diff --git a/cmd/auth_providers.go b/cmd/auth_providers.go index 8246965c..ed030330 100644 --- a/cmd/auth_providers.go +++ b/cmd/auth_providers.go @@ -1,3 +1,17 @@ +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/certificates.go b/cmd/certificates.go index 52002060..aa0f0989 100644 --- a/cmd/certificates.go +++ b/cmd/certificates.go @@ -1,9 +1,16 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package cmd import ( diff --git a/cmd/constants.go b/cmd/constants.go index 264a9db4..bc3a2b1c 100644 --- a/cmd/constants.go +++ b/cmd/constants.go @@ -1,3 +1,16 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package cmd import "fmt" diff --git a/cmd/containers.go b/cmd/containers.go index 3bd7d301..85dfca70 100644 --- a/cmd/containers.go +++ b/cmd/containers.go @@ -1,9 +1,16 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package cmd import ( diff --git a/cmd/export.go b/cmd/export.go index c0a51d97..442d1b62 100644 --- a/cmd/export.go +++ b/cmd/export.go @@ -1,3 +1,17 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/helpers.go b/cmd/helpers.go index c6d0cd8e..bd52a5c8 100644 --- a/cmd/helpers.go +++ b/cmd/helpers.go @@ -1,3 +1,17 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/import.go b/cmd/import.go index e8679f9f..cd36d8b0 100644 --- a/cmd/import.go +++ b/cmd/import.go @@ -1,3 +1,17 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/inventory.go b/cmd/inventory.go index 5fa9aa4b..0e19300a 100644 --- a/cmd/inventory.go +++ b/cmd/inventory.go @@ -1,9 +1,17 @@ // Package cmd Copyright 2023 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/login.go b/cmd/login.go index beaa4f08..bf8b9bdc 100644 --- a/cmd/login.go +++ b/cmd/login.go @@ -1,9 +1,17 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/login_test.go b/cmd/login_test.go index 55c6a260..28962b57 100644 --- a/cmd/login_test.go +++ b/cmd/login_test.go @@ -1,3 +1,17 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/logout.go b/cmd/logout.go index 62e944db..4aafe1de 100644 --- a/cmd/logout.go +++ b/cmd/logout.go @@ -1,9 +1,17 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/models.go b/cmd/models.go index 6ff9d8e1..60de4973 100644 --- a/cmd/models.go +++ b/cmd/models.go @@ -1,3 +1,17 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/orchs.go b/cmd/orchs.go index 94a537c4..bd470192 100644 --- a/cmd/orchs.go +++ b/cmd/orchs.go @@ -1,9 +1,17 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/pam.go b/cmd/pam.go index 827a705e..421c89b4 100644 --- a/cmd/pam.go +++ b/cmd/pam.go @@ -1,9 +1,17 @@ // Package cmd Copyright 2023 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/pam_test.go b/cmd/pam_test.go index 4e7abfc2..330c4eba 100644 --- a/cmd/pam_test.go +++ b/cmd/pam_test.go @@ -1,3 +1,17 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/root.go b/cmd/root.go index 28d12f54..82f5ad8d 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -1,9 +1,17 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/root_test.go b/cmd/root_test.go index c3dd15b8..a7c2cf51 100644 --- a/cmd/root_test.go +++ b/cmd/root_test.go @@ -1,3 +1,17 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/rot.go b/cmd/rot.go index 725c331e..a74cf58f 100644 --- a/cmd/rot.go +++ b/cmd/rot.go @@ -1,1199 +1,1206 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. -package cmd - -// -//import ( -// "bufio" -// "encoding/csv" -// "encoding/json" -// "errors" -// "fmt" -// "github.com/Keyfactor/keyfactor-go-client/v2/api" -// "github.com/spf13/cobra" -// "log" -// "os" -// "strconv" -// "strings" -//) -// -//type templateType string -//type StoreCSVEntry struct { -// ID string `json:"id"` -// Type string `json:"type"` -// Machine string `json:"address"` -// Path string `json:"path"` -// Thumbprints map[string]bool `json:"thumbprints,omitempty"` -// Serials map[string]bool `json:"serials,omitempty"` -// Ids map[int]bool `json:"ids,omitempty"` -//} -//type ROTCert struct { -// ID int `json:"id,omitempty"` -// ThumbPrint string `json:"thumbprint,omitempty"` -// CN string `json:"cn,omitempty"` -// Locations []api.CertificateLocations `json:"locations,omitempty"` -//} -//type ROTAction struct { -// StoreID string `json:"store_id,omitempty"` -// StoreType string `json:"store_type,omitempty"` -// StorePath string `json:"store_path,omitempty"` -// Thumbprint string `json:"thumbprint,omitempty"` -// CertID int `json:"cert_id,omitempty" mapstructure:"CertID,omitempty"` -// AddCert bool `json:"add,omitempty" mapstructure:"AddCert,omitempty"` -// RemoveCert bool `json:"remove,omitempty" mapstructure:"RemoveCert,omitempty"` -//} -// -//const ( -// tTypeCerts templateType = "certs" -// reconcileDefaultFileName string = "rot_audit.csv" -//) -// -//var ( -// AuditHeader = []string{"Thumbprint", "CertID", "SubjectName", "Issuer", "StoreID", "StoreType", "Machine", "Path", "AddCert", "RemoveCert", "Deployed", "AuditDate"} -// ReconciledAuditHeader = []string{"Thumbprint", "CertID", "SubjectName", "Issuer", "StoreID", "StoreType", "Machine", "Path", "AddCert", "RemoveCert", "Deployed", "ReconciledDate"} -// StoreHeader = []string{"StoreID", "StoreType", "StoreMachine", "StorePath", "ContainerId", "ContainerName", "LastQueriedDate"} -// CertHeader = []string{"Thumbprint", "SubjectName", "Issuer", "CertID", "Locations", "LastQueriedDate"} -//) -// -//// String is used both by fmt.Print and by Cobra in help text -//func (e *templateType) String() string { -// return string(*e) -//} -// -//// Set must have pointer receiver, so it doesn't change the value of a copy -//func (e *templateType) Set(v string) error { -// switch v { -// case "certs", "stores", "actions": -// *e = templateType(v) -// return nil -// default: -// return errors.New(`must be one of "certs", "stores", or "actions"`) -// } -//} -// -//// Type is only used in help text -//func (e *templateType) Type() string { -// return "string" -//} -// -//func templateTypeCompletion(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { -// return []string{ -// "certs\tGenerates template CSV for certificate input to be used w/ `--add-certs` or `--remove-certs`", -// "stores\tGenerates template CSV for certificate input to be used w/ `--stores`", -// "actions\tGenerates template CSV for certificate input to be used w/ `--actions`", -// }, cobra.ShellCompDirectiveDefault -//} -// -//func generateAuditReport(addCerts map[string]string, removeCerts map[string]string, stores map[string]StoreCSVEntry, outpath string, kfClient *api.Client) ([][]string, map[string][]ROTAction, error) { -// log.Println("[DEBUG] generateAuditReport called") -// var ( -// data [][]string -// ) -// -// data = append(data, AuditHeader) -// var csvFile *os.File -// var fErr error -// if outpath == "" { -// csvFile, fErr = os.Create(reconcileDefaultFileName) -// outpath = reconcileDefaultFileName -// } else { -// csvFile, fErr = os.Create(outpath) -// } -// -// if fErr != nil { -// fmt.Printf("%s", fErr) -// log.Fatalf("[ERROR] creating audit file: %s", fErr) -// } -// csvWriter := csv.NewWriter(csvFile) -// cErr := csvWriter.Write(AuditHeader) -// if cErr != nil { -// fmt.Printf("%s", cErr) -// log.Fatalf("[ERROR] writing audit header: %s", cErr) -// } -// actions := make(map[string][]ROTAction) -// -// for _, cert := range addCerts { -// certLookupReq := api.GetCertificateContextArgs{ -// IncludeMetadata: boolToPointer(true), -// IncludeLocations: boolToPointer(true), -// CollectionId: nil, -// Thumbprint: cert, -// Id: 0, -// } -// certLookup, err := kfClient.GetCertificateContext(&certLookupReq) -// if err != nil { -// fmt.Printf("[ERROR] looking up certificate %s: %s\n", cert, err) -// log.Printf("[ERROR] looking up cert: %s\n%v", cert, err) -// continue -// } -// certID := certLookup.Id -// certIDStr := strconv.Itoa(certID) -// for _, store := range stores { -// if _, ok := store.Thumbprints[cert]; ok { -// // Cert is already in the store do nothing -// row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "false", "false", "true", getCurrentTime()} -// data = append(data, row) -// wErr := csvWriter.Write(row) -// if wErr != nil { -// fmt.Printf("[ERROR] writing audit file row: %s\n", wErr) -// log.Printf("[ERROR] writing audit row: %s", wErr) -// } -// } else { -// // Cert is not deployed to this store and will need to be added -// row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "true", "false", "false", getCurrentTime()} -// data = append(data, row) -// wErr := csvWriter.Write(row) -// if wErr != nil { -// fmt.Printf("[ERROR] writing audit file row: %s\n", wErr) -// log.Printf("[ERROR] writing audit row: %s", wErr) -// } -// actions[cert] = append(actions[cert], ROTAction{ -// Thumbprint: cert, -// CertID: certID, -// StoreID: store.ID, -// StoreType: store.Type, -// StorePath: store.Path, -// AddCert: true, -// RemoveCert: false, -// }) -// } -// } -// } -// for _, cert := range removeCerts { -// certLookupReq := api.GetCertificateContextArgs{ -// IncludeMetadata: boolToPointer(true), -// IncludeLocations: boolToPointer(true), -// CollectionId: nil, -// Thumbprint: cert, -// Id: 0, -// } -// certLookup, err := kfClient.GetCertificateContext(&certLookupReq) -// if err != nil { -// log.Printf("[ERROR] looking up cert: %s", err) -// continue -// } -// certID := certLookup.Id -// certIDStr := strconv.Itoa(certID) -// for _, store := range stores { -// if _, ok := store.Thumbprints[cert]; ok { -// // Cert is deployed to this store and will need to be removed -// row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "false", "true", "true", getCurrentTime()} -// data = append(data, row) -// wErr := csvWriter.Write(row) -// if wErr != nil { -// fmt.Printf("%s", wErr) -// log.Printf("[ERROR] writing row to CSV: %s", wErr) -// } -// actions[cert] = append(actions[cert], ROTAction{ -// Thumbprint: cert, -// CertID: certID, -// StoreID: store.ID, -// StoreType: store.Type, -// StorePath: store.Path, -// AddCert: false, -// RemoveCert: true, -// }) -// } else { -// // Cert is not deployed to this store do nothing -// row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "false", "false", "false", getCurrentTime()} -// data = append(data, row) -// wErr := csvWriter.Write(row) -// if wErr != nil { -// fmt.Printf("%s", wErr) -// log.Printf("[ERROR] writing row to CSV: %s", wErr) -// } -// } -// } -// } -// csvWriter.Flush() -// ioErr := csvFile.Close() -// if ioErr != nil { -// fmt.Println(ioErr) -// log.Printf("[ERROR] closing audit file: %s", ioErr) -// } -// fmt.Printf("Audit report written to %s\n", outpath) -// return data, actions, nil -//} -// -//func reconcileRoots(actions map[string][]ROTAction, kfClient *api.Client, reportFile string, dryRun bool) error { -// log.Printf("[DEBUG] Reconciling roots") -// if len(actions) == 0 { -// log.Printf("[INFO] No actions to take, roots are up-to-date.") -// return nil -// } -// rFileName := fmt.Sprintf("%s_reconciled.csv", strings.Split(reportFile, ".csv")[0]) -// csvFile, fErr := os.Create(rFileName) -// if fErr != nil { -// fmt.Printf("[ERROR] creating reconciled report file: %s", fErr) -// } -// csvWriter := csv.NewWriter(csvFile) -// cErr := csvWriter.Write(ReconciledAuditHeader) -// if cErr != nil { -// fmt.Printf("%s", cErr) -// log.Fatalf("[ERROR] writing audit header: %s", cErr) -// } -// for thumbprint, action := range actions { -// -// for _, a := range action { -// if a.AddCert { -// log.Printf("[INFO] Adding cert %s to store %s(%s)", thumbprint, a.StoreID, a.StorePath) -// if !dryRun { -// cStore := api.CertificateStore{ -// CertificateStoreId: a.StoreID, -// Overwrite: true, -// } -// var stores []api.CertificateStore -// stores = append(stores, cStore) -// schedule := &api.InventorySchedule{ -// Immediate: boolToPointer(true), -// } -// addReq := api.AddCertificateToStore{ -// CertificateId: a.CertID, -// CertificateStores: &stores, -// InventorySchedule: schedule, -// } -// log.Printf("[DEBUG] Adding cert %s to store %s", thumbprint, a.StoreID) -// log.Printf("[TRACE] Add request: %+v", addReq) -// addReqJSON, _ := json.Marshal(addReq) -// log.Printf("[TRACE] Add request JSON: %s", addReqJSON) -// _, err := kfClient.AddCertificateToStores(&addReq) -// if err != nil { -// fmt.Printf("[ERROR] adding cert %s (%d) to store %s (%s): %s\n", a.Thumbprint, a.CertID, a.StoreID, a.StorePath, err) -// continue -// } -// } else { -// log.Printf("[INFO] DRY RUN: Would have added cert %s from store %s", thumbprint, a.StoreID) -// } -// } else if a.RemoveCert { -// if !dryRun { -// log.Printf("[INFO] Removing cert from store %s", a.StoreID) -// cStore := api.CertificateStore{ -// CertificateStoreId: a.StoreID, -// Alias: a.Thumbprint, -// } -// var stores []api.CertificateStore -// stores = append(stores, cStore) -// schedule := &api.InventorySchedule{ -// Immediate: boolToPointer(true), -// } -// removeReq := api.RemoveCertificateFromStore{ -// CertificateId: a.CertID, -// CertificateStores: &stores, -// InventorySchedule: schedule, -// } -// _, err := kfClient.RemoveCertificateFromStores(&removeReq) -// if err != nil { -// fmt.Printf("[ERROR] removing cert %s (ID: %d) from store %s (%s): %s\n", a.Thumbprint, a.CertID, a.StoreID, a.StorePath, err) -// } -// } else { -// fmt.Printf("DRY RUN: Would have removed cert %s from store %s\n", thumbprint, a.StoreID) -// log.Printf("[INFO] DRY RUN: Would have removed cert %s from store %s", thumbprint, a.StoreID) -// } -// } -// } -// } -// return nil -//} -// -//func readCertsFile(certsFilePath string, kfclient *api.Client) (map[string]string, error) { -// // Read in the cert CSV -// csvFile, _ := os.Open(certsFilePath) -// reader := csv.NewReader(bufio.NewReader(csvFile)) -// certEntries, _ := reader.ReadAll() -// var certs = make(map[string]string) -// for _, entry := range certEntries { -// switch entry[0] { -// case "CertID", "thumbprint", "id", "CertId", "Thumbprint": -// continue // Skip header -// } -// certs[entry[0]] = entry[0] -// } -// return certs, nil -//} -// -//func isRootStore(st *api.GetCertificateStoreResponse, invs *[]api.CertStoreInventory, minCerts int, maxKeys int, maxLeaf int) bool { -// leafCount := 0 -// keyCount := 0 -// certCount := 0 -// for _, inv := range *invs { -// log.Printf("[DEBUG] inv: %v", inv) -// certCount += len(inv.Certificates) -// -// for _, cert := range inv.Certificates { -// if cert.IssuedDN != cert.IssuerDN { -// leafCount++ -// } -// if inv.Parameters["PrivateKeyEntry"] == "Yes" { -// keyCount++ -// } -// } -// } -// if certCount < minCerts && minCerts >= 0 { -// log.Printf("[DEBUG] Store %s has %d certs, less than the required count of %d", st.Id, certCount, minCerts) -// return false -// } -// if leafCount > maxLeaf && maxLeaf >= 0 { -// log.Printf("[DEBUG] Store %s has too many leaf certs", st.Id) -// return false -// } -// -// if keyCount > maxKeys && maxKeys >= 0 { -// log.Printf("[DEBUG] Store %s has too many keys", st.Id) -// return false -// } -// -// return true -//} -// -//var ( -// rotCmd = &cobra.Command{ -// Use: "rot", -// Short: "Root of trust utility", -// Long: `Root of trust allows you to manage your trusted roots using Keyfactor certificate stores. -//For example if you wish to add a list of "root" certs to a list of certificate stores you would simply generate and fill -//out the template CSV file. These template files can be generated with the following commands: -//kfutil stores rot generate-template --type certs -//kfutil stores rot generate-template --type stores -//Once those files are filled out you can use the following command to add the certs to the stores: -//kfutil stores rot audit --certs-file --stores-file -//Will generate a CSV report file 'rot_audit.csv' of what actions will be taken. If those actions are correct you can run -//the following command to actually perform the actions: -//kfutil stores rot reconcile --certs-file --stores-file -//OR if you want to use the audit report file generated you can run this command: -//kfutil stores rot reconcile --import-csv -//`, -// } -// rotAuditCmd = &cobra.Command{ -// Use: "audit", -// Aliases: nil, -// SuggestFor: nil, -// Short: "Audit generates a CSV report of what actions will be taken based on input CSV files.", -// Long: `Root of Trust Audit: Will read and parse inputs to generate a report of certs that need to be added or removed from the "root of trust" stores.`, -// Example: "", -// ValidArgs: nil, -// ValidArgsFunction: nil, -// Args: nil, -// ArgAliases: nil, -// BashCompletionFunction: "", -// Deprecated: "", -// Annotations: nil, -// Version: "", -// PersistentPreRun: nil, -// PersistentPreRunE: nil, -// PreRun: nil, -// PreRunE: nil, -// Run: func(cmd *cobra.Command, args []string) { -// // Global flags -// debugFlag, _ := cmd.Flags().GetBool("debugFlag") -// configFile, _ := cmd.Flags().GetString("config") -// noPrompt, _ := cmd.Flags().GetBool("no-prompt") -// profile, _ := cmd.Flags().GetString("profile") -// -// kfcUsername, _ := cmd.Flags().GetString("kfcUsername") -// kfcPassword, _ := cmd.Flags().GetString("kfcPassword") -// kfcDomain, _ := cmd.Flags().GetString("kfcDomain") -// -// authConfig := createAuthConfigFromParams(kfcHostName, kfcUsername, kfcPassword, kfcDomain, kfcAPIPath) -// -// debugModeEnabled := checkDebug(debugFlag) -// log.Println("Debug mode enabled: ", debugModeEnabled) -// var lookupFailures []string -// kfClient, _ := initClient(configFile, profile, "", "", noPrompt, authConfig, false) -// storesFile, _ := cmd.Flags().GetString("stores") -// addRootsFile, _ := cmd.Flags().GetString("add-certs") -// removeRootsFile, _ := cmd.Flags().GetString("remove-certs") -// minCerts, _ := cmd.Flags().GetInt("min-certs") -// maxLeaves, _ := cmd.Flags().GetInt("max-leaf-certs") -// maxKeys, _ := cmd.Flags().GetInt("max-keys") -// dryRun, _ := cmd.Flags().GetBool("dry-run") -// outpath, _ := cmd.Flags().GetString("outpath") -// // Read in the stores CSV -// log.Printf("[DEBUG] storesFile: %s", storesFile) -// log.Printf("[DEBUG] addRootsFile: %s", addRootsFile) -// log.Printf("[DEBUG] removeRootsFile: %s", removeRootsFile) -// log.Printf("[DEBUG] dryRun: %t", dryRun) -// // Read in the stores CSV -// csvFile, _ := os.Open(storesFile) -// reader := csv.NewReader(bufio.NewReader(csvFile)) -// storeEntries, _ := reader.ReadAll() -// var stores = make(map[string]StoreCSVEntry) -// validHeader := false -// for _, entry := range storeEntries { -// if strings.EqualFold(strings.Join(entry, ","), strings.Join(StoreHeader, ",")) { -// validHeader = true -// continue // Skip header -// } -// if !validHeader { -// fmt.Printf("[ERROR] Invalid header in stores file. Expected: %s", strings.Join(StoreHeader, ",")) -// log.Fatalf("[ERROR] Stores CSV file is missing a valid header") -// } -// apiResp, err := kfClient.GetCertificateStoreByID(entry[0]) -// if err != nil { -// log.Printf("[ERROR] getting cert store: %s", err) -// _ = append(lookupFailures, strings.Join(entry, ",")) -// continue -// } -// -// inventory, invErr := kfClient.GetCertStoreInventory(entry[0]) -// if invErr != nil { -// log.Printf("[ERROR] getting cert store inventory for: %s\n%s", entry[0], invErr) -// } -// -// if !isRootStore(apiResp, inventory, minCerts, maxLeaves, maxKeys) { -// fmt.Printf("Store %s is not a root store, skipping.\n", entry[0]) -// log.Printf("[WARN] Store %s is not a root store", apiResp.Id) -// continue -// } else { -// log.Printf("[INFO] Store %s is a root store", apiResp.Id) -// } -// -// stores[entry[0]] = StoreCSVEntry{ -// ID: entry[0], -// Type: entry[1], -// Machine: entry[2], -// Path: entry[3], -// Thumbprints: make(map[string]bool), -// Serials: make(map[string]bool), -// Ids: make(map[int]bool), -// } -// for _, cert := range *inventory { -// thumb := cert.Thumbprints -// for t, v := range thumb { -// stores[entry[0]].Thumbprints[t] = v -// } -// for t, v := range cert.Serials { -// stores[entry[0]].Serials[t] = v -// } -// for t, v := range cert.Ids { -// stores[entry[0]].Ids[t] = v -// } -// } -// -// } -// -// // Read in the add addCerts CSV -// var certsToAdd = make(map[string]string) -// if addRootsFile != "" { -// var rcfErr error -// certsToAdd, rcfErr = readCertsFile(addRootsFile, kfClient) -// if rcfErr != nil { -// fmt.Printf("[ERROR] reading certs file %s: %s", addRootsFile, rcfErr) -// log.Fatalf("[ERROR] reading addCerts file: %s", rcfErr) -// } -// addCertsJSON, _ := json.Marshal(certsToAdd) -// log.Printf("[DEBUG] add certs JSON: %s", string(addCertsJSON)) -// log.Println("[DEBUG] AddCert ROT called") -// } else { -// log.Printf("[DEBUG] No addCerts file specified") -// log.Printf("[DEBUG] No addCerts = %s", certsToAdd) -// } -// -// // Read in the remove removeCerts CSV -// var certsToRemove = make(map[string]string) -// if removeRootsFile != "" { -// var rcfErr error -// certsToRemove, rcfErr = readCertsFile(removeRootsFile, kfClient) -// if rcfErr != nil { -// fmt.Printf("[ERROR] reading removeCerts file %s: %s", removeRootsFile, rcfErr) -// log.Fatalf("[ERROR] reading removeCerts file: %s", rcfErr) -// } -// removeCertsJSON, _ := json.Marshal(certsToRemove) -// log.Printf("[DEBUG] remove certs JSON: %s", string(removeCertsJSON)) -// } else { -// log.Printf("[DEBUG] No removeCerts file specified") -// log.Printf("[DEBUG] No removeCerts = %s", certsToRemove) -// } -// _, _, gErr := generateAuditReport(certsToAdd, certsToRemove, stores, outpath, kfClient) -// if gErr != nil { -// log.Fatalf("[ERROR] generating audit report: %s", gErr) -// } -// }, -// RunE: nil, -// PostRun: nil, -// PostRunE: nil, -// PersistentPostRun: nil, -// PersistentPostRunE: nil, -// FParseErrWhitelist: cobra.FParseErrWhitelist{}, -// CompletionOptions: cobra.CompletionOptions{}, -// TraverseChildren: false, -// Hidden: false, -// SilenceErrors: false, -// SilenceUsage: false, -// DisableFlagParsing: false, -// DisableAutoGenTag: false, -// DisableFlagsInUseLine: false, -// DisableSuggestions: false, -// SuggestionsMinimumDistance: 0, -// } -// rotReconcileCmd = &cobra.Command{ -// Use: "reconcile", -// Aliases: nil, -// SuggestFor: nil, -// Short: "Reconcile either takes in or will generate an audit report and then add/remove certs as needed.", -// Long: `Root of Trust (rot): Will parse either a combination of CSV files that define certs to -//add and/or certs to remove with a CSV of certificate stores or an audit CSV file. If an audit CSV file is provided, the -//add and remove actions defined in the audit file will be immediately executed. If a combination of CSV files are provided, -//the utility will first generate an audit report and then execute the add/remove actions defined in the audit report.`, -// Example: "", -// ValidArgs: nil, -// ValidArgsFunction: nil, -// Args: nil, -// ArgAliases: nil, -// BashCompletionFunction: "", -// Deprecated: "", -// Annotations: nil, -// Version: "", -// PersistentPreRun: nil, -// PersistentPreRunE: nil, -// PreRun: nil, -// PreRunE: nil, -// Run: func(cmd *cobra.Command, args []string) { -// // Global flags -// debugFlag, _ := cmd.Flags().GetBool("debugFlag") -// configFile, _ := cmd.Flags().GetString("config") -// noPrompt, _ := cmd.Flags().GetBool("no-prompt") -// profile, _ := cmd.Flags().GetString("profile") -// -// kfcUsername, _ := cmd.Flags().GetString("kfcUsername") -// kfcPassword, _ := cmd.Flags().GetString("kfcPassword") -// kfcDomain, _ := cmd.Flags().GetString("kfcDomain") -// -// authConfig := createAuthConfigFromParams(kfcHostName, kfcUsername, kfcPassword, kfcDomain, kfcAPIPath) -// -// debugModeEnabled := checkDebug(debugFlag) -// -// log.Println("Debug mode enabled: ", debugModeEnabled) -// -// var lookupFailures []string -// kfClient, _ := initClient(configFile, profile, "", "", noPrompt, authConfig, false) -// storesFile, _ := cmd.Flags().GetString("stores") -// addRootsFile, _ := cmd.Flags().GetString("add-certs") -// isCSV, _ := cmd.Flags().GetBool("import-csv") -// reportFile, _ := cmd.Flags().GetString("input-file") -// removeRootsFile, _ := cmd.Flags().GetString("remove-certs") -// minCerts, _ := cmd.Flags().GetInt("min-certs") -// maxLeaves, _ := cmd.Flags().GetInt("max-leaf-certs") -// maxKeys, _ := cmd.Flags().GetInt("max-keys") -// dryRun, _ := cmd.Flags().GetBool("dry-run") -// outpath, _ := cmd.Flags().GetString("outpath") -// -// log.Printf("[DEBUG] configFile: %s", configFile) -// log.Printf("[DEBUG] storesFile: %s", storesFile) -// log.Printf("[DEBUG] addRootsFile: %s", addRootsFile) -// log.Printf("[DEBUG] removeRootsFile: %s", removeRootsFile) -// log.Printf("[DEBUG] dryRun: %t", dryRun) -// -// // Parse existing audit report -// if isCSV && reportFile != "" { -// log.Printf("[DEBUG] isCSV: %t", isCSV) -// log.Printf("[DEBUG] reportFile: %s", reportFile) -// // Read in the CSV -// csvFile, err := os.Open(reportFile) -// if err != nil { -// fmt.Printf("[ERROR] opening file: %s", err) -// log.Fatalf("[ERROR] opening CSV file: %s", err) -// } -// validHeader := false +// Package cmd Copyright 2023 Keyfactor // -// aCSV := csv.NewReader(csvFile) -// aCSV.FieldsPerRecord = -1 -// inFile, cErr := aCSV.ReadAll() -// if cErr != nil { -// fmt.Printf("[ERROR] reading CSV file: %s", cErr) -// log.Fatalf("[ERROR] reading CSV file: %s", cErr) -// } -// actions := make(map[string][]ROTAction) -// fieldMap := make(map[int]string) -// for i, field := range AuditHeader { -// fieldMap[i] = field -// } -// for ri, row := range inFile { -// if strings.EqualFold(strings.Join(row, ","), strings.Join(AuditHeader, ",")) { -// validHeader = true -// continue // Skip header -// } -// if !validHeader { -// fmt.Printf("[ERROR] Invalid header in stores file. Expected: %s", strings.Join(AuditHeader, ",")) -// log.Fatalf("[ERROR] Stores CSV file is missing a valid header") -// } -// action := make(map[string]interface{}) +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at // -// for i, field := range row { -// fieldInt, iErr := strconv.Atoi(field) -// if iErr != nil { -// log.Printf("[DEBUG] Field %s is not an int", field) -// action[fieldMap[i]] = field -// } else { -// action[fieldMap[i]] = fieldInt -// } +// http://www.apache.org/licenses/LICENSE-2.0 // -// } -// -// addCertStr, aOk := action["AddCert"].(string) -// if !aOk { -// addCertStr = "" -// } -// addCert, acErr := strconv.ParseBool(addCertStr) -// if acErr != nil { -// addCert = false -// } -// -// removeCertStr, rOk := action["RemoveCert"].(string) -// if !rOk { -// removeCertStr = "" -// } -// removeCert, rcErr := strconv.ParseBool(removeCertStr) -// if rcErr != nil { -// removeCert = false -// } -// -// sType, sOk := action["StoreType"].(string) -// if !sOk { -// sType = "" -// } -// -// sPath, pOk := action["Path"].(string) -// if !pOk { -// sPath = "" -// } -// -// tp, tpOk := action["Thumbprint"].(string) -// if !tpOk { -// tp = "" -// } -// cid, cidOk := action["CertID"].(int) -// if !cidOk { -// cid = -1 -// } -// -// if !tpOk && !cidOk { -// fmt.Printf("[ERROR] Missing Thumbprint or CertID for row %d in report file %s", ri, reportFile) -// log.Printf("[ERROR] Invalid action: %v", action) -// continue -// } -// -// sId, sIdOk := action["StoreID"].