forked from TrueCloudLab/certificates
Merge pull request #862 from smallstep/startup-info
Print some basic configuration info on startup
This commit is contained in:
commit
949c29d7db
3 changed files with 72 additions and 3 deletions
|
@ -80,6 +80,14 @@ type Authority struct {
|
|||
adminMutex sync.RWMutex
|
||||
}
|
||||
|
||||
type Info struct {
|
||||
StartTime time.Time
|
||||
RootX509Certs []*x509.Certificate
|
||||
SSHCAUserPublicKey []byte
|
||||
SSHCAHostPublicKey []byte
|
||||
DNSNames []string
|
||||
}
|
||||
|
||||
// New creates and initiates a new Authority type.
|
||||
func New(cfg *config.Config, opts ...Option) (*Authority, error) {
|
||||
err := cfg.Validate()
|
||||
|
@ -294,8 +302,6 @@ func (a *Authority) init() error {
|
|||
return err
|
||||
}
|
||||
a.rootX509Certs = append(a.rootX509Certs, resp.RootCertificate)
|
||||
sum := sha256.Sum256(resp.RootCertificate.Raw)
|
||||
log.Printf("Using root fingerprint '%s'", hex.EncodeToString(sum[:]))
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -561,6 +567,21 @@ func (a *Authority) GetAdminDatabase() admin.DB {
|
|||
return a.adminDB
|
||||
}
|
||||
|
||||
func (a *Authority) GetInfo() Info {
|
||||
ai := Info{
|
||||
StartTime: a.startTime,
|
||||
RootX509Certs: a.rootX509Certs,
|
||||
DNSNames: a.config.DNSNames,
|
||||
}
|
||||
if a.sshCAUserCertSignKey != nil {
|
||||
ai.SSHCAUserPublicKey = ssh.MarshalAuthorizedKey(a.sshCAUserCertSignKey.PublicKey())
|
||||
}
|
||||
if a.sshCAHostCertSignKey != nil {
|
||||
ai.SSHCAHostPublicKey = ssh.MarshalAuthorizedKey(a.sshCAHostCertSignKey.PublicKey())
|
||||
}
|
||||
return ai
|
||||
}
|
||||
|
||||
// IsAdminAPIEnabled returns a boolean indicating whether the Admin API has
|
||||
// been enabled.
|
||||
func (a *Authority) IsAdminAPIEnabled() bool {
|
||||
|
|
41
ca/ca.go
41
ca/ca.go
|
@ -8,6 +8,7 @@ import (
|
|||
"net/http"
|
||||
"net/url"
|
||||
"reflect"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/go-chi/chi"
|
||||
|
@ -26,11 +27,14 @@ import (
|
|||
scepAPI "github.com/smallstep/certificates/scep/api"
|
||||
"github.com/smallstep/certificates/server"
|
||||
"github.com/smallstep/nosql"
|
||||
"go.step.sm/cli-utils/step"
|
||||
"go.step.sm/crypto/x509util"
|
||||
)
|
||||
|
||||
type options struct {
|
||||
configFile string
|
||||
linkedCAToken string
|
||||
quiet bool
|
||||
password []byte
|
||||
issuerPassword []byte
|
||||
sshHostPassword []byte
|
||||
|
@ -101,6 +105,13 @@ func WithLinkedCAToken(token string) Option {
|
|||
}
|
||||
}
|
||||
|
||||
// WithQuiet sets the quiet flag.
|
||||
func WithQuiet(quiet bool) Option {
|
||||
return func(o *options) {
|
||||
o.quiet = quiet
|
||||
}
|
||||
}
|
||||
|
||||
// CA is the type used to build the complete certificate authority. It builds
|
||||
// the HTTP server, set ups the middlewares and the HTTP handlers.
