Add deployment type to config.

This field is ignored except for the start of the ca. If the type is linked and the token is not passed, it will fail with an error.
3 years ago · 072ba4227c
parent 56bb3eb6e1
commit 072ba4227c
3 changed files with 36 additions and 1 deletions
--- a/authority/config/config.go
+++ b/authority/config/config.go
@ -85,6 +85,7 @@ type ASN1DN struct {
 type AuthConfig struct {
 	*cas.Options
 	AuthorityID          string                `json:"authorityId,omitempty"`
+	DeploymentType       string                `json:"deploymentType,omitempty"`
 	Provisioners         provisioner.List      `json:"provisioners,omitempty"`
 	Admins               []*linkedca.Admin     `json:"-"`
 	Template             *ASN1DN               `json:"template,omitempty"`
--- a/commands/app.go
+++ b/commands/app.go
@ -8,11 +8,13 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"strings"
 	"unicode"

 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/authority/config"
 	"github.com/smallstep/certificates/ca"
+	"github.com/smallstep/certificates/pki"
 	"github.com/urfave/cli"
 	"go.step.sm/cli-utils/errs"
 )
@ -67,6 +69,18 @@ func appAction(ctx *cli.Context) error {
 		fatal(err)
 	}

+	if config.AuthorityConfig != nil {
+		if token == "" && strings.EqualFold(config.AuthorityConfig.DeploymentType, pki.LinkedDeployment.String()) {
+			return errors.New(`'step-ca' requires the '--token' flag for linked deploy type.
+
+To get a linked authority token:
+  1. Log in or create a Certificate Manager account at ` + "\033[1mhttps://u.step.sm/linked\033[0m" + `
+  2. Add a new authority with "linked" type
+  3. Follow instructions in browser to start 'step-ca' using the '--token' flag
+`)
+		}
+	}
+
 	var password []byte
 	if passFile != "" {
 		if password, err = ioutil.ReadFile(passFile); err != nil {
--- a/pki/pki.go
+++ b/pki/pki.go
@ -54,6 +54,20 @@ const (
 	HostedDeployment
 )

+// String returns the string version of the deployment type.
+func (d DeploymentType) String() string {
+	switch d {
+	case StandaloneDeployment:
+		return "standalone"
+	case LinkedDeployment:
+		return "linked"
+	case HostedDeployment:
+		return "hosted"
+	default:
+		return "unknown"
+	}
+}
+
 const (
 	// ConfigPath is the directory name under the step path where the configuration
 	// files will be stored.
@ -580,7 +594,7 @@ func (p *PKI) askFeedback() {
 	ui.Println("  regarding how you’re using `step` helps. Please send us a sentence or two,")
 	ui.Println("  good or bad at \033[1mfeedback@smallstep.com\033[0m or join GitHub Discussions")
 	ui.Println("  \033[1mhttps://github.com/smallstep/certificates/discussions\033[0m and our Discord ")
-	ui.Println("  \033[1mhttps://bit.ly/step-discord\033[0m.")
+	ui.Println("  \033[1mhttps://u.step.sm/discord\033[0m.")

 	if p.options.deploymentType == LinkedDeployment {
 		ui.Println()
@ -652,6 +666,12 @@ func (p *PKI) GenerateConfig(opt ...ConfigOption) (*authconfig.Config, error) {
 		Templates: p.getTemplates(),
 	}

+	// Add linked as a deployment type to detect it on start and provide a
+	// message if the token is not given.
+	if p.options.deploymentType == LinkedDeployment {
+		config.AuthorityConfig.DeploymentType = LinkedDeployment.String()
+	}
+
 	// On standalone deployments add the provisioners to either the ca.json or
 	// the database.
 	var provisioners []provisioner.Interface