Merge pull request #461 from Venafi/VC-32719/certificate-provision

VCert SDK support for Certificate Provisioning
Venafi · May 8, 2024 · 00e592e · 00e592e
2 parents 86272e1 + 7134de1
commit 00e592e
Show file tree

Hide file tree

Showing 22 changed files with 5,368 additions and 149 deletions.
diff --git a/api/graphql/schema.graphql b/api/graphql/schema.graphql
diff --git a/examples/provision/main.go b/examples/provision/main.go
@@ -0,0 +1,78 @@
+package main
+
+import (
+	"log"
+	"os"
+
+	"github.com/Venafi/vcert/v5"
+	"github.com/Venafi/vcert/v5/pkg/endpoint"
+	"github.com/Venafi/vcert/v5/pkg/venafi/cloud"
+)
+
+const (
+	vcpURL       = "VCP_URL"
+	vcpZone      = "VCP_ZONE"
+	vcpApiKey    = "CLOUD_APIKEY"
+	envVarNotSet = "environment variable not set: %s"
+
+	name = "example-provisioning"
+)
+
+func main() {
+
+	// URL can be nil if using production TLSPC
+	url := os.Getenv(vcpURL)
+
+	zone, found := os.LookupEnv(vcpZone)
+	if !found {
+		log.Fatalf(envVarNotSet, vcpZone)
+	}
+
+	config := &vcert.Config{
+		ConnectorType: endpoint.ConnectorTypeCloud,
+		BaseUrl:       url,
+		Zone:          zone,
+		Credentials:   &endpoint.Authentication{APIKey: os.Getenv(vcpApiKey)},
+	}
+
+	connector, err := vcert.NewClient(config)
+	if err != nil {
+		log.Fatalf("error creating client: %s", err.Error())
+	}
+
+	certificateID := "<insert Certificate ID here>"
+	keystoreID := "<insert Keystore ID here>"
+	certName := "<insert google cert name>" // e.g. test2-venafi-com
+
+	// The ID is the Certificate name for Google, hence we send it as name
+	optionsGcp := &cloud.CloudProvisioningGCPOptions{
+		ID: &certName,
+	}
+
+	optionsInput := endpoint.ProvisioningOptions(optionsGcp)
+
+	// Example for Azure Options
+	//optionsAzure := &cloud.CloudProvisioningAzureOptions{
+	//	Name: &certName,
+	//}
+	//
+	//optionsInput := endpoint.ProvisioningOptions(optionsAzure)
+
+	req := &endpoint.ProvisioningRequest{
+		CertificateID: &certificateID,
+		KeystoreID:    &keystoreID,
+	}
+
+	certMetaData, err := connector.ProvisionCertificate(req, &optionsInput)
+	if err != nil {
+		log.Fatalf("error provisioning: %s", err.Error())
+	}
+
+	// Example to get values from other keystores machine identities metadata
+	//log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.GetAWSCertificateMetadata().GetARN())
+	//log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.GetAzureCertificateMetadata().GetID())
+	//log.Printf("Certificate Azure Metadata Name:\n%v", certMetaData.GetAzureCertificateMetadata().GetName())
+	//log.Printf("Certificate Azure Metadata Version:\n%v", certMetaData.GetAzureCertificateMetadata().GetVersion())
+	log.Printf("Certificate GCP Metadata ID:\n%v", certMetaData.GetGCPCertificateMetadata().GetID())
+	log.Printf("Certificate GCP Metadata Name:\n%v", certMetaData.GetGCPCertificateMetadata().GetName())
+}
diff --git a/examples/provisionWithRequest/main.go b/examples/provisionWithRequest/main.go
@@ -0,0 +1,105 @@
+package main
+
+import (
+	"crypto/x509/pkix"
+	"log"
+	"os"
+
+	"github.com/Venafi/vcert/v5"
+	"github.com/Venafi/vcert/v5/pkg/certificate"
+	"github.com/Venafi/vcert/v5/pkg/endpoint"
+	"github.com/Venafi/vcert/v5/pkg/venafi/cloud"
+)
+
+const (
+	vcpURL       = "VCP_URL"
+	vcpZone      = "VCP_ZONE"
+	vcpApiKey    = "CLOUD_APIKEY"
+	envVarNotSet = "environment variable not set: %s"
+
+	name = "example-provisioning"
+)
+
+func main() {
+
+	// URL can be nil if using production TLSPC
+	url := os.Getenv(vcpURL)
+
+	zone, found := os.LookupEnv(vcpZone)
+	if !found {
+		log.Fatalf(envVarNotSet, vcpZone)
+	}
+
+	config := &vcert.Config{
+		ConnectorType: endpoint.ConnectorTypeCloud,
+		BaseUrl:       url,
+		Zone:          zone,
+		Credentials:   &endpoint.Authentication{APIKey: os.Getenv(vcpApiKey)},
+	}
+
+	connector, err := vcert.NewClient(config)
+	if err != nil {
+		log.Fatalf("error creating client: %s", err.Error())
+	}
+
+	request := &certificate.Request{
+		Subject: pkix.Name{
+			CommonName:         "common.name.venafi.example.com",
+			Organization:       []string{"Venafi.com"},
+			OrganizationalUnit: []string{"Integration Team"},
+			Locality:           []string{"Salt Lake"},
+			Province:           []string{"Salt Lake"},
+			Country:            []string{"US"},
+		},
+		DNSNames:  []string{"www.client.venafi.example.com", "ww1.client.venafi.example.com"},
+		CsrOrigin: certificate.ServiceGeneratedCSR,
+		KeyType:   certificate.KeyTypeRSA,
+		KeyLength: certificate.DefaultRSAlength,
+	}
+
+	err = connector.GenerateRequest(nil, request)
+	if err != nil {
+		log.Fatalf("could not generate certificate request: %s", err)
+	}
+
+	requestID, err := connector.RequestCertificate(request)
+	if err != nil {
+		log.Fatalf("could not submit certificate request: %s", err)
+	}
+	log.Printf("Successfully submitted certificate request. Will pickup certificate by ID %s", requestID)
+
+	keystoreID := "<insert Keystore ID here>"
+	certName := "<insert cert name>" // e.g. test2-venafi-com
+
+	// The ID is the Certificate name for Google, hence we send it as name
+	optionsGcp := &cloud.CloudProvisioningGCPOptions{
+		ID: &certName,
+	}
+
+	// Example for Azure Options
+	// optionsAzure := &cloud.CloudProvisioningAzureOptions{
+	//   Name: &certName,
+	// }
+	//
+	// optionsInput := endpoint.ProvisioningOptions(optionsAzure)
+
+	optionsInput := endpoint.ProvisioningOptions(optionsGcp)
+
+	req := &endpoint.ProvisioningRequest{
+		KeystoreID: &keystoreID,
+		PickupID:   &requestID,
+	}
+
+	certMetaData, err := connector.ProvisionCertificate(req, &optionsInput)
+	if err != nil {
+		log.Fatalf("error provisioning: %s", err.Error())
+	}
+
+	// Example to get values from other keystores machine identities metadata
+	//log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.GetAWSCertificateMetadata().GetARN())
+	//log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.GetAzureCertificateMetadata().GetID())
+	//log.Printf("Certificate Azure Metadata Name:\n%v", certMetaData.GetAzureCertificateMetadata().GetName())
+	//log.Printf("Certificate Azure Metadata Version:\n%v", certMetaData.GetAzureCertificateMetadata().GetVersion())
+	log.Printf("Certificate GCP Metadata ID:\n%v", certMetaData.GetGCPCertificateMetadata().GetID())
+	log.Printf("Certificate GCP Metadata Name:\n%v", certMetaData.GetGCPCertificateMetadata().GetName())
+}
diff --git a/go.mod b/go.mod
@@ -3,19 +3,21 @@ module github.com/Venafi/vcert/v5
 go 1.21
 
