Improve the step ca bootstrap to fully support the --team flag.

2025-08-09 03:22:43 +03:00 · 2020-04-23 18:07:15 -07:00
parent 10c39b83b7
commit 2585d5ab8d
3 changed files with 48 additions and 17 deletions
--- a/command/ca/bootstrap.go
+++ b/command/ca/bootstrap.go
@@ -22,10 +22,11 @@ import (

 func bootstrapCommand() cli.Command {
 	return cli.Command{
-		Name:      "bootstrap",
-		Action:    command.ActionFunc(bootstrapAction),
-		Usage:     "initialize the environment to use the CA commands",
-		UsageText: `**step ca bootstrap** [**--ca-url**=<uri>] [**--fingerprint**=<fingerprint>] [**--install**] [**--redirect-url**=<url>]`,
+		Name:   "bootstrap",
+		Action: command.ActionFunc(bootstrapAction),
+		Usage:  "initialize the environment to use the CA commands",
+		UsageText: `**step ca bootstrap** [**--ca-url**=<uri>] [**--fingerprint**=<fingerprint>] [**--install**]
+		[**--team**=name] [**--team-url**=url] [**--redirect-url**=<url>]`,
 		Description: `**step ca bootstrap** downloads the root certificate from the certificate
 authority and sets up the current environment to use it.

@@ -34,15 +35,46 @@ create a configuration file in <$STEPPATH/configs/defaults.json> with the CA
 url, the root certificate location and its fingerprint.

 After the bootstrap, ca commands do not need to specify the flags
--ca-url, --root or --fingerprint if we want to use the same environment.`,
+--ca-url, --root or --fingerprint if we want to use the same environment.
+
+## EXAMPLES
+
+Bootstrap using the CA url and a fingerprint:
+'''
+$ step ca bootstrap --ca-url https://ca.example.org \
+  --fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097
+'''
+
+Bootstrap and install the root certificate
+'''
+$ step ca bootstrap --ca-url https://ca.example.org \
+  --fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097 \
+  --install
+'''
+
+Bootstrap using a team name:
+'''
+$ step ca bootstrap --team superteam
+'''
+
+Bootstrap using a team in your environment, this requires an HTTP(S) server
+serving a JSON file like:
+'''
+{"url":"https://ca.example.org","fingerprint":"d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097"}
+'''
+
+'''
+$ step ca bootstrap --team superteam --team-url https://config.example.org/superteam
+'''`,
 		Flags: []cli.Flag{
 			flags.CaURL,
 			fingerprintFlag,
-			flags.Team,
 			cli.BoolFlag{
 				Name:  "install",
 				Usage: "Install the root certificate into the system truststore.",
 			},
+			flags.Team,
+			flags.TeamURL,
 			flags.RedirectURL,
 			flags.Force,
 		},
--- a/command/ssh/config.go
+++ b/command/ssh/config.go
@@ -28,10 +28,10 @@ func configCommand() cli.Command {
 		Action: command.ActionFunc(configAction),
 		Usage:  "configures ssh to be used with certificates",
 		UsageText: `**step ssh config**
-		[**--team=name] [**--host**] [**--set=<key=value>**]
+		[**--team**=name] [**--host**] [**--set**=<key=value>]
 		[**--dry-run**] [**--roots**] [**--federation**]
 		[**--force**] [**--ca-url**=<uri>] [**--root**=<file>]
-		[**--offline**] [**--ca-config**=<path>] [**--team-url=<url>**]`,
+		[**--offline**] [**--ca-config**=<path>] [**--team-url**=<url>]`,
 		Description: `**step ssh config** configures SSH to be used with certificates. It also supports
 flags to inspect the root certificates used to sign the certificates.

@@ -65,19 +65,12 @@ Apply configuration templates with custom variables:
 $ step ssh config --set User=joe --set Bastion=bastion.example.com
 '''`,
 		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "team",
-				Usage: "The team <name> used to bootstrap the environment.",
-			},
 			cli.BoolFlag{
 				Name:  "host",
 				Usage: `Configures a SSH server instead of a client.`,
 			},
-			cli.StringFlag{
-				Name: "team-url",
-				Usage: `The <url> step queries to retrieve initial team configuration. Only used with
-the --team option. If the url contains "<>" placeholders, they are replaced with the team name.`,
-			},
+			flags.Team,
+			flags.TeamURL,
 			cli.BoolFlag{
 				Name:  "roots",
 				Usage: `Prints the public keys used to verify user or host certificates.`,
--- a/flags/flags.go
+++ b/flags/flags.go
@@ -214,6 +214,12 @@ be stored in the 'sshpop' header.`,
 		Usage: "The team <name> used to bootstrap the environment.",
 	}

+	TeamURL = cli.StringFlag{
+		Name: "team-url",
+		Usage: `The <url> step queries to retrieve initial team configuration. Only used with
+the --team option. If the url contains "\<\>" placeholders, they are replaced with the team name.`,
+	}
+
 	RedirectURL = cli.StringFlag{
 		Name:  "redirect-url",
 		Usage: "Terminal OAuth redirect <url>.",