Open hawksight opened 2 months ago
This also affect the getpolicy
subcommand:
> vcert getpolicy -u $VENAFI_URL -t $VENAFI_TOKRN -z "Certificates\\Teams\\application-team-2"
vCert: 2024/04/30 17:08:16 Warning: --platform not set. Attempting to best-guess platform from connection flags
vCert: 2024/04/30 17:08:16 Collecting policy attributes
vCert: 2024/04/30 17:08:16 Building policy
vCert: 2024/04/30 17:08:16 Policy is:
...
Again, no option to set:
> vcert getpolicy -u $VENAFI_URL -t $VENAFI_TOKRN -z "Certificates\\Teams\\application-team-2" -p tpp
Incorrect Usage: flag provided but not defined: -p
NAME:
vcert getpolicy - To retrieve the certificate policy of a zone
USAGE:
vcert getpolicy <Required Venafi Control Plane -OR- Trust Protection Platform Config> <Options>
vcert getpolicy -u https://tpp.example.com -t <TPP access token> -z "<policy folder DN>"
vcert getpolicy -p vcp -t <VCP access token> -z "<app name>\<CIT alias>"
COMMANDS:
help, h Shows a list of commands or help for one command
OPTIONS:
--apiKey value, -k value REQUIRED/VaaS. Your API key for Venafi as a Service. Example: -k aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
--file value Use to specify the location of a certificate policy specification. REQUIRED for the setpolicy action
--starter Use to generate an empty policy specification file, when using this flag credentials should be avoided (default: false)
--token value, -t value REQUIRED/TPP/VaaS/Firefly. Your access token (or refresh token for getcred) for Trust Protection Platform, Venafi as a Service or Firefly. Example: -t Ab01Cd23Ef45Uv67Wx89Yz==
--trust-bundle value Use to specify a PEM file name to be used as trust anchors when communicating with the remote server.
--url value, -u value REQUIRED/TPP/Firefly/OIDC. The URL of the service.
TPP example: -u https://tpp.example.com
Firefly example: -u https://firefly.example.com
OIDC example: -u https://my.okta.domain//oauth2/v1/token
--verbose Use to increase the level of logging detail, which is helpful when troubleshooting issues (default: false)
--zone value, -z value REQUIRED. Use to specify target zone for applying or retrieving certificate policy. In Trust Protection Platform this is the path (DN) of a policy folder and in Venafi as a Service this is the name of an Application and Issuing Template separated by a backslash. Example: -z Engineering\Internal Certs
--help, -h show help
vCert: 2024/04/30 17:11:13 flag provided but not defined: -p
Perhaps it needs to be a global flag?
Looking at the vcert
help it actually looks like this function is not support with "vcp", only "tpp".
checkcred tpp To check the validity of a Trust Protection Platform token and grant
So either:
1) We support "vcp" for credential checking
1) We give a meaningful error that it is not support when the URL looks like.. https://api.venafi....
PROBLEM SUMMARY
I have this WARNING messsage:
But under
checkcred
there is no option to set--platform
:STEPS TO REPRODUCE
EXPECTED RESULTS
1) No warning message as option not available 2) An option to specify the platform like you have in other commands, such as
vcert getcred
ACTUAL RESULTS
ENVIRONMENT DETAILS
vcert on mac.
COMMENTS/WORKAROUNDS
Live with the warning.