/
main.go
91 lines (77 loc) · 2.07 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package main
import (
"crypto/x509/pkix"
"fmt"
"log"
"os"
"github.com/Venafi/vcert/v5"
"github.com/Venafi/vcert/v5/pkg/certificate"
"github.com/Venafi/vcert/v5/pkg/endpoint"
"github.com/Venafi/vcert/v5/pkg/util"
)
const (
vcpURL = "VCP_URL"
vcpZone = "VCP_ZONE"
vcpTokenURL = "VCP_TOKEN_URL"
vcpJWT = "VCP_JWT"
envVarNotSet = "environment variable not set: %s"
name = "example-tlspc-service-account-client"
version = "v0.0.1"
)
func main() {
// URL can be nil if using production TLSPC
url := os.Getenv(vcpURL)
zone, found := os.LookupEnv(vcpZone)
if !found {
log.Fatalf(envVarNotSet, vcpZone)
}
tokenURL, found := os.LookupEnv(vcpTokenURL)
if !found {
log.Fatalf(envVarNotSet, vcpTokenURL)
}
jwt, found := os.LookupEnv(vcpJWT)
if !found {
log.Fatalf(envVarNotSet, vcpJWT)
}
userAgent := fmt.Sprintf("%s/%s %s", name, version, util.DefaultUserAgent)
config := &vcert.Config{
ConnectorType: endpoint.ConnectorTypeCloud,
BaseUrl: url,
Zone: zone,
Credentials: &endpoint.Authentication{
ExternalJWT: jwt,
TokenURL: tokenURL,
},
UserAgent: &userAgent,
}
connector, err := vcert.NewClient(config)
if err != nil {
log.Fatalf("error creating client: %s", err.Error())
}
zoneConfig, err := connector.ReadZoneConfiguration()
if err != nil {
log.Fatalf("error reading zone: %s", err.Error())
}
request := &certificate.Request{
Subject: pkix.Name{
CommonName: "svc-account.venafi.example.com",
},
CsrOrigin: certificate.LocalGeneratedCSR,
KeyType: certificate.KeyTypeRSA,
KeyLength: 2048,
}
err = connector.GenerateRequest(zoneConfig, request)
if err != nil {
log.Fatalf("error generating request: %s", err.Error())
}
certID, err := connector.RequestCertificate(request)
if err != nil {
log.Fatalf("error requesting certificate: %s", err.Error())
}
log.Printf("certificate requested with ID: %s", certID)
pcc, err := connector.RetrieveCertificate(request)
if err != nil {
log.Fatalf("error retrieving certificate: %s", err.Error())
}
log.Printf("Certificate:\n%s", pcc.Certificate)
}