Add deployment type to config.

This field is ignored except for the start of the ca. If the type
is linked and the token is not passed, it will fail with an error.
This commit is contained in:
Mariano Cano 2021-08-10 17:07:15 -07:00
parent 56bb3eb6e1
commit 072ba4227c
3 changed files with 36 additions and 1 deletions

View file

@ -85,6 +85,7 @@ type ASN1DN struct {
type AuthConfig struct { type AuthConfig struct {
*cas.Options *cas.Options
AuthorityID string `json:"authorityId,omitempty"` AuthorityID string `json:"authorityId,omitempty"`
DeploymentType string `json:"deploymentType,omitempty"`
Provisioners provisioner.List `json:"provisioners,omitempty"` Provisioners provisioner.List `json:"provisioners,omitempty"`
Admins []*linkedca.Admin `json:"-"` Admins []*linkedca.Admin `json:"-"`
Template *ASN1DN `json:"template,omitempty"` Template *ASN1DN `json:"template,omitempty"`

View file

@ -8,11 +8,13 @@ import (
"net" "net"
"net/http" "net/http"
"os" "os"
"strings"
"unicode" "unicode"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/smallstep/certificates/authority/config" "github.com/smallstep/certificates/authority/config"
"github.com/smallstep/certificates/ca" "github.com/smallstep/certificates/ca"
"github.com/smallstep/certificates/pki"
"github.com/urfave/cli" "github.com/urfave/cli"
"go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/errs"
) )
@ -67,6 +69,18 @@ func appAction(ctx *cli.Context) error {
fatal(err) fatal(err)
} }
if config.AuthorityConfig != nil {
if token == "" && strings.EqualFold(config.AuthorityConfig.DeploymentType, pki.LinkedDeployment.String()) {
return errors.New(`'step-ca' requires the '--token' flag for linked deploy type.
To get a linked authority token:
1. Log in or create a Certificate Manager account at ` + "\033[1mhttps://u.step.sm/linked\033[0m" + `
2. Add a new authority with "linked" type
3. Follow instructions in browser to start 'step-ca' using the '--token' flag
`)
}
}
var password []byte var password []byte
if passFile != "" { if passFile != "" {
if password, err = ioutil.ReadFile(passFile); err != nil { if password, err = ioutil.ReadFile(passFile); err != nil {

View file

@ -54,6 +54,20 @@ const (
HostedDeployment HostedDeployment
) )
// String returns the string version of the deployment type.
func (d DeploymentType) String() string {
switch d {
case StandaloneDeployment:
return "standalone"
case LinkedDeployment:
return "linked"
case HostedDeployment:
return "hosted"
default:
return "unknown"
}
}
const ( const (
// ConfigPath is the directory name under the step path where the configuration // ConfigPath is the directory name under the step path where the configuration
// files will be stored. // files will be stored.
@ -580,7 +594,7 @@ func (p *PKI) askFeedback() {
ui.Println(" regarding how youre using `step` helps. Please send us a sentence or two,") ui.Println(" regarding how youre using `step` helps. Please send us a sentence or two,")
ui.Println(" good or bad at \033[1mfeedback@smallstep.com\033[0m or join GitHub Discussions") ui.Println(" good or bad at \033[1mfeedback@smallstep.com\033[0m or join GitHub Discussions")
ui.Println(" \033[1mhttps://github.com/smallstep/certificates/discussions\033[0m and our Discord ") ui.Println(" \033[1mhttps://github.com/smallstep/certificates/discussions\033[0m and our Discord ")
ui.Println(" \033[1mhttps://bit.ly/step-discord\033[0m.") ui.Println(" \033[1mhttps://u.step.sm/discord\033[0m.")
if p.options.deploymentType == LinkedDeployment { if p.options.deploymentType == LinkedDeployment {
ui.Println() ui.Println()
@ -652,6 +666,12 @@ func (p *PKI) GenerateConfig(opt ...ConfigOption) (*authconfig.Config, error) {
Templates: p.getTemplates(), Templates: p.getTemplates(),
} }
// Add linked as a deployment type to detect it on start and provide a
// message if the token is not given.
if p.options.deploymentType == LinkedDeployment {
config.AuthorityConfig.DeploymentType = LinkedDeployment.String()
}
// On standalone deployments add the provisioners to either the ca.json or // On standalone deployments add the provisioners to either the ca.json or
// the database. // the database.
var provisioners []provisioner.Interface var provisioners []provisioner.Interface