(string) -// if !sIdOk { -// fmt.Printf("[ERROR] Missing StoreID for row %d in report file %s", ri, reportFile) -// log.Printf("[ERROR] Invalid action: %v", action) -// continue -// } -// if cid == -1 && tp != "" { -// certLookupReq := api.GetCertificateContextArgs{ -// IncludeMetadata: boolToPointer(true), -// IncludeLocations: boolToPointer(true), -// CollectionId: nil, -// Thumbprint: tp, -// Id: 0, -// } -// certLookup, err := kfClient.GetCertificateContext(&certLookupReq) -// if err != nil { -// fmt.Printf("[ERROR] looking up certificate %s: %s\n", tp, err) -// log.Printf("[ERROR] looking up cert: %s\n%v", tp, err) -// continue -// } -// cid = certLookup.Id -// } -// -// a := ROTAction{ -// StoreID: sId, -// StoreType: sType, -// StorePath: sPath, -// Thumbprint: tp, -// CertID: cid, -// AddCert: addCert, -// RemoveCert: removeCert, -// } -// -// actions[a.Thumbprint] = append(actions[a.Thumbprint], a) -// } -// if len(actions) == 0 { -// fmt.Println("No reconciliation actions to take, root stores are up-to-date. Exiting.") -// return -// } -// rErr := reconcileRoots(actions, kfClient, reportFile, dryRun) -// if rErr != nil { -// fmt.Printf("[ERROR] reconciling roots: %s", rErr) -// log.Fatalf("[ERROR] reconciling roots: %s", rErr) -// } -// defer csvFile.Close() -// -// orchsURL := fmt.Sprintf("https://%s/Keyfactor/Portal/AgentJobStatus/Index", kfClient.Hostname) -// -// fmt.Println(fmt.Sprintf("Reconciliation completed. Check orchestrator jobs for details. %s", orchsURL)) -// } else { -// // Read in the stores CSV -// csvFile, _ := os.Open(storesFile) -// reader := csv.NewReader(bufio.NewReader(csvFile)) -// storeEntries, _ := reader.ReadAll() -// var stores = make(map[string]StoreCSVEntry) -// for i, entry := range storeEntries { -// if entry[0] == "StoreID" || entry[0] == "StoreId" || i == 0 { -// continue // Skip header -// } -// apiResp, err := kfClient.GetCertificateStoreByID(entry[0]) -// if err != nil { -// log.Printf("[ERROR] getting cert store: %s", err) -// lookupFailures = append(lookupFailures, entry[0]) -// continue -// } -// inventory, invErr := kfClient.GetCertStoreInventory(entry[0]) -// if invErr != nil { -// log.Fatalf("[ERROR] getting cert store inventory: %s", invErr) -// } -// -// if !isRootStore(apiResp, inventory, minCerts, maxLeaves, maxKeys) { -// log.Printf("[WARN] Store %s is not a root store", apiResp.Id) -// continue -// } else { -// log.Printf("[INFO] Store %s is a root store", apiResp.Id) -// } -// -// stores[entry[0]] = StoreCSVEntry{ -// ID: entry[0], -// Type: entry[1], -// Machine: entry[2], -// Path: entry[3], -// Thumbprints: make(map[string]bool), -// Serials: make(map[string]bool), -// Ids: make(map[int]bool), -// } -// for _, cert := range *inventory { -// thumb := cert.Thumbprints -// for t, v := range thumb { -// stores[entry[0]].Thumbprints[t] = v -// } -// for t, v := range cert.Serials { -// stores[entry[0]].Serials[t] = v -// } -// for t, v := range cert.Ids { -// stores[entry[0]].Ids[t] = v -// } -// } -// -// } -// if len(lookupFailures) > 0 { -// fmt.Printf("[ERROR] the following stores were not found: %s", strings.Join(lookupFailures, ",")) -// log.Fatalf("[ERROR] the following stores were not found: %s", strings.Join(lookupFailures, ",")) -// } -// if len(stores) == 0 { -// fmt.Println("[ERROR] no root stores found. Exiting.") -// log.Fatalf("[ERROR] No root stores found. Exiting.") -// } -// // Read in the add addCerts CSV -// var certsToAdd = make(map[string]string) -// if addRootsFile != "" { -// certsToAdd, _ = readCertsFile(addRootsFile, kfClient) -// log.Printf("[DEBUG] ROT add certs called") -// } else { -// log.Printf("[INFO] No addCerts file specified") -// } -// -// // Read in the remove removeCerts CSV -// var certsToRemove = make(map[string]string) -// if removeRootsFile != "" { -// certsToRemove, _ = readCertsFile(removeRootsFile, kfClient) -// log.Printf("[DEBUG] ROT remove certs called") -// } else { -// log.Printf("[DEBUG] No removeCerts file specified") -// } -// _, actions, err := generateAuditReport(certsToAdd, certsToRemove, stores, outpath, kfClient) -// if err != nil { -// log.Fatalf("[ERROR] generating audit report: %s", err) -// } -// if len(actions) == 0 { -// fmt.Println("No reconciliation actions to take, root stores are up-to-date. Exiting.") -// return -// } -// rErr := reconcileRoots(actions, kfClient, reportFile, dryRun) -// if rErr != nil { -// fmt.Printf("[ERROR] reconciling roots: %s", rErr) -// log.Fatalf("[ERROR] reconciling roots: %s", rErr) -// } -// if lookupFailures != nil { -// fmt.Printf("The following stores could not be found: %s", strings.Join(lookupFailures, ",")) -// } -// orchsURL := fmt.Sprintf("https://%s/Keyfactor/Portal/AgentJobStatus/Index", kfClient.Hostname) -// -// fmt.Println(fmt.Sprintf("Reconciliation completed. Check orchestrator jobs for details. %s", orchsURL)) -// } -// -// }, -// RunE: nil, -// PostRun: nil, -// PostRunE: nil, -// PersistentPostRun: nil, -// PersistentPostRunE: nil, -// FParseErrWhitelist: cobra.FParseErrWhitelist{}, -// CompletionOptions: cobra.CompletionOptions{}, -// TraverseChildren: false, -// Hidden: false, -// SilenceErrors: false, -// SilenceUsage: false, -// DisableFlagParsing: false, -// DisableAutoGenTag: false, -// DisableFlagsInUseLine: false, -// DisableSuggestions: false, -// SuggestionsMinimumDistance: 0, -// } -// rotGenStoreTemplateCmd = &cobra.Command{ -// Use: "generate-template", -// Aliases: nil, -// SuggestFor: nil, -// Short: "For generating Root Of Trust template(s)", -// Long: `Root Of Trust: Will parse a CSV and attempt to deploy a cert or set of certs into a list of cert stores.`, -// Example: "", -// ValidArgs: nil, -// ValidArgsFunction: nil, -// Args: nil, -// ArgAliases: nil, -// BashCompletionFunction: "", -// Deprecated: "", -// Annotations: nil, -// Version: "", -// PersistentPreRun: nil, -// PersistentPreRunE: nil, -// PreRun: nil, -// PreRunE: nil, -// Run: func(cmd *cobra.Command, args []string) { -// // Global flags -// debugFlag, _ := cmd.Flags().GetBool("debugFlag") -// configFile, _ := cmd.Flags().GetString("config") -// noPrompt, _ := cmd.Flags().GetBool("no-prompt") -// profile, _ := cmd.Flags().GetString("profile") -// -// kfcUsername, _ := cmd.Flags().GetString("kfcUsername") -// kfcPassword, _ := cmd.Flags().GetString("kfcPassword") -// kfcDomain, _ := cmd.Flags().GetString("kfcDomain") -// -// authConfig := createAuthConfigFromParams(kfcHostName, kfcUsername, kfcPassword, kfcDomain, kfcAPIPath) -// -// debugModeEnabled := checkDebug(debugFlag) -// log.Println("Debug mode enabled: ", debugModeEnabled) -// -// templateType, _ := cmd.Flags().GetString("type") -// format, _ := cmd.Flags().GetString("format") -// outPath, _ := cmd.Flags().GetString("outpath") -// storeType, _ := cmd.Flags().GetStringSlice("store-type") -// containerName, _ := cmd.Flags().GetStringSlice("container-name") -// collection, _ := cmd.Flags().GetStringSlice("collection") -// subjectName, _ := cmd.Flags().GetStringSlice("cn") -// stID := -1 -// var storeData []api.GetCertificateStoreResponse -// var csvStoreData [][]string -// var csvCertData [][]string -// var rowLookup = make(map[string]bool) -// kfClient, cErr := initClient(configFile, profile, "", "", noPrompt, authConfig, false) -// if len(storeType) != 0 { -// for _, s := range storeType { -// if cErr != nil { -// log.Fatalf("[ERROR] creating client: %s", cErr) -// } -// var sType *api.CertificateStoreType -// var stErr error -// if s == "all" { -// sType = &api.CertificateStoreType{ -// Name: "", -// ShortName: "", -// Capability: "", -// StoreType: 0, -// ImportType: 0, -// LocalStore: false, -// SupportedOperations: nil, -// Properties: nil, -// EntryParameters: nil, -// PasswordOptions: nil, -// StorePathType: "", -// StorePathValue: "", -// PrivateKeyAllowed: "", -// JobProperties: nil, -// ServerRequired: false, -// PowerShell: false, -// BlueprintAllowed: false, -// CustomAliasAllowed: "", -// ServerRegistration: 0, -// InventoryEndpoint: "", -// InventoryJobType: "", -// ManagementJobType: "", -// DiscoveryJobType: "", -// EnrollmentJobType: "", -// } -// } else { -// // check if s is an int -// sInt, err := strconv.Atoi(s) -// if err == nil { -// sType, stErr = kfClient.GetCertificateStoreTypeById(sInt) -// } else { -// sType, stErr = kfClient.GetCertificateStoreTypeByName(s) -// } -// if stErr != nil { -// fmt.Printf("[ERROR] getting store type '%s'. %s\n", s, stErr) -// continue -// } -// stID = sType.StoreType // This is the template type ID -// } -// -// if stID >= 0 || s == "all" { -// log.Printf("[DEBUG] Store type ID: %d\n", stID) -// params := make(map[string]interface{}) -// stores, sErr := kfClient.ListCertificateStores(¶ms) -// if sErr != nil { -// fmt.Printf("[ERROR] getting certificate stores of type '%s': %s\n", s, sErr) -// log.Fatalf("[ERROR] getting certificate stores of type '%s': %s", s, sErr) -// } -// for _, store := range *stores { -// if store.CertStoreType == stID || s == "all" { -// storeData = append(storeData, store) -// if !rowLookup[store.Id] { -// lineData := []string{ -// //"StoreID", "StoreType", "StoreMachine", "StorePath", "ContainerId" -// store.Id, fmt.Sprintf("%s", sType.ShortName), store.ClientMachine, store.StorePath, fmt.Sprintf("%d", store.ContainerId), store.ContainerName, getCurrentTime(), -// } -// csvStoreData = append(csvStoreData, lineData) -// rowLookup[store.Id] = true -// } -// } -// } -// } -// } -// fmt.Println("Done") -// } -// if len(containerName) != 0 { -// for _, c := range containerName { -// -// if cErr != nil { -// log.Fatalf("[ERROR] creating client: %s", cErr) -// } -// cStoresResp, scErr := kfClient.GetCertificateStoreByContainerID(c) -// if scErr != nil { -// fmt.Printf("[ERROR] getting store container: %s\n", scErr) -// } -// if cStoresResp != nil { -// for _, store := range *cStoresResp { -// sType, stErr := kfClient.GetCertificateStoreType(store.CertStoreType) -// if stErr != nil { -// fmt.Printf("[ERROR] getting store type: %s\n", stErr) -// continue -// } -// storeData = append(storeData, store) -// if !rowLookup[store.Id] { -// lineData := []string{ -// // "StoreID", "StoreType", "StoreMachine", "StorePath", "ContainerId" -// store.Id, sType.ShortName, store.ClientMachine, store.StorePath, fmt.Sprintf("%d", store.ContainerId), store.ContainerName, getCurrentTime(), -// } -// csvStoreData = append(csvStoreData, lineData) -// rowLookup[store.Id] = true -// } -// } -// -// } -// } -// } -// if len(collection) != 0 { -// for _, c := range collection { -// if cErr != nil { -// fmt.Println("[ERROR] connecting to Keyfactor. Please check your configuration and try again.") -// log.Fatalf("[ERROR] creating client: %s", cErr) -// } -// q := make(map[string]string) -// q["collection"] = c -// certsResp, scErr := kfClient.ListCertificates(q) -// if scErr != nil { -// fmt.Printf("No certificates found in collection: %s\n", scErr) -// } -// if certsResp != nil { -// for _, cert := range certsResp { -// if !rowLookup[cert.Thumbprint] { -// lineData := []string{ -// // "Thumbprint", "SubjectName", "Issuer", "CertID", "Locations", "LastQueriedDate" -// cert.Thumbprint, cert.IssuedCN, cert.IssuerDN, fmt.Sprintf("%d", cert.Id), fmt.Sprintf("%v", cert.Locations), getCurrentTime(), -// } -// csvCertData = append(csvCertData, lineData) -// rowLookup[cert.Thumbprint] = true -// } -// } -// -// } -// } -// } -// if len(subjectName) != 0 { -// for _, s := range subjectName { -// if cErr != nil { -// fmt.Println("[ERROR] connecting to Keyfactor. Please check your configuration and try again.") -// log.Fatalf("[ERROR] creating client: %s", cErr) -// } -// q := make(map[string]string) -// q["subject"] = s -// certsResp, scErr := kfClient.ListCertificates(q) -// if scErr != nil { -// fmt.Printf("No certificates found with CN: %s\n", scErr) -// } -// if certsResp != nil { -// for _, cert := range certsResp { -// if !rowLookup[cert.Thumbprint] { -// locationsFormatted := "" -// for _, loc := range cert.Locations { -// locationsFormatted += fmt.Sprintf("%s:%s\n", loc.StoreMachine, loc.StorePath) -// } -// lineData := []string{ -// // "Thumbprint", "SubjectName", "Issuer", "CertID", "Locations", "LastQueriedDate" -// cert.Thumbprint, cert.IssuedCN, cert.IssuerDN, fmt.Sprintf("%d", cert.Id), locationsFormatted, getCurrentTime(), -// } -// csvCertData = append(csvCertData, lineData) -// rowLookup[cert.Thumbprint] = true -// } -// } -// -// } -// } -// } -// // Create CSV template file -// -// var filePath string -// if outPath != "" { -// filePath = outPath -// } else { -// filePath = fmt.Sprintf("%s_template.%s", templateType, format) -// } -// file, err := os.Create(filePath) -// if err != nil { -// fmt.Printf("[ERROR] creating file: %s", err) -// log.Fatal("Cannot create file", err) -// } -// -// switch format { -// case "csv": -// writer := csv.NewWriter(file) -// var data [][]string -// switch templateType { -// case "stores": -// data = append(data, StoreHeader) -// if len(csvStoreData) != 0 { -// data = append(data, csvStoreData...) -// } -// case "certs": -// data = append(data, CertHeader) -// if len(csvCertData) != 0 { -// data = append(data, csvCertData...) -// } -// case "actions": -// data = append(data, AuditHeader) -// } -// csvErr := writer.WriteAll(data) -// if csvErr != nil { -// fmt.Println(csvErr) -// } -// defer file.Close() -// -// case "json": -// writer := bufio.NewWriter(file) -// _, err := writer.WriteString("StoreID,StoreType,StoreMachine,StorePath") -// if err != nil { -// log.Fatal("Cannot write to file", err) -// } -// } -// fmt.Printf("Template file created at %s.