-
Notifications
You must be signed in to change notification settings - Fork 259
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow users to define certificate comment in agent
Added a comment flag which allows users to set the comment for a certificate when it gets added to an agent. It defaults to current behavior if not set, which is it uses the subject as the comment. This allows users who interact with mutliple CAs with the same identity (email) to have multiple certificates in the agent. It also allows for use cases when users generate SSH certs with different extensions to load multiple certificates in their agent.
- Loading branch information
Showing
3 changed files
with
30 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,7 +29,8 @@ func loginCommand() cli.Command { | |
[**--principal**=<string>] [**--not-before**=<time|duration>] [**--not-after**=<time|duration>] | ||
[**--set**=<key=value>] [**--set-file**=<file>] [**--force**] | ||
[**--offline**] [**--ca-config**=<file>] | ||
[**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`, | ||
[**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>] | ||
[**--comment**=<comment>]`, | ||
Description: `**step ssh login** generates a new SSH key pair and send a request to [step | ||
certificates](https://github.com/smallstep/certificates) to sign a user | ||
certificate. This certificate will be automatically added to the SSH agent. | ||
|
@@ -64,6 +65,11 @@ $ step ssh login --not-after 1h alice | |
Request a new SSH certificate with multiple principals: | ||
''' | ||
$ step ssh login --principal admin --principal bob [email protected] | ||
''' | ||
Request a new SSH certificate and set a custom comment in the agent | ||
''' | ||
$ step ssh login --comment my-custom-comment [email protected] | ||
'''`, | ||
Flags: []cli.Flag{ | ||
flags.Token, | ||
|
@@ -82,6 +88,7 @@ $ step ssh login --principal admin --principal bob [email protected] | |
flags.CaURL, | ||
flags.Root, | ||
flags.Context, | ||
flags.Comment, | ||
}, | ||
} | ||
} | ||
|
@@ -102,6 +109,11 @@ func loginAction(ctx *cli.Context) error { | |
principals = []string{subject} | ||
} | ||
|
||
comment := ctx.String("comment") | ||
if comment == "" { | ||
comment = subject | ||
} | ||
|
||
// Flags | ||
token := ctx.String("token") | ||
isAddUser := ctx.Bool("add-user") | ||
|
@@ -140,7 +152,7 @@ func loginAction(ctx *cli.Context) error { | |
} | ||
|
||
// Just return if key is present | ||
if key, err := agent.GetKey(subject, opts...); err == nil { | ||
if key, err := agent.GetKey(comment, opts...); err == nil { | ||
ui.Printf("The key %s is already present in the SSH agent.\n", key.String()) | ||
return nil | ||
} | ||
|
@@ -248,15 +260,15 @@ func loginAction(ctx *cli.Context) error { | |
} | ||
|
||
// Attempt to add key to agent if private key defined. | ||
if err := agent.AddCertificate(subject, resp.Certificate.Certificate, priv); err != nil { | ||
if err := agent.AddCertificate(comment, resp.Certificate.Certificate, priv); err != nil { | ||
ui.Printf(`{{ "%s" | red }} {{ "SSH Agent:" | bold }} %v`+"\n", ui.IconBad, err) | ||
} else { | ||
ui.PrintSelected("SSH Agent", "yes") | ||
} | ||
if isAddUser { | ||
if resp.AddUserCertificate == nil { | ||
ui.Printf(`{{ "%s" | red }} {{ "Add User Certificate:" | bold }} failed to create a provisioner certificate`+"\n", ui.IconBad) | ||
} else if err := agent.AddCertificate(subject, resp.AddUserCertificate.Certificate, auPriv); err != nil { | ||
} else if err := agent.AddCertificate(comment, resp.AddUserCertificate.Certificate, auPriv); err != nil { | ||
ui.Printf(`{{ "%s" | red }} {{ "Add User Certificate:" | bold }} %v`+"\n", ui.IconBad, err) | ||
} else { | ||
ui.PrintSelected("Add User Certificate", "yes") | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters