Allow to automatically configure and linked RA
This commit is contained in:
parent
5e0be92273
commit
0c7467ceb2
4 changed files with 45 additions and 4 deletions
|
@ -339,6 +339,19 @@ func (a *Authority) init() error {
|
||||||
Type: conf.RaConfig.Provisioner.Type.String(),
|
Type: conf.RaConfig.Provisioner.Type.String(),
|
||||||
Provisioner: conf.RaConfig.Provisioner.Name,
|
Provisioner: conf.RaConfig.Provisioner.Name,
|
||||||
}
|
}
|
||||||
|
// Configure the RA authority type if needed
|
||||||
|
if options.Type == "" {
|
||||||
|
options.Type = casapi.StepCAS
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Remote configuration is currently only supported on a linked RA
|
||||||
|
if sc := conf.ServerConfig; sc != nil {
|
||||||
|
if a.config.Address == "" {
|
||||||
|
a.config.Address = sc.Address
|
||||||
|
}
|
||||||
|
if len(a.config.DNSNames) == 0 {
|
||||||
|
a.config.DNSNames = sc.DnsNames
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,12 +7,15 @@ import (
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
"unicode"
|
"unicode"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/smallstep/certificates/authority/config"
|
"github.com/smallstep/certificates/authority/config"
|
||||||
|
"github.com/smallstep/certificates/authority/provisioner"
|
||||||
"github.com/smallstep/certificates/ca"
|
"github.com/smallstep/certificates/ca"
|
||||||
|
"github.com/smallstep/certificates/db"
|
||||||
"github.com/smallstep/certificates/pki"
|
"github.com/smallstep/certificates/pki"
|
||||||
"github.com/urfave/cli"
|
"github.com/urfave/cli"
|
||||||
"go.step.sm/cli-utils/errs"
|
"go.step.sm/cli-utils/errs"
|
||||||
|
@ -99,10 +102,35 @@ func appAction(ctx *cli.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
cfg, err := config.LoadConfiguration(configFile)
|
cfg, err := config.LoadConfiguration(configFile)
|
||||||
if err != nil {
|
if err != nil && token == "" {
|
||||||
fatal(err)
|
fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Initialize a basic configuration to be used with an automatically
|
||||||
|
// configured linked RA. Default configuration includes:
|
||||||
|
// * badgerv2 on $(step path)/db
|
||||||
|
// * JSON logger
|
||||||
|
// * Default TLS options
|
||||||
|
if cfg == nil {
|
||||||
|
cfg = &config.Config{
|
||||||
|
SkipValidation: true,
|
||||||
|
Logger: []byte(`{"format":"json"}`),
|
||||||
|
DB: &db.Config{
|
||||||
|
Type: "badgerv2",
|
||||||
|
DataSource: filepath.Join(step.Path(), "db"),
|
||||||
|
},
|
||||||
|
AuthorityConfig: &config.AuthConfig{
|
||||||
|
DeploymentType: pki.LinkedDeployment.String(),
|
||||||
|
Provisioners: provisioner.List{},
|
||||||
|
Template: &config.ASN1DN{},
|
||||||
|
Backdate: &provisioner.Duration{
|
||||||
|
Duration: config.DefaultBackdate,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
TLS: &config.DefaultTLSOptions,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if cfg.AuthorityConfig != nil {
|
if cfg.AuthorityConfig != nil {
|
||||||
if token == "" && strings.EqualFold(cfg.AuthorityConfig.DeploymentType, pki.LinkedDeployment.String()) {
|
if token == "" && strings.EqualFold(cfg.AuthorityConfig.DeploymentType, pki.LinkedDeployment.String()) {
|
||||||
return errors.New(`'step-ca' requires the '--token' flag for linked deploy type.
|
return errors.New(`'step-ca' requires the '--token' flag for linked deploy type.
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -27,7 +27,7 @@ require (
|
||||||
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
|
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
|
||||||
go.step.sm/cli-utils v0.7.3
|
go.step.sm/cli-utils v0.7.3
|
||||||
go.step.sm/crypto v0.17.1
|
go.step.sm/crypto v0.17.1
|
||||||
go.step.sm/linkedca v0.17.1
|
go.step.sm/linkedca v0.18.0
|
||||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
|
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
|
||||||
golang.org/x/net v0.0.0-20220607020251-c690dde0001d
|
golang.org/x/net v0.0.0-20220607020251-c690dde0001d
|
||||||
google.golang.org/api v0.84.0
|
google.golang.org/api v0.84.0
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -769,8 +769,8 @@ go.step.sm/cli-utils v0.7.3/go.mod h1:RJRwbBLqzs5nrepQLAV9FuT3fVpWz66tKzLIB7Izpf
|
||||||
go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0=
|
go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0=
|
||||||
go.step.sm/crypto v0.17.1 h1:uKpJNvzVy/GKR28hJbW8VCbfcKKBDnGNBYCKhAp2TSg=
|
go.step.sm/crypto v0.17.1 h1:uKpJNvzVy/GKR28hJbW8VCbfcKKBDnGNBYCKhAp2TSg=
|
||||||
go.step.sm/crypto v0.17.1/go.mod h1:FXFiLBUsoE0OGz8JTjxhYU1rwKKNgVIb5izZTUMdc/8=
|
go.step.sm/crypto v0.17.1/go.mod h1:FXFiLBUsoE0OGz8JTjxhYU1rwKKNgVIb5izZTUMdc/8=
|
||||||
go.step.sm/linkedca v0.17.1 h1:LSP3kGGeVkOAoDWoqg89tko6mpvJKTRcOHfrEOnPsNc=
|
go.step.sm/linkedca v0.18.0 h1:uxRBd2WDvJNZ2i0nJm/QmG4lkRxWoebYKJinchX7T7o=
|
||||||
go.step.sm/linkedca v0.17.1/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM=
|
go.step.sm/linkedca v0.18.0/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM=
|
||||||
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||||
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||||
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
||||||
|
|
Loading…
Reference in a new issue