\n", filePath) -// }, -// RunE: nil, -// PostRun: nil, -// PostRunE: nil, -// PersistentPostRun: nil, -// PersistentPostRunE: nil, -// FParseErrWhitelist: cobra.FParseErrWhitelist{}, -// CompletionOptions: cobra.CompletionOptions{}, -// TraverseChildren: false, -// Hidden: false, -// SilenceErrors: false, -// SilenceUsage: false, -// DisableFlagParsing: false, -// DisableAutoGenTag: false, -// DisableFlagsInUseLine: false, -// DisableSuggestions: false, -// SuggestionsMinimumDistance: 0, -// } -//) -// -//func init() { -// log.SetFlags(log.LstdFlags | log.Lshortfile) -// log.SetOutput(os.Stdout) -// var ( -// stores string -// addCerts string -// removeCerts string -// minCertsInStore int -// maxPrivateKeys int -// maxLeaves int -// tType = tTypeCerts -// outPath string -// outputFormat string -// inputFile string -// storeTypes []string -// containerNames []string -// collections []string -// subjectNames []string -// ) -// -// storesCmd.AddCommand(rotCmd) -// -// // Root of trust `audit` command -// rotCmd.AddCommand(rotAuditCmd) -// rotAuditCmd.Flags().StringVarP(&stores, "stores", "s", "", "CSV file containing cert stores to enroll into") -// rotAuditCmd.Flags().StringVarP(&addCerts, "add-certs", "a", "", -// "CSV file containing cert(s) to enroll into the defined cert stores") -// rotAuditCmd.Flags().StringVarP(&removeCerts, "remove-certs", "r", "", -// "CSV file containing cert(s) to remove from the defined cert stores") -// rotAuditCmd.Flags().IntVarP(&minCertsInStore, "min-certs", "m", -1, -// "The minimum number of certs that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") -// rotAuditCmd.Flags().IntVarP(&maxPrivateKeys, "max-keys", "k", -1, -// "The max number of private keys that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") -// rotAuditCmd.Flags().IntVarP(&maxLeaves, "max-leaf-certs", "l", -1, -// "The max number of non-root-certs that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") -// rotAuditCmd.Flags().BoolP("dry-run", "d", false, "Dry run mode") -// rotAuditCmd.Flags().StringVarP(&outPath, "outpath", "o", "", -// "Path to write the audit report file to. If not specified, the file will be written to the current directory.") -// -// // Root of trust `reconcile` command -// rotCmd.AddCommand(rotReconcileCmd) -// rotReconcileCmd.Flags().StringVarP(&stores, "stores", "s", "", "CSV file containing cert stores to enroll into") -// rotReconcileCmd.Flags().StringVarP(&addCerts, "add-certs", "a", "", -// "CSV file containing cert(s) to enroll into the defined cert stores") -// rotReconcileCmd.Flags().StringVarP(&removeCerts, "remove-certs", "r", "", -// "CSV file containing cert(s) to remove from the defined cert stores") -// rotReconcileCmd.Flags().IntVarP(&minCertsInStore, "min-certs", "m", -1, -// "The minimum number of certs that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") -// rotReconcileCmd.Flags().IntVarP(&maxPrivateKeys, "max-keys", "k", -1, -// "The max number of private keys that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") -// rotReconcileCmd.Flags().IntVarP(&maxLeaves, "max-leaf-certs", "l", -1, -// "The max number of non-root-certs that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") -// rotReconcileCmd.Flags().BoolP("dry-run", "d", false, "Dry run mode") -// rotReconcileCmd.Flags().BoolP("import-csv", "v", false, "Import an audit report file in CSV format.") -// rotReconcileCmd.Flags().StringVarP(&inputFile, "input-file", "i", reconcileDefaultFileName, -// "Path to a file generated by 'stores rot audit' command.") -// rotReconcileCmd.Flags().StringVarP(&outPath, "outpath", "o", "", -// "Path to write the audit report file to. If not specified, the file will be written to the current directory.") -// //rotReconcileCmd.MarkFlagsRequiredTogether("add-certs", "stores") -// //rotReconcileCmd.MarkFlagsRequiredTogether("remove-certs", "stores") -// rotReconcileCmd.MarkFlagsMutuallyExclusive("add-certs", "import-csv") -// rotReconcileCmd.MarkFlagsMutuallyExclusive("remove-certs", "import-csv") -// rotReconcileCmd.MarkFlagsMutuallyExclusive("stores", "import-csv") -// -// // Root of trust `generate` command -// rotCmd.AddCommand(rotGenStoreTemplateCmd) -// rotGenStoreTemplateCmd.Flags().StringVarP(&outPath, "outpath", "o", "", -// "Path to write the template file to. If not specified, the file will be written to the current directory.") -// rotGenStoreTemplateCmd.Flags().StringVarP(&outputFormat, "format", "f", "csv", -// "The type of template to generate. Only `csv` is supported at this time.") -// rotGenStoreTemplateCmd.Flags().Var(&tType, "type", -// `The type of template to generate. Only "certs|stores|actions" are supported at this time.`) -// rotGenStoreTemplateCmd.Flags().StringSliceVar(&storeTypes, "store-type", []string{}, "Multi value flag. Attempt to pre-populate the stores template with the certificate stores matching specified store types. If not specified, the template will be empty.") -// rotGenStoreTemplateCmd.Flags().StringSliceVar(&containerNames, "container-name", []string{}, "Multi value flag. Attempt to pre-populate the stores template with the certificate stores matching specified container types. If not specified, the template will be empty.") -// rotGenStoreTemplateCmd.Flags().StringSliceVar(&subjectNames, "cn", []string{}, "Subject name(s) to pre-populate the 'certs' template with. If not specified, the template will be empty. Does not work with SANs.") -// rotGenStoreTemplateCmd.Flags().StringSliceVar(&collections, "collection", []string{}, "Certificate collection name(s) to pre-populate the stores template with. If not specified, the template will be empty.") -// -// rotGenStoreTemplateCmd.RegisterFlagCompletionFunc("type", templateTypeCompletion) -// rotGenStoreTemplateCmd.MarkFlagRequired("type") -//} +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "bufio" + "encoding/csv" + "encoding/json" + "errors" + "fmt" + "github.com/Keyfactor/keyfactor-go-client/v2/api" + "github.com/spf13/cobra" + "log" + "os" + "strconv" + "strings" +) + +type templateType string +type StoreCSVEntry struct { + ID string `json:"id"` + Type string `json:"type"` + Machine string `json:"address"` + Path string `json:"path"` + Thumbprints map[string]bool `json:"thumbprints,omitempty"` + Serials map[string]bool `json:"serials,omitempty"` + Ids map[int]bool `json:"ids,omitempty"` +} +type ROTCert struct { + ID int `json:"id,omitempty"` + ThumbPrint string `json:"thumbprint,omitempty"` + CN string `json:"cn,omitempty"` + Locations []api.CertificateLocations `json:"locations,omitempty"` +} +type ROTAction struct { + StoreID string `json:"store_id,omitempty"` + StoreType string `json:"store_type,omitempty"` + StorePath string `json:"store_path,omitempty"` + Thumbprint string `json:"thumbprint,omitempty"` + CertID int `json:"cert_id,omitempty" mapstructure:"CertID,omitempty"` + AddCert bool `json:"add,omitempty" mapstructure:"AddCert,omitempty"` + RemoveCert bool `json:"remove,omitempty" mapstructure:"RemoveCert,omitempty"` +} + +const ( + tTypeCerts templateType = "certs" + reconcileDefaultFileName string = "rot_audit.csv" +) + +var ( + AuditHeader = []string{"Thumbprint", "CertID", "SubjectName", "Issuer", "StoreID", "StoreType", "Machine", "Path", "AddCert", "RemoveCert", "Deployed", "AuditDate"} + ReconciledAuditHeader = []string{"Thumbprint", "CertID", "SubjectName", "Issuer", "StoreID", "StoreType", "Machine", "Path", "AddCert", "RemoveCert", "Deployed", "ReconciledDate"} + StoreHeader = []string{"StoreID", "StoreType", "StoreMachine", "StorePath", "ContainerId", "ContainerName", "LastQueriedDate"} + CertHeader = []string{"Thumbprint", "SubjectName", "Issuer", "CertID", "Locations", "LastQueriedDate"} +) + +// String is used both by fmt.Print and by Cobra in help text +func (e *templateType) String() string { + return string(*e) +} + +// Set must have pointer receiver, so it doesn't change the value of a copy +func (e *templateType) Set(v string) error { + switch v { + case "certs", "stores", "actions": + *e = templateType(v) + return nil + default: + return errors.New(`must be one of "certs", "stores", or "actions"`) + } +} + +// Type is only used in help text +func (e *templateType) Type() string { + return "string" +} + +func templateTypeCompletion(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { + return []string{ + "certs\tGenerates template CSV for certificate input to be used w/ `--add-certs` or `--remove-certs`", + "stores\tGenerates template CSV for certificate input to be used w/ `--stores`", + "actions\tGenerates template CSV for certificate input to be used w/ `--actions`", + }, cobra.ShellCompDirectiveDefault +} + +func generateAuditReport(addCerts map[string]string, removeCerts map[string]string, stores map[string]StoreCSVEntry, outpath string, kfClient *api.Client) ([][]string, map[string][]ROTAction, error) { + log.Println("[DEBUG] generateAuditReport called") + var ( + data [][]string + ) + + data = append(data, AuditHeader) + var csvFile *os.File + var fErr error + if outpath == "" { + csvFile, fErr = os.Create(reconcileDefaultFileName) + outpath = reconcileDefaultFileName + } else { + csvFile, fErr = os.Create(outpath) + } + + if fErr != nil { + fmt.Printf("%s", fErr) + log.Fatalf("[ERROR] creating audit file: %s", fErr) + } + csvWriter := csv.NewWriter(csvFile) + cErr := csvWriter.Write(AuditHeader) + if cErr != nil { + fmt.Printf("%s", cErr) + log.Fatalf("[ERROR] writing audit header: %s", cErr) + } + actions := make(map[string][]ROTAction) + + for _, cert := range addCerts { + certLookupReq := api.GetCertificateContextArgs{ + IncludeMetadata: boolToPointer(true), + IncludeLocations: boolToPointer(true), + CollectionId: nil, + Thumbprint: cert, + Id: 0, + } + certLookup, err := kfClient.GetCertificateContext(&certLookupReq) + if err != nil { + fmt.Printf("[ERROR] looking up certificate %s: %s\n", cert, err) + log.Printf("[ERROR] looking up cert: %s\n%v", cert, err) + continue + } + certID := certLookup.Id + certIDStr := strconv.Itoa(certID) + for _, store := range stores { + if _, ok := store.Thumbprints[cert]; ok { + // Cert is already in the store do nothing + row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "false", "false", "true", getCurrentTime()} + data = append(data, row) + wErr := csvWriter.Write(row) + if wErr != nil { + fmt.Printf("[ERROR] writing audit file row: %s\n", wErr) + log.Printf("[ERROR] writing audit row: %s", wErr) + } + } else { + // Cert is not deployed to this store and will need to be added + row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "true", "false", "false", getCurrentTime()} + data = append(data, row) + wErr := csvWriter.Write(row) + if wErr != nil { + fmt.Printf("[ERROR] writing audit file row: %s\n", wErr) + log.Printf("[ERROR] writing audit row: %s", wErr) + } + actions[cert] = append(actions[cert], ROTAction{ + Thumbprint: cert, + CertID: certID, + StoreID: store.ID, + StoreType: store.Type, + StorePath: store.Path, + AddCert: true, + RemoveCert: false, + }) + } + } + } + for _, cert := range removeCerts { + certLookupReq := api.GetCertificateContextArgs{ + IncludeMetadata: boolToPointer(true), + IncludeLocations: boolToPointer(true), + CollectionId: nil, + Thumbprint: cert, + Id: 0, + } + certLookup, err := kfClient.GetCertificateContext(&certLookupReq) + if err != nil { + log.Printf("[ERROR] looking up cert: %s", err) + continue + } + certID := certLookup.Id + certIDStr := strconv.Itoa(certID) + for _, store := range stores { + if _, ok := store.Thumbprints[cert]; ok { + // Cert is deployed to this store and will need to be removed + row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "false", "true", "true", getCurrentTime()} + data = append(data, row) + wErr := csvWriter.Write(row) + if wErr != nil { + fmt.Printf("%s", wErr) + log.Printf("[ERROR] writing row to CSV: %s", wErr) + } + actions[cert] = append(actions[cert], ROTAction{ + Thumbprint: cert, + CertID: certID, + StoreID: store.ID, + StoreType: store.Type, + StorePath: store.Path, + AddCert: false, + RemoveCert: true, + }) + } else { + // Cert is not deployed to this store do nothing + row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "false", "false", "false", getCurrentTime()} + data = append(data, row) + wErr := csvWriter.Write(row) + if wErr != nil { + fmt.Printf("%s", wErr) + log.Printf("[ERROR] writing row to CSV: %s", wErr) + } + } + } + } + csvWriter.Flush() + ioErr := csvFile.Close() + if ioErr != nil { + fmt.Println(ioErr) + log.Printf("[ERROR] closing audit file: %s", ioErr) + } + fmt.Printf("Audit report written to %s\n", outpath) + return data, actions, nil +} + +func reconcileRoots(actions map[string][]ROTAction, kfClient *api.Client, reportFile string, dryRun bool) error { + log.Printf("[DEBUG] Reconciling roots") + if len(actions) == 0 { + log.Printf("[INFO] No actions to take, roots are up-to-date.") + return nil + } + rFileName := fmt.Sprintf("%s_reconciled.csv", strings.Split(reportFile, ".csv")[0]) + csvFile, fErr := os.Create(rFileName) + if fErr != nil { + fmt.Printf("[ERROR] creating reconciled report file: %s", fErr) + } + csvWriter := csv.NewWriter(csvFile) + cErr := csvWriter.Write(ReconciledAuditHeader) + if cErr != nil { + fmt.Printf("%s", cErr) + log.Fatalf("[ERROR] writing audit header: %s", cErr) + } + for thumbprint, action := range actions { + + for _, a := range action { + if a.AddCert { + log.Printf("[INFO] Adding cert %s to store %s(%s)", thumbprint, a.StoreID, a.StorePath) + if !dryRun { + cStore := api.CertificateStore{ + CertificateStoreId: a.StoreID, + Overwrite: true, + } + var stores []api.CertificateStore + stores = append(stores, cStore) + schedule := &api.InventorySchedule{ + Immediate: boolToPointer(true), + } + addReq := api.AddCertificateToStore{ + CertificateId: a.CertID, + CertificateStores: &stores, + InventorySchedule: schedule, + } + log.Printf("[DEBUG] Adding cert %s to store %s", thumbprint, a.StoreID) + log.Printf("[TRACE] Add request: %+v", addReq) + addReqJSON, _ := json.Marshal(addReq) + log.Printf("[TRACE] Add request JSON: %s", addReqJSON) + _, err := kfClient.AddCertificateToStores(&addReq) + if err != nil { + fmt.Printf("[ERROR] adding cert %s (%d) to store %s (%s): %s\n", a.Thumbprint, a.CertID, a.StoreID, a.StorePath, err) + continue + } + } else { + log.Printf("[INFO] DRY RUN: Would have added cert %s from store %s", thumbprint, a.StoreID) + } + } else if a.RemoveCert { + if !dryRun { + log.Printf("[INFO] Removing cert from store %s", a.StoreID) + cStore := api.CertificateStore{ + CertificateStoreId: a.StoreID, + Alias: a.Thumbprint, + } + var stores []api.CertificateStore + stores = append(stores, cStore) + schedule := &api.InventorySchedule{ + Immediate: boolToPointer(true), + } + removeReq := api.RemoveCertificateFromStore{ + CertificateId: a.CertID, + CertificateStores: &stores, + InventorySchedule: schedule, + } + _, err := kfClient.RemoveCertificateFromStores(&removeReq) + if err != nil { + fmt.Printf("[ERROR] removing cert %s (ID: %d) from store %s (%s): %s\n", a.Thumbprint, a.CertID, a.StoreID, a.StorePath, err) + } + } else { + fmt.Printf("DRY RUN: Would have removed cert %s from store %s\n", thumbprint, a.StoreID) + log.Printf("[INFO] DRY RUN: Would have removed cert %s from store %s", thumbprint, a.StoreID) + } + } + } + } + return nil +} + +func readCertsFile(certsFilePath string, kfclient *api.Client) (map[string]string, error) { + // Read in the cert CSV + csvFile, _ := os.Open(certsFilePath) + reader := csv.NewReader(bufio.NewReader(csvFile)) + certEntries, _ := reader.ReadAll() + var certs = make(map[string]string) + for _, entry := range certEntries { + switch entry[0] { + case "CertID", "thumbprint", "id", "CertId", "Thumbprint": + continue // Skip header + } + certs[entry[0]] = entry[0] + } + return certs, nil +} + +func isRootStore(st *api.GetCertificateStoreResponse, invs *[]api.CertStoreInventory, minCerts int, maxKeys int, maxLeaf int) bool { + leafCount := 0 + keyCount := 0 + certCount := 0 + for _, inv := range *invs { + log.Printf("[DEBUG] inv: %v", inv) + certCount += len(inv.Certificates) + + for _, cert := range inv.Certificates { + if cert.IssuedDN != cert.IssuerDN { + leafCount++ + } + if inv.Parameters["PrivateKeyEntry"] == "Yes" { + keyCount++ + } + } + } + if certCount < minCerts && minCerts >= 0 { + log.Printf("[DEBUG] Store %s has %d certs, less than the required count of %d", st.Id, certCount, minCerts) + return false + } + if leafCount > maxLeaf && maxLeaf >= 0 { + log.Printf("[DEBUG] Store %s has too many leaf certs", st.Id) + return false + } + + if keyCount > maxKeys && maxKeys >= 0 { + log.Printf("[DEBUG] Store %s has too many keys", st.Id) + return false + } + + return true +} + +var ( + rotCmd = &cobra.Command{ + Use: "rot", + Short: "Root of trust utility", + Long: `Root of trust allows you to manage your trusted roots using Keyfactor certificate stores. +For example if you wish to add a list of "root" certs to a list of certificate stores you would simply generate and fill +out the template CSV file. These template files can be generated with the following commands: +kfutil stores rot generate-template --type certs +kfutil stores rot generate-template --type stores +Once those files are filled out you can use the following command to add the certs to the stores: +kfutil stores rot audit --certs-file --stores-file +Will generate a CSV report file 'rot_audit.csv' of what actions will be taken. If those actions are correct you can run +the following command to actually perform the actions: +kfutil stores rot reconcile --certs-file --stores-file +OR if you want to use the audit report file generated you can run this command: +kfutil stores rot reconcile --import-csv +`, + } + rotAuditCmd = &cobra.Command{ + Use: "audit", + Aliases: nil, + SuggestFor: nil, + Short: "Audit generates a CSV report of what actions will be taken based on input CSV files.", + Long: `Root of Trust Audit: Will read and parse inputs to generate a report of certs that need to be added or removed from the "root of trust" stores.`, + Example: "", + ValidArgs: nil, + ValidArgsFunction: nil, + Args: nil, + ArgAliases: nil, + BashCompletionFunction: "", + Deprecated: "", + Annotations: nil, + Version: "", + PersistentPreRun: nil, + PersistentPreRunE: nil, + PreRun: nil, + PreRunE: nil, + Run: func(cmd *cobra.Command, args []string) { + // Global flags + debugFlag, _ := cmd.Flags().GetBool("debugFlag") + configFile, _ := cmd.Flags().GetString("config") + noPrompt, _ := cmd.Flags().GetBool("no-prompt") + profile, _ := cmd.Flags().GetString("profile") + + kfcUsername, _ := cmd.Flags().GetString("kfcUsername") + kfcPassword, _ := cmd.Flags().GetString("kfcPassword") + kfcDomain, _ := cmd.Flags().GetString("kfcDomain") + + authConfig := createAuthConfigFromParams(kfcHostName, kfcUsername, kfcPassword, kfcDomain, kfcAPIPath) + + debugModeEnabled := checkDebug(debugFlag) + log.Println("Debug mode enabled: ", debugModeEnabled) + var lookupFailures []string + kfClient, _ := initClient(configFile, profile, "", "", noPrompt, authConfig, false) + storesFile, _ := cmd.Flags().GetString("stores") + addRootsFile, _ := cmd.Flags().GetString("add-certs") + removeRootsFile, _ := cmd.Flags().GetString("remove-certs") + minCerts, _ := cmd.Flags().GetInt("min-certs") + maxLeaves, _ := cmd.Flags().GetInt("max-leaf-certs") + maxKeys, _ := cmd.Flags().GetInt("max-keys") + dryRun, _ := cmd.Flags().GetBool("dry-run") + outpath, _ := cmd.Flags().GetString("outpath") + // Read in the stores CSV + log.Printf("[DEBUG] storesFile: %s", storesFile) + log.Printf("[DEBUG] addRootsFile: %s", addRootsFile) + log.Printf("[DEBUG] removeRootsFile: %s", removeRootsFile) + log.Printf("[DEBUG] dryRun: %t", dryRun) + // Read in the stores CSV + csvFile, _ := os.Open(storesFile) + reader := csv.NewReader(bufio.NewReader(csvFile)) + storeEntries, _ := reader.ReadAll() + var stores = make(map[string]StoreCSVEntry) + validHeader := false + for _, entry := range storeEntries { + if strings.EqualFold(strings.Join(entry, ","), strings.Join(StoreHeader, ",")) { + validHeader = true + continue // Skip header + } + if !validHeader { + fmt.Printf("[ERROR] Invalid header in stores file. Expected: %s", strings.Join(StoreHeader, ",")) + log.Fatalf("[ERROR] Stores CSV file is missing a valid header") + } + apiResp, err := kfClient.GetCertificateStoreByID(entry[0]) + if err != nil { + log.Printf("[ERROR] getting cert store: %s", err) + _ = append(lookupFailures, strings.Join(entry, ",")) + continue + } + + inventory, invErr := kfClient.GetCertStoreInventory(entry[0]) + if invErr != nil { + log.Printf("[ERROR] getting cert store inventory for: %s\n%s", entry[0], invErr) + } + + if !isRootStore(apiResp, inventory, minCerts, maxLeaves, maxKeys) { + fmt.Printf("Store %s is not a root store, skipping.\n", entry[0]) + log.Printf("[WARN] Store %s is not a root store", apiResp.Id) + continue + } else { + log.Printf("[INFO] Store %s is a root store", apiResp.Id) + } + + stores[entry[0]] = StoreCSVEntry{ + ID: entry[0], + Type: entry[1], + Machine: entry[2], + Path: entry[3], + Thumbprints: make(map[string]bool), + Serials: make(map[string]bool), + Ids: make(map[int]bool), + } + for _, cert := range *inventory { + thumb := cert.Thumbprints + for t, v := range thumb { + stores[entry[0]].Thumbprints[t] = v + } + for t, v := range cert.Serials { + stores[entry[0]].Serials[t] = v + } + for t, v := range cert.Ids { + stores[entry[0]].Ids[t] = v + } + } + + } + + // Read in the add addCerts CSV + var certsToAdd = make(map[string]string) + if addRootsFile != "" { + var rcfErr error + certsToAdd, rcfErr = readCertsFile(addRootsFile, kfClient) + if rcfErr != nil { + fmt.Printf("[ERROR] reading certs file %s: %s", addRootsFile, rcfErr) + log.Fatalf("[ERROR] reading addCerts file: %s", rcfErr) + } + addCertsJSON, _ := json.Marshal(certsToAdd) + log.Printf("[DEBUG] add certs JSON: %s", string(addCertsJSON)) + log.Println("[DEBUG] AddCert ROT called") + } else { + log.Printf("[DEBUG] No addCerts file specified") + log.Printf("[DEBUG] No addCerts = %s", certsToAdd) + } + + // Read in the remove removeCerts CSV + var certsToRemove = make(map[string]string) + if removeRootsFile != "" { + var rcfErr error + certsToRemove, rcfErr = readCertsFile(removeRootsFile, kfClient) + if rcfErr != nil { + fmt.Printf("[ERROR] reading removeCerts file %s: %s", removeRootsFile, rcfErr) + log.Fatalf("[ERROR] reading removeCerts file: %s", rcfErr) + } + removeCertsJSON, _ := json.Marshal(certsToRemove) + log.Printf("[DEBUG] remove certs JSON: %s", string(removeCertsJSON)) + } else { + log.Printf("[DEBUG] No removeCerts file specified") + log.Printf("[DEBUG] No removeCerts = %s", certsToRemove) + } + _, _, gErr := generateAuditReport(certsToAdd, certsToRemove, stores, outpath, kfClient) + if gErr != nil { + log.Fatalf("[ERROR] generating audit report: %s", gErr) + } + }, + RunE: nil, + PostRun: nil, + PostRunE: nil, + PersistentPostRun: nil, + PersistentPostRunE: nil, + FParseErrWhitelist: cobra.FParseErrWhitelist{}, + CompletionOptions: cobra.CompletionOptions{}, + TraverseChildren: false, + Hidden: false, + SilenceErrors: false, + SilenceUsage: false, + DisableFlagParsing: false, + DisableAutoGenTag: false, + DisableFlagsInUseLine: false, + DisableSuggestions: false, + SuggestionsMinimumDistance: 0, + } + rotReconcileCmd = &cobra.Command{ + Use: "reconcile", + Aliases: nil, + SuggestFor: nil, + Short: "Reconcile either takes in or will generate an audit report and then add/remove certs as needed.", + Long: `Root of Trust (rot): Will parse either a combination of CSV files that define certs to +add and/or certs to remove with a CSV of certificate stores or an audit CSV file. If an audit CSV file is provided, the +add and remove actions defined in the audit file will be immediately executed. If a combination of CSV files are provided, +the utility will first generate an audit report and then execute the add/remove actions defined in the audit report.`, + Example: "", + ValidArgs: nil, + ValidArgsFunction: nil, + Args: nil, + ArgAliases: nil, + BashCompletionFunction: "", + Deprecated: "", + Annotations: nil, + Version: "", + PersistentPreRun: nil, + PersistentPreRunE: nil, + PreRun: nil, + PreRunE: nil, + Run: func(cmd *cobra.Command, args []string) { + // Global flags + debugFlag, _ := cmd.Flags().GetBool("debugFlag") + configFile, _ := cmd.Flags().GetString("config") + noPrompt, _ := cmd.Flags().GetBool("no-prompt") + profile, _ := cmd.Flags().GetString("profile") + + kfcUsername, _ := cmd.Flags().GetString("kfcUsername") + kfcPassword, _ := cmd.Flags().GetString("kfcPassword") + kfcDomain, _ := cmd.Flags().GetString("kfcDomain") + + authConfig := createAuthConfigFromParams(kfcHostName, kfcUsername, kfcPassword, kfcDomain, kfcAPIPath) + + debugModeEnabled := checkDebug(debugFlag) + + log.Println("Debug mode enabled: ", debugModeEnabled) + + var lookupFailures []string + kfClient, _ := initClient(configFile, profile, "", "", noPrompt, authConfig, false) + storesFile, _ := cmd.Flags().GetString("stores") + addRootsFile, _ := cmd.Flags().GetString("add-certs") + isCSV, _ := cmd.Flags().GetBool("import-csv") + reportFile, _ := cmd.Flags().GetString("input-file") + removeRootsFile, _ := cmd.Flags().GetString("remove-certs") + minCerts, _ := cmd.Flags().GetInt("min-certs") + maxLeaves, _ := cmd.Flags().GetInt("max-leaf-certs") + maxKeys, _ := cmd.Flags().GetInt("max-keys") + dryRun, _ := cmd.Flags().GetBool("dry-run") + outpath, _ := cmd.Flags().GetString("outpath") + + log.Printf("[DEBUG] configFile: %s", configFile) + log.Printf("[DEBUG] storesFile: %s", storesFile) + log.Printf("[DEBUG] addRootsFile: %s", addRootsFile) + log.Printf("[DEBUG] removeRootsFile: %s", removeRootsFile) + log.Printf("[DEBUG] dryRun: %t", dryRun) + + // Parse existing audit report + if isCSV && reportFile != "" { + log.Printf("[DEBUG] isCSV: %t", isCSV) + log.Printf("[DEBUG] reportFile: %s", reportFile) + // Read in the CSV + csvFile, err := os.Open(reportFile) + if err != nil { + fmt.Printf("[ERROR] opening file: %s", err) + log.Fatalf("[ERROR] opening CSV file: %s", err) + } + validHeader := false + + aCSV := csv.NewReader(csvFile) + aCSV.FieldsPerRecord = -1 + inFile, cErr := aCSV.ReadAll() + if cErr != nil { + fmt.Printf("[ERROR] reading CSV file: %s", cErr) + log.Fatalf("[ERROR] reading CSV file: %s", cErr) + } + actions := make(map[string][]ROTAction) + fieldMap := make(map[int]string) + for i, field := range AuditHeader { + fieldMap[i] = field + } + for ri, row := range inFile { + if strings.EqualFold(strings.Join(row, ","), strings.Join(AuditHeader, ",")) { + validHeader = true + continue // Skip header + } + if !validHeader { + fmt.Printf("[ERROR] Invalid header in stores file. Expected: %s", strings.Join(AuditHeader, ",")) + log.Fatalf("[ERROR] Stores CSV file is missing a valid header") + } + action := make(map[string]interface{}) + + for i, field := range row { + fieldInt, iErr := strconv.Atoi(field) + if iErr != nil { + log.Printf("[DEBUG] Field %s is not an int", field) + action[fieldMap[i]] = field + } else { + action[fieldMap[i]] = fieldInt + } + + } + + addCertStr, aOk := action["AddCert"].(string) + if !aOk { + addCertStr = "" + } + addCert, acErr := strconv.ParseBool(addCertStr) + if acErr != nil { + addCert = false + } + + removeCertStr, rOk := action["RemoveCert"].(string) + if !rOk { + removeCertStr = "" + } + removeCert, rcErr := strconv.ParseBool(removeCertStr) + if rcErr != nil { + removeCert = false + } + + sType, sOk := action["StoreType"].(string) + if !sOk { + sType = "" + } + + sPath, pOk := action["Path"].(string) + if !pOk { + sPath = "" + } + + tp, tpOk := action["Thumbprint"].(string) + if !tpOk { + tp = "" + } + cid, cidOk := action["CertID"].(int) + if !cidOk { + cid = -1 + } + + if !tpOk && !cidOk { + fmt.Printf("[ERROR] Missing Thumbprint or CertID for row %d in report file %s", ri, reportFile) + log.Printf("[ERROR] Invalid action: %v", action) + continue + } + + sId, sIdOk := action["StoreID"].