-
Notifications
You must be signed in to change notification settings - Fork 248
/
remove.go
113 lines (99 loc) 路 3.18 KB
/
remove.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package actions
import (
"context"
"errors"
"fmt"
"github.com/smallstep/certificates/ca"
"github.com/smallstep/cli/command/ca/policy/policycontext"
"github.com/smallstep/cli/flags"
"github.com/smallstep/cli/internal/command"
"github.com/smallstep/cli/utils/cautils"
"github.com/urfave/cli"
"go.step.sm/cli-utils/errs"
)
// RemoveCommand returns the policy remove subcommand.
func RemoveCommand(ctx context.Context) cli.Command {
commandName := policycontext.GetPrefixedCommandUsage(ctx, "remove")
return cli.Command{
Name: "remove",
Usage: "remove certificate issuance policy",
UsageText: fmt.Sprintf(`**%s**
[**--provisioner**=<name>] [**--eab-key-id**=<eab-ey-id>] [**--eab-key-reference**=<eab-key-reference>]
[**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>]
[**--admin-provisioner**=<name>] [**--admin-password-file**=<file>]
[**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`, commandName),
Description: fmt.Sprintf(`**%s** removes a certificate issuance policy.
## EXAMPLES
Remove the authority certificate issuance policy
'''
$ step ca policy authority remove
'''
Remove a provisioner certificate issuance policy
'''
$ step ca policy provisioner remove --provisioner my_provisioner
'''
Remove an ACME EAB certificate issuance policy by reference
'''
$ step ca policy acme remove --provisioner my_acme_provisioner --eab-key-reference my_reference
'''
Remove an ACME EAB certificate issuance policy by EAB Key ID
'''
$ step ca policy acme remove --provisioner my_acme_provisioner --eab-key-id "lUOTGwvFQADjk8nxsVufbhyTOwrFmvO2"
'''`, commandName),
Action: command.InjectContext(
ctx,
removeAction,
),
Flags: []cli.Flag{
provisionerFilterFlag,
flags.EABKeyID,
flags.EABReference,
flags.AdminCert,
flags.AdminKey,
flags.AdminSubject,
flags.AdminProvisioner,
flags.AdminPasswordFile,
flags.CaURL,
flags.Root,
flags.Context,
},
}
}
func removeAction(ctx context.Context) (err error) {
clictx := command.CLIContextFromContext(ctx)
provisioner := clictx.String("provisioner")
reference := clictx.String("eab-key-reference")
keyID := clictx.String("eab-key-id")
client, err := cautils.NewAdminClient(clictx)
if err != nil {
return fmt.Errorf("error creating admin client: %w", err)
}
switch {
case policycontext.IsAuthorityPolicyLevel(ctx):
err = client.RemoveAuthorityPolicy()
case policycontext.IsProvisionerPolicyLevel(ctx):
if provisioner == "" {
return errs.RequiredFlag(clictx, "provisioner")
}
err = client.RemoveProvisionerPolicy(provisioner)
case policycontext.IsACMEPolicyLevel(ctx):
if provisioner == "" {
return errs.RequiredFlag(clictx, "provisioner")
}
if reference == "" && keyID == "" {
return errs.RequiredOrFlag(clictx, "eab-key-reference", "eab-key-id")
}
err = client.RemoveACMEPolicy(provisioner, reference, keyID)
default:
panic("no context for policy retrieval set")
}
if err != nil {
var ae *ca.AdminClientError
if errors.As(err, &ae) && ae.Type == "notFound" {
return errors.New("certificate issuance policy does not exist")
}
return fmt.Errorf("error deleting certificate issuance policy: %w", err)
}
fmt.Println("policy deleted")
return nil
}