MCPcopy
hub / github.com/smallstep/cli / initAction

Function initAction

command/ca/init.go:220–718  ·  view source on GitHub ↗
(ctx *cli.Context)

Source from the content-addressed store, hash-verified

218}
219
220func initAction(ctx *cli.Context) (err error) {
221 if err := assertCryptoRand(); err != nil {
222 return err
223 }
224
225 var rootCrt *x509.Certificate
226 var rootKey interface{}
227
228 caURL := ctx.String("with-ca-url")
229 root := ctx.String("root")
230 key := ctx.String("key")
231 ra := strings.ToLower(ctx.String("ra"))
232 kmsName := strings.ToLower(ctx.String("kms"))
233 pkiOnly := ctx.Bool("pki")
234 noDB := ctx.Bool("no-db")
235 helm := ctx.Bool("helm")
236 enableRemoteManagement := ctx.Bool("remote-management")
237 addDefaultACMEProvisioner := ctx.Bool("acme")
238 firstSuperAdminSubject := ctx.String("admin-subject")
239
240 switch {
241 case root != "" && key == "":
242 return errs.RequiredWithFlag(ctx, "root", "key")
243 case root == "" && key != "":
244 return errs.RequiredWithFlag(ctx, "key", "root")
245 case root != "" && key != "":
246 opts := []pemutil.Options{}
247 if keyPasswordFile := ctx.String("key-password-file"); keyPasswordFile != "" {
248 opts = append(opts, pemutil.WithPasswordFile(keyPasswordFile))
249 }
250 if rootCrt, err = pemutil.ReadCertificate(root); err != nil {
251 return err
252 }
253 if rootKey, err = pemutil.Read(key, opts...); err != nil {
254 return err
255 }
256 case ra != "" && ra != apiv1.CloudCAS && ra != apiv1.StepCAS:
257 return errs.InvalidFlagValue(ctx, "ra", ctx.String("ra"), "StepCAS or CloudCAS")
258 case kmsName != "" && kmsName != "azurekms":
259 return errs.InvalidFlagValue(ctx, "kms", ctx.String("kms"), "azurekms")
260 case kmsName != "" && ra != "":
261 return errs.IncompatibleFlagWithFlag(ctx, "kms", "ra")
262 case pkiOnly && noDB:
263 return errs.IncompatibleFlagWithFlag(ctx, "pki", "no-db")
264 case pkiOnly && helm:
265 return errs.IncompatibleFlagWithFlag(ctx, "pki", "helm")
266 case enableRemoteManagement && noDB:
267 // remote management via the Admin API requires a database configuration
268 return errs.IncompatibleFlagWithFlag(ctx, "remote-management", "no-db")
269 case addDefaultACMEProvisioner && noDB:
270 // ACME functionality requires a database configuration
271 return errs.IncompatibleFlagWithFlag(ctx, "acme", "no-db")
272 case firstSuperAdminSubject != "" && helm:
273 // providing the first super admin subject is not (yet) supported with Helm output
274 return errs.IncompatibleFlagWithFlag(ctx, "admin-subject", "helm")
275 case firstSuperAdminSubject != "" && !enableRemoteManagement:
276 // providing the first super admin subject only works with DB-backed provisioners,
277 // thus remote management should be enabled.

Callers

nothing calls this directly

Calls 10

ReadPasswordFromFileFunction · 0.92
UseContextFunction · 0.92
WarnContextFunction · 0.92
assertCryptoRandFunction · 0.85
promptDeploymentTypeFunction · 0.85
processDNSValueFunction · 0.85
TypeMethod · 0.80
StringMethod · 0.65
ReadMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…