github.com/Venafi/vcert/v5@v5.10.2/aruba/features/config/basic.feature (about) 1 Feature: -config option 2 3 As a user I want to use -config option which allows storing endpoint connection details in INI file 4 5 (1) Config file may contain either TPP or Cloud or test-mode connection configuration 6 7 TPP configuration example: 8 9 url = https://ha-tpp1.venafi.example.com:5008/vedsdk 10 access_token = ns1dofUPmsdxTLQSyhM1gQ== 11 tpp_zone = devops\vcert 12 trust_bundle = ~/.vcert/6.23.crt 13 14 Cloud configuration example: 15 16 cloud_url = https://api.venafi.example.com/v1 17 cloud_apikey = xxxxxxxx-b256-4c43-a4d4-15372ce2d548 18 cloud_zone = Default 19 20 Test-mode configuration example: 21 22 test_mode = true 23 24 (2) Only above examples' keys are allowed 25 26 (3) If -config option is used, the following options are not allowed: 27 28 -tpp-url 29 -tpp-user 30 -tpp-password 31 -venafi-saas-url 32 -k 33 -test-mode 34 35 (3.1) however, the following options are allowed and do override INI-file configuration values: 36 37 -z 38 -trust-bundle 39 40 (4) There may be many [section]-s in INI-configuration file: 41 42 [ha-tpp1] 43 url = https://ha-tpp1.venafi.example.com:5008/vedsdk 44 access_token = ns1dofUPmsdxTLQSyhM1gQ== 45 tpp_zone = devops\vcert 46 trust_bundle = ~/.vcert/6.23.crt 47 48 [dev12] 49 cloud_url = https://dev12.venafi.example.com/v1 50 cloud_apikey = xxxxxxxx-b256-4c43-a4d4-15372ce2d548 51 cloud_zone = Default 52 53 [mock] 54 test_mode = true 55 56 Each configuration section may be referenced by -profile option 57 58 $ vCert enroll -cn w1.venafi.example.com -config all.ini -profile ha-tpp1 59 60 $ vCert enroll -cn w1.venafi.example.com -config all.ini -profile dev12 61 62 $ vCert enroll -cn w1.venafi.example.com -config all.ini -profile mock 63 64 Empty sections are not valid, however, they are allowed if there are more than one section in INI file. 65 66 67 Background: 68 Given the default aruba exit timeout is 180 seconds 69 70 @FAKE 71 Scenario: Simple enroll with -config test.ini 72 Given a file named "test.ini" with: 73 """ 74 test_mode = true 75 """ 76 When I try to run `vcert enroll -config test.ini -cn cfg.venafi.example.com -no-prompt -z xxx` 77 Then it should post certificate request 78 And it should retrieve certificate 79 80 @COMMON 81 Scenario: Where it returns error if ini-file doesn't exist 82 When I try to run `vcert enroll -config does-not-exist.ini -cn cfg.venafi.example.com -no-prompt` 83 Then it should fail with "failed to load config" 84 85 @COMMON 86 Scenario: Where it returns error when ini-file is empty 87 Given an empty file named "empty.ini" 88 When I try to run `vcert enroll -config empty.ini -cn cfg.venafi.example.com -no-prompt` 89 Then it should fail with "looks empty" 90 91 @COMMON 92 Scenario: Where it returns error when ini-file contains both TPP and Cloud connection deprecated details 93 Given a file named "mixed.ini" with: 94 """ 95 url = https://tpp.venafi.example.com/ 96 tpp_user = user 97 tpp_password = xxx 98 tpp_zone = devops\vcert 99 cloud_apikey = xxxxxxxx-b256-4c43-a4d4-15372ce2d548 100 """ 101 When I try to run `vcert enroll -config mixed.ini -cn cfg.venafi.example.com -no-prompt` 102 Then it should fail with "illegal key 'cloud_apikey'" 103 104 @COMMON 105 Scenario: Where it returns error when ini-file contains both TPP and Cloud connection details 106 Given a file named "mixed2.ini" with: 107 """ 108 url = https://tpp.venafi.example.com/ 109 access_token = ns1dofUPmsdxTLQSyhM1gQ== 110 cloud_apikey = xxxxxxxx-b256-4c43-a4d4-15372ce2d548 111 """ 112 When I try to run `vcert enroll -config mixed2.ini -cn cfg.venafi.example.com -no-prompt` 113 Then it should fail with "illegal key 'cloud_apikey' in TPP section DEFAULT" 114 115 @COMMON 116 Scenario: Where it returns error when ini-file contains both TPP, Cloud and Oauth for Firefly connection details 117 Given a file named "mixed2.ini" with: 118 """ 119 url = https://tpp.venafi.example.com/ 120 access_token = ns1dofUPmsdxTLQSyhM1gQ== 121 cloud_apikey = xxxxxxxx-b256-4c43-a4d4-15372ce2d548 122 oauth_access_token = fdfdfdffsdfsfgfsdgefhfhhwqrhgwrhgsf 123 """ 124 When I try to run `vcert enroll -config mixed2.ini -cn cfg.venafi.example.com -no-prompt` 125 Then it should fail with "only one between TPP token, cloud api key or OAuth token can be set" 126 127 @TPP 128 Scenario: Where it returns error when TPP configuration doesn't contain user 129 Given a file named "incomplete.ini" with: 130 """ 131 url = https://tpp.venafi.example.com/ 132 # tpp_user = user 133 tpp_password = xxx 134 tpp_zone = devops\vcert 135 """ 136 When I try to run `vcert enroll -config incomplete.ini -cn cfg.venafi.example.com -no-prompt` 137 Then it should fail with "missing TPP user" 138 139 @TPP 140 Scenario: Where it returns error when TPP configuration doesn't contain password 141 Given a file named "incomplete.ini" with: 142 """ 143 url = https://tpp.venafi.example.com/ 144 tpp_user = user 145 # tpp_password = xxx 146 tpp_zone = devops\vcert 147 """ 148 When I try to run `vcert enroll -config incomplete.ini -cn cfg.venafi.example.com -no-prompt` 149 Then it should fail with "missing TPP password" 150 151 @TPP 152 Scenario: Where it returns error when TPP configuration doesn't contain access token 153 Given a file named "incomplete.ini" with: 154 """ 155 url = https://tpp.venafi.example.com/ 156 #access_token = ns1dofUPmsdxTLQSyhM1gQ== 157 tpp_zone = devops\vcert 158 """ 159 When I try to run `vcert enroll -config incomplete.ini -cn cfg.venafi.example.com -no-prompt` 160 Then it should fail with "could not determine connection endpoint with only url information" 161 162