Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: Venafi/vcert
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v5.0.1
Choose a base ref
...
head repository: Venafi/vcert
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Loading
Showing with 20,189 additions and 4,768 deletions.
  1. +9 −0 .github/dependabot.yml
  2. +5 −0 .gitignore
  3. +0 −2 .golangci.yml
  4. +54 −0 CHANGELOG.md
  5. +0 −58 Jenkinsfile
  6. +16 −10 Makefile
  7. +268 −150 README-CLI-CLOUD.md
  8. +244 −0 README-CLI-FIREFLY.md
  9. +138 −138 README-CLI-PLATFORM.md
  10. +184 −122 README-PLAYBOOK.md
  11. +93 −58 README-POLICY-SPEC.md
  12. +90 −60 README.md
  13. +14 −3 aruba/Dockerfile
  14. +0 −4 aruba/Gemfile
  15. +33 −1 aruba/cucumber.sh
  16. +13 −1 aruba/features/config/basic.feature
  17. +1 −1 aruba/features/enroll/enroll-with-csr.feature
  18. +45 −0 aruba/features/firefly/credmgmt-firefly.feature
  19. +30 −0 aruba/features/firefly/firefly.feature
  20. +51 −0 aruba/features/firefly/step_definitions/my_steps.rb
  21. +35 −0 aruba/features/format/pkcs12.feature
  22. +461 −0 aruba/features/playbook/playbook.feature
  23. +342 −0 aruba/features/playbook/steps_definitions/my_steps.rb
  24. +195 −0 aruba/features/playbook/support/aruba.rb
  25. +68 −0 aruba/features/provision/cloudkeystore/provision_cloudkeystore.feature
  26. +198 −0 aruba/features/provision/cloudkeystore/steps_definitions/my_steps.rb
  27. +20 −0 aruba/features/renew/renew-with-csr-local.feature
  28. +9 −0 aruba/features/renew/renew-with-csr-service.feature
  29. +1 −1 aruba/features/retire/retire.feature
  30. +30 −0 aruba/features/step_definitions/actions.rb
  31. +12 −4 aruba/features/step_definitions/endpoints.rb
  32. +25 −8 aruba/features/step_definitions/my_steps.rb
  33. +13 −0 aruba/features/step_definitions/openssl.rb
  34. +85 −1 aruba/features/support/aruba.rb
  35. +20 −0 aruba/features/support/aws_provider.rb
  36. +50 −0 aruba/features/support/azure_provider.rb
  37. +25 −0 aruba/features/support/google_provider.rb
  38. +16 −0 aruba/features/support/http_utils.rb
  39. +7 −1 client.go
  40. +330 −0 client_test.go
  41. +42 −18 cmd/vcert/args.go
  42. +721 −0 cmd/vcert/cmdCertificates.go
  43. +117 −0 cmd/vcert/cmdCloudKeystores.go
  44. +170 −0 cmd/vcert/cmdCredentials.go
  45. +393 −0 cmd/vcert/cmdHelper.go
  46. +218 −0 cmd/vcert/cmdPolicies.go
  47. +32 −0 cmd/vcert/cmdProvisioning.go
  48. +421 −0 cmd/vcert/cmdSSHCertificates.go
  49. +0 −1,707 cmd/vcert/commands.go
  50. +125 −93 cmd/vcert/config.go
  51. +75 −0 cmd/vcert/datareader.go
  52. +115 −0 cmd/vcert/envVars.go
  53. +165 −24 cmd/vcert/flags.go
  54. +32 −20 cmd/vcert/main.go
  55. +16 −14 cmd/vcert/main_test.go
  56. +6 −4 cmd/vcert/passwords.go
  57. +25 −8 cmd/vcert/playbook.go
  58. +12 −11 cmd/vcert/playbook_test.go
  59. +86 −10 cmd/vcert/result_writer.go
  60. +213 −0 cmd/vcert/result_writer_test.go
  61. +8 −2 cmd/vcert/test_utils.go
  62. +0 −15 cmd/vcert/usage.go
  63. +37 −33 cmd/vcert/utils.go
  64. +203 −225 cmd/vcert/validators.go
  65. +42 −0 cmd/vcert/validatorsCloud.go
  66. +59 −0 cmd/vcert/validatorsFirefly.go
