diff --git a/ca/identity/identity.go b/ca/identity/identity.go index 14a22eb9..7d80ef70 100644 --- a/ca/identity/identity.go +++ b/ca/identity/identity.go @@ -40,10 +40,10 @@ const TunnelTLS Type = "tTLS" const DefaultLeeway = 1 * time.Minute // IdentityFile contains the location of the identity file. -var IdentityFile = filepath.Join(step.Path(), "config", "identity.json") +var IdentityFile = filepath.Join(step.ProfilePath(), "config", "identity.json") // DefaultsFile contains the location of the defaults file. -var DefaultsFile = filepath.Join(step.Path(), "config", "defaults.json") +var DefaultsFile = filepath.Join(step.ProfilePath(), "config", "defaults.json") // Identity represents the identity file that can be used to authenticate with // the CA. @@ -80,8 +80,8 @@ func LoadDefaultIdentity() (*Identity, error) { // configDir and identityDir are used in WriteDefaultIdentity for testing // purposes. var ( - configDir = filepath.Join(step.Path(), "config") - identityDir = filepath.Join(step.Path(), "identity") + configDir = filepath.Join(step.ProfilePath(), "config") + identityDir = filepath.Join(step.ProfilePath(), "identity") ) // WriteDefaultIdentity writes the given certificates and key and the diff --git a/pki/pki.go b/pki/pki.go index 5f2afedd..b0f2c886 100644 --- a/pki/pki.go +++ b/pki/pki.go @@ -10,6 +10,7 @@ import ( "encoding/json" "encoding/pem" "fmt" + "io/ioutil" "net" "os" "path/filepath" @@ -98,6 +99,12 @@ func GetConfigPath() string { return filepath.Join(step.Path(), configPath) } +// GetProfileConfigPath returns the directory where the profile configuration +// files are stored based on the STEPPATH environment variable. +func GetProfileConfigPath() string { + return filepath.Join(step.ProfilePath(), configPath) +} + // GetPublicPath returns the directory where the public keys are stored based on // the STEPPATH environment variable. func GetPublicPath() string { @@ -367,6 +374,21 @@ func New(o apiv1.Options, opts ...Option) (*PKI, error) { } } + // Create profile directory and stub for default profile configuration. + if currentCtx := step.GetCurrentContext(); currentCtx != nil { + profile := GetProfileConfigPath() + if err := os.MkdirAll(profile, 0700); err != nil { + return nil, errs.FileError(err, profile) + } + if p.profileDefaults, err = getPath(profile, "defaults.json"); err != nil { + return nil, err + } + if err := ioutil.WriteFile(p.profileDefaults, + []byte("{}"), 0600); err != nil { + return nil, err + } + } + if p.Defaults.CaUrl == "" { p.Defaults.CaUrl = p.DnsNames[0] _, port, err := net.SplitHostPort(p.Address) @@ -958,6 +980,9 @@ func (p *PKI) Save(opt ...ConfigOption) error { } ui.PrintSelected("Default configuration", p.defaults) + if p.profileDefaults != "" { + ui.PrintSelected("Profile default configuration", p.profileDefaults) + } ui.PrintSelected("Certificate Authority configuration", p.config) if p.options.deploymentType != LinkedDeployment { ui.Println()