add --context flag to step-ca command (#851)

* added the --context flag * apply the context and allow for different ca.json * amended usage for consistency * added an extra example * added an extra example * reordered and reworded examples
2022-03-24 18:18:51 +02:00 · 2022-03-24 18:18:51 +02:00 · 6d4d4560df
commit 6d4d4560df
parent e27124b037
2 changed files with 43 additions and 9 deletions
--- a/cmd/step-ca/main.go
+++ b/cmd/step-ca/main.go
@ -117,7 +117,7 @@ func main() {
 	app.HelpName = "step-ca"
 	app.Version = step.Version()
 	app.Usage = "an online certificate authority for secure automated certificate management"
-	app.UsageText = `**step-ca** <config> [**--password-file**=<file>]
+	app.UsageText = `**step-ca** [config] [**--context**=<name>] [**--password-file**=<file>]
 [**--ssh-host-password-file**=<file>] [**--ssh-user-password-file**=<file>]
 [**--issuer-password-file**=<file>] [**--resolver**=<addr>] [**--help**] [**--version**]`
 	app.Description = `**step-ca** runs the Step Online Certificate Authority
@ -133,6 +133,7 @@ This command will run indefinitely on success and return \>0 if any error occurs
 These examples assume that you have already initialized your PKI by running
 'step ca init'. If you have not completed this step please see the 'Getting Started'
 section of the README.
+
 Run the Step CA and prompt for password:
 '''
 $ step-ca $STEPPATH/config/ca.json
@ -141,7 +142,26 @@ Run the Step CA and read the password from a file - this is useful for
 automating deployment:
 '''
 $ step-ca $STEPPATH/config/ca.json --password-file ./password.txt
-'''`
+'''
+Run the Step CA for the context selected with step and a custom password file:
+'''
+$ step context select ssh
+$ step-ca --password-file ./password.txt
+'''
+Run the Step CA for the context named _mybiz_ and prompt for password:
+'''
+$ step-ca --context=mybiz
+'''
+Run the Step CA for the context named _mybiz_ and an alternate ca.json file:
+'''
+$ step-ca --context=mybiz other-ca.json
+'''
+Run the Step CA for the context named _mybiz_ and read the password from a file - this is useful for
+automating deployment:
+'''
+$ step-ca --context=mybiz --password-file ./password.txt
+'''
+`
 	app.Flags = append(app.Flags, commands.AppCommand.Flags...)
 	app.Flags = append(app.Flags, cli.HelpFlag)
 	app.Copyright = fmt.Sprintf("(c) 2018-%d Smallstep Labs, Inc.", time.Now().Year())
--- a/commands/app.go
+++ b/commands/app.go
@ -16,6 +16,7 @@ import (
 	"github.com/smallstep/certificates/pki"
 	"github.com/urfave/cli"
 	"go.step.sm/cli-utils/errs"
+	"go.step.sm/cli-utils/step"
 )

 // AppCommand is the action used as the top action.
@ -57,6 +58,11 @@ certificate issuer private key used in the RA mode.`,
 			Usage:  "token used to enable the linked ca.",
 			EnvVar: "STEP_CA_TOKEN",
 		},
+		cli.StringFlag{
+			Name:   "context",
+			Usage:  "The name of the authority's context.",
+			EnvVar: "STEP_CA_CONTEXT",
+		},
 	},
 }

@ -69,15 +75,23 @@ func appAction(ctx *cli.Context) error {
 	resolver := ctx.String("resolver")
 	token := ctx.String("token")

-	// If zero cmd line args show help, if >1 cmd line args show error.
-	if ctx.NArg() == 0 {
-		return cli.ShowAppHelp(ctx)
-	}
-	if err := errs.NumberOfArguments(ctx, 1); err != nil {
-		return err
+	if ctx.NArg() > 1 {
+		return errs.TooManyArguments(ctx)
+	}
+
+	if caCtx := ctx.String("context"); caCtx != "" {
+		if err := step.Contexts().SetCurrent(caCtx); err != nil {
+			return err
+		}
+	}
+
+	var configFile string
+	if ctx.NArg() > 0 {
+		configFile = ctx.Args().Get(0)
+	} else {
+		configFile = step.CaConfigFile()
 	}

-	configFile := ctx.Args().Get(0)
 	cfg, err := config.LoadConfiguration(configFile)
 	if err != nil {
 		fatal(err)