|
||||
type CA struct {
|
||||
|
@ -288,6 +299,35 @@ func (ca *CA) Run() error {
|
|||
var wg sync.WaitGroup
|
||||
errs := make(chan error, 1)
|
||||
|
||||
if !ca.opts.quiet {
|
||||
authorityInfo := ca.auth.GetInfo()
|
||||
log.Printf("Starting %s", step.Version())
|
||||
log.Printf("Documentation: https://u.step.sm/docs/ca")
|
||||
log.Printf("Community Discord: https://u.step.sm/discord")
|
||||
if step.Contexts().GetCurrent() != nil {
|
||||
log.Printf("Current context: %s", step.Contexts().GetCurrent().Name)
|
||||
}
|
||||
log.Printf("Config file: %s", ca.opts.configFile)
|
||||
baseURL := fmt.Sprintf("https://%s%s",
|
||||
authorityInfo.DNSNames[0],
|
||||
ca.config.Address[strings.LastIndex(ca.config.Address, ":"):])
|
||||
log.Printf("The primary server URL is %s", baseURL)
|
||||
log.Printf("Root certificates are available at %s/roots.pem", baseURL)
|
||||
if len(authorityInfo.DNSNames) > 1 {
|
||||
log.Printf("Additional configured hostnames: %s",
|
||||
strings.Join(authorityInfo.DNSNames[1:], ", "))
|
||||
}
|
||||
for _, crt := range authorityInfo.RootX509Certs {
|
||||
log.Printf("X.509 Root Fingerprint: %s", x509util.Fingerprint(crt))
|
||||
}
|
||||
if authorityInfo.SSHCAHostPublicKey != nil {
|
||||
log.Printf("SSH Host CA Key is %s\n", authorityInfo.SSHCAHostPublicKey)
|
||||
}
|
||||
if authorityInfo.SSHCAUserPublicKey != nil {
|
||||
log.Printf("SSH User CA Key: %s\n", authorityInfo.SSHCAUserPublicKey)
|
||||
}
|
||||
}
|
||||
|
||||
if ca.insecureSrv != nil {
|
||||
wg.Add(1)
|
||||
go func() {
|
||||
|
@ -355,6 +395,7 @@ func (ca *CA) Reload() error {
|
|||
WithSSHUserPassword(ca.opts.sshUserPassword),
|
||||
WithIssuerPassword(ca.opts.issuerPassword),
|
||||
WithLinkedCAToken(ca.opts.linkedCAToken),
|
||||
WithQuiet(ca.opts.quiet),
|
||||
WithConfigFile(ca.opts.configFile),
|
||||
WithDatabase(ca.auth.GetDatabase()),
|
||||
)
|
||||
|
|
|
@ -58,6 +58,11 @@ certificate issuer private key used in the RA mode.`,
|
|||
Usage: "token used to enable the linked ca.",
|
||||
EnvVar: "STEP_CA_TOKEN",
|
||||
},
|
||||
cli.BoolFlag{
|
||||
Name: "quiet",
|
||||
Usage: "disable startup information",
|
||||
EnvVar: "STEP_CA_QUIET",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "context",
|
||||
Usage: "The name of the authority's context.",
|
||||
|
@ -74,6 +79,7 @@ func appAction(ctx *cli.Context) error {
|
|||
issuerPassFile := ctx.String("issuer-password-file")
|
||||
resolver := ctx.String("resolver")
|
||||
token := ctx.String("token")
|
||||
quiet := ctx.Bool("quiet")
|
||||
|
||||
if ctx.NArg() > 1 {
|
||||
return errs.TooManyArguments(ctx)
|
||||
|
@ -155,7 +161,8 @@ To get a linked authority token:
|
|||
ca.WithSSHHostPassword(sshHostPassword),
|
||||
ca.WithSSHUserPassword(sshUserPassword),
|
||||
ca.WithIssuerPassword(issuerPassword),
|
||||
ca.WithLinkedCAToken(token))
|
||||
ca.WithLinkedCAToken(token),
|
||||
ca.WithQuiet(quiet))
|
||||
if err != nil {
|
||||
fatal(err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue