From 2a6e6440004a802c6050c2b3151f66abce2a7bdd Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Mon, 15 Jul 2024 18:47:24 -0700 Subject: [PATCH] Add console flag to ssh commands This commit adds the `--console` flag to the following commands: * `step ssh certificate` * `step ssh config` * `step ssh hosts` * `step ssh login` * `step ssh proxycommand` --- command/ca/ca.go | 5 ----- command/ca/certificate.go | 2 +- command/ca/sign.go | 2 +- command/oauth/cmd.go | 12 +----------- command/ssh/certificate.go | 3 ++- command/ssh/config.go | 6 +++++- command/ssh/hosts.go | 3 ++- command/ssh/login.go | 3 ++- command/ssh/proxycommand.go | 3 ++- flags/flags.go | 5 +++++ 10 files changed, 21 insertions(+), 23 deletions(-) diff --git a/command/ca/ca.go b/command/ca/ca.go index df2da3fcc..6482fd2b1 100644 --- a/command/ca/ca.go +++ b/command/ca/ca.go @@ -137,11 +137,6 @@ location being served by an existing fileserver in order to respond to ACME challenge validation requests.`, } - consoleFlag = cli.BoolFlag{ - Name: "console", - Usage: "Complete the flow while remaining inside the terminal", - } - fingerprintFlag = cli.StringFlag{ Name: "fingerprint", Usage: "The of the targeted root certificate.", diff --git a/command/ca/certificate.go b/command/ca/certificate.go index 78cdae403..b5a321ca3 100644 --- a/command/ca/certificate.go +++ b/command/ca/certificate.go @@ -191,7 +191,7 @@ multiple SANs. The '--san' flag and the '--token' flag are mutually exclusive.`, flags.Force, flags.Offline, flags.PasswordFile, - consoleFlag, + flags.Console, flags.KMSUri, flags.X5cCert, flags.X5cKey, diff --git a/command/ca/sign.go b/command/ca/sign.go index fa5f3c75e..b108f5366 100644 --- a/command/ca/sign.go +++ b/command/ca/sign.go @@ -124,7 +124,7 @@ $ step ca sign foo.csr foo.crt \ flags.Force, flags.Offline, flags.PasswordFile, - consoleFlag, + flags.Console, flags.KMSUri, flags.X5cCert, flags.X5cKey, diff --git a/command/oauth/cmd.go b/command/oauth/cmd.go index 4b3bcaaea..b1ad53385 100644 --- a/command/oauth/cmd.go +++ b/command/oauth/cmd.go @@ -1,7 +1,6 @@ package oauth import ( - "bufio" "bytes" "crypto/sha256" "crypto/x509" @@ -901,11 +900,9 @@ func (o *oauth) DoDeviceAuthorization() (*token, error) { idr.Interval = defaultDeviceAuthzInterval } - fmt.Fprintf(os.Stderr, "Visit %s and enter the code: (press 'ENTER' to open default browser)\n", idr.VerificationURI) + fmt.Fprintf(os.Stderr, "Visit %s and enter the code:\n", idr.VerificationURI) fmt.Fprintln(os.Stderr, idr.UserCode) - go openBrowserIfAsked(o, idr.VerificationURI) - // Poll the Token endpoint until the user completes the flow. data = url.Values{} data.Set("client_id", o.clientID) @@ -939,13 +936,6 @@ func (o *oauth) DoDeviceAuthorization() (*token, error) { } } -func openBrowserIfAsked(o *oauth, u string) { - reader := bufio.NewReader(os.Stdin) - reader.ReadString('\n') - - exec.OpenInBrowser(u, o.browser) -} - var errHTTPToken = errors.New("bad request; token not returned") func (o *oauth) deviceAuthzTokenPoll(data url.Values) (*token, error) { diff --git a/command/ssh/certificate.go b/command/ssh/certificate.go index 02f080045..27563a18f 100644 --- a/command/ssh/certificate.go +++ b/command/ssh/certificate.go @@ -39,7 +39,7 @@ func certificateCommand() cli.Command { [**--password-file**=] [**--provisioner-password-file**=] [**--add-user**] [**--not-before**=] [**--comment**=] [**--not-after**=] [**--token**=] [**--issuer**=] -[**--no-password**] [**--insecure**] [**--force**] [**--x5c-cert**=] +[**--console**] [**--no-password**] [**--insecure**] [**--force**] [**--x5c-cert**=] [**--x5c-key**=] [**--k8ssa-token-path**=] [**--no-agent**] [**--kty**=] [**--curve**=] [**--size**=] [**--ca-url**=] [**--root**=] [**--context**=]`, @@ -176,6 +176,7 @@ $ step ssh certificate --kty OKP --curve Ed25519 mariano@work id_ed25519 flags.Token, flags.TemplateSet, flags.TemplateSetFile, + flags.Console, sshAddUserFlag, sshHostFlag, sshHostIDFlag, diff --git a/command/ssh/config.go b/command/ssh/config.go index 9838614d3..25c587f8e 100644 --- a/command/ssh/config.go +++ b/command/ssh/config.go @@ -31,7 +31,7 @@ func configCommand() cli.Command { UsageText: `**step ssh config** [**--team**=] [**--team-authority**=] [**--host**] [**--set**=] [**--set-file**=] [**--dry-run**] [**--roots**] -[**--federation**] [**--force**] [**--offline**] [**--ca-config**=] +[**--federation**] [**--console**] [**--force**] [**--offline**] [**--ca-config**=] [**--ca-url**=] [**--root**=] [**--context**=] [**--authority**=] [**--profile**=]`, Description: `**step ssh config** configures SSH to be used with certificates. It also supports @@ -89,6 +89,7 @@ user or host certificates`, times to set multiple variables.`, }, flags.TemplateSetFile, + flags.Console, flags.DryRun, flags.Force, flags.CaConfig, @@ -204,6 +205,9 @@ func configAction(ctx *cli.Context) (recoverErr error) { if step.Contexts().Enabled() { data["Context"] = step.Contexts().GetCurrent().Name } + if ctx.Bool("console") { + data["Console"] = "true" + } if len(sets) > 0 { for _, s := range sets { i := strings.Index(s, "=") diff --git a/command/ssh/hosts.go b/command/ssh/hosts.go index 68127d2bd..a0ded0212 100644 --- a/command/ssh/hosts.go +++ b/command/ssh/hosts.go @@ -19,7 +19,7 @@ func hostsCommand() cli.Command { Action: command.ActionFunc(hostsAction), Usage: "returns a list of all valid hosts", UsageText: `**step ssh hosts** [**--set**=] [**--set-file**=] -[**--offline**] [**--ca-config**=] [**--ca-url**=] [**--root**=] +[**--console**] [**--offline**] [**--ca-config**=] [**--ca-url**=] [**--root**=] [**--context**=]`, Description: `**step ssh hosts** returns a list of valid hosts for SSH. @@ -35,6 +35,7 @@ $ step ssh hosts Flags: []cli.Flag{ flags.TemplateSet, flags.TemplateSetFile, + flags.Console, flags.Offline, flags.CaConfig, flags.CaURL, diff --git a/command/ssh/login.go b/command/ssh/login.go index 64ea04270..01674440b 100644 --- a/command/ssh/login.go +++ b/command/ssh/login.go @@ -29,7 +29,7 @@ func loginCommand() cli.Command { [**--token**=] [**--provisioner**=] [**--provisioner-password-file**=] [**--principal**=] [**--not-before**=] [**--not-after**=] [**--kty**=] [**--curve**=] [**--size**=] [**--comment**=] -[**--set**=] [**--set-file**=] [**--force**] [**--insecure**] +[**--set**=] [**--set-file**=] [**--console**] [**--force**] [**--insecure**] [**--offline**] [**--ca-config**=] [**--ca-url**=] [**--root**=] [**--context**=]`, Description: `**step ssh login** generates a new SSH key pair and send a request to [step @@ -93,6 +93,7 @@ $ step ssh certificate --kty OKP --curve Ed25519 mariano@work id_ed25519 flags.NotAfter, flags.TemplateSet, flags.TemplateSetFile, + flags.Console, flags.Force, flags.Offline, flags.CaConfig, diff --git a/command/ssh/proxycommand.go b/command/ssh/proxycommand.go index 88c8d35f0..159ed1780 100644 --- a/command/ssh/proxycommand.go +++ b/command/ssh/proxycommand.go @@ -33,7 +33,7 @@ func proxycommandCommand() cli.Command { Usage: "proxy ssh connections according to the host registry", UsageText: `**step ssh proxycommand** [**--provisioner**=] [**--set**=] [**--set-file**=] -[**--offline**] [**--ca-config**=] +[**--console**] [**--offline**] [**--ca-config**=] [**--ca-url**=] [**--root**=] [**--context**=]`, Description: `**step ssh proxycommand** looks into the host registry and proxies the ssh connection according to its configuration. This command @@ -56,6 +56,7 @@ This command will add the user to the ssh-agent if necessary. flags.ProvisionerPasswordFileWithAlias, flags.TemplateSet, flags.TemplateSetFile, + flags.Console, flags.Offline, flags.CaConfig, flags.CaURL, diff --git a/flags/flags.go b/flags/flags.go index bf67a706d..bb591ba30 100644 --- a/flags/flags.go +++ b/flags/flags.go @@ -467,6 +467,11 @@ flag exists so it can be configured in $STEPPATH/config/defaults.json.`, Name: "comment", Usage: "The comment used when adding the certificate to an agent. Defaults to the subject if not provided.", } + + Console = cli.BoolFlag{ + Name: "console", + Usage: `Complete the flow while remaining inside the terminal.`, + } ) // FingerprintFormatFlag returns a flag for configuring the fingerprint format.