add --context flag to step-ca command (#851)

* added the --context flag * apply the context and allow for different ca.json * amended usage for consistency * added an extra example * added an extra example * reordered and reworded examples
2022-03-24 18:18:51 +02:00 · 2022-03-24 18:18:51 +02:00 · 27c1d0afc3
commit 27c1d0afc3
parent a852223717
2 changed files with 43 additions and 9 deletions
--- a/cmd/step-ca/main.go
+++ b/cmd/step-ca/main.go
@ -117,7 +117,7 @@ func main() {
 	app.HelpName = "step-ca"
 	app.Version = step.Version()
 	app.Usage = "an online certificate authority for secure automated certificate management"
-	app.UsageText = `**step-ca** <config> [**--password-file**=<file>]
+	app.UsageText = `**step-ca** [config] [**--context**=<name>] [**--password-file**=<file>]
 [**--ssh-host-password-file**=<file>] [**--ssh-user-password-file**=<file>]
 [**--issuer-password-file**=<file>] [**--resolver**=<addr>] [**--help**] [**--version**]`
 	app.Description = `**step-ca** runs the Step Online Certificate Authority
@ -133,6 +133,7 @@ This command will run indefinitely on success and return \>0 if any error occurs
 These examples assume that you have already initialized your PKI by running
 'step ca init'. If you have not completed this step please see the 'Getting Started'
 section of the README.
 Run the Step CA and prompt for password:
 '''
 $ step-ca $STEPPATH/config/ca.json
@ -141,7 +142,26 @@ Run the Step CA and read the password from a file - this is useful for
 automating deployment:
 '''
 $ step-ca $STEPPATH/config/ca.json --password-file ./password.txt
-'''`
+'''
 Run the Step CA for the context selected with step and a custom password file:
 '''
 $ step context select ssh
 $ step-ca --password-file ./password.txt
 '''
 Run the Step CA for the context named _mybiz_ and prompt for password:
 '''
 $ step-ca --context=mybiz
 '''
 Run the Step CA for the context named _mybiz_ and an alternate ca.json file:
 '''
 $ step-ca --context=mybiz other-ca.json
 '''
 Run the Step CA for the context named _mybiz_ and read the password from a file - this is useful for
 automating deployment:
 '''
 $ step-ca --context=mybiz --password-file ./password.txt
 '''
 `
 	app.Flags = append(app.Flags, commands.AppCommand.Flags...)
 	app.Flags = append(app.Flags, cli.HelpFlag)
 	app.Copyright = fmt.Sprintf("(c) 2018-%d Smallstep Labs, Inc.", time.Now().Year())
--- a/commands/app.go
+++ b/commands/app.go
@ -16,6 +16,7 @@ import (
 	"github.com/smallstep/certificates/pki"
 	"github.com/urfave/cli"
 	"go.step.sm/cli-utils/errs"
 	"go.step.sm/cli-utils/step"
 )
 // AppCommand is the action used as the top action.
@ -57,6 +58,11 @@ certificate issuer private key used in the RA mode.`,
 			Usage:  "token used to enable the linked ca.",
 			EnvVar: "STEP_CA_TOKEN",
 		},
 		cli.StringFlag{
 			Name:   "context",
 			Usage:  "The name of the authority's context.",
 			EnvVar: "STEP_CA_CONTEXT",
 		},
 	},
 }
@ -69,15 +75,23 @@ func appAction(ctx *cli.Context) error {
 	resolver := ctx.String("resolver")
 	token := ctx.String("token")
-	// If zero cmd line args show help, if >1 cmd line args show error.
+	if ctx.NArg() > 1 {
-	if ctx.NArg() == 0 {
+		return errs.TooManyArguments(ctx)
-		return cli.ShowAppHelp(ctx)
+	}
-	}
+
-	if err := errs.NumberOfArguments(ctx, 1); err != nil {
+	if caCtx := ctx.String("context"); caCtx != "" {
-		return err
+		if err := step.Contexts().SetCurrent(caCtx); err != nil {
 			return err
 		}
 	}
 	var configFile string
 	if ctx.NArg() > 0 {
 		configFile = ctx.Args().Get(0)
 	} else {
 		configFile = step.CaConfigFile()
 	}
 	configFile := ctx.Args().Get(0)
 	cfg, err := config.LoadConfiguration(configFile)
 	if err != nil {
 		fatal(err)