Skip to content

Commit

Permalink
Merge branch 'master' into VC-34339/verify-cert-expiry-before-provision
Browse files Browse the repository at this point in the history
  • Loading branch information
luispresuelVenafi authored Oct 31, 2024
2 parents da43a43 + ada9cce commit 01ecfc8
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,21 @@ Feature: provision to cloud keystore
And I remember the output
And I use previous Pickup ID to provision from VCP a certificate to cloudkeystore "<cloudkeystore>" setting keystore and provider names
And I remember the output
And the output should not contain "Warning: --platform not set. Attempting to best-guess platform from connection flags"
And I grab cloud ID from output
Then I clean up previous installed certificate from cloudkeystore
Examples:
| cloudkeystore |
| GOOGLE |
| AWS |
| AZURE |

Scenario Outline: Enroll certificate and execute provisioning for cloud keystore without Platform flags
Given I enroll a random certificate with defined platform VCP with -csr service -no-prompt
And I remember the output
And I use previous Pickup ID to provision without set Platform flag from VCP a certificate to cloudkeystore "<cloudkeystore>" setting keystore and provider names
And I remember the output
And the output should contain "Warning: --platform not set. Attempting to best-guess platform from connection flags"
And I grab cloud ID from output
Then I clean up previous installed certificate from cloudkeystore
Examples:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,20 @@
And(/^I use previous Pickup ID to provision (?:from|using) (\S+) a certificate to cloudkeystore "(.*)"( setting keystore and provider names)?$/) do |platform, cloudkeystore_type, keystore_provider_names|

cmd = build_provision_cmd(platform, cloudkeystore_type, keystore_provider_names)
cmd = build_provision_cmd(platform, cloudkeystore_type, keystore_provider_names, "",true)

steps %{Then I try to run `#{cmd}`}
end

And(/^I use previous Pickup ID to provision without set Platform flag (?:from|using) (\S+) a certificate to cloudkeystore "(.*)"( setting keystore and provider names)?$/) do |platform, cloudkeystore_type, keystore_provider_names|

cmd = build_provision_cmd(platform, cloudkeystore_type, keystore_provider_names, "",false)

steps %{Then I try to run `#{cmd}`}
end

And(/^I use previous Pickup ID to provision (?:from|using) (\S+) a certificate to cloudkeystore "(.*)"( setting keystore and provider names)? with (.+)?/) do |platform, cloudkeystore_type, keystore_provider_names, flags|

cmd = build_provision_cmd(platform, cloudkeystore_type, keystore_provider_names, flags)
cmd = build_provision_cmd(platform, cloudkeystore_type, keystore_provider_names, flags, true)

steps %{Then I try to run `#{cmd}`}
end
Expand All @@ -26,17 +33,20 @@
fail(ArgumentError.new("Unknown cloud type: #{@cloudkeystore_type}"))
end
flags += @global_set_provision_flags
cmd = build_provision_cmd(PLATFORM_VCP, @cloudkeystore_type, keystore_provider_names, flags)
cmd = build_provision_cmd(PLATFORM_VCP, @cloudkeystore_type, keystore_provider_names, flags, true)
steps %{Then I try to run `#{cmd}`}
end

def build_provision_cmd(platform, cloudkeystore_type, keystore_provider_names, flags = "")
def build_provision_cmd(platform, cloudkeystore_type, keystore_provider_names, flags = "", set_platform_flag=true)

@global_set_provision_flags = flags

platform_flag = " -platform " + platform
cmd = "vcert provision cloudkeystore #{ENDPOINTS[PLATFORM_VCP]} -pickup-id #{@pickup_id}"

cmd = "vcert provision cloudkeystore #{platform_flag} #{ENDPOINTS[PLATFORM_VCP]} -pickup-id #{@pickup_id}"
if set_platform_flag
platform_flag = " -platform " + platform
cmd = cmd + platform_flag
end

keystore_name = ""
provider_name = ""
Expand Down
7 changes: 4 additions & 3 deletions cmd/vcert/cmdCloudKeystores.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,10 @@ import (

var (
subCommandCloudKeystore = &cli.Command{
Name: subCommandCloudKeystoreName,
Flags: provisionFlags,
Usage: "provision certificate from Venafi Platform to Cloud Keystore",
Before: runBeforeProvisionCommand,
Name: subCommandCloudKeystoreName,
Flags: provisionFlags,
Usage: "provision certificate from Venafi Platform to Cloud Keystore",
UsageText: `vcert provision cloudkeystore <Required Venafi Control Plane> <Options>
vcert provision cloudkeystore --platform vcp -k <VCP API key> --certificate-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx --keystore-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx --format json
Expand Down
9 changes: 8 additions & 1 deletion cmd/vcert/cmdHelper.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ import (
var tlsConfig tls.Config

func runBeforeCommand(c *cli.Context) error {
//TODO: move all flag validations here
//TODO: refactor flags to specified command. If command doesn't use it, flag should be ignored.
flags.orgUnits = c.StringSlice("ou")
flags.dnsSans = c.StringSlice("san-dns")
flags.emailSans = c.StringSlice("san-email")
Expand Down Expand Up @@ -98,6 +98,13 @@ func runBeforeCommand(c *cli.Context) error {
return nil
}

func runBeforeProvisionCommand(c *cli.Context) error {
if flags.platformString != "" {
flags.platform = venafi.GetPlatformType(flags.platformString)
}
return nil
}

func setTLSConfig() error {
//Set RenegotiateFreelyAsClient in case of we're communicating with MTLS TPP server with only user\password
if flags.apiKey == "" {
Expand Down
5 changes: 3 additions & 2 deletions cmd/vcert/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,9 @@ var (
flagPlatform = &cli.StringFlag{
Name: "platform",
Usage: "Use to specify the platform VCert will use to execute the given command. Only accepted values are:\n" +
"\t\tFor getcred command: --platform [TPP | VAAS | OIDC]\n" +
"\t\tFor enroll command: --platform [TPP | VAAS | FIREFLY]",
"\t\tFor getcred command: --platform [TPP | VCP | OIDC]\n" +
"\t\tFor enroll command: --platform [TPP | VCP | FIREFLY]\n" +
"\t\tFor provision command: --platform [ VCP ]",
Destination: &flags.platformString,
Aliases: []string{"p"},
}
Expand Down

0 comments on commit 01ecfc8

Please sign in to comment.