github.com/vmware/govmomi@v0.51.0/cli/kms/trust.go

github.com/vmware/govmomi@v0.51.0/cli/kms/trust.go (about)

     1  // © Broadcom. All Rights Reserved.
     2  // The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
     3  // SPDX-License-Identifier: Apache-2.0
     4  
     5  package kms
     6  
     7  import (
     8  	"context"
     9  	"flag"
    10  
    11  	"github.com/vmware/govmomi/cli"
    12  	"github.com/vmware/govmomi/cli/flags"
    13  	"github.com/vmware/govmomi/crypto"
    14  	"github.com/vmware/govmomi/vim25/methods"
    15  	"github.com/vmware/govmomi/vim25/types"
    16  )
    17  
    18  type trust struct {
    19  	*flags.ClientFlag
    20  
    21  	client types.UploadClientCert
    22  	server types.UploadKmipServerCert
    23  }
    24  
    25  func init() {
    26  	cli.Register("kms.trust", &trust{})
    27  }
    28  
    29  func (cmd *trust) Register(ctx context.Context, f *flag.FlagSet) {
    30  	cmd.ClientFlag, ctx = flags.NewClientFlag(ctx)
    31  	cmd.ClientFlag.Register(ctx, f)
    32  
    33  	f.StringVar(&cmd.client.Certificate, "client-cert", "", "Client public certificate")
    34  	f.StringVar(&cmd.client.PrivateKey, "client-key", "", "Client private key")
    35  	f.StringVar(&cmd.server.Certificate, "server-cert", "", "Server public certificate")
    36  }
    37  
    38  func (cmd *trust) Usage() string {
    39  	return "NAME"
    40  }
    41  
    42  func (cmd *trust) Description() string {
    43  	return `Establish trust between KMS and vCenter.
    44  
    45  Examples:
    46    # "Make vCenter Trust KMS"
    47    govc kms.trust -server-cert "$(govc about.cert -show)" my-kp
    48  
    49    # "Make KMS Trust vCenter" -> "KMS certificate and private key"
    50    govc kms.trust -client-cert "$(cat crt.pem) -client-key "$(cat key.pem) my-kp
    51  
    52    # "Download the vCenter certificate and upload it to the KMS"
    53    govc about.cert -show > vcenter-cert.pem`
    54  }
    55  
    56  func (cmd *trust) Run(ctx context.Context, f *flag.FlagSet) error {
    57  	id := f.Arg(0)
    58  	if id == "" {
    59  		return flag.ErrHelp
    60  	}
    61  
    62  	c, err := cmd.Client()
    63  	if err != nil {
    64  		return err
    65  	}
    66  
    67  	m, err := crypto.GetManagerKmip(c)
    68  	if err != nil {
    69  		return err
    70  	}
    71  
    72  	if cmd.client.Certificate != "" {
    73  		cmd.client.This = m.Reference()
    74  		cmd.client.Cluster.Id = id
    75  		_, err = methods.UploadClientCert(ctx, c, &cmd.client)
    76  		if err != nil {
    77  			return err
    78  		}
    79  	}
    80  
    81  	if cmd.server.Certificate != "" {
    82  		cmd.server.This = m.Reference()
    83  		cmd.server.Cluster.Id = id
    84  		_, err = methods.UploadKmipServerCert(ctx, c, &cmd.server)
    85  		if err != nil {
    86  			return err
    87  		}
    88  	}
    89  
    90  	return nil
    91  }