(ctx *cli.Context)
| 219 | } |
| 220 | |
| 221 | func certificateAction(ctx *cli.Context) error { |
| 222 | if err := errs.NumberOfArguments(ctx, 2); err != nil { |
| 223 | return err |
| 224 | } |
| 225 | |
| 226 | args := ctx.Args() |
| 227 | subject := args.Get(0) |
| 228 | keyFile := args.Get(1) |
| 229 | baseName := keyFile |
| 230 | // SSH uses fixed suffixes for public keys and certificates |
| 231 | pubFile := baseName + ".pub" |
| 232 | crtFile := baseName + "-cert.pub" |
| 233 | |
| 234 | comment := ctx.String("comment") |
| 235 | if comment == "" { |
| 236 | comment = subject |
| 237 | } |
| 238 | |
| 239 | // Flags |
| 240 | token := ctx.String("token") |
| 241 | isHost := ctx.Bool("host") |
| 242 | hostID := ctx.String("host-id") |
| 243 | isSign := ctx.Bool("sign") |
| 244 | isAddUser := ctx.Bool("add-user") |
| 245 | principals := ctx.StringSlice("principal") |
| 246 | passwordFile := ctx.String("password-file") |
| 247 | provisionerPasswordFile := ctx.String("provisioner-password-file") |
| 248 | noPassword := ctx.Bool("no-password") |
| 249 | insecure := ctx.Bool("insecure") |
| 250 | sshPrivKeyFile := ctx.String("private-key") |
| 251 | minPasswordLength := ctx.Int("min-password-length") |
| 252 | validAfter, validBefore, err := flags.ParseTimeDuration(ctx) |
| 253 | if err != nil { |
| 254 | return err |
| 255 | } |
| 256 | templateData, err := flags.ParseTemplateData(ctx) |
| 257 | if err != nil { |
| 258 | return err |
| 259 | } |
| 260 | |
| 261 | kty, curve, size, err := utils.GetKeyDetailsFromCLI(ctx, insecure, "kty", "curve", "size") |
| 262 | if err != nil { |
| 263 | return err |
| 264 | } |
| 265 | |
| 266 | // Validation |
| 267 | switch { |
| 268 | case noPassword && !insecure: |
| 269 | return errs.RequiredInsecureFlag(ctx, "no-password") |
| 270 | case noPassword && minPasswordLength > 0: |
| 271 | return errs.IncompatibleFlagWithFlag(ctx, "no-password", "min-password-length") |
| 272 | case noPassword && passwordFile != "": |
| 273 | return errs.IncompatibleFlagWithFlag(ctx, "no-password", "password-file") |
| 274 | case token != "" && provisionerPasswordFile != "": |
| 275 | return errs.IncompatibleFlagWithFlag(ctx, "token", "provisioner-password-file") |
| 276 | case isHost && isAddUser: |
| 277 | return errs.IncompatibleFlagWithFlag(ctx, "host", "add-user") |
| 278 | case !isHost && hostID != "": |
nothing calls this directly
no test coverage detected
searching dependent graphs…