(string) + if !sIdOk { + fmt.Printf("[ERROR] Missing StoreID for row %d in report file %s", ri, reportFile) + log.Printf("[ERROR] Invalid action: %v", action) + continue + } + if cid == -1 && tp != "" { + certLookupReq := api.GetCertificateContextArgs{ + IncludeMetadata: boolToPointer(true), + IncludeLocations: boolToPointer(true), + CollectionId: nil, + Thumbprint: tp, + Id: 0, + } + certLookup, err := kfClient.GetCertificateContext(&certLookupReq) + if err != nil { + fmt.Printf("[ERROR] looking up certificate %s: %s\n", tp, err) + log.Printf("[ERROR] looking up cert: %s\n%v", tp, err) + continue + } + cid = certLookup.Id + } + + a := ROTAction{ + StoreID: sId, + StoreType: sType, + StorePath: sPath, + Thumbprint: tp, + CertID: cid, + AddCert: addCert, + RemoveCert: removeCert, + } + + actions[a.Thumbprint] = append(actions[a.Thumbprint], a) + } + if len(actions) == 0 { + fmt.Println("No reconciliation actions to take, root stores are up-to-date. Exiting.") + return + } + rErr := reconcileRoots(actions, kfClient, reportFile, dryRun) + if rErr != nil { + fmt.Printf("[ERROR] reconciling roots: %s", rErr) + log.Fatalf("[ERROR] reconciling roots: %s", rErr) + } + defer csvFile.Close() + + orchsURL := fmt.Sprintf("https://%s/Keyfactor/Portal/AgentJobStatus/Index", kfClient.Hostname) + + fmt.Println(fmt.Sprintf("Reconciliation completed. Check orchestrator jobs for details. %s", orchsURL)) + } else { + // Read in the stores CSV + csvFile, _ := os.Open(storesFile) + reader := csv.NewReader(bufio.NewReader(csvFile)) + storeEntries, _ := reader.ReadAll() + var stores = make(map[string]StoreCSVEntry) + for i, entry := range storeEntries { + if entry[0] == "StoreID" || entry[0] == "StoreId" || i == 0 { + continue // Skip header + } + apiResp, err := kfClient.GetCertificateStoreByID(entry[0]) + if err != nil { + log.Printf("[ERROR] getting cert store: %s", err) + lookupFailures = append(lookupFailures, entry[0]) + continue + } + inventory, invErr := kfClient.GetCertStoreInventory(entry[0]) + if invErr != nil { + log.Fatalf("[ERROR] getting cert store inventory: %s", invErr) + } + + if !isRootStore(apiResp, inventory, minCerts, maxLeaves, maxKeys) { + log.Printf("[WARN] Store %s is not a root store", apiResp.Id) + continue + } else { + log.Printf("[INFO] Store %s is a root store", apiResp.Id) + } + + stores[entry[0]] = StoreCSVEntry{ + ID: entry[0], + Type: entry[1], + Machine: entry[2], + Path: entry[3], + Thumbprints: make(map[string]bool), + Serials: make(map[string]bool), + Ids: make(map[int]bool), + } + for _, cert := range *inventory { + thumb := cert.Thumbprints + for t, v := range thumb { + stores[entry[0]].Thumbprints[t] = v + } + for t, v := range cert.Serials { + stores[entry[0]].Serials[t] = v + } + for t, v := range cert.Ids { + stores[entry[0]].Ids[t] = v + } + } + + } + if len(lookupFailures) > 0 { + fmt.Printf("[ERROR] the following stores were not found: %s", strings.Join(lookupFailures, ",")) + log.Fatalf("[ERROR] the following stores were not found: %s", strings.Join(lookupFailures, ",")) + } + if len(stores) == 0 { + fmt.Println("[ERROR] no root stores found. Exiting.") + log.Fatalf("[ERROR] No root stores found. Exiting.") + } + // Read in the add addCerts CSV + var certsToAdd = make(map[string]string) + if addRootsFile != "" { + certsToAdd, _ = readCertsFile(addRootsFile, kfClient) + log.Printf("[DEBUG] ROT add certs called") + } else { + log.Printf("[INFO] No addCerts file specified") + } + + // Read in the remove removeCerts CSV + var certsToRemove = make(map[string]string) + if removeRootsFile != "" { + certsToRemove, _ = readCertsFile(removeRootsFile, kfClient) + log.Printf("[DEBUG] ROT remove certs called") + } else { + log.Printf("[DEBUG] No removeCerts file specified") + } + _, actions, err := generateAuditReport(certsToAdd, certsToRemove, stores, outpath, kfClient) + if err != nil { + log.Fatalf("[ERROR] generating audit report: %s", err) + } + if len(actions) == 0 { + fmt.Println("No reconciliation actions to take, root stores are up-to-date. Exiting.") + return + } + rErr := reconcileRoots(actions, kfClient, reportFile, dryRun) + if rErr != nil { + fmt.Printf("[ERROR] reconciling roots: %s", rErr) + log.Fatalf("[ERROR] reconciling roots: %s", rErr) + } + if lookupFailures != nil { + fmt.Printf("The following stores could not be found: %s", strings.Join(lookupFailures, ",")) + } + orchsURL := fmt.Sprintf("https://%s/Keyfactor/Portal/AgentJobStatus/Index", kfClient.Hostname) + + fmt.Println(fmt.Sprintf("Reconciliation completed. Check orchestrator jobs for details. %s", orchsURL)) + } + + }, + RunE: nil, + PostRun: nil, + PostRunE: nil, + PersistentPostRun: nil, + PersistentPostRunE: nil, + FParseErrWhitelist: cobra.FParseErrWhitelist{}, + CompletionOptions: cobra.CompletionOptions{}, + TraverseChildren: false, + Hidden: false, + SilenceErrors: false, + SilenceUsage: false, + DisableFlagParsing: false, + DisableAutoGenTag: false, + DisableFlagsInUseLine: false, + DisableSuggestions: false, + SuggestionsMinimumDistance: 0, + } + rotGenStoreTemplateCmd = &cobra.Command{ + Use: "generate-template", + Aliases: nil, + SuggestFor: nil, + Short: "For generating Root Of Trust template(s)", + Long: `Root Of Trust: Will parse a CSV and attempt to deploy a cert or set of certs into a list of cert stores.`, + Example: "", + ValidArgs: nil, + ValidArgsFunction: nil, + Args: nil, + ArgAliases: nil, + BashCompletionFunction: "", + Deprecated: "", + Annotations: nil, + Version: "", + PersistentPreRun: nil, + PersistentPreRunE: nil, + PreRun: nil, + PreRunE: nil, + Run: func(cmd *cobra.Command, args []string) { + // Global flags + debugFlag, _ := cmd.Flags().GetBool("debugFlag") + configFile, _ := cmd.Flags().GetString("config") + noPrompt, _ := cmd.Flags().GetBool("no-prompt") + profile, _ := cmd.Flags().GetString("profile") + + kfcUsername, _ := cmd.Flags().GetString("kfcUsername") + kfcPassword, _ := cmd.Flags().GetString("kfcPassword") + kfcDomain, _ := cmd.Flags().GetString("kfcDomain") + + authConfig := createAuthConfigFromParams(kfcHostName, kfcUsername, kfcPassword, kfcDomain, kfcAPIPath) + + debugModeEnabled := checkDebug(debugFlag) + log.Println("Debug mode enabled: ", debugModeEnabled) + + templateType, _ := cmd.Flags().GetString("type") + format, _ := cmd.Flags().GetString("format") + outPath, _ := cmd.Flags().GetString("outpath") + storeType, _ := cmd.Flags().GetStringSlice("store-type") + containerName, _ := cmd.Flags().GetStringSlice("container-name") + collection, _ := cmd.Flags().GetStringSlice("collection") + subjectName, _ := cmd.Flags().GetStringSlice("cn") + stID := -1 + var storeData []api.GetCertificateStoreResponse + var csvStoreData [][]string + var csvCertData [][]string + var rowLookup = make(map[string]bool) + kfClient, cErr := initClient(configFile, profile, "", "", noPrompt, authConfig, false) + if len(storeType) != 0 { + for _, s := range storeType { + if cErr != nil { + log.Fatalf("[ERROR] creating client: %s", cErr) + } + var sType *api.CertificateStoreType + var stErr error + if s == "all" { + sType = &api.CertificateStoreType{ + Name: "", + ShortName: "", + Capability: "", + StoreType: 0, + ImportType: 0, + LocalStore: false, + SupportedOperations: nil, + Properties: nil, + EntryParameters: nil, + PasswordOptions: nil, + StorePathType: "", + StorePathValue: "", + PrivateKeyAllowed: "", + JobProperties: nil, + ServerRequired: false, + PowerShell: false, + BlueprintAllowed: false, + CustomAliasAllowed: "", + ServerRegistration: 0, + InventoryEndpoint: "", + InventoryJobType: "", + ManagementJobType: "", + DiscoveryJobType: "", + EnrollmentJobType: "", + } + } else { + // check if s is an int + sInt, err := strconv.Atoi(s) + if err == nil { + sType, stErr = kfClient.GetCertificateStoreTypeById(sInt) + } else { + sType, stErr = kfClient.GetCertificateStoreTypeByName(s) + } + if stErr != nil { + fmt.Printf("[ERROR] getting store type '%s'. %s\n", s, stErr) + continue + } + stID = sType.StoreType // This is the template type ID + } + + if stID >= 0 || s == "all" { + log.Printf("[DEBUG] Store type ID: %d\n", stID) + params := make(map[string]interface{}) + stores, sErr := kfClient.ListCertificateStores(¶ms) + if sErr != nil { + fmt.Printf("[ERROR] getting certificate stores of type '%s': %s\n", s, sErr) + log.Fatalf("[ERROR] getting certificate stores of type '%s': %s", s, sErr) + } + for _, store := range *stores { + if store.CertStoreType == stID || s == "all" { + storeData = append(storeData, store) + if !rowLookup[store.Id] { + lineData := []string{ + //"StoreID", "StoreType", "StoreMachine", "StorePath", "ContainerId" + store.Id, fmt.Sprintf("%s", sType.ShortName), store.ClientMachine, store.StorePath, fmt.Sprintf("%d", store.ContainerId), store.ContainerName, getCurrentTime(), + } + csvStoreData = append(csvStoreData, lineData) + rowLookup[store.Id] = true + } + } + } + } + } + fmt.Println("Done") + } + if len(containerName) != 0 { + for _, c := range containerName { + + if cErr != nil { + log.Fatalf("[ERROR] creating client: %s", cErr) + } + cStoresResp, scErr := kfClient.GetCertificateStoreByContainerID(c) + if scErr != nil { + fmt.Printf("[ERROR] getting store container: %s\n", scErr) + } + if cStoresResp != nil { + for _, store := range *cStoresResp { + sType, stErr := kfClient.GetCertificateStoreType(store.CertStoreType) + if stErr != nil { + fmt.Printf("[ERROR] getting store type: %s\n", stErr) + continue + } + storeData = append(storeData, store) + if !rowLookup[store.Id] { + lineData := []string{ + // "StoreID", "StoreType", "StoreMachine", "StorePath", "ContainerId" + store.Id, sType.ShortName, store.ClientMachine, store.StorePath, fmt.Sprintf("%d", store.ContainerId), store.ContainerName, getCurrentTime(), + } + csvStoreData = append(csvStoreData, lineData) + rowLookup[store.Id] = true + } + } + + } + } + } + if len(collection) != 0 { + for _, c := range collection { + if cErr != nil { + fmt.Println("[ERROR] connecting to Keyfactor. Please check your configuration and try again.") + log.Fatalf("[ERROR] creating client: %s", cErr) + } + q := make(map[string]string) + q["collection"] = c + certsResp, scErr := kfClient.ListCertificates(q) + if scErr != nil { + fmt.Printf("No certificates found in collection: %s\n", scErr) + } + if certsResp != nil { + for _, cert := range certsResp { + if !rowLookup[cert.Thumbprint] { + lineData := []string{ + // "Thumbprint", "SubjectName", "Issuer", "CertID", "Locations", "LastQueriedDate" + cert.Thumbprint, cert.IssuedCN, cert.IssuerDN, fmt.Sprintf("%d", cert.Id), fmt.Sprintf("%v", cert.Locations), getCurrentTime(), + } + csvCertData = append(csvCertData, lineData) + rowLookup[cert.Thumbprint] = true + } + } + + } + } + } + if len(subjectName) != 0 { + for _, s := range subjectName { + if cErr != nil { + fmt.Println("[ERROR] connecting to Keyfactor. Please check your configuration and try again.") + log.Fatalf("[ERROR] creating client: %s", cErr) + } + q := make(map[string]string) + q["subject"] = s + certsResp, scErr := kfClient.ListCertificates(q) + if scErr != nil { + fmt.Printf("No certificates found with CN: %s\n", scErr) + } + if certsResp != nil { + for _, cert := range certsResp { + if !rowLookup[cert.Thumbprint] { + locationsFormatted := "" + for _, loc := range cert.Locations { + locationsFormatted += fmt.Sprintf("%s:%s\n", loc.StoreMachine, loc.StorePath) + } + lineData := []string{ + // "Thumbprint", "SubjectName", "Issuer", "CertID", "Locations", "LastQueriedDate" + cert.Thumbprint, cert.IssuedCN, cert.IssuerDN, fmt.Sprintf("%d", cert.Id), locationsFormatted, getCurrentTime(), + } + csvCertData = append(csvCertData, lineData) + rowLookup[cert.Thumbprint] = true + } + } + + } + } + } + // Create CSV template file + + var filePath string + if outPath != "" { + filePath = outPath + } else { + filePath = fmt.Sprintf("%s_template.%s", templateType, format) + } + file, err := os.Create(filePath) + if err != nil { + fmt.Printf("[ERROR] creating file: %s", err) + log.Fatal("Cannot create file", err) + } + + switch format { + case "csv": + writer := csv.NewWriter(file) + var data [][]string + switch templateType { + case "stores": + data = append(data, StoreHeader) + if len(csvStoreData) != 0 { + data = append(data, csvStoreData...) + } + case "certs": + data = append(data, CertHeader) + if len(csvCertData) != 0 { + data = append(data, csvCertData...) + } + case "actions": + data = append(data, AuditHeader) + } + csvErr := writer.WriteAll(data) + if csvErr != nil { + fmt.Println(csvErr) + } + defer file.Close() + + case "json": + writer := bufio.NewWriter(file) + _, err := writer.WriteString("StoreID,StoreType,StoreMachine,StorePath") + if err != nil { + log.Fatal("Cannot write to file", err) + } + } + fmt.Printf("Template file created at %s.\n", filePath) + }, + RunE: nil, + PostRun: nil, + PostRunE: nil, + PersistentPostRun: nil, + PersistentPostRunE: nil, + FParseErrWhitelist: cobra.FParseErrWhitelist{}, + CompletionOptions: cobra.CompletionOptions{}, + TraverseChildren: false, + Hidden: false, + SilenceErrors: false, + SilenceUsage: false, + DisableFlagParsing: false, + DisableAutoGenTag: false, + DisableFlagsInUseLine: false, + DisableSuggestions: false, + SuggestionsMinimumDistance: 0, + } +) + +func init() { + log.SetFlags(log.LstdFlags | log.Lshortfile) + log.SetOutput(os.Stdout) + var ( + stores string + addCerts string + removeCerts string + minCertsInStore int + maxPrivateKeys int + maxLeaves int + tType = tTypeCerts + outPath string + outputFormat string + inputFile string + storeTypes []string + containerNames []string + collections []string + subjectNames []string + ) + + storesCmd.AddCommand(rotCmd) + + // Root of trust `audit` command + rotCmd.AddCommand(rotAuditCmd) + rotAuditCmd.Flags().StringVarP(&stores, "stores", "s", "", "CSV file containing cert stores to enroll into") + rotAuditCmd.Flags().StringVarP(&addCerts, "add-certs", "a", "", + "CSV file containing cert(s) to enroll into the defined cert stores") + rotAuditCmd.Flags().StringVarP(&removeCerts, "remove-certs", "r", "", + "CSV file containing cert(s) to remove from the defined cert stores") + rotAuditCmd.Flags().IntVarP(&minCertsInStore, "min-certs", "m", -1, + "The minimum number of certs that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") + rotAuditCmd.Flags().IntVarP(&maxPrivateKeys, "max-keys", "k", -1, + "The max number of private keys that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") + rotAuditCmd.Flags().IntVarP(&maxLeaves, "max-leaf-certs", "l", -1, + "The max number of non-root-certs that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") + rotAuditCmd.Flags().BoolP("dry-run", "d", false, "Dry run mode") + rotAuditCmd.Flags().StringVarP(&outPath, "outpath", "o", "", + "Path to write the audit report file to. If not specified, the file will be written to the current directory.") + + // Root of trust `reconcile` command + rotCmd.AddCommand(rotReconcileCmd) + rotReconcileCmd.Flags().StringVarP(&stores, "stores", "s", "", "CSV file containing cert stores to enroll