forked from TrueCloudLab/certificates
Add deployment type to config.
This field is ignored except for the start of the ca. If the type is linked and the token is not passed, it will fail with an error.
This commit is contained in:
parent
56bb3eb6e1
commit
072ba4227c
3 changed files with 36 additions and 1 deletions
|
@ -85,6 +85,7 @@ type ASN1DN struct {
|
||||||
type AuthConfig struct {
|
type AuthConfig struct {
|
||||||
*cas.Options
|
*cas.Options
|
||||||
AuthorityID string `json:"authorityId,omitempty"`
|
AuthorityID string `json:"authorityId,omitempty"`
|
||||||
|
DeploymentType string `json:"deploymentType,omitempty"`
|
||||||
Provisioners provisioner.List `json:"provisioners,omitempty"`
|
Provisioners provisioner.List `json:"provisioners,omitempty"`
|
||||||
Admins []*linkedca.Admin `json:"-"`
|
Admins []*linkedca.Admin `json:"-"`
|
||||||
Template *ASN1DN `json:"template,omitempty"`
|
Template *ASN1DN `json:"template,omitempty"`
|
||||||
|
|
|
@ -8,11 +8,13 @@ import (
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
"strings"
|
||||||
"unicode"
|
"unicode"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/smallstep/certificates/authority/config"
|
"github.com/smallstep/certificates/authority/config"
|
||||||
"github.com/smallstep/certificates/ca"
|
"github.com/smallstep/certificates/ca"
|
||||||
|
"github.com/smallstep/certificates/pki"
|
||||||
"github.com/urfave/cli"
|
"github.com/urfave/cli"
|
||||||
"go.step.sm/cli-utils/errs"
|
"go.step.sm/cli-utils/errs"
|
||||||
)
|
)
|
||||||
|
@ -67,6 +69,18 @@ func appAction(ctx *cli.Context) error {
|
||||||
fatal(err)
|
fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if config.AuthorityConfig != nil {
|
||||||
|
if token == "" && strings.EqualFold(config.AuthorityConfig.DeploymentType, pki.LinkedDeployment.String()) {
|
||||||
|
return errors.New(`'step-ca' requires the '--token' flag for linked deploy type.
|
||||||
|
|
||||||
|
To get a linked authority token:
|
||||||
|
1. Log in or create a Certificate Manager account at ` + "\033[1mhttps://u.step.sm/linked\033[0m" + `
|
||||||
|
2. Add a new authority with "linked" type
|
||||||
|
3. Follow instructions in browser to start 'step-ca' using the '--token' flag
|
||||||
|
`)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
var password []byte
|
var password []byte
|
||||||
if passFile != "" {
|
if passFile != "" {
|
||||||
if password, err = ioutil.ReadFile(passFile); err != nil {
|
if password, err = ioutil.ReadFile(passFile); err != nil {
|
||||||
|
|
22
pki/pki.go
22
pki/pki.go
|
@ -54,6 +54,20 @@ const (
|
||||||
HostedDeployment
|
HostedDeployment
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// String returns the string version of the deployment type.
|
||||||
|
func (d DeploymentType) String() string {
|
||||||
|
switch d {
|
||||||
|
case StandaloneDeployment:
|
||||||
|
return "standalone"
|
||||||
|
case LinkedDeployment:
|
||||||
|
return "linked"
|
||||||
|
case HostedDeployment:
|
||||||
|
return "hosted"
|
||||||
|
default:
|
||||||
|
return "unknown"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// ConfigPath is the directory name under the step path where the configuration
|
// ConfigPath is the directory name under the step path where the configuration
|
||||||
// files will be stored.
|
// files will be stored.
|
||||||
|
@ -580,7 +594,7 @@ func (p *PKI) askFeedback() {
|
||||||
ui.Println(" regarding how you’re using `step` helps. Please send us a sentence or two,")
|
ui.Println(" regarding how you’re using `step` helps. Please send us a sentence or two,")
|
||||||
ui.Println(" good or bad at \033[1mfeedback@smallstep.com\033[0m or join GitHub Discussions")
|
ui.Println(" good or bad at \033[1mfeedback@smallstep.com\033[0m or join GitHub Discussions")
|
||||||
ui.Println(" \033[1mhttps://github.com/smallstep/certificates/discussions\033[0m and our Discord ")
|
ui.Println(" \033[1mhttps://github.com/smallstep/certificates/discussions\033[0m and our Discord ")
|
||||||
ui.Println(" \033[1mhttps://bit.ly/step-discord\033[0m.")
|
ui.Println(" \033[1mhttps://u.step.sm/discord\033[0m.")
|
||||||
|
|
||||||
if p.options.deploymentType == LinkedDeployment {
|
if p.options.deploymentType == LinkedDeployment {
|
||||||
ui.Println()
|
ui.Println()
|
||||||
|
@ -652,6 +666,12 @@ func (p *PKI) GenerateConfig(opt ...ConfigOption) (*authconfig.Config, error) {
|
||||||
Templates: p.getTemplates(),
|
Templates: p.getTemplates(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Add linked as a deployment type to detect it on start and provide a
|
||||||
|
// message if the token is not given.
|
||||||
|
if p.options.deploymentType == LinkedDeployment {
|
||||||
|
config.AuthorityConfig.DeploymentType = LinkedDeployment.String()
|
||||||
|
}
|
||||||
|
|
||||||
// On standalone deployments add the provisioners to either the ca.json or
|
// On standalone deployments add the provisioners to either the ca.json or
|
||||||
// the database.
|
// the database.
|
||||||
var provisioners []provisioner.Interface
|
var provisioners []provisioner.Interface
|
||||||
|
|
Loading…
Reference in a new issue