(ctx *cli.Context)
| 218 | } |
| 219 | |
| 220 | func initAction(ctx *cli.Context) (err error) { |
| 221 | if err := assertCryptoRand(); err != nil { |
| 222 | return err |
| 223 | } |
| 224 | |
| 225 | var rootCrt *x509.Certificate |
| 226 | var rootKey interface{} |
| 227 | |
| 228 | caURL := ctx.String("with-ca-url") |
| 229 | root := ctx.String("root") |
| 230 | key := ctx.String("key") |
| 231 | ra := strings.ToLower(ctx.String("ra")) |
| 232 | kmsName := strings.ToLower(ctx.String("kms")) |
| 233 | pkiOnly := ctx.Bool("pki") |
| 234 | noDB := ctx.Bool("no-db") |
| 235 | helm := ctx.Bool("helm") |
| 236 | enableRemoteManagement := ctx.Bool("remote-management") |
| 237 | addDefaultACMEProvisioner := ctx.Bool("acme") |
| 238 | firstSuperAdminSubject := ctx.String("admin-subject") |
| 239 | |
| 240 | switch { |
| 241 | case root != "" && key == "": |
| 242 | return errs.RequiredWithFlag(ctx, "root", "key") |
| 243 | case root == "" && key != "": |
| 244 | return errs.RequiredWithFlag(ctx, "key", "root") |
| 245 | case root != "" && key != "": |
| 246 | opts := []pemutil.Options{} |
| 247 | if keyPasswordFile := ctx.String("key-password-file"); keyPasswordFile != "" { |
| 248 | opts = append(opts, pemutil.WithPasswordFile(keyPasswordFile)) |
| 249 | } |
| 250 | if rootCrt, err = pemutil.ReadCertificate(root); err != nil { |
| 251 | return err |
| 252 | } |
| 253 | if rootKey, err = pemutil.Read(key, opts...); err != nil { |
| 254 | return err |
| 255 | } |
| 256 | case ra != "" && ra != apiv1.CloudCAS && ra != apiv1.StepCAS: |
| 257 | return errs.InvalidFlagValue(ctx, "ra", ctx.String("ra"), "StepCAS or CloudCAS") |
| 258 | case kmsName != "" && kmsName != "azurekms": |
| 259 | return errs.InvalidFlagValue(ctx, "kms", ctx.String("kms"), "azurekms") |
| 260 | case kmsName != "" && ra != "": |
| 261 | return errs.IncompatibleFlagWithFlag(ctx, "kms", "ra") |
| 262 | case pkiOnly && noDB: |
| 263 | return errs.IncompatibleFlagWithFlag(ctx, "pki", "no-db") |
| 264 | case pkiOnly && helm: |
| 265 | return errs.IncompatibleFlagWithFlag(ctx, "pki", "helm") |
| 266 | case enableRemoteManagement && noDB: |
| 267 | // remote management via the Admin API requires a database configuration |
| 268 | return errs.IncompatibleFlagWithFlag(ctx, "remote-management", "no-db") |
| 269 | case addDefaultACMEProvisioner && noDB: |
| 270 | // ACME functionality requires a database configuration |
| 271 | return errs.IncompatibleFlagWithFlag(ctx, "acme", "no-db") |
| 272 | case firstSuperAdminSubject != "" && helm: |
| 273 | // providing the first super admin subject is not (yet) supported with Helm output |
| 274 | return errs.IncompatibleFlagWithFlag(ctx, "admin-subject", "helm") |
| 275 | case firstSuperAdminSubject != "" && !enableRemoteManagement: |
| 276 | // providing the first super admin subject only works with DB-backed provisioners, |
| 277 | // thus remote management should be enabled. |
nothing calls this directly
no test coverage detected
searching dependent graphs…