into") + rotReconcileCmd.Flags().StringVarP(&addCerts, "add-certs", "a", "", + "CSV file containing cert(s) to enroll into the defined cert stores") + rotReconcileCmd.Flags().StringVarP(&removeCerts, "remove-certs", "r", "", + "CSV file containing cert(s) to remove from the defined cert stores") + rotReconcileCmd.Flags().IntVarP(&minCertsInStore, "min-certs", "m", -1, + "The minimum number of certs that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") + rotReconcileCmd.Flags().IntVarP(&maxPrivateKeys, "max-keys", "k", -1, + "The max number of private keys that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") + rotReconcileCmd.Flags().IntVarP(&maxLeaves, "max-leaf-certs", "l", -1, + "The max number of non-root-certs that should be in a store to be considered a 'root' store. If set to `-1` then all stores will be considered.") + rotReconcileCmd.Flags().BoolP("dry-run", "d", false, "Dry run mode") + rotReconcileCmd.Flags().BoolP("import-csv", "v", false, "Import an audit report file in CSV format.") + rotReconcileCmd.Flags().StringVarP(&inputFile, "input-file", "i", reconcileDefaultFileName, + "Path to a file generated by 'stores rot audit' command.") + rotReconcileCmd.Flags().StringVarP(&outPath, "outpath", "o", "", + "Path to write the audit report file to. If not specified, the file will be written to the current directory.") + //rotReconcileCmd.MarkFlagsRequiredTogether("add-certs", "stores") + //rotReconcileCmd.MarkFlagsRequiredTogether("remove-certs", "stores") + rotReconcileCmd.MarkFlagsMutuallyExclusive("add-certs", "import-csv") + rotReconcileCmd.MarkFlagsMutuallyExclusive("remove-certs", "import-csv") + rotReconcileCmd.MarkFlagsMutuallyExclusive("stores", "import-csv") + + // Root of trust `generate` command + rotCmd.AddCommand(rotGenStoreTemplateCmd) + rotGenStoreTemplateCmd.Flags().StringVarP(&outPath, "outpath", "o", "", + "Path to write the template file to. If not specified, the file will be written to the current directory.") + rotGenStoreTemplateCmd.Flags().StringVarP(&outputFormat, "format", "f", "csv", + "The type of template to generate. Only `csv` is supported at this time.") + rotGenStoreTemplateCmd.Flags().Var(&tType, "type", + `The type of template to generate. Only "certs|stores|actions" are supported at this time.`) + rotGenStoreTemplateCmd.Flags().StringSliceVar(&storeTypes, "store-type", []string{}, "Multi value flag. Attempt to pre-populate the stores template with the certificate stores matching specified store types. If not specified, the template will be empty.") + rotGenStoreTemplateCmd.Flags().StringSliceVar(&containerNames, "container-name", []string{}, "Multi value flag. Attempt to pre-populate the stores template with the certificate stores matching specified container types. If not specified, the template will be empty.") + rotGenStoreTemplateCmd.Flags().StringSliceVar(&subjectNames, "cn", []string{}, "Subject name(s) to pre-populate the 'certs' template with. If not specified, the template will be empty. Does not work with SANs.") + rotGenStoreTemplateCmd.Flags().StringSliceVar(&collections, "collection", []string{}, "Certificate collection name(s) to pre-populate the stores template with. If not specified, the template will be empty.") + + rotGenStoreTemplateCmd.RegisterFlagCompletionFunc("type", templateTypeCompletion) + rotGenStoreTemplateCmd.MarkFlagRequired("type") +} diff --git a/cmd/rot_test.go b/cmd/rot_test.go index 1d619dd0..8384d482 100644 --- a/cmd/rot_test.go +++ b/cmd/rot_test.go @@ -1 +1,15 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd diff --git a/cmd/status.go b/cmd/status.go index 01f75730..0bffd7ca 100644 --- a/cmd/status.go +++ b/cmd/status.go @@ -1,9 +1,17 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/storeTypes.go b/cmd/storeTypes.go index 133c7885..14d1827a 100644 --- a/cmd/storeTypes.go +++ b/cmd/storeTypes.go @@ -1,9 +1,17 @@ // Package cmd Copyright 2023 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/storeTypes_test.go b/cmd/storeTypes_test.go index 8f3fa16e..ded1a485 100644 --- a/cmd/storeTypes_test.go +++ b/cmd/storeTypes_test.go @@ -1,3 +1,17 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/stores.go b/cmd/stores.go index 614d329e..d106a173 100644 --- a/cmd/stores.go +++ b/cmd/stores.go @@ -1,9 +1,17 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/storesBulkOperations.go b/cmd/storesBulkOperations.go index c8cad8c7..d61c5194 100644 --- a/cmd/storesBulkOperations.go +++ b/cmd/storesBulkOperations.go @@ -1,9 +1,17 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/stores_test.go b/cmd/stores_test.go index df59f7af..cdd36421 100644 --- a/cmd/stores_test.go +++ b/cmd/stores_test.go @@ -1,3 +1,17 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/test.go b/cmd/test.go index dd113a3e..8d314147 100644 --- a/cmd/test.go +++ b/cmd/test.go @@ -1,3 +1,17 @@ +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/cmd/version.go b/cmd/version.go index aff263e0..fa45f990 100644 --- a/cmd/version.go +++ b/cmd/version.go @@ -1,9 +1,17 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package cmd Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cmd import ( diff --git a/docs/kfutil.md b/docs/kfutil.md index 94502527..9dd04416 100644 --- a/docs/kfutil.md +++ b/docs/kfutil.md @@ -9,17 +9,22 @@ A CLI wrapper around the Keyfactor Platform API. ### Options ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - -h, --help help for kfutil - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + -h, --help help for kfutil + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO @@ -35,4 +40,4 @@ A CLI wrapper around the Keyfactor Platform API. * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. * [kfutil version](kfutil_version.md) - Shows version of kfutil -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_containers.md b/docs/kfutil_containers.md index d5912bff..e14e6ffe 100644 --- a/docs/kfutil_containers.md +++ b/docs/kfutil_containers.md @@ -15,16 +15,21 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO @@ -33,4 +38,4 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s * [kfutil containers get](kfutil_containers_get.md) - Get certificate store container by ID or name. * [kfutil containers list](kfutil_containers_list.md) - List certificate store containers. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_containers_get.md b/docs/kfutil_containers_get.md index ce133034..399d5999 100644 --- a/docs/kfutil_containers_get.md +++ b/docs/kfutil_containers_get.md @@ -20,20 +20,25 @@ kfutil containers get [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil containers](kfutil_containers.md) - Keyfactor certificate store container API and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_containers_list.md b/docs/kfutil_containers_list.md index fbfcad70..bb0409b4 100644 --- a/docs/kfutil_containers_list.md +++ b/docs/kfutil_containers_list.md @@ -19,20 +19,25 @@ kfutil containers list [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil containers](kfutil_containers.md) - Keyfactor certificate store container API and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_export.md b/docs/kfutil_export.md index acee4997..1482de3e 100644 --- a/docs/kfutil_export.md +++ b/docs/kfutil_export.md @@ -31,20 +31,25 @@ kfutil export [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_import.md b/docs/kfutil_import.md index d276856b..c6520fe1 100644 --- a/docs/kfutil_import.md +++ b/docs/kfutil_import.md @@ -30,20 +30,25 @@ kfutil import [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_logout.md b/docs/kfutil_logout.md index 149b2865..0413dbf9 100644 --- a/docs/kfutil_logout.md +++ b/docs/kfutil_logout.md @@ -19,20 +19,25 @@ kfutil logout [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_orchs.md b/docs/kfutil_orchs.md index 4ab5b371..e6d1910a 100644 --- a/docs/kfutil_orchs.md +++ b/docs/kfutil_orchs.md @@ -15,16 +15,21 @@ A collections of APIs and utilities for interacting with Keyfactor orchestrators ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO @@ -37,4 +42,4 @@ A collections of APIs and utilities for interacting with Keyfactor orchestrators * [kfutil orchs logs](kfutil_orchs_logs.md) - Get orchestrator logs by machine/client name. * [kfutil orchs reset](kfutil_orchs_reset.md) - Reset orchestrator by machine/client name. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_orchs_approve.md b/docs/kfutil_orchs_approve.md index 2861d5b4..07a79f30 100644 --- a/docs/kfutil_orchs_approve.md +++ b/docs/kfutil_orchs_approve.md @@ -20,20 +20,25 @@ kfutil orchs approve [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_orchs_disapprove.md b/docs/kfutil_orchs_disapprove.md index 932d7cea..1ab17383 100644 --- a/docs/kfutil_orchs_disapprove.md +++ b/docs/kfutil_orchs_disapprove.md @@ -20,20 +20,25 @@ kfutil orchs disapprove [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_orchs_get.md b/docs/kfutil_orchs_get.md index eb545ba9..0af6f209 100644 --- a/docs/kfutil_orchs_get.md +++ b/docs/kfutil_orchs_get.md @@ -20,20 +20,25 @@ kfutil orchs get [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_orchs_list.md b/docs/kfutil_orchs_list.md index c7c43d9a..7ec9a226 100644 --- a/docs/kfutil_orchs_list.md +++ b/docs/kfutil_orchs_list.md @@ -19,20 +19,25 @@ kfutil orchs list [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_orchs_logs.md b/docs/kfutil_orchs_logs.md index 52d3f577..44250526 100644 --- a/docs/kfutil_orchs_logs.md +++ b/docs/kfutil_orchs_logs.md @@ -20,20 +20,25 @@ kfutil orchs logs [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_orchs_reset.md b/docs/kfutil_orchs_reset.md index 4a9a5662..a84269a7 100644 --- a/docs/kfutil_orchs_reset.md +++ b/docs/kfutil_orchs_reset.md @@ -20,20 +20,25 @@ kfutil orchs reset [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_pam.md b/docs/kfutil_pam.md index 23ad3357..67e0429d 100644 --- a/docs/kfutil_pam.md +++ b/docs/kfutil_pam.md @@ -17,16 +17,21 @@ programmatically create, delete, edit, and list PAM Providers. ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO @@ -40,4 +45,4 @@ programmatically create, delete, edit, and list PAM Providers. * [kfutil pam types-list](kfutil_pam_types-list.md) - Returns a list of all available PAM provider types. * [kfutil pam update](kfutil_pam_update.md) - Updates an existing PAM Provider, currently only supported from file. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_pam_create.md b/docs/kfutil_pam_create.md index 05726570..b53fc782 100644 --- a/docs/kfutil_pam_create.md +++ b/docs/kfutil_pam_create.md @@ -20,20 +20,25 @@ kfutil pam create [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_pam_delete.md b/docs/kfutil_pam_delete.md index 9db196c5..6695f599 100644 --- a/docs/kfutil_pam_delete.md +++ b/docs/kfutil_pam_delete.md @@ -20,20 +20,25 @@ kfutil pam delete [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_pam_get.md b/docs/kfutil_pam_get.md index cea10c37..270dc2f5 100644 --- a/docs/kfutil_pam_get.md +++ b/docs/kfutil_pam_get.md @@ -20,20 +20,25 @@ kfutil pam get [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_pam_list.md b/docs/kfutil_pam_list.md index 5dc2f26e..d8002af9 100644 --- a/docs/kfutil_pam_list.md +++ b/docs/kfutil_pam_list.md @@ -19,20 +19,25 @@ kfutil pam list [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_pam_types-create.md b/docs/kfutil_pam_types-create.md index 51aef326..99dbbda7 100644 --- a/docs/kfutil_pam_types-create.md +++ b/docs/kfutil_pam_types-create.md @@ -17,7 +17,7 @@ kfutil pam types-create [flags] ### Options ``` - -b, --branch string Branch name for the repository. Can be left blank for 'main' by default. + -b, --branch string Branch name for the repository. Defaults to 'main'. -f, --from-file string Path to a JSON file containing the PAM Type Object Data. -h, --help help for types-create -n, --name string Name of the PAM Provider Type. @@ -27,20 +27,25 @@ kfutil pam types-create [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_pam_types-list.md b/docs/kfutil_pam_types-list.md index a872a95e..baa666b6 100644 --- a/docs/kfutil_pam_types-list.md +++ b/docs/kfutil_pam_types-list.md @@ -19,20 +19,25 @@ kfutil pam types-list [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_pam_update.md b/docs/kfutil_pam_update.md index 852108d8..c7bde48a 100644 --- a/docs/kfutil_pam_update.md +++ b/docs/kfutil_pam_update.md @@ -20,20 +20,25 @@ kfutil pam update [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_status.md b/docs/kfutil_status.md index 419e70cb..5861c43a 100644 --- a/docs/kfutil_status.md +++ b/docs/kfutil_status.md @@ -19,20 +19,25 @@ kfutil status [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_store-types.md b/docs/kfutil_store-types.md index 5625a557..905a35c6 100644 --- a/docs/kfutil_store-types.md +++ b/docs/kfutil_store-types.md @@ -15,16 +15,21 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO @@ -36,4 +41,4 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s * [kfutil store-types list](kfutil_store-types_list.md) - List certificate store types. * [kfutil store-types templates-fetch](kfutil_store-types_templates-fetch.md) - Fetches store type templates from Keyfactor's Github. