TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

install-step-ra.sh: Don't try to create a JWK provisioner, because the web app's OAuth flow doesn't support OOB with STEP_CONSOLE=true.

Browse source
This commit is contained in:
Carl Tashian 2021-10-19 15:22:30 -07:00
parent 48efd94994
commit 482482e717
1 changed files with 1 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
scripts/install-step-ra.sh
View file

@ -126,25 +126,17 @@ fi
echo "Bootstrapping with the CA..." echo "Bootstrapping with the CA..."
export STEPPATH=$(mktemp -d) export STEPPATH=$(mktemp -d)
export STEP_CONSOLE=true
step ca bootstrap --ca-url $CA_URL --fingerprint $CA_FINGERPRINT step ca bootstrap --ca-url $CA_URL --fingerprint $CA_FINGERPRINT
if [ -z "$CA_PROVISIONER_NAME" ]; then if [ -z "$CA_PROVISIONER_NAME" ]; then
declare -a provisioners declare -a provisioners
readarray -t provisioners < <(step ca provisioner list | jq -r '.[] | select(.type == "JWK") | .name') readarray -t provisioners < <(step ca provisioner list | jq -r '.[] | select(.type == "JWK") | .name')
provisioners+=("Create provisioner")
printf '%s\n' "${provisioners[@]}" printf '%s\n' "${provisioners[@]}"
printf "%b" "\nSelect a JWK provisioner:\n" >&2 printf "%b" "\nSelect a JWK provisioner:\n" >&2
select provisioner in "${provisioners[@]}"; do select provisioner in "${provisioners[@]}"; do
if [ "$provisioner" == "Create provisioner" ]; then if [ -n "$provisioner" ]; then
echo "Creating a JWK provisioner on the upstream CA..."
echo ""
read -p "Label your provisioner (e.g. example-ra): " CA_PROVISIONER_NAME < /dev/tty
step beta ca provisioner add $CA_PROVISIONER_NAME --type JWK --create
break
elif [ -n "$provisioner" ]; then
echo "Using existing provisioner $provisioner." echo "Using existing provisioner $provisioner."
CA_PROVISIONER_NAME=$provisioner CA_PROVISIONER_NAME=$provisioner
break break