From c9f4b2868fc2bc7e56dee21cf5add72a2d4fcb64 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Fri, 6 Dec 2019 11:33:11 -0800 Subject: [PATCH] Remove authentication to step ssh renew. Improve usage. --- command/ssh/renew.go | 54 ++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/command/ssh/renew.go b/command/ssh/renew.go index e6a9e56f..81f19929 100644 --- a/command/ssh/renew.go +++ b/command/ssh/renew.go @@ -7,7 +7,6 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority/provisioner" - "github.com/smallstep/certificates/ca" "github.com/smallstep/cli/command" "github.com/smallstep/cli/errs" "github.com/smallstep/cli/flags" @@ -23,12 +22,14 @@ func renewCommand() cli.Command { Name: "renew", Action: command.ActionFunc(renewAction), Usage: "renew a SSH certificate using the SSH CA", - UsageText: `**step ssh renew** -[**--issuer**=] [**--ca-url**=] [**--root**=] -[**--password-file**=] [**--offline**] [**--ca-config**=] -[**--force**]`, + UsageText: `**step ssh renew** + [**--out**=] [**--issuer**=] [**--password-file**=] + [**--force**] [**--ca-url**=] [**--root**=] + [**--offline**] [**--ca-config**=]`, Description: `**step ssh renew** command renews an SSH Cerfificate -using [step certificates](https://github.com/smallstep/certificates). +using [step certificates](https://github.com/smallstep/certificates). +It writes the new certificate to disk - either overwriting or +using a new file when the **--out**= flag is used. ## POSITIONAL ARGUMENTS @@ -38,23 +39,29 @@ using [step certificates](https://github.com/smallstep/certificates). : The ssh certificate private key. - -: The path where the new SSH Certificate should be written. - ## EXAMPLES -Renew an ssh certificate: +Renew an ssh certificate overwriting the previous one: ''' -$ step ssh renew id_ecdsa-cert.pub id_ecdsa new-id_ecdsa-cer.pub +$ step ssh renew -f id_ecdsa-cert.pub id_ecdsa +''' + +Renew an ssh certificate with a custom out file: +''' +$ step ssh renew -out new-id_ecdsa-cer.pub id_ecdsa-cert.pub id_ecdsa '''`, Flags: []cli.Flag{ - sshProvisionerPasswordFlag, + cli.StringFlag{ + Name: "out,output-file", + Usage: "The new certificate path. Defaults to overwriting the positional argument", + }, flags.Provisioner, + sshProvisionerPasswordFlag, + flags.Force, flags.CaURL, flags.Root, flags.Offline, flags.CaConfig, - flags.Force, flags.SSHPOPCert, flags.SSHPOPKey, }, @@ -62,14 +69,19 @@ $ step ssh renew id_ecdsa-cert.pub id_ecdsa new-id_ecdsa-cer.pub } func renewAction(ctx *cli.Context) error { - if err := errs.NumberOfArguments(ctx, 3); err != nil { + if err := errs.NumberOfArguments(ctx, 2); err != nil { return err } args := ctx.Args() certFile := args.Get(0) keyFile := args.Get(1) - newCertFile := args.Get(2) + + // Flags + outFile := ctx.String("out") + if outFile == "" { + outFile = certFile + } flow, err := cautils.NewCertificateFlow(ctx) if err != nil { @@ -98,13 +110,7 @@ func renewAction(ctx *cli.Context) error { return err } - // Prepare retry function - retryFunc, err := loginOnUnauthorized(ctx) - if err != nil { - return err - } - - caClient, err := flow.GetClient(ctx, token, ca.WithRetryFunc(retryFunc)) + caClient, err := flow.GetClient(ctx, token) if err != nil { return err } @@ -117,10 +123,10 @@ func renewAction(ctx *cli.Context) error { } // Write certificate - if err := utils.WriteFile(newCertFile, marshalPublicKey(resp.Certificate, cert.KeyId), 0644); err != nil { + if err := utils.WriteFile(outFile, marshalPublicKey(resp.Certificate, cert.KeyId), 0644); err != nil { return err } - ui.PrintSelected("Certificate", newCertFile) + ui.PrintSelected("Certificate", outFile) return nil }