Merge pull request #490 from Venafi/VC-32826-provision-vcert-cli-4

luispresuelVenafi · web-flow · commit 1b471ab67f6c · 2024-05-28T12:49:28.000-06:00
Adds certificate ID File flags for provisioning in VCert CLI
diff --git a/README-CLI-CLOUD.md b/README-CLI-CLOUD.md
@@ -229,17 +229,18 @@ vcert provisioning cloudkeystore -p vcp -t <access token> [--certificate-id <cer
 ```
 Options:
 
-| Command              | Description                                                                                                                                                                                                            |
-|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `--certificate-id`   | The id of the certificate to be provisioned to a cloud keystore.                                                                                                                                                       |
-| `--pickup-id`        | Use to specify the unique identifier of the certificate returned by the enroll or renew actions if `--no-pickup` was used or a timeout occurred. Required when `--pickup-id-file` is not specified.                    |
-| `--pickup-id-file`   | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
-| `--certificate-name` | Use to specify Cloud Keystore Certificate Name if it supports it                                                                                                                                                       |
-| `--keystore-id`      | The id of the cloud keystore where the certificate will be provisioned.                                                                                                                                                |
-| `--provider-name`    | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.                                                                     |
-| `--keystore-name`    | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.                                                                                                   |
-| `--file`             | Use to specify a file name and a location where the output should be written. Example: --file /path-to/provision-output                                                                                                |
-| `--format`           | The format of the operation output: text or JSON. Defaults to text.                                                                                                                                                    |
+| Command                 | Description                                                                                                                                                                                                            |
+|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `--certificate-id`      | The id of the certificate to be provisioned to a cloud keystore.                                                                                                                                                       |
+| `--certificate-id-file` | Use to specify a file name that contains the unique identifier of the certificate. Required when `--certificate-id` is not specified.                                                                                  |
+| `--certificate-name`    | Use to specify Cloud Keystore Certificate Name if it supports it                                                                                                                                                       |
+| `--file`                | Use to specify a file name and a location where the output should be written. Example: --file /path-to/provision-output                                                                                                |
+| `--format`              | The format of the operation output: text or JSON. Defaults to text.                                                                                                                                                    |
+| `--keystore-id`         | The id of the cloud keystore where the certificate will be provisioned.                                                                                                                                                |
+| `--keystore-name`       | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.                                                                                                   |
+| `--pickup-id-file`      | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
+| `--pickup-id`           | Use to specify the unique identifier of the certificate returned by the enroll or renew actions. Required when `--pickup-id-file` is not specified.                                                                    |
+| `--provider-name`       | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.                                                                     |
 
 ## Parameters for Applying Certificate Policy
 API key:
diff --git a/cmd/vcert/args.go b/cmd/vcert/args.go
@@ -147,6 +147,7 @@ type commandFlags struct {
 	sshFileCertEnroll    string
 	sshFileGetConfig     string
 	certificateID        string
+	certificateIDFile    string
 	keystoreID           string
 	providerName         string
 	keystoreName         string
diff --git a/cmd/vcert/cmdCloudKeystores.go b/cmd/vcert/cmdCloudKeystores.go
@@ -32,12 +32,18 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
 	if err != nil {
 		return err
 	}
+	var flagsP *commandFlags
