BootstrapTeamAuthority does a request to api.smallstep.com to bootstrap the configuration of a given team/authority.
(ctx *cli.Context, team, teamAuthority string)
| 224 | // BootstrapTeamAuthority does a request to api.smallstep.com to bootstrap the |
| 225 | // configuration of a given team/authority. |
| 226 | func BootstrapTeamAuthority(ctx *cli.Context, team, teamAuthority string) error { |
| 227 | apiEndpoint := ctx.String("team-url") |
| 228 | if apiEndpoint == "" { |
| 229 | // Use the default endpoint.. |
| 230 | u := url.URL{ |
| 231 | Scheme: "https", |
| 232 | Host: "api.smallstep.com", |
| 233 | Path: "/v1/teams/" + team + "/authorities/" + teamAuthority, |
| 234 | } |
| 235 | apiEndpoint = u.String() |
| 236 | } else { |
| 237 | // The user specified a custom endpoint.. |
| 238 | // TODO implement support for replacing the authority section of the |
| 239 | // URL with placeholders as well. |
| 240 | apiEndpoint = strings.ReplaceAll(apiEndpoint, "<>", team) |
| 241 | u, err := url.Parse(apiEndpoint) |
| 242 | if err != nil { |
| 243 | return errors.Wrapf(err, "error parsing %s", apiEndpoint) |
| 244 | } |
| 245 | apiEndpoint = u.String() |
| 246 | } |
| 247 | |
| 248 | // Get the --redirect-url flag, If passed, we will use this one even if the |
| 249 | // API provides one. |
| 250 | redirectURL := ctx.String("redirect-url") |
| 251 | if redirectURL != "" { |
| 252 | if _, err := url.Parse(redirectURL); err != nil { |
| 253 | return err |
| 254 | } |
| 255 | } |
| 256 | |
| 257 | // Using public PKI |
| 258 | //nolint:gosec // Variadic URL is considered safe here for the following reasons: |
| 259 | // 1) The input is from the command line, rather than a web form or publicly available API. |
| 260 | // 2) The command is expected to be used on a client, rather than a privileged backend host. |
| 261 | resp, err := http.Get(apiEndpoint) |
| 262 | if err != nil { |
| 263 | return errors.Wrap(err, "error getting authority data") |
| 264 | } |
| 265 | defer resp.Body.Close() |
| 266 | if resp.StatusCode >= 400 { |
| 267 | if resp.StatusCode == http.StatusNotFound { |
| 268 | return errors.New("error getting authority data: authority not found") |
| 269 | } |
| 270 | return errors.Wrap(readError(resp.Body), "error getting authority data") |
| 271 | } |
| 272 | |
| 273 | var r bootstrapAPIResponse |
| 274 | if err := readJSON(resp.Body, &r); err != nil { |
| 275 | return errors.Wrap(err, "error getting authority data") |
| 276 | } |
| 277 | if redirectURL != "" { |
| 278 | r.RedirectURL = redirectURL |
| 279 | } else if r.RedirectURL == "" { |
| 280 | r.RedirectURL = "https://smallstep.com/app/teams/sso/success" |
| 281 | } |
| 282 | |
| 283 | bootOpts := []bootstrapOption{ |
no test coverage detected
searching dependent graphs…