MCPcopy Index your code
hub / github.com/smallstep/cli / NewAdminClient

Function NewAdminClient

utils/cautils/client.go:99–204  ·  view source on GitHub ↗

NewAdminClient returns a client for the mgmt API of the online CA.

(ctx *cli.Context, opts ...ca.ClientOption)

Source from the content-addressed store, hash-verified

97
98// NewAdminClient returns a client for the mgmt API of the online CA.
99func NewAdminClient(ctx *cli.Context, opts ...ca.ClientOption) (*ca.AdminClient, error) {
100 caURL, err := flags.ParseCaURLIfExists(ctx)
101 if err != nil {
102 return nil, err
103 }
104 if caURL == "" {
105 return nil, errs.RequiredFlag(ctx, "ca-url")
106 }
107 root := ctx.String("root")
108 if root == "" {
109 root = pki.GetRootCAPath()
110 if _, err := os.Stat(root); err != nil {
111 return nil, errs.RequiredFlag(ctx, "root")
112 }
113 }
114
115 var (
116 adminCertFile = ctx.String("admin-cert")
117 adminKeyFile = ctx.String("admin-key")
118 adminCert []*x509.Certificate
119 adminKey interface{}
120 )
121 if adminCertFile != "" || adminKeyFile != "" {
122 if adminCertFile == "" {
123 return nil, errs.RequiredWithFlag(ctx, "admin-key", "admin-cert")
124 }
125 if adminKeyFile == "" {
126 return nil, errs.RequiredWithFlag(ctx, "admin-cert", "admin-key")
127 }
128 adminCert, err = pemutil.ReadCertificateBundle(adminCertFile)
129 if err != nil {
130 return nil, errors.Wrap(err, "error reading admin certificate")
131 }
132 adminKey, err = pemutil.Read(adminKeyFile)
133 if err != nil {
134 return nil, errors.Wrap(err, "error reading admin key")
135 }
136 } else {
137 ui.Printf("No admin credentials found. You must login to execute admin commands.\n")
138 // Generate a new admin cert/key in memory.
139 client, err := ca.NewClient(caURL, ca.WithRootFile(root))
140 if err != nil {
141 return nil, err
142 }
143 subject := ctx.String("admin-subject")
144 if subject == "" {
145 subject, err = ui.Prompt("Please enter admin name/subject (e.g., name@example.com)", ui.WithValidateNotEmpty())
146 if err != nil {
147 return nil, err
148 }
149 }
150 tok, err := NewTokenFlow(ctx, SignType, subject, []string{subject}, caURL, root, time.Time{}, time.Time{}, provisioner.TimeDuration{}, provisioner.TimeDuration{})
151
152 if err != nil {
153 return nil, err
154 }
155
156 dnsNames, ips, emails, uris := splitSANs([]string{subject})

Callers 15

AllowWildcardsActionFunction · 0.92
DenyWildcardsActionFunction · 0.92
emailActionFunction · 0.92
removeActionFunction · 0.92
dnsActionFunction · 0.92
principalActionFunction · 0.92
commonNamesActionFunction · 0.92
ipActionFunction · 0.92
uriActionFunction · 0.92
viewActionFunction · 0.92
removeActionFunction · 0.92
addActionFunction · 0.92

Calls 6

ParseCaURLIfExistsFunction · 0.92
NewTokenFlowFunction · 0.85
splitSANsFunction · 0.85
StringMethod · 0.65
SignMethod · 0.65
ReadMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…