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_store-types_create.md b/docs/kfutil_store-types_create.md index 963be4b0..fb204a52 100644 --- a/docs/kfutil_store-types_create.md +++ b/docs/kfutil_store-types_create.md @@ -13,30 +13,36 @@ kfutil store-types create [flags] ### Options ``` + -a, --all Create all store types. -f, --from-file string Path to a JSON file containing certificate store type data for a single store. -b, --git-ref string The git branch or tag to reference when pulling store-types from the internet. (default "main") -h, --help help for create -l, --list List valid store types. - -n, --name string Short name of the certificate store type to get. Valid choices are: AWS, F5, F5-CA-REST, F5-SL-REST, F5-WS-REST, FTP, Fortanix, GcpApigee, HCVKV, HCVPKI, IIS, IISU, IISWBin, JKS, JKS-SSH, K8SCert, K8SCluster, K8SJKS, K8SNS, K8SPKCS12, K8SSecret, K8STLSSecr, NS, PEM, PaloAlto, RFKDB, RFPEM, RFPkcs12, RFjks, SAMPLETYPE, VMware-NSX, WinCerMgmt, WinCert, vThunderU + -n, --name string Short name of the certificate store type to get. Valid choices are: AKV, AzureApp, AzureAppGW, AzureSP, Fortigate, HCVKV, HCVPKI, IISU, K8SCert, K8SCluster, K8SJKS, K8SNS, K8SPKCS12, K8SSecret, K8STLSSecr, RFDER, RFJKS, RFKDB, RFORA, RFPEM, RFPkcs12, SAMPLETYPE, Signum, VMware-NSX, WinCerMgmt, WinCert ``` ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_store-types_delete.md b/docs/kfutil_store-types_delete.md index 20d901f9..6dac2937 100644 --- a/docs/kfutil_store-types_delete.md +++ b/docs/kfutil_store-types_delete.md @@ -13,6 +13,7 @@ kfutil store-types delete [flags] ### Options ``` + -a, --all Delete all store types. -t, --dry-run Specifies whether to perform a dry run. -h, --help help for delete -i, --id int ID of the certificate store type to delete. (default -1) @@ -22,20 +23,25 @@ kfutil store-types delete [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_store-types_get.md b/docs/kfutil_store-types_get.md index 18ee56d5..c584926f 100644 --- a/docs/kfutil_store-types_get.md +++ b/docs/kfutil_store-types_get.md @@ -13,7 +13,6 @@ kfutil store-types get [flags] ### Options ``` - -f, --format string Output format. Valid choices are: 'json', 'yaml'. Default is 'json'. (default "json") -g, --generic Output the store type in a generic format stripped of all fields specific to the Command instance. -b, --git-ref string The git branch or tag to reference when pulling store-types from the internet. (default "main") -h, --help help for get @@ -24,20 +23,25 @@ kfutil store-types get [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_store-types_list.md b/docs/kfutil_store-types_list.md index 99879f17..5c7bbd36 100644 --- a/docs/kfutil_store-types_list.md +++ b/docs/kfutil_store-types_list.md @@ -19,20 +19,25 @@ kfutil store-types list [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_store-types_templates-fetch.md b/docs/kfutil_store-types_templates-fetch.md index d65fd51f..048f71f4 100644 --- a/docs/kfutil_store-types_templates-fetch.md +++ b/docs/kfutil_store-types_templates-fetch.md @@ -19,20 +19,25 @@ kfutil store-types templates-fetch [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores.md b/docs/kfutil_stores.md index 221680a0..7109beb9 100644 --- a/docs/kfutil_stores.md +++ b/docs/kfutil_stores.md @@ -15,24 +15,31 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil](kfutil.md) - Keyfactor CLI utilities +* [kfutil stores delete](kfutil_stores_delete.md) - Delete a certificate store by ID. +* [kfutil stores export](kfutil_stores_export.md) - Export existing defined certificate stores by type or store Id. * [kfutil stores get](kfutil_stores_get.md) - Get a certificate store by ID. +* [kfutil stores import](kfutil_stores_import.md) - Import a file with certificate store parameters and create them in keyfactor. * [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management * [kfutil stores list](kfutil_stores_list.md) - List certificate stores. -* [kfutil stores rot](kfutil_stores_rot.md) - Root of trust utility -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_delete.md b/docs/kfutil_stores_delete.md new file mode 100644 index 00000000..b5fb0be4 --- /dev/null +++ b/docs/kfutil_stores_delete.md @@ -0,0 +1,45 @@ +## kfutil stores delete + +Delete a certificate store by ID. + +### Synopsis + +Delete a certificate store by ID. + +``` +kfutil stores delete [flags] +``` + +### Options + +``` + -a, --all Attempt to delete ALL stores. + -h, --help help for delete + -i, --id string ID of the certificate store to delete. +``` + +### Options inherited from parent commands + +``` + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. +``` + +### SEE ALSO + +* [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. + +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_export.md b/docs/kfutil_stores_export.md new file mode 100644 index 00000000..31cba4e9 --- /dev/null +++ b/docs/kfutil_stores_export.md @@ -0,0 +1,46 @@ +## kfutil stores export + +Export existing defined certificate stores by type or store Id. + +### Synopsis + +Export the parameter values of defined certificate stores either by type or a specific store by Id. These parameters are stored in CSV for importing later. + +``` +kfutil stores export [flags] +``` + +### Options + +``` + -h, --help help for export + -o, --outpath string Path and name of the template file to generate.. If not specified, the file will be written to the current directory. + -i, --store-type-id int The ID of the cert store type for the template. (default -1) + -n, --store-type-name string The name of the cert store type for the template. Use if store-type-id is unknown. +``` + +### Options inherited from parent commands + +``` + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. +``` + +### SEE ALSO + +* [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. + +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_get.md b/docs/kfutil_stores_get.md index d9f8bd8c..32bb4dfd 100644 --- a/docs/kfutil_stores_get.md +++ b/docs/kfutil_stores_get.md @@ -20,20 +20,25 @@ kfutil stores get [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_import.md b/docs/kfutil_stores_import.md index ea27f7f8..6deae63c 100644 --- a/docs/kfutil_stores_import.md +++ b/docs/kfutil_stores_import.md @@ -12,10 +12,30 @@ Tools for generating import templates and importing certificate stores -h, --help help for import ``` +### Options inherited from parent commands + +``` + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. +``` + ### SEE ALSO * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -* [kfutil stores import create](kfutil_stores_import_create.md) - Create certificate stores +* [kfutil stores import csv](kfutil_stores_import_csv.md) - Create certificate stores from CSV file. * [kfutil stores import generate-template](kfutil_stores_import_generate-template.md) - For generating a CSV template with headers for bulk store creation. -###### Auto generated by spf13/cobra on 1-Dec-2022 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_import_create.md b/docs/kfutil_stores_import_create.md deleted file mode 100644 index 2e53b721..00000000 --- a/docs/kfutil_stores_import_create.md +++ /dev/null @@ -1,31 +0,0 @@ -## kfutil stores import create - -Create certificate stores - -### Synopsis - -Certificate stores: Will parse a CSV and attempt to create a certificate store for each row with the provided parameters. -store-type-name OR store-type-id is required. -file is the path to the file to be imported. -resultspath is where the import results will be written to. - -``` -kfutil stores import create --file --store-type-id --store-type-name --results-path --dry-run [flags] -``` - -### Options - -``` - -d, --dry-run Do not import, just check for necessary fields. - -f, --file string CSV file containing cert stores to create. - -h, --help help for create - -o, --results-path string CSV file containing cert stores to create. defaults to _results.csv - -i, --store-type-id int The ID of the cert store type for the stores. (default -1) - -n, --store-type-name string The name of the cert store type. Use if store-type-id is unknown. -``` - -### SEE ALSO - -* [kfutil stores import](kfutil_stores_import.md) - Import a file with certificate store parameters and create them in keyfactor. - -###### Auto generated by spf13/cobra on 1-Dec-2022 diff --git a/docs/kfutil_stores_import_csv.md b/docs/kfutil_stores_import_csv.md new file mode 100644 index 00000000..16de3162 --- /dev/null +++ b/docs/kfutil_stores_import_csv.md @@ -0,0 +1,51 @@ +## kfutil stores import csv + +Create certificate stores from CSV file. + +### Synopsis + +Certificate stores: Will parse a CSV and attempt to create a certificate store for each row with the provided parameters. +'store-type-name' OR 'store-type-id' are required. +'file' is the path to the file to be imported. +'resultspath' is where the import results will be written to. + +``` +kfutil stores import csv --file --store-type-id --store-type-name --results-path --dry-run [flags] +``` + +### Options + +``` + -d, --dry-run Do not import, just check for necessary fields. + -f, --file string CSV file containing cert stores to create. + -h, --help help for csv + -o, --results-path string CSV file containing cert stores to create. defaults to _results.csv + -i, --store-type-id int The ID of the cert store type for the stores. (default -1) + -n, --store-type-name string The name of the cert store type. Use if store-type-id is unknown. +``` + +### Options inherited from parent commands + +``` + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. +``` + +### SEE ALSO + +* [kfutil stores import](kfutil_stores_import.md) - Import a file with certificate store parameters and create them in keyfactor. + +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_import_generate-template.md b/docs/kfutil_stores_import_generate-template.md index 41bde740..3f84211c 100644 --- a/docs/kfutil_stores_import_generate-template.md +++ b/docs/kfutil_stores_import_generate-template.md @@ -22,8 +22,28 @@ kfutil stores import generate-template --store-type-id --store-t -n, --store-type-name string The name of the cert store type for the template. Use if store-type-id is unknown. ``` +### Options inherited from parent commands + +``` + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. +``` + ### SEE ALSO * [kfutil stores import](kfutil_stores_import.md) - Import a file with certificate store parameters and create them in keyfactor. -###### Auto generated by spf13/cobra on 1-Dec-2022 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_inventory.md b/docs/kfutil_stores_inventory.md index ff48be07..e0f45c86 100644 --- a/docs/kfutil_stores_inventory.md +++ b/docs/kfutil_stores_inventory.md @@ -15,16 +15,21 @@ Commands related to certificate store inventory management ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO @@ -34,4 +39,4 @@ Commands related to certificate store inventory management * [kfutil stores inventory remove](kfutil_stores_inventory_remove.md) - Removes a certificate from the certificate store inventory. * [kfutil stores inventory show](kfutil_stores_inventory_show.md) - Show the inventory of a certificate store. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_inventory_add.md b/docs/kfutil_stores_inventory_add.md index 932ccabb..74e5c5a9 100644 --- a/docs/kfutil_stores_inventory_add.md +++ b/docs/kfutil_stores_inventory_add.md @@ -33,20 +33,25 @@ kfutil stores inventory add [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_inventory_remove.md b/docs/kfutil_stores_inventory_remove.md index ccfbc7f9..27ae48a8 100644 --- a/docs/kfutil_stores_inventory_remove.md +++ b/docs/kfutil_stores_inventory_remove.md @@ -29,20 +29,25 @@ kfutil stores inventory remove [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_inventory_show.md b/docs/kfutil_stores_inventory_show.md index d5a69698..76e1d2ac 100644 --- a/docs/kfutil_stores_inventory_show.md +++ b/docs/kfutil_stores_inventory_show.md @@ -23,20 +23,25 @@ kfutil stores inventory show [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_stores_list.md b/docs/kfutil_stores_list.md index b732217c..feb17a3a 100644 --- a/docs/kfutil_stores_list.md +++ b/docs/kfutil_stores_list.md @@ -19,20 +19,25 @@ kfutil stores list [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/docs/kfutil_version.md b/docs/kfutil_version.md index cda9b105..2fb555dc 100644 --- a/docs/kfutil_version.md +++ b/docs/kfutil_version.md @@ -19,20 +19,25 @@ kfutil version [flags] ### Options inherited from parent commands ``` - --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") - --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) - --debug Enable debug logging. (USE AT YOUR OWN RISK, this may log sensitive information to the console.) - --domain string Domain to use for authenticating to Keyfactor Command. - --exp Enable experimental features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) - --hostname string Hostname to use for authenticating to Keyfactor Command. - --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. - --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing password here in plain text. - --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. - --username string Username to use for authenticating to Keyfactor Command. + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) (default "$HOME/.keyfactor/command_config.json") + --auth-provider-profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid/azcli) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format string Output format. (text/json) (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. ``` ### SEE ALSO * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated by spf13/cobra on 26-Jul-2023 +###### Auto generated by spf13/cobra on 4-Oct-2023 diff --git a/main.go b/main.go index 376fa992..31bb43e5 100644 --- a/main.go +++ b/main.go @@ -1,24 +1,34 @@ -// Package cmd Copyright 2022 Keyfactor -// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions -// and limitations under the License. +// Package main Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package main import ( + "flag" "github.com/spf13/cobra/doc" "kfutil/cmd" + "os" ) func main() { - //var docsFlag bool - //flag.BoolVar(&docsFlag, "makedocs", false, "Create markdown docs.") - //flag.Parse() - //if docsFlag { - // docs() - // os.Exit(0) - //} + var docsFlag bool + flag.BoolVar(&docsFlag, "makedocs", false, "Create markdown docs.") + flag.Parse() + if docsFlag { + docs() + os.Exit(0) + } cmd.Execute() } diff --git a/pkg/version/version.go b/pkg/version/version.go index 4e559274..093e7405 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -1,3 +1,17 @@ +// Package version Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package version const VERSION = "v1.2.0"