  67. +42 −0 cmd/vcert/validatorsTPP.go
  68. +107 −15 config.go
  69. +64 −0 examples/ansible/README.md
  70. +46 −0 examples/ansible/oauth2.ADFS_clientcredentials.yaml
  71. +42 −0 examples/ansible/oauth2.Auth0_clientcredentials.yaml
  72. +41 −0 examples/ansible/oauth2.AzureEntra_clientcredentials.yaml
  73. +28 −0 examples/ansible/testvcertplaybook.yaml
  74. +78 −0 examples/firefly/main.go
  75. +22 −0 examples/playbook/sample.capi-win2016.yaml
  76. +12 −10 examples/playbook/sample.capi.yaml
  77. +0 −1 examples/playbook/sample.cert-auth.yaml
  78. +28 −0 examples/playbook/sample.firefly.client-secret.yaml
  79. +28 −0 examples/playbook/sample.firefly.user-password.yaml
  80. +2 −3 examples/playbook/sample.jks.yaml
  81. +3 −4 examples/playbook/sample.multi.yaml
  82. +2 −3 examples/playbook/sample.pem.yaml
  83. +4 −9 examples/playbook/sample.pkcs12.yaml
  84. +29 −0 examples/playbook/sample.tlspc.svc-account.yaml
  85. +3 −4 examples/playbook/sample.tlspc.yaml
  86. +74 −0 examples/provision/main.go
  87. +103 −0 examples/provisionWithCertificateRequest/main.go
  88. +117 −0 examples/provisionWithServiceAccount/main.go
  89. +9 −1 examples/server/main.go
  90. +8 −0 examples/simple-cli/main.go
  91. +91 −0 examples/tlspc-svc-account/main.go
  92. +24 −12 go.mod
  93. +60 −31 go.sum
  94. +3 −3 pkg/certificate/certificate.go
  95. +1 −0 pkg/certificate/location.go
  96. +36 −2 pkg/certificate/request.go
  97. +239 −0 pkg/domain/cloudproviders.go
  98. +32 −0 pkg/domain/provisioning.go
  99. +24 −0 pkg/domain/workflow.go
  100. +53 −0 pkg/endpoint/authentication.go
  101. +38 −28 pkg/endpoint/endpoint.go
  102. +28 −0 pkg/httputils/transportApi.go
  103. +142 −12 pkg/playbook/app/domain/authentication.go
  104. +93 −7 pkg/playbook/app/domain/authentication_test.go
  105. +1 −1 pkg/playbook/app/domain/certificateTask.go
  106. +97 −18 pkg/playbook/app/domain/connection.go
  107. +113 −19 pkg/playbook/app/domain/connection_test.go
  108. +23 −0 pkg/playbook/app/domain/error.go
  109. +53 −17 pkg/playbook/app/domain/installation.go
  110. +0 −95 pkg/playbook/app/domain/platform.go
  111. +5 −3 pkg/playbook/app/domain/playbook.go
  112. +22 −23 pkg/playbook/app/domain/playbookRequest.go
  113. +19 −8 pkg/playbook/app/domain/playbook_test.go
  114. +49 −19 pkg/playbook/app/installer/capi.go
  115. +27 −8 pkg/playbook/app/installer/crypto.go
  116. +2 −2 pkg/playbook/app/installer/installer.go
  117. +18 −13 pkg/playbook/app/installer/jks.go
  118. +9 −11 pkg/playbook/app/installer/pem.go
  119. +23 −14 pkg/playbook/app/installer/pkcs12.go
  120. +1 −1 pkg/playbook/app/installer/selector.go
  121. +1 −1 pkg/playbook/app/installer/selector_windows.go
  122. +19 −5 pkg/playbook/app/parser/reader.go
  123. +14 −6 pkg/playbook/app/parser/writer_test.go
  124. +56 −48 pkg/playbook/app/service/service.go
  125. +4 −43 pkg/playbook/app/service/service_test.go
  126. +3 −3 pkg/playbook/app/service/tokenService.go
  127. +16 −7 pkg/playbook/app/vcertutil/helper.go
  128. +186 −31 pkg/playbook/app/vcertutil/vcertutil.go
  129. +13 −9 pkg/playbook/util/capistore/embedded/install-cert.ps1
  130. +3 −3 pkg/playbook/util/cmdexec.go
  131. +3 −3 pkg/playbook/util/cmdexec_windows.go
  132. +0 −36 pkg/policy/policyStructures.go
  133. +1 −0 pkg/policy/policyUtils.go
  134. +3 −0 pkg/util/constants.go
  135. 0 pkg/{playbook → }/util/log.go
  136. +1 −1 pkg/util/pemUtil.go
  137. +48 −1 pkg/util/utils.go
  138. +29 −0 pkg/venafi/cloud/certificate.go
  139. +18 −4 pkg/venafi/cloud/certificatePolicies.go
  140. +70 −125 pkg/venafi/cloud/cloud.go
  141. +2 −25 pkg/venafi/cloud/cloudUtil.go
  142. +101 −1 pkg/venafi/cloud/cloud_test.go
  143. +387 −0 pkg/venafi/cloud/cloudproviders.go
  144. +0 −48 pkg/venafi/cloud/company.go
  145. +797 −1,055 pkg/venafi/cloud/connector.go
  146. +419 −0 pkg/venafi/cloud/connectorPolicy.go
  147. +19 −0 pkg/venafi/cloud/connectorSSH.go
  148. +7 −7 pkg/venafi/cloud/connector_test.go
  149. +47 −0 pkg/venafi/cloud/oauth.go
  150. +4 −3 pkg/venafi/cloud/search.go
  151. +2 −0 pkg/venafi/fake/ca.go
  152. +18 −0 pkg/venafi/fake/connector.go
  153. +91 −0 pkg/venafi/firefly/cert_test.go
  154. +469 −0 pkg/venafi/firefly/connector.go
  155. +503 −0 pkg/venafi/firefly/connector_test.go
  156. +60 −0 pkg/venafi/firefly/devAuthStatus.go
  157. +65 −0 pkg/venafi/firefly/devAuthstatus_test.go
  158. +203 −0 pkg/venafi/firefly/deviceFlow.go
  159. +46 −0 pkg/venafi/firefly/error.go
  160. +65 −0 pkg/venafi/firefly/error_test.go
  161. +239 −0 pkg/venafi/firefly/firefly.go
  162. +178 −0 pkg/venafi/firefly/fireflyServer_test.go
  163. +24 −0 pkg/venafi/firefly/fireflyUtil.go
  164. +37 −0 pkg/venafi/firefly/fireflyUtil_test.go
  165. +28 −0 pkg/venafi/firefly/firefly_test.go
  166. +373 −0 pkg/venafi/firefly/identityProviderServer_test.go
  167. +22 −0 pkg/venafi/firefly/util_test.go
  168. +113 −0 pkg/venafi/platform.go
  169. +15 −12 pkg/{playbook/app/domain → venafi}/platform_test.go
  170. +135 −59 pkg/venafi/tpp/connector.go
  171. +316 −13 pkg/venafi/tpp/connector_test.go
  172. +5 −2 pkg/venafi/tpp/sshCertUtils.go
  173. +55 −9 pkg/venafi/tpp/tpp.go
  174. +2 −2 pkg/venafi/tpp/tpp_test.go
  175. +1 −0 pkg/verror/errors.go
  176. +1,099 −0 pkg/webclient/cloudproviders/cloudproviders.gen.go
  177. +313 −0 pkg/webclient/cloudproviders/cloudproviders.go
  178. +75 −0 pkg/webclient/cloudproviders/genqlient.graphql
  179. +19 −0 pkg/webclient/cloudproviders/genqlient.yaml
  180. +4,475 −0 pkg/webclient/cloudproviders/schema.graphql
  181. +85 −0 pkg/webclient/notificationservice/notificationservice.go
  182. +6 −2 test-files/playbook/sample.yaml
9 changes: 9 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
version: 2
updates:
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "weekly"
time: "09:00"
day: "monday"
timezone: "America/Inuvik"
5 changes: 5 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -7,6 +7,8 @@ vCert
aruba/tmp/
aruba/bin/
aruba/vcert
aruba/tpp-bundle.pem
aruba/firefly-bundle.pem
vcert.exe
Gemfile.lock
aruba/features/step_definitions/0.endpoints.rb
@@ -16,3 +18,6 @@ aruba/log.log
credentials
*.DS_Store
vendor
google_auth.json
.env
*.out
2 changes: 0 additions & 2 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -4,8 +4,6 @@ run:

