Skip to content

2.25.0.0-b345

2.25.0.0-b345: [PLAT-15528][YBA CLI]Add support for downloading EIT Certificates
@Deepti-yb Deepti-yb tagged this 21 Nov 12:44 
Summary:
Download certificates using the following command:
```
Download YugabyteDB Anywhere Encryption In Transit (EIT) configuration's certificate

Usage:
  yba eit download [flags]
  yba eit download [command]

Available Commands:
  client      Download YugabyteDB Anywhere Encryption In Transit (EIT) configuration's client certifciate. Cannot be used with certificate type K8SCertManager or CustomCertHostPath.
  root        Download YugabyteDB Anywhere Encryption In Transit (EIT) configuration's root certifciate

Flags:
  -c, --cert-type string   [Optional] Type of the certificate. Client certifcates cannot be downloaded for K8sCertManager or CustomCertHostPath. Allowed values (case sensitive): SelfSigned, CustomCertHostPath, HashicorpVault, K8sCertManager.
  -n, --name string        [Required] Name of the configuration.
  -h, --help               help for download

Global Flags:
  -a, --apiToken string    YugabyteDB Anywhere api token.
      --config string      Config file, defaults to $HOME/.yba-cli.yaml
      --debug              Use debug mode, same as --logLevel debug.
      --disable-color      Disable colors in output. (default false)
  -H, --host string        YugabyteDB Anywhere Host (default "http://localhost:9000")
  -l, --logLevel string    Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
  -o, --output string      Select the desired output format. Allowed values: table, json, pretty. (default "table")
      --timeout duration   Wait command timeout, example: 5m, 1h. (default 168h0m0s)
      --wait               Wait until the task is completed, otherwise it will exit immediately. (default true)

Use "yba eit download [command] --help" for more information about a command.
```

Download root cert command:
```
./yba eit download root -h
Download YugabyteDB Anywhere Encryption In Transit (EIT) configuration's root certificate

Usage:
  yba eit download root [flags]

Examples:
yba eit download root --name <config-name>

Flags:
  -h, --help   help for root

Global Flags:
  -a, --apiToken string    YugabyteDB Anywhere api token.
  -c, --cert-type string   [Optional] Type of the certificate. Client certifcates cannot be downloaded for K8sCertManager or CustomCertHostPath. Allowed values (case sensitive): SelfSigned, CustomCertHostPath, HashicorpVault, K8sCertManager.
      --config string      Config file, defaults to $HOME/.yba-cli.yaml
      --debug              Use debug mode, same as --logLevel debug.
      --disable-color      Disable colors in output. (default false)
  -H, --host string        YugabyteDB Anywhere Host (default "http://localhost:9000")
  -l, --logLevel string    Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
  -n, --name string        [Required] Name of the configuration.
  -o, --output string      Select the desired output format. Allowed values: table, json, pretty. (default "table")
      --timeout duration   Wait command timeout, example: 5m, 1h. (default 168h0m0s)
      --wait               Wait until the task is completed, otherwise it will exit immediately. (default true)
```

Download client crts
```
./yba eit download client -h
Download YugabyteDB Anywhere Encryption In Transit (EIT) configuration's client certificate

Usage:
  yba eit download client [flags]

Examples:
yba eit download client --name <config-name> --username <username>

Flags:
      --username string   [Required] Connect to the database using this username for certificate-based authentication
  -h, --help              help for client

Global Flags:
  -a, --apiToken string    YugabyteDB Anywhere api token.
  -c, --cert-type string   [Optional] Type of the certificate. Client certifcates cannot be downloaded for K8sCertManager or CustomCertHostPath. Allowed values (case sensitive): SelfSigned, CustomCertHostPath, HashicorpVault, K8sCertManager.
      --config string      Config file, defaults to $HOME/.yba-cli.yaml
      --debug              Use debug mode, same as --logLevel debug.
      --disable-color      Disable colors in output. (default false)
  -H, --host string        YugabyteDB Anywhere Host (default "http://localhost:9000")
  -l, --logLevel string    Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
  -n, --name string        [Required] Name of the configuration.
  -o, --output string      Select the desired output format. Allowed values: table, json, pretty. (default "table")
      --timeout duration   Wait command timeout, example: 5m, 1h. (default 168h0m0s)
      --wait               Wait until the task is completed, otherwise it will exit immediately. (default true)
```

For downloading specific cert type's root certificate, use:
`./yba eit <custom-ca/hashicorp-vault/k8s-cert-manager/self-signed> download root --name <config-name>`

For downloading specific cert type's client certificate, use:
`./yba eit <hashicorp-vault/self-signed> download client --name <config-name> --username <user-name>`

Test Plan:
```
./yba eit download -n yb-dev-dkumar-config~19
Certificate Contents
Root Certificate (root.crt)
-----BEGIN CERTIFICATE-----
<>
-----END CERTIFICATE-----
```
```

./yba eit hashicorp-vault download client -n dkumar-hcv-cli --username postgres
Certificate Contents
Client Certificate (yugabytedb.crt)
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Client Key (yugabytedb.key)
-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

```

Reviewers: svarshney, sneelakantan

Reviewed By: svarshney

Subscribers: yugaware

Differential Revision: https://phorge.dev.yugabyte.com/D39808
Assets 2
Loading