smallstep · maraino · Jul 16, 2024 · Jul 16, 2024
diff --git a/command/ca/ca.go b/command/ca/ca.go
@@ -137,11 +137,6 @@ location being served by an existing fileserver in order to respond to ACME
 challenge validation requests.`,
 	}
 
-	consoleFlag = cli.BoolFlag{
-		Name:  "console",
-		Usage: "Complete the flow while remaining inside the terminal",
-	}
-
 	fingerprintFlag = cli.StringFlag{
 		Name:  "fingerprint",
 		Usage: "The <fingerprint> of the targeted root certificate.",

diff --git a/command/ca/certificate.go b/command/ca/certificate.go
@@ -191,7 +191,7 @@ multiple SANs. The '--san' flag and the '--token' flag are mutually exclusive.`,
 			flags.Force,
 			flags.Offline,
 			flags.PasswordFile,
-			consoleFlag,
+			flags.Console,
 			flags.KMSUri,
 			flags.X5cCert,
 			flags.X5cKey,

diff --git a/command/ca/sign.go b/command/ca/sign.go
@@ -124,7 +124,7 @@ $ step ca sign foo.csr foo.crt \
 			flags.Force,
 			flags.Offline,
 			flags.PasswordFile,
-			consoleFlag,
+			flags.Console,
 			flags.KMSUri,
 			flags.X5cCert,
 			flags.X5cKey,

diff --git a/command/oauth/cmd.go b/command/oauth/cmd.go
@@ -1,7 +1,6 @@
 package oauth
 
 import (
-	"bufio"
 	"bytes"
 	"crypto/sha256"
 	"crypto/x509"
@@ -901,11 +900,9 @@
 		idr.Interval = defaultDeviceAuthzInterval
 	}
 
-	fmt.Fprintf(os.Stderr, "Visit %s and enter the code: (press 'ENTER' to open default browser)\n", idr.VerificationURI)
+	fmt.Fprintf(os.Stderr, "Visit %s and enter the code:\n", idr.VerificationURI)
 	fmt.Fprintln(os.Stderr, idr.UserCode)
 
-	go openBrowserIfAsked(o, idr.VerificationURI)
-
 	// Poll the Token endpoint until the user completes the flow.
 	data = url.Values{}
 	data.Set("client_id", o.clientID)
@@ -939,13 +936,6 @@
 	}
 }
 
-func openBrowserIfAsked(o *oauth, u string) {
-	reader := bufio.NewReader(os.Stdin)
-	reader.ReadString('\n')
-
-	exec.OpenInBrowser(u, o.browser)
-}
-
 var errHTTPToken = errors.New("bad request; token not returned")
 
 func (o *oauth) deviceAuthzTokenPoll(data url.Values) (*token, error) {

diff --git a/command/ssh/certificate.go b/command/ssh/certificate.go
@@ -39,7 +39,7 @@ func certificateCommand() cli.Command {
 [**--password-file**=<file>] [**--provisioner-password-file**=<file>]
 [**--add-user**] [**--not-before**=<time|duration>] [**--comment**=<comment>]
 [**--not-after**=<time|duration>] [**--token**=<token>] [**--issuer**=<name>]
-[**--no-password**] [**--insecure**] [**--force**] [**--x5c-cert**=<file>]
+[**--console**] [**--no-password**] [**--insecure**] [**--force**] [**--x5c-cert**=<file>]
 [**--x5c-key**=<file>] [**--k8ssa-token-path**=<file>] [**--no-agent**]
 [**--kty**=<key-type>] [**--curve**=<curve>] [**--size**=<size>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`,
@@ -176,6 +176,7 @@ $  step ssh certificate --kty OKP --curve Ed25519 mariano@work id_ed25519
 			flags.Token,
 			flags.TemplateSet,
 			flags.TemplateSetFile,
+			flags.Console,
 			sshAddUserFlag,
 			sshHostFlag,
 			sshHostIDFlag,

diff --git a/command/ssh/config.go b/command/ssh/config.go
@@ -31,7 +31,7 @@
 		UsageText: `**step ssh config**
 [**--team**=<name>] [**--team-authority**=<sub-domain>] [**--host**]
 [**--set**=<key=value>] [**--set-file**=<file>] [**--dry-run**] [**--roots**]
-[**--federation**] [**--force**] [**--offline**] [**--ca-config**=<file>]
+[**--federation**] [**--console**] [**--force**] [**--offline**] [**--ca-config**=<file>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]
 [**--authority**=<name>] [**--profile**=<name>]`,
 		Description: `**step ssh config** configures SSH to be used with certificates. It also supports
@@ -89,6 +89,7 @@
 times to set multiple variables.`,
 			},
 			flags.TemplateSetFile,
+			flags.Console,
 			flags.DryRun,
 			flags.Force,
 			flags.CaConfig,
@@ -204,6 +205,9 @@
 	if step.Contexts().Enabled() {
 		data["Context"] = step.Contexts().GetCurrent().Name
 	}
+	if ctx.Bool("console") {
+		data["Console"] = "true"
+	}
 	if len(sets) > 0 {
 		for _, s := range sets {
 			i := strings.Index(s, "=")

diff --git a/command/ssh/hosts.go b/command/ssh/hosts.go
@@ -19,7 +19,7 @@ func hostsCommand() cli.Command {
 		Action: command.ActionFunc(hostsAction),
 		Usage:  "returns a list of all valid hosts",
 		UsageText: `**step ssh hosts** [**--set**=<key=value>] [**--set-file**=<file>]
-[**--offline**] [**--ca-config**=<file>] [**--ca-url**=<uri>] [**--root**=<file>]
+[**--console**] [**--offline**] [**--ca-config**=<file>] [**--ca-url**=<uri>] [**--root**=<file>]
 [**--context**=<name>]`,
 		Description: `**step ssh hosts** returns a list of valid hosts for SSH.
 
@@ -35,6 +35,7 @@ $ step ssh hosts
 		Flags: []cli.Flag{
 			flags.TemplateSet,
 			flags.TemplateSetFile,
+			flags.Console,
 			flags.Offline,
 			flags.CaConfig,
 			flags.CaURL,

diff --git a/command/ssh/login.go b/command/ssh/login.go
@@ -29,7 +29,7 @@ func loginCommand() cli.Command {
 [**--token**=<token>] [**--provisioner**=<name>] [**--provisioner-password-file**=<file>]
 [**--principal**=<string>] [**--not-before**=<time|duration>] [**--not-after**=<time|duration>]
 [**--kty**=<key-type>] [**--curve**=<curve>] [**--size**=<size>] [**--comment**=<comment>]
-[**--set**=<key=value>] [**--set-file**=<file>] [**--force**] [**--insecure**]
+[**--set**=<key=value>] [**--set-file**=<file>] [**--console**] [**--force**] [**--insecure**]
 [**--offline**] [**--ca-config**=<file>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`,
 		Description: `**step ssh login** generates a new SSH key pair and send a request to [step
@@ -93,6 +93,7 @@ $  step ssh certificate --kty OKP --curve Ed25519 mariano@work id_ed25519
 			flags.NotAfter,
 			flags.TemplateSet,
 			flags.TemplateSetFile,
+			flags.Console,
 			flags.Force,
 			flags.Offline,
 			flags.CaConfig,

diff --git a/command/ssh/proxycommand.go b/command/ssh/proxycommand.go
@@ -33,7 +33,7 @@ func proxycommandCommand() cli.Command {
 		Usage:  "proxy ssh connections according to the host registry",
 		UsageText: `**step ssh proxycommand** <user> <host> <port>
 [**--provisioner**=<name>] [**--set**=<key=value>] [**--set-file**=<file>]
-[**--offline**] [**--ca-config**=<file>]
+[**--console**] [**--offline**] [**--ca-config**=<file>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`,
 		Description: `**step ssh proxycommand** looks into the host registry
 and proxies the ssh connection according to its configuration. This command
@@ -56,6 +56,7 @@ This command will add the user to the ssh-agent if necessary.
 			flags.ProvisionerPasswordFileWithAlias,
 			flags.TemplateSet,
 			flags.TemplateSetFile,
+			flags.Console,
 			flags.Offline,
 			flags.CaConfig,
 			flags.CaURL,

diff --git a/flags/flags.go b/flags/flags.go
@@ -467,6 +467,11 @@ flag exists so it can be configured in $STEPPATH/config/defaults.json.`,
 		Name:  "comment",
 		Usage: "The comment used when adding the certificate to an agent. Defaults to the subject if not provided.",
 	}
+
+	Console = cli.BoolFlag{
+		Name:  "console",
+		Usage: `Complete the flow while remaining inside the terminal.`,
+	}
 )
 
 // FingerprintFormatFlag returns a flag for configuring the fingerprint format.