linters:
disable:
- deadcode
- varcheck
- unused
enable:
- gosec
54 changes: 54 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
## 5.6.3 (April 9th, 2024)

General:
- Updates all playbook samples, removing deprecated attributes and making sure they work out-of-the-box

VCert SDK:
- Adds `TokenURL` to `endpoint.Authentication`
- Cloud Connector will stop using the `TokenURL` attribute from `endpoint.OAuthProvider` and start using the new one
(above)

VCert CLI:
- Internal changes to make use fo the new `TokenURL` attribute
- Renames `getcred` command flag `--idp-jwt` back to `--external-jwt`
- Fixes an issue whereby using `getcred` command to request a `TPP` access token by using username/password threw the
deprecation warning message. This should not happen for `getcred` command
- Fixes an issue whereby requesting an access token for `VCP` platform printed the wrong expiration date. Now it
properly prints the expiration date

VCert SDK:
- Adds new attribute `config.connection.credentials.tokenURL` to playbook file. This attribute should be used to pass
the `VCP` token url value
- Stops using `config.connection.credentials.idP.tokenURL` for the `VCP` token url value
- Enhances the task run. Now, a failed task will not terminate the playbook execution, instead it will run all tasks and
errors will be reported at the end of the run.

## 5.6.2 (April 4th, 2024)
VCert SDK:
- Removes `TenantID` from `endpoint.Authentication` struct
- `cloud.Connector` will use `endpoint.Authentication.OAuthProvider.TokenURL` instead of building the URL (using the
`tenantID`) to obtain the access token

VCert CLI:
- Removes `--tenant-id` flag for `getcred` command
- Adds `--token-url` flag for `getcred` command

VCert Playbook:
- Removes `tenantId` attribute from `config.connection.credentials` object
- Now uses `config.connection.credentials.idP.tokenURL` for Venafi Control Plane service account authentication

## 5.6.1 (April 2nd, 2024)
VCert SDK:
- Adds UserAgent header to api requests for TPP, Cloud and Firefly connectors
- Adds functionality to convert a Platform type to a ConnectorType enum

## 5.6.0 (March 28th, 2024)
VCert SDK:
- Adds support for service account authentication in Cloud connector

VCert CLI:
- Adds new attributes to `getcred` command: `tenant-id` and `external-jwt` for Venafi Control Plane (VCP) service
account authentication

VCert playbook:
- Adds support for service account authentication to VCert playbooks
58 changes: 0 additions & 58 deletions Jenkinsfile

This file was deleted.

26 changes: 16 additions & 10 deletions Makefile
Original file line number Diff line number Diff line change
@@ -34,7 +34,7 @@ VERSION=$(RELEASE_VERSION)
endif
endif

GO_LDFLAGS=-ldflags "-X github.com/Venafi/vcert/v4.versionString=$(VERSION) -X github.com/Venafi/vcert/v4.versionBuildTimeStamp=`date -u +%Y%m%d.%H%M%S` -s -w"
GO_LDFLAGS=-ldflags "-X github.com/Venafi/vcert/v5.versionString=$(VERSION) -X github.com/Venafi/vcert/v5.versionBuildTimeStamp=`date -u +%Y%m%d.%H%M%S` -s -w"
version:
echo "$(VERSION)"

