bcollet/step-ca-inspector-client
1
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

Add support for new API parameters

Browse source
This commit is contained in:
Benjamin Collet 2025-05-13 13:01:35 +02:00
parent 0c60d5c47b
commit dfc312753f
Signed by: bcollet
SSH key fingerprint: SHA256:8UJspOIcCOS+MtSOcnuq2HjKFube4ox1s/+A62ixov4
2 changed files with 77 additions and 38 deletions
setup.py
step_ca_inspector_client
cli.py

2
setup.py
View file

@ -10,7 +10,7 @@ setup(
#long_description_content_type="text/markdown", #long_description_content_type="text/markdown",
install_requires=["requests>=2.20.0,<3.0", "PyYAML", "tabulate"], install_requires=["requests>=2.20.0,<3.0", "PyYAML", "tabulate"],
keywords=["step-ca-inspector"], keywords=["step-ca-inspector"],
version="0.0.2", version="0.0.3",
classifiers=[ classifiers=[
"Intended Audience :: Developers", "Intended Audience :: Developers",
"Development Status :: 3 - Alpha", "Development Status :: 3 - Alpha",

113
step_ca_inspector_client/cli.py
View file

@ -9,6 +9,19 @@ from step_ca_inspector_client.config import config
config() config()
CERT_STATUS = ["Valid", "Expired", "Revoked"]
PROVISIONER_TYPES = [
"ACME",
"AWS",
"GCP",
"JWK",
"Nebula",
"OIDC",
"SCEP",
"SSHPOP",
"X5C",
"K8sSA",
]
SSH_CERT_TYPES = ["Host", "User"] SSH_CERT_TYPES = ["Host", "User"]
@ -40,16 +53,14 @@ def fetch_api(endpoint, params={}):
def list_ssh_certs( def list_ssh_certs(
sort_key, sort_key,
revoked=False, cert_status=["Valid"],
expired=False,
cert_type=SSH_CERT_TYPES, cert_type=SSH_CERT_TYPES,
key=None, key=None,
principal=None, principal=None,
): ):
params = { params = {
"sort_key": sort_key, "sort_key": sort_key,
"revoked": revoked, "cert_status": cert_status,
"expired": expired,
"cert_type": cert_type, "cert_type": cert_type,
"key": key, "key": key,
"principal": principal, "principal": principal,
@ -152,11 +163,21 @@ def dump_ssh_cert(serial):
print(cert["public_identity"]) print(cert["public_identity"])
def list_x509_certs(sort_key, revoked=False, expired=False): def list_x509_certs(
sort_key,
cert_status=["Valid"],
provisioner_type=None,
provisioner_name=None,
subject=None,
san=None,
):
params = { params = {
"sort_key": sort_key, "sort_key": sort_key,
"revoked": revoked, "cert_status": cert_status,
"expired": expired, "provisioner_type": provisioner_type,
"provisioner": provisioner_name,
"subject": subject,
"san": san,
} }
cert_list = fetch_api(f"x509/certs", params=params) cert_list = fetch_api(f"x509/certs", params=params)
cert_tbl = [] cert_tbl = []
@ -288,18 +309,12 @@ def main():
) )
x509_list_parser = x509_subparsers.add_parser("list", help="List x509 certificates") x509_list_parser = x509_subparsers.add_parser("list", help="List x509 certificates")
x509_list_parser.add_argument( x509_list_parser.add_argument(
"--show-expired", "--status",
"-e", type=str,
action="store_true", choices=CERT_STATUS,
default=False, default=["Valid"],
help="Show expired certificates", nargs="+",
) help="Filter by x509 certificate status (default: Valid)",
x509_list_parser.add_argument(
"--show-revoked",
"-r",
action="store_true",
default=False,
help="Show revoked certificates",
) )
x509_list_parser.add_argument( x509_list_parser.add_argument(
"--sort-by", "--sort-by",
@ -309,6 +324,34 @@ def main():
default="not_after", default="not_after",
help="Sort certificates", help="Sort certificates",
) )
x509_list_parser.add_argument(
"--provisioner-type",
"-t",
type=str,
choices=PROVISIONER_TYPES,
default=None,
nargs="+",
help="Filter by provisioner type",
)
x509_list_parser.add_argument(
"--provisioner-name",
"-p",
type=str,
default=None,
help="Filter by provisioner name",
)
x509_list_parser.add_argument(
"--subject",
type=str,
default=None,
help="Search for subject",
)
x509_list_parser.add_argument(
"--san",
type=str,
default=None,
help="Search for Subject Alt Name",
)
x509_details_parser = x509_subparsers.add_parser( x509_details_parser = x509_subparsers.add_parser(
"details", help="Show an x509 certificate details" "details", help="Show an x509 certificate details"
) )
@ -349,18 +392,12 @@ def main():
) )
ssh_list_parser = ssh_subparsers.add_parser("list", help="List ssh certificates") ssh_list_parser = ssh_subparsers.add_parser("list", help="List ssh certificates")
ssh_list_parser.add_argument( ssh_list_parser.add_argument(
"--show-expired", "--status",
"-e", type=str,
action="store_true", choices=CERT_STATUS,
default=False, default=["Valid"],
help="Show expired certificates", nargs="+",
) help="Filter by SSH certificate status (default: Valid)",
ssh_list_parser.add_argument(
"--show-revoked",
"-r",
action="store_true",
default=False,
help="Show revoked certificates",
) )
ssh_list_parser.add_argument( ssh_list_parser.add_argument(
"--sort-by", "--sort-by",
@ -380,7 +417,7 @@ def main():
help="Filter by SSH certificate type", help="Filter by SSH certificate type",
) )
ssh_list_parser.add_argument( ssh_list_parser.add_argument(
"--key", "--key-id",
"-k", "-k",
type=str, type=str,
default=None, default=None,
@ -408,9 +445,12 @@ def main():
if args.object == "x509": if args.object == "x509":
if args.action == "list": if args.action == "list":
list_x509_certs( list_x509_certs(
revoked=args.show_revoked, cert_status=args.status,
expired=args.show_expired,
sort_key=args.sort_by, sort_key=args.sort_by,
provisioner_type=args.provisioner_type,
provisioner_name=args.provisioner_name,
subject=args.subject,
san=args.san,
) )
elif args.action == "details": elif args.action == "details":
get_x509_cert( get_x509_cert(
@ -423,11 +463,10 @@ def main():
elif args.object == "ssh": elif args.object == "ssh":
if args.action == "list": if args.action == "list":
list_ssh_certs( list_ssh_certs(
revoked=args.show_revoked, cert_status=args.status,
expired=args.show_expired,
sort_key=args.sort_by, sort_key=args.sort_by,
cert_type=args.type, cert_type=args.type,
key=args.key, key=args.key_id,
principal=args.principal, principal=args.principal,
) )
elif args.action == "details": elif args.action == "details":