From 0c7467ceb226706de1a59f048211b92bb2476dc4 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Tue, 16 Aug 2022 14:39:02 -0700 Subject: [PATCH] Allow to automatically configure and linked RA --- authority/authority.go | 13 +++++++++++++ commands/app.go | 30 +++++++++++++++++++++++++++++- go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 45 insertions(+), 4 deletions(-) diff --git a/authority/authority.go b/authority/authority.go index 59ded5be..73aa9cca 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -339,6 +339,19 @@ func (a *Authority) init() error { Type: conf.RaConfig.Provisioner.Type.String(), Provisioner: conf.RaConfig.Provisioner.Name, } + // Configure the RA authority type if needed + if options.Type == "" { + options.Type = casapi.StepCAS + } + } + // Remote configuration is currently only supported on a linked RA + if sc := conf.ServerConfig; sc != nil { + if a.config.Address == "" { + a.config.Address = sc.Address + } + if len(a.config.DNSNames) == 0 { + a.config.DNSNames = sc.DnsNames + } } } diff --git a/commands/app.go b/commands/app.go index 265610f2..7545f1df 100644 --- a/commands/app.go +++ b/commands/app.go @@ -7,12 +7,15 @@ import ( "net" "net/http" "os" + "path/filepath" "strings" "unicode" "github.com/pkg/errors" "github.com/smallstep/certificates/authority/config" + "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/ca" + "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/pki" "github.com/urfave/cli" "go.step.sm/cli-utils/errs" @@ -99,10 +102,35 @@ func appAction(ctx *cli.Context) error { } cfg, err := config.LoadConfiguration(configFile) - if err != nil { + if err != nil && token == "" { fatal(err) } + // Initialize a basic configuration to be used with an automatically + // configured linked RA. Default configuration includes: + // * badgerv2 on $(step path)/db + // * JSON logger + // * Default TLS options + if cfg == nil { + cfg = &config.Config{ + SkipValidation: true, + Logger: []byte(`{"format":"json"}`), + DB: &db.Config{ + Type: "badgerv2", + DataSource: filepath.Join(step.Path(), "db"), + }, + AuthorityConfig: &config.AuthConfig{ + DeploymentType: pki.LinkedDeployment.String(), + Provisioners: provisioner.List{}, + Template: &config.ASN1DN{}, + Backdate: &provisioner.Duration{ + Duration: config.DefaultBackdate, + }, + }, + TLS: &config.DefaultTLSOptions, + } + } + if cfg.AuthorityConfig != nil { if token == "" && strings.EqualFold(cfg.AuthorityConfig.DeploymentType, pki.LinkedDeployment.String()) { return errors.New(`'step-ca' requires the '--token' flag for linked deploy type. diff --git a/go.mod b/go.mod index 02770fbb..25020c27 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 go.step.sm/cli-utils v0.7.3 go.step.sm/crypto v0.17.1 - go.step.sm/linkedca v0.17.1 + go.step.sm/linkedca v0.18.0 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 golang.org/x/net v0.0.0-20220607020251-c690dde0001d google.golang.org/api v0.84.0 diff --git a/go.sum b/go.sum index 43387360..ce99276b 100644 --- a/go.sum +++ b/go.sum @@ -769,8 +769,8 @@ go.step.sm/cli-utils v0.7.3/go.mod h1:RJRwbBLqzs5nrepQLAV9FuT3fVpWz66tKzLIB7Izpf go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= go.step.sm/crypto v0.17.1 h1:uKpJNvzVy/GKR28hJbW8VCbfcKKBDnGNBYCKhAp2TSg= go.step.sm/crypto v0.17.1/go.mod h1:FXFiLBUsoE0OGz8JTjxhYU1rwKKNgVIb5izZTUMdc/8= -go.step.sm/linkedca v0.17.1 h1:LSP3kGGeVkOAoDWoqg89tko6mpvJKTRcOHfrEOnPsNc= -go.step.sm/linkedca v0.17.1/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM= +go.step.sm/linkedca v0.18.0 h1:uxRBd2WDvJNZ2i0nJm/QmG4lkRxWoebYKJinchX7T7o= +go.step.sm/linkedca v0.18.0/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=