@@ -45,13 +45,14 @@ build_quick: get
env GOOS=linux GOARCH=amd64 go build $(GO_LDFLAGS) -o bin/linux/vcert ./cmd/vcert

build: get
env GOOS=linux GOARCH=arm64 go build $(GO_LDFLAGS) -o bin/linux/vcert_arm ./cmd/vcert
env GOOS=linux GOARCH=amd64 go build $(GO_LDFLAGS) -o bin/linux/vcert ./cmd/vcert
env GOOS=linux GOARCH=386 go build $(GO_LDFLAGS) -o bin/linux/vcert86 ./cmd/vcert
env GOOS=darwin GOARCH=amd64 go build $(GO_LDFLAGS) -o bin/darwin/vcert ./cmd/vcert
env GOOS=darwin GOARCH=arm64 go build $(GO_LDFLAGS) -o bin/darwin/vcert_arm ./cmd/vcert
env GOOS=windows GOARCH=amd64 go build $(GO_LDFLAGS) -o bin/windows/vcert.exe ./cmd/vcert
env GOOS=windows GOARCH=386 go build $(GO_LDFLAGS) -o bin/windows/vcert86.exe ./cmd/vcert
env GOOS=linux GOARCH=arm64 go build $(GO_LDFLAGS) -o bin/linux/vcert_arm ./cmd/vcert
env GOOS=linux GOARCH=amd64 go build $(GO_LDFLAGS) -o bin/linux/vcert ./cmd/vcert
env GOOS=linux GOARCH=386 go build $(GO_LDFLAGS) -o bin/linux/vcert86 ./cmd/vcert
env GOOS=darwin GOARCH=amd64 go build $(GO_LDFLAGS) -o bin/darwin/vcert ./cmd/vcert
env GOOS=darwin GOARCH=arm64 go build $(GO_LDFLAGS) -o bin/darwin/vcert_arm ./cmd/vcert
env GOOS=windows GOARCH=amd64 go build $(GO_LDFLAGS) -o bin/windows/vcert.exe ./cmd/vcert
env GOOS=windows GOARCH=386 go build $(GO_LDFLAGS) -o bin/windows/vcert86.exe ./cmd/vcert
env GOOS=windows GOARCH=arm64 go build $(GO_LDFLAGS) -o bin/windows/vcert_arm.exe ./cmd/vcert

cucumber_build:
$(call cucumber_image_build)
@@ -90,6 +91,10 @@ cloud_test: get
go test -v $(GOFLAGS) -coverprofile=cov_vaas.out ./pkg/venafi/cloud
go tool cover -func=cov_vaas.out

firefly_test: get
go test -v $(GOFLAGS) -coverprofile=cov_firefly.out ./pkg/venafi/firefly
go tool cover -func=cov_firefly.out

cmd_test: get
go test -v $(GOFLAGS) -coverprofile=cov_cmd.out ./cmd/vcert
go tool cover -func=cov_cmd.out
@@ -109,14 +114,15 @@ collect_artifacts:
zip -j "artifacts/vcert_$(VERSION)_darwin_arm.zip" "bin/darwin/vcert_arm" "vcert_darwin_arm.sig" || exit 1
zip -j "artifacts/vcert_$(VERSION)_windows.zip" "bin/windows/vcert.exe" || exit 1
zip -j "artifacts/vcert_$(VERSION)_windows86.zip" "bin/windows/vcert86.exe" || exit 1
zip -j "artifacts/vcert_$(VERSION)_windows_arm.zip" "bin/windows/vcert_arm.exe" || exit 1

release:
echo '```' > release.txt
cd artifacts; sha1sum * >> ../release.txt
echo '```' >> release.txt
go install github.com/tcnksm/ghr@latest
go install github.com/tcnksm/ghr@v0.16.2
export "PATH=$(PATH):$(shell go env GOPATH)/bin" && ghr -prerelease -n $$RELEASE_VERSION -body="$$(cat ./release.txt)" $$RELEASE_VERSION artifacts/

linter:
@golangci-lint --version || curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b /go/bin
golangci-lint run
golangci-lint run --timeout 5m
Loading