 require (
+	github.com/Khan/genqlient v0.7.0
 	github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a
-	github.com/google/uuid v1.3.0
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/websocket v1.5.1
 	github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c
 	github.com/pavel-v-chernykh/keystore-go/v4 v4.1.0
 	github.com/pkg/errors v0.8.1
 	github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d
-	github.com/sosodev/duration v1.1.0
+	github.com/sosodev/duration v1.2.0
 	github.com/spf13/viper v1.7.0
-	github.com/stretchr/testify v1.8.1
+	github.com/stretchr/testify v1.8.4
 	github.com/urfave/cli/v2 v2.25.7
 	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a
 	go.uber.org/zap v1.23.0
-	golang.org/x/crypto v0.19.0
+	golang.org/x/crypto v0.21.0
 	golang.org/x/oauth2 v0.10.0
 	gopkg.in/ini.v1 v1.51.0
 	gopkg.in/yaml.v2 v2.4.0
@@ -31,7 +33,7 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/magiconair/properties v1.8.1 // indirect
-	github.com/mitchellh/mapstructure v1.1.2 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pelletier/go-toml v1.2.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
@@ -40,12 +42,13 @@ require (
 	github.com/spf13/jwalterweatherman v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
+	github.com/vektah/gqlparser/v2 v2.5.11 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	golang.org/x/net v0.12.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
-	golang.org/x/term v0.17.0 // indirect
+	golang.org/x/net v0.21.0
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect