Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No option to set --platform under checkcred subcommand #462

Open
hawksight opened this issue Apr 30, 2024 · 2 comments
Open

No option to set --platform under checkcred subcommand #462

hawksight opened this issue Apr 30, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@hawksight
Copy link

PROBLEM SUMMARY

I have this WARNING messsage:

vcert checkcred -u $VENAFI_URL -t $VENAFI_TOKRN
vCert: 2024/04/30 16:59:36 Warning: --platform not set. Attempting to best-guess platform from connection flags
vCert: 2024/04/30 16:59:36 Checking credentials...
....

But under checkcred there is no option to set --platform:

vcert checkcred --platform tpp -u $VENAFI_URL -t $VENAFI_TOKRN
Incorrect Usage: flag provided but not defined: -platform

NAME:
   vcert checkcred - To verify whether a Trust Protection Platform access token is valid and view its attributes

USAGE:
    vcert checkcred -u https://tpp.example.com -t <TPP access token> --trust-bundle /path-to/bundle.pem

COMMANDS:
   help, h  Shows a list of commands or help for one command

OPTIONS:
   --config value           Use to specify INI configuration file containing connection details instead
                              For TPP: url, access_token, tpp_zone
                              For VaaS: cloud_apikey, cloud_zone
                              TPP & VaaS: trust_bundle, test_mode
   --format value           Use to output credentials in an alternate format. Example: --format json
   --no-prompt              Use to exclude credential and password prompts. If you enable the prompt and you enter incorrect information, an error is displayed. This is useful with scripting. (default: false)
   --profile value          Use to specify effective section in INI configuration file specified by --config option.
   --token value, -t value  REQUIRED/TPP/VaaS/Firefly. Your access token (or refresh token for getcred) for Trust Protection Platform, Venafi as a Service or Firefly. Example: -t Ab01Cd23Ef45Uv67Wx89Yz==
   --trust-bundle value     Use to specify a PEM file name to be used as trust anchors when communicating with the remote server.
   --url value, -u value    REQUIRED/TPP/Firefly/OIDC. The URL of the service.
                              TPP example: -u https://tpp.example.com
                              Firefly example: -u https://firefly.example.com
                              OIDC example: -u https://my.okta.domain//oauth2/v1/token
   --verbose                Use to increase the level of logging detail, which is helpful when troubleshooting issues (default: false)
   --help, -h               show help
vCert: 2024/04/30 16:59:18 flag provided but not defined: -platform

STEPS TO REPRODUCE

vcert checkcred --plartform tpp -u $VENAFI_URL -t $VENAFI_TOKEN

EXPECTED RESULTS

  1. No warning message as option not available
  2. An option to specify the platform like you have in other commands, such as vcert getcred

ACTUAL RESULTS

vCert: 2024/04/30 16:59:36 Warning: --platform not set. Attempting to best-guess platform from connection flags

ENVIRONMENT DETAILS

vcert on mac.

vcert version v5.6.4

COMMENTS/WORKAROUNDS

Live with the warning.

@hawksight hawksight added the bug Something isn't working label Apr 30, 2024
@hawksight hawksight changed the title No option to set --platform No option to set --platform under checkcred subcommand Apr 30, 2024
@hawksight
Copy link
Author

hawksight commented Apr 30, 2024

This also affect the getpolicy subcommand:

> vcert getpolicy -u $VENAFI_URL -t $VENAFI_TOKRN -z "Certificates\\Teams\\application-team-2"
vCert: 2024/04/30 17:08:16 Warning: --platform not set. Attempting to best-guess platform from connection flags
vCert: 2024/04/30 17:08:16 Collecting policy attributes
vCert: 2024/04/30 17:08:16 Building policy
vCert: 2024/04/30 17:08:16 Policy is:
...

Again, no option to set:

> vcert getpolicy -u $VENAFI_URL -t $VENAFI_TOKRN -z "Certificates\\Teams\\application-team-2" -p tpp
Incorrect Usage: flag provided but not defined: -p

NAME:
   vcert getpolicy - To retrieve the certificate policy of a zone

USAGE:
    vcert getpolicy <Required Venafi Control Plane -OR- Trust Protection Platform Config> <Options>
           vcert getpolicy -u https://tpp.example.com -t <TPP access token> -z "<policy folder DN>"
       vcert getpolicy -p vcp -t <VCP access token> -z "<app name>\<CIT alias>"

COMMANDS:
   help, h  Shows a list of commands or help for one command

OPTIONS:
   --apiKey value, -k value  REQUIRED/VaaS. Your API key for Venafi as a Service.  Example: -k aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
   --file value              Use to specify the location of a certificate policy specification. REQUIRED for the setpolicy action
   --starter                 Use to generate an empty policy specification file, when using this flag credentials should be avoided (default: false)
   --token value, -t value   REQUIRED/TPP/VaaS/Firefly. Your access token (or refresh token for getcred) for Trust Protection Platform, Venafi as a Service or Firefly. Example: -t Ab01Cd23Ef45Uv67Wx89Yz==
   --trust-bundle value      Use to specify a PEM file name to be used as trust anchors when communicating with the remote server.
   --url value, -u value     REQUIRED/TPP/Firefly/OIDC. The URL of the service.
                               TPP example: -u https://tpp.example.com
                               Firefly example: -u https://firefly.example.com
                               OIDC example: -u https://my.okta.domain//oauth2/v1/token
   --verbose                 Use to increase the level of logging detail, which is helpful when troubleshooting issues (default: false)
   --zone value, -z value    REQUIRED. Use to specify target zone for applying or retrieving certificate policy. In Trust Protection Platform this is the path (DN) of a policy folder and in Venafi as a Service this is the name of an Application and Issuing Template separated by a backslash. Example: -z Engineering\Internal Certs
   --help, -h                show help
vCert: 2024/04/30 17:11:13 flag provided but not defined: -p

Perhaps it needs to be a global flag?

@hawksight
Copy link
Author

Looking at the vcert help it actually looks like this function is not support with "vcp", only "tpp".

checkcred tpp To check the validity of a Trust Protection Platform token and grant

So either:

  1. We support "vcp" for credential checking
  2. We give a meaningful error that it is not support when the URL looks like.. https://api.venafi....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant