shimun/ssh-cert-dist
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

added: interactive flag

Browse Source
This commit is contained in:
shimun 2022-12-10 19:46:47 +01:00
parent e9ecc0563b
commit fe2b11ed13
Signed by: shimun
GPG Key ID: E0420647856EA39E
1 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/client.rs
View File

@ -3,6 +3,7 @@ use axum_extra::routing::TypedPath;
use clap::{Args, Parser, Subcommand}; use clap::{Args, Parser, Subcommand};
use reqwest::{Client, StatusCode}; use reqwest::{Client, StatusCode};
use ssh_key::Certificate; use ssh_key::Certificate;
use std::io::{stdin, stdout};
use std::path::PathBuf; use std::path::PathBuf;
use std::time::{Duration, SystemTime}; use std::time::{Duration, SystemTime};
use tokio::fs; use tokio::fs;
@ -20,6 +21,9 @@ pub struct ClientArgs {
/// Url for the API endpoint /// Url for the API endpoint
#[clap(short = 'a', long = "api-endpoint", env = env_key!("API"))] #[clap(short = 'a', long = "api-endpoint", env = env_key!("API"))]
api: Url, api: Url,
/// Require interaction before writing certificates
#[clap(short = 'i', long = "interactive", env = env_key!("INTERACTIVE"))]
interactive: bool,
} }
#[derive(Parser)] #[derive(Parser)]
@ -66,7 +70,7 @@ enum UploadError {}
async fn upload( async fn upload(
UploadArgs { UploadArgs {
args: ClientArgs { api }, args: ClientArgs { api, .. },
files, files,
}: UploadArgs, }: UploadArgs,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
@ -109,7 +113,7 @@ async fn fetch(
FetchArgs { FetchArgs {
cert_dir, cert_dir,
min_delta_days: min_delta, min_delta_days: min_delta,
args: ClientArgs { api }, args: ClientArgs { api, interactive },
}: FetchArgs, }: FetchArgs,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let certs = read_dir(&cert_dir).await?; let certs = read_dir(&cert_dir).await?;
@ -133,12 +137,25 @@ async fn fetch(
}); });
for cert in updates { for cert in updates {
if let Ok(Some((cert, update))) = cert.await? { if let Ok(Some((cert, update))) = cert.await? {
if interactive {
println!("certificate update: {}", cert.key_id());
println!(
"principals: {:?}, expiry: {}",
update.valid_principals(),
update.valid_before()
);
println!("update? : (y/n)");
let mut yes = String::with_capacity(3);
stdin().read_line(&mut yes)?;
if !yes.starts_with(['y', 'Y']) {
break;
}
}
fs::write(cert_dir.join(cert.key_id()), update.to_openssh()?).await?; fs::write(cert_dir.join(cert.key_id()), update.to_openssh()?).await?;
let key_id = cert.key_id();
info!( info!(
"updated {}: {} -> {}", %key_id,
cert.key_id(), "updated certificate",
cert.serial(),
update.serial()
); );
} }
} }