-
Notifications
You must be signed in to change notification settings - Fork 247
/
wildcards.go
122 lines (108 loc) 路 3.61 KB
/
wildcards.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package x509
import (
"context"
"github.com/smallstep/cli/command/ca/policy/actions"
"github.com/smallstep/cli/flags"
"github.com/smallstep/cli/internal/command"
"github.com/urfave/cli"
)
var provisionerFilterFlag = cli.StringFlag{
Name: "provisioner",
Usage: `The provisioner <name>`,
}
func wildcardsCommand(ctx context.Context) cli.Command {
return cli.Command{
Name: "wildcards",
Usage: "manage wildcard name settings for X.509 certificate issuance policies",
UsageText: `**step ca policy x509 wildcards**`,
Description: `**step ca policy x509 wildcards** command group provides facilities for managing X.509 wildcard names.`,
Subcommands: cli.Commands{
allowWildcardsCommand(ctx),
denyWildcardsCommand(ctx),
},
}
}
func allowWildcardsCommand(ctx context.Context) cli.Command {
return cli.Command{
Name: "allow",
Usage: "allow wildcard names in X.509 certificate issuance policies",
UsageText: `**step ca policy x509 wildcards allow**
[**--provisioner**=<name>] [**--eab-key-id**=<eab-key-id>] [**--eab-key-reference**=<eab-key-reference>]
[**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>]
[**--admin-provisioner**=<name>] [**--admin-password-file**=<file>]
[**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`,
Description: `**step ca policy x509 wildcards allow** allow wildcard names in X.509 policy
## EXAMPLES
Allow wildcard names in X.509 certificates on authority level
'''
$ step ca policy authority x509 wildcards allow
'''
Allow wildcard names in X.509 certificates on provisioner level
'''
$ step ca policy provisioner x509 wildcards allow --provisioner my_provisioner
'''
Allow wildcard names in X.509 certificates on ACME account level by reference
'''
$ step ca policy acme x509 wildcards allow --provisioner my_acme_provisioner --eab-reference my_reference
'''`,
Action: command.InjectContext(
ctx,
actions.AllowWildcardsAction,
),
Flags: []cli.Flag{
provisionerFilterFlag,
flags.EABKeyID,
flags.EABReference,
flags.AdminCert,
flags.AdminKey,
flags.AdminSubject,
flags.AdminProvisioner,
flags.AdminPasswordFile,
flags.CaURL,
flags.Root,
flags.Context,
},
}
}
func denyWildcardsCommand(ctx context.Context) cli.Command {
return cli.Command{
Name: "deny",
Usage: "deny wildcard names in X.509 certificate issuance policies",
UsageText: `**step ca policy x509 wildcards deny**
[**--provisioner**=<name>] [**--eab-key-id**=<eab-key-id>] [**--eab-key-reference**=<eab-key-reference>]
[**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>]
[**--admin-provisioner**=<name>] [**--admin-password-file**=<file>]
[**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`,
Description: `**step ca policy x509 wildcards deny** deny wildcard names in X.509 policy
## EXAMPLES
Deny wildcard names in X.509 certificates on authority level
'''
$ step ca policy authority x509 wildcards deny
'''
Deny wildcard names in X.509 certificates on provisioner level
'''
$ step ca policy provisioner x509 wildcards deny --provisioner my_provisioner
'''
Deny wildcard names in X.509 certificates on ACME account level by reference
'''
$ step ca policy acme x509 wildcards deny --provisioner my_acme_provisioner --eab-reference my_reference
'''`,
Action: command.InjectContext(
ctx,
actions.DenyWildcardsAction,
),
Flags: []cli.Flag{
provisionerFilterFlag,
flags.EABKeyID,
flags.EABReference,
flags.AdminCert,
flags.AdminKey,
flags.AdminSubject,
flags.AdminProvisioner,
flags.AdminPasswordFile,
flags.CaURL,
flags.Root,
flags.Context,
},
}
}