+	flagsP, err = gettingIDsFromFiles(&flags)
+	if err != nil {
+		return err
+	}
+
 	err = setTLSConfig()
 	if err != nil {
 		return err
 	}
 
-	cfg, err := buildConfig(c, &flags)
+	cfg, err := buildConfig(c, flagsP)
 	if err != nil {
 		return fmt.Errorf("failed to build vcert config: %s", err)
 	}
@@ -53,22 +59,14 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
 	var options *endpoint.ProvisioningOptions
 
 	log.Printf("fetching keystore information for provided keystore information from flags. KeystoreID: %s, KeystoreName: %s, ProviderName: %s", flags.keystoreID, flags.keystoreName, flags.providerName)
-	getKeystoreReq := buildGetCloudKeystoreRequest(&flags)
+	getKeystoreReq := buildGetCloudKeystoreRequest(flagsP)
 	cloudKeystore, err := connector.(*cloud.Connector).GetCloudKeystore(getKeystoreReq)
 	if err != nil {
 		return err
 	}
 	log.Printf("successfully fetched keystore")
 
-	if flags.pickupIDFile != "" {
-		bytes, err := os.ReadFile(flags.pickupIDFile)
-		if err != nil {
-			return fmt.Errorf("failed to read Pickup ID value: %s", err)
-		}
-		flags.pickupID = strings.TrimSpace(string(bytes))
-	}
-
-	req, options = fillProvisioningRequest(req, *cloudKeystore, &flags)
+	req, options = fillProvisioningRequest(req, *cloudKeystore, flagsP)
 
 	metadata, err := connector.ProvisionCertificate(req, options)
 	if err != nil {
@@ -94,3 +92,21 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
 	}
 	return nil
 }
+
+func gettingIDsFromFiles(flags *commandFlags) (*commandFlags, error) {
+	if flags.pickupIDFile != "" {
+		bytes, err := os.ReadFile(flags.pickupIDFile)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read Pickup ID value: %s", err)
+		}
+		flags.pickupID = strings.TrimSpace(string(bytes))
+	}
+	if flags.certificateIDFile != "" {
+		bytes, err := os.ReadFile(flags.certificateIDFile)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read Certificate ID value: %s", err)
+		}
+		flags.certificateID = strings.TrimSpace(string(bytes))
+	}
+	return flags, nil
+}
diff --git a/cmd/vcert/flags.go b/cmd/vcert/flags.go
@@ -714,6 +714,13 @@ var (
 		Destination: &flags.certificateID,
 	}
 
+	flagCertificateIDFile = &cli.StringFlag{
+		Name: "certificate-id-file",
+		Usage: "Use to specify the file name from where to read or write the Certificate ID. " +
+			"Either --certificate-id or --certificate-id-file is required.",
+		Destination: &flags.certificateIDFile,
+	}
+
 	flagKeystoreID = &cli.StringFlag{
 		Name:        "keystore-id",
 		Usage:       "The id of the cloud keystore where the certificate will be provisioned.",
@@ -900,6 +907,7 @@ var (
 		credentialsFlags,
 		flagPlatform,
 		flagCertificateID,
+		flagCertificateIDFile,
 		flagProvisionPickupID,
 		flagPickupIDFile,
 		flagKeystoreCertName,
diff --git a/cmd/vcert/validators.go b/cmd/vcert/validators.go
@@ -732,8 +732,8 @@ func validateProvisionFlags(commandName string) error {
 		return fmt.Errorf("unexpected output format: %s", flags.format)
 	}
 
-	if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" {
-		return fmt.Errorf("please, provide any of --certificate-id or --pickup-id or --pickup-id-file")
+	if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" && flags.certificateIDFile == "" {
+		return fmt.Errorf("please, provide any of --certificate-id or --certificate-id-file or --pickup-id or --pickup-id-file")
 	}
 
 	if flags.pickupIDFile != "" {
@@ -745,6 +745,15 @@ func validateProvisionFlags(commandName string) error {
 		}
 	}
 
+	if flags.certificateIDFile != "" {
+		if flags.pickupID != "" {
+			return fmt.Errorf("both --certificate-id and --pickup-id-file options cannot be specified at the same time")
+		}
+		if flags.certificateID != "" {
+			return fmt.Errorf("both --certificate-id and --certificate-id-file options cannot be specified at the same time")
+		}
+	}
+
 	if flags.keystoreID == "" {
 		if flags.keystoreName == "" || flags.providerName == "" {
 			return fmt.Errorf("any of keystore ID or both Provider Name and Keystore Name must be provided for provisioning")

Original file line number	Diff line number	Diff line change
`@@ -732,8 +732,8 @@ func validateProvisionFlags(commandName string) error {`
`732`	`732`	`return fmt.Errorf("unexpected output format: %s", flags.format)`
`733`	`733`	`}`
`734`	`734`
`735`		`- if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" {`
`736`		`- return fmt.Errorf("please, provide any of --certificate-id or --pickup-id or --pickup-id-file")`
	`735`	`+ if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" && flags.certificateIDFile == "" {`
	`736`	`+ return fmt.Errorf("please, provide any of --certificate-id or --certificate-id-file or --pickup-id or --pickup-id-file")`
`737`	`737`	`}`
`738`	`738`
`739`	`739`	`if flags.pickupIDFile != "" {`
`@@ -745,6 +745,15 @@ func validateProvisionFlags(commandName string) error {`
`745`	`745`	`}`
`746`	`746`	`}`
`747`	`747`
	`748`	`+ if flags.certificateIDFile != "" {`
	`749`	`+ if flags.pickupID != "" {`
	`750`	`+ return fmt.Errorf("both --certificate-id and --pickup-id-file options cannot be specified at the same time")`
	`751`	`+ }`
	`752`	`+ if flags.certificateID != "" {`
	`753`	`+ return fmt.Errorf("both --certificate-id and --certificate-id-file options cannot be specified at the same time")`
	`754`	`+ }`
	`755`	`+ }`
	`756`	`+`
`748`	`757`	`if flags.keystoreID == "" {`
`749`	`758`	`if flags.keystoreName == "" \|\| flags.providerName == "" {`
`750`	`759`	`return fmt.Errorf("any of keystore ID or both Provider Name and Keystore Name must be provided for provisioning")`