Allow to automatically configure and linked RA
This commit is contained in:
parent
5e0be92273
commit
0c7467ceb2
4 changed files with 45 additions and 4 deletions
|
@ -339,6 +339,19 @@ func (a *Authority) init() error {
|
|||
Type: conf.RaConfig.Provisioner.Type.String(),
|
||||
Provisioner: conf.RaConfig.Provisioner.Name,
|
||||
}
|
||||
// Configure the RA authority type if needed
|
||||
if options.Type == "" {
|
||||
options.Type = casapi.StepCAS
|
||||
}
|
||||
}
|
||||
// Remote configuration is currently only supported on a linked RA
|
||||
if sc := conf.ServerConfig; sc != nil {
|
||||
if a.config.Address == "" {
|
||||
a.config.Address = sc.Address
|
||||
}
|
||||
if len(a.config.DNSNames) == 0 {
|
||||
a.config.DNSNames = sc.DnsNames
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -7,12 +7,15 @@ import (
|
|||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"unicode"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/smallstep/certificates/authority/config"
|
||||
"github.com/smallstep/certificates/authority/provisioner"
|
||||
"github.com/smallstep/certificates/ca"
|
||||
"github.com/smallstep/certificates/db"
|
||||
"github.com/smallstep/certificates/pki"
|
||||
"github.com/urfave/cli"
|
||||
"go.step.sm/cli-utils/errs"
|
||||
|
@ -99,10 +102,35 @@ func appAction(ctx *cli.Context) error {
|
|||
}
|
||||
|
||||
cfg, err := config.LoadConfiguration(configFile)
|
||||
if err != nil {
|
||||
if err != nil && token == "" {
|
||||
fatal(err)
|
||||
}
|
||||
|
||||
// Initialize a basic configuration to be used with an automatically
|
||||
// configured linked RA. Default configuration includes:
|
||||
// * badgerv2 on $(step path)/db
|
||||
// * JSON logger
|
||||
// * Default TLS options
|
||||
if cfg == nil {
|
||||
cfg = &config.Config{
|
||||
SkipValidation: true,
|
||||
Logger: []byte(`{"format":"json"}`),
|
||||
DB: &db.Config{
|
||||
Type: "badgerv2",
|
||||
DataSource: filepath.Join(step.Path(), "db"),
|
||||
},
|
||||
AuthorityConfig: &config.AuthConfig{
|
||||
DeploymentType: pki.LinkedDeployment.String(),
|
||||
Provisioners: provisioner.List{},
|
||||
Template: &config.ASN1DN{},
|
||||
Backdate: &provisioner.Duration{
|
||||
Duration: config.DefaultBackdate,
|
||||
},
|
||||
},
|
||||
TLS: &config.DefaultTLSOptions,
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.AuthorityConfig != nil {
|
||||
if token == "" && strings.EqualFold(cfg.AuthorityConfig.DeploymentType, pki.LinkedDeployment.String()) {
|
||||
return errors.New(`'step-ca' requires the '--token' flag for linked deploy type.
|
||||
|
|
2
go.mod
2
go.mod
|
@ -27,7 +27,7 @@ require (
|
|||
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
|
||||
go.step.sm/cli-utils v0.7.3
|
||||
go.step.sm/crypto v0.17.1
|
||||
go.step.sm/linkedca v0.17.1
|
||||
go.step.sm/linkedca v0.18.0
|
||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
|
||||
golang.org/x/net v0.0.0-20220607020251-c690dde0001d
|
||||
google.golang.org/api v0.84.0
|
||||
|
|
4
go.sum
4
go.sum
|
@ -769,8 +769,8 @@ go.step.sm/cli-utils v0.7.3/go.mod h1:RJRwbBLqzs5nrepQLAV9FuT3fVpWz66tKzLIB7Izpf
|
|||
go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0=
|
||||
go.step.sm/crypto v0.17.1 h1:uKpJNvzVy/GKR28hJbW8VCbfcKKBDnGNBYCKhAp2TSg=
|
||||
go.step.sm/crypto v0.17.1/go.mod h1:FXFiLBUsoE0OGz8JTjxhYU1rwKKNgVIb5izZTUMdc/8=
|
||||
go.step.sm/linkedca v0.17.1 h1:LSP3kGGeVkOAoDWoqg89tko6mpvJKTRcOHfrEOnPsNc=
|
||||
go.step.sm/linkedca v0.17.1/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM=
|
||||
go.step.sm/linkedca v0.18.0 h1:uxRBd2WDvJNZ2i0nJm/QmG4lkRxWoebYKJinchX7T7o=
|
||||
go.step.sm/linkedca v0.18.0/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM=
|
||||
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
||||
|
|
Loading…
Reference in a new issue