bootstrap --team superteam
'''
Bootstrap using a team in your environment, this requires an HTTP(S) server
serving a JSON file like:
'''
{"url":"https://ca.example.org","fingerprint":"d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097"}
'''
'''
$ step ca bootstrap --team superteam --team-url https://config.example.org/superteam
'''`,
Flags: []cli.Flag{ Flags: []cli.Flag{
flags.CaURL, flags.CaURL,
fingerprintFlag, fingerprintFlag,
flags.Team,
cli.BoolFlag{ cli.BoolFlag{
Name: "install", Name: "install",
Usage: "Install the root certificate into the system truststore.", Usage: "Install the root certificate into the system truststore.",
}, },
flags.Team,
flags.TeamURL,
flags.RedirectURL, flags.RedirectURL,
flags.Force, flags.Force,
}, },

15
command/ssh/config.go
View File

@@ -28,10 +28,10 @@ func configCommand() cli.Command {
Action: command.ActionFunc(configAction), Action: command.ActionFunc(configAction),
Usage: "configures ssh to be used with certificates", Usage: "configures ssh to be used with certificates",
UsageText: `**step ssh config** UsageText: `**step ssh config**
[**--team=name] [**--host**] [**--set=<key=value>**] [**--team**=name] [**--host**] [**--set**=<key=value>]
[**--dry-run**] [**--roots**] [**--federation**] [**--dry-run**] [**--roots**] [**--federation**]
[**--force**] [**--ca-url**=<uri>] [**--root**=<file>] [**--force**] [**--ca-url**=<uri>] [**--root**=<file>]
[**--offline**] [**--ca-config**=<path>] [**--team-url=<url>**]`, [**--offline**] [**--ca-config**=<path>] [**--team-url**=<url>]`,
Description: `**step ssh config** configures SSH to be used with certificates. It also supports Description: `**step ssh config** configures SSH to be used with certificates. It also supports
flags to inspect the root certificates used to sign the certificates. flags to inspect the root certificates used to sign the certificates.
@@ -65,19 +65,12 @@ Apply configuration templates with custom variables:
$ step ssh config --set User=joe --set Bastion=bastion.example.com $ step ssh config --set User=joe --set Bastion=bastion.example.com
'''`, '''`,
Flags: []cli.Flag{ Flags: []cli.Flag{
cli.StringFlag{
Name: "team",
Usage: "The team <name> used to bootstrap the environment.",
},
cli.BoolFlag{ cli.BoolFlag{
Name: "host", Name: "host",
Usage: `Configures a SSH server instead of a client.`, Usage: `Configures a SSH server instead of a client.`,
}, },
cli.StringFlag{ flags.Team,
Name: "team-url", flags.TeamURL,
Usage: `The <url> step queries to retrieve initial team configuration. Only used with
the --team option. If the url contains "<>" placeholders, they are replaced with the team name.`,
},
cli.BoolFlag{ cli.BoolFlag{
Name: "roots", Name: "roots",
Usage: `Prints the public keys used to verify user or host certificates.`, Usage: `Prints the public keys used to verify user or host certificates.`,

6
flags/flags.go
View File

@@ -214,6 +214,12 @@ be stored in the 'sshpop' header.`,
Usage: "The team <name> used to bootstrap the environment.", Usage: "The team <name> used to bootstrap the environment.",
} }
TeamURL = cli.StringFlag{
Name: "team-url",
Usage: `The <url> step queries to retrieve initial team configuration. Only used with
the --team option. If the url contains "\<\>" placeholders, they are replaced with the team name.`,
}
RedirectURL = cli.StringFlag{ RedirectURL = cli.StringFlag{
Name: "redirect-url", Name: "redirect-url",
Usage: "Terminal OAuth redirect <url>.", Usage: "Terminal OAuth redirect <url>.",