Allow to automatically configure and linked RA

2 years ago · 0c7467ceb2
parent 5e0be92273
commit 0c7467ceb2
4 changed files with 45 additions and 4 deletions
--- a/authority/authority.go
+++ b/authority/authority.go
@ -339,6 +339,19 @@ func (a *Authority) init() error {
 					Type:        conf.RaConfig.Provisioner.Type.String(),
 					Provisioner: conf.RaConfig.Provisioner.Name,
 				}
+				// Configure the RA authority type if needed
+				if options.Type == "" {
+					options.Type = casapi.StepCAS
+				}
+			}
+			// Remote configuration is currently only supported on a linked RA
+			if sc := conf.ServerConfig; sc != nil {
+				if a.config.Address == "" {
+					a.config.Address = sc.Address
+				}
+				if len(a.config.DNSNames) == 0 {
+					a.config.DNSNames = sc.DnsNames
+				}
 			}
 		}

--- a/commands/app.go
+++ b/commands/app.go
@ -7,12 +7,15 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"path/filepath"
 	"strings"
 	"unicode"

 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/authority/config"
+	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/ca"
+	"github.com/smallstep/certificates/db"
 	"github.com/smallstep/certificates/pki"
 	"github.com/urfave/cli"
 	"go.step.sm/cli-utils/errs"
@ -99,10 +102,35 @@ func appAction(ctx *cli.Context) error {
 	}

 	cfg, err := config.LoadConfiguration(configFile)
-	if err != nil {
+	if err != nil && token == "" {
 		fatal(err)
 	}

+	// Initialize a basic configuration to be used with an automatically
+	// configured linked RA. Default configuration includes:
+	//  * badgerv2 on $(step path)/db
+	//  * JSON logger
+	//  * Default TLS options
+	if cfg == nil {
+		cfg = &config.Config{
+			SkipValidation: true,
+			Logger:         []byte(`{"format":"json"}`),
+			DB: &db.Config{
+				Type:       "badgerv2",
+				DataSource: filepath.Join(step.Path(), "db"),
+			},
+			AuthorityConfig: &config.AuthConfig{
+				DeploymentType: pki.LinkedDeployment.String(),
+				Provisioners:   provisioner.List{},
+				Template:       &config.ASN1DN{},
+				Backdate: &provisioner.Duration{
+					Duration: config.DefaultBackdate,
+				},
+			},
+			TLS: &config.DefaultTLSOptions,
+		}
+	}
+
 	if cfg.AuthorityConfig != nil {
 		if token == "" && strings.EqualFold(cfg.AuthorityConfig.DeploymentType, pki.LinkedDeployment.String()) {
 			return errors.New(`'step-ca' requires the '--token' flag for linked deploy type.
--- a/go.mod
+++ b/go.mod
@ -27,7 +27,7 @@ require (
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
 	go.step.sm/cli-utils v0.7.3
 	go.step.sm/crypto v0.17.1
-	go.step.sm/linkedca v0.17.1
+	go.step.sm/linkedca v0.18.0
 	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
 	golang.org/x/net v0.0.0-20220607020251-c690dde0001d
 	google.golang.org/api v0.84.0
--- a/go.sum
+++ b/go.sum
@ -769,8 +769,8 @@ go.step.sm/cli-utils v0.7.3/go.mod h1:RJRwbBLqzs5nrepQLAV9FuT3fVpWz66tKzLIB7Izpf
 go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0=
 go.step.sm/crypto v0.17.1 h1:uKpJNvzVy/GKR28hJbW8VCbfcKKBDnGNBYCKhAp2TSg=
 go.step.sm/crypto v0.17.1/go.mod h1:FXFiLBUsoE0OGz8JTjxhYU1rwKKNgVIb5izZTUMdc/8=
-go.step.sm/linkedca v0.17.1 h1:LSP3kGGeVkOAoDWoqg89tko6mpvJKTRcOHfrEOnPsNc=
-go.step.sm/linkedca v0.17.1/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM=
+go.step.sm/linkedca v0.18.0 h1:uxRBd2WDvJNZ2i0nJm/QmG4lkRxWoebYKJinchX7T7o=
+go.step.sm/linkedca v0.18.0/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=