Epic 55000

.github/workflows/keyfactor-bootstrap-workflow.yml

@@ -10,215 +10,8 @@ on:
       - 'release-*.*'
 
 jobs:
-  get-versions:
-    runs-on: ubuntu-latest
-    outputs:
-      PR_BASE_REF: ${{ steps.set-outputs.outputs.PR_BASE_REF }}
-      PR_COMMIT_SHA: ${{ steps.set-outputs.outputs.PR_COMMIT_SHA }}
-      GITHUB_SHA: ${{ steps.set-outputs.outputs.GITHUB_SHA }}
-      PR_BASE_TAG: ${{ steps.set-outputs.outputs.PR_BASE_TAG }}
-      IS_FULL_RELEASE: ${{ steps.set-outputs.outputs.IS_FULL_RELEASE }}
-      IS_PRE_RELEASE: ${{ steps.set-outputs.outputs.IS_PRE_RELEASE }}
-      INC_LEVEL: ${{ steps.set-outputs.outputs.INC_LEVEL }}
-      IS_RELEASE_BRANCH: ${{ steps.set-outputs.outputs.IS_RELEASE_BRANCH }}
-      IS_HOTFIX: ${{ steps.set-outputs.outputs.IS_HOTFIX }}
-      LATEST_TAG: ${{ steps.set-outputs.outputs.LATEST_TAG }}
-      NEXT_VERSION: ${{ steps.set-outputs.outputs.NEW_PKG_VERSION }}
-
-    steps:
-      - name: Check out the code
-        uses: actions/checkout@v3
-        with:
-          token: ${{ secrets.V2BUILDTOKEN}}
-
-      - name: Display base.ref from Pull Request
-        if: github.event_name == 'pull_request'
-        id: display-from-pr
-        run: |
-          echo "Event: ${{ github.event_name }}" | tee -a $GITHUB_STEP_SUMMARY
-          echo "Event Action: ${{ github.event.action }}" | tee -a $GITHUB_STEP_SUMMARY
-          echo "PR_BASE_REF=${{ github.event.pull_request.base.ref }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
-          echo "PR_STATE=${{ github.event.pull_request.state }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
-          echo "PR_MERGED=${{ github.event.pull_request.merged }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
-          echo "PR_COMMIT_SHA=${{ github.event.pull_request.merge_commit_sha }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
-          echo "GITHUB_SHA=${{ github.sha }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
-          baseref="${{ github.event.pull_request.base.ref }}"
-          basetag="${baseref#release-}"
-          echo "PR_BASE_TAG=$basetag" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
-
-      - name: Display base_ref from Push Event
-        if: github.event_name == 'push'
-        id: display-from-push
-        run: |
-          echo "Branch Ref: ${{ github.ref }}" | tee -a $GITHUB_STEP_SUMMARY
-          echo "Event: ${{ github.event_name }}" | tee -a $GITHUB_STEP_SUMMARY
-          echo "github.sha: ${{ github.sha }}" | tee -a $GITHUB_STEP_SUMMARY
-
-      - name: Find Latest Tag
-        if: github.event_name == 'pull_request'
-        id: find-latest-tag
-        run: |
-          prbasetag="${{env.PR_BASE_TAG}}"
-          git fetch --tags
-          if [[ -n `git tag` ]]; then
-            echo "Setting vars"
-            allBranchTags=`git tag --sort=-v:refname | grep "^$prbasetag" || echo ""`
-            allRepoTags=`git tag --sort=-v:refname`
-            branchTagBase=`git tag --sort=-v:refname | grep "^$prbasetag" | grep -o '^[0-9.]*' | head -n 1 || echo ""`
-            latestTagBase=`git tag --sort=-v:refname | grep -o '^[0-9.]*' | head -n 1`
-            latestBranchTag=`git tag --sort=-v:refname | grep "^$prbasetag" | grep "^$branchTagBase" | head -n 1 || echo ""`
-            latestReleasedTag=`git tag --sort=-v:refname | grep "^$prbasetag" | grep "^$branchTagBase$" | head -n 1 || echo ""`
-
-            # If the *TagBase values are not found in the list of tags, it means no final release was produced, and the latest*Tag vars will be empty
-            if [[ -z "$latestReleasedTag" ]]; then
-              latestTag="$latestBranchTag"
-            else
-              latestTag="$latestReleasedTag"
-            fi
-            echo "LATEST_TAG=${latestTag}" | tee -a "$GITHUB_ENV"
-
-            if [[ "$latestTagBase" == *"$branchTagBase" ]]; then
-              hf="False"
-            else
-              hf="True"
-            fi
-
-            # The intention is to use this to set the make_latest:false property when 
-            # dispatching the create-release action, but it is not *yet* a configurable option
-            echo "IS_HOTFIX=$hf" | tee -a "$GITHUB_ENV"
-          else
-            echo "No tags exist in this repo"
-            echo "LATEST_TAG=" | tee -a "$GITHUB_ENV"
-          fi
-      - name: Set Outputs
-        id: set-outputs
-        run: |
-          echo "PR_BASE_REF=${{ env.PR_BASE_REF }}" | tee -a "$GITHUB_OUTPUT"
-          echo "PR_STATE=${{ env.PR_STATE }}"
-          echo "PR_MERGED=${{ env.PR_MERGED }}"
-          if [[ "${{ env.PR_STATE }}" == "closed" && "${{ env.PR_MERGED }}" == "true" && "${{ env.PR_COMMIT_SHA }}" == "${{ env.GITHUB_SHA }}" ]]; then
-            echo "IS_FULL_RELEASE=True" | tee -a "$GITHUB_OUTPUT"
-            echo "INC_LEVEL=patch" | tee -a "$GITHUB_OUTPUT"
-          fi
-          if [[ "${{ env.PR_STATE }}" == "open" ]]; then
-            echo "IS_PRE_RELEASE=True" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_ENV"
-            echo "INC_LEVEL=prerelease" | tee -a "$GITHUB_OUTPUT"
-          fi
-          if [[ "${{ env.PR_BASE_REF }}" == "release-"* ]]; then
-            echo "IS_RELEASE_BRANCH=True" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_ENV"
-          fi
-          echo "PR_COMMIT_SHA=${{ env.PR_COMMIT_SHA }}" | tee -a "$GITHUB_OUTPUT"
-          echo "GITHUB_SHA=${{ env.GITHUB_SHA }}" | tee -a "$GITHUB_OUTPUT"
-          echo "PR_BASE_TAG=${{ env.PR_BASE_TAG }}" | tee -a "$GITHUB_OUTPUT"
-          echo "IS_HOTFIX=${{ env.IS_HOTFIX }}" | tee -a "$GITHUB_OUTPUT"
-          echo "LATEST_TAG=${{ env.LATEST_TAG }}" | tee -a "$GITHUB_OUTPUT"
-
-#  check-package-version:
-#    needs: get-versions
-#    if: github.event_name == 'pull_request' && needs.get-versions.outputs.IS_RELEASE_BRANCH == 'True'
-#    outputs:
-#      release_version: ${{ steps.create_release.outputs.current_tag }}
-#      release_url: ${{ steps.create_release.outputs.upload_url }}
-#      update_version: ${{ steps.check_version.outputs.update_version }}
-#      next_version: ${{ steps.set-semver-info.outputs.new_version }}
-#    runs-on: ubuntu-latest
-#    steps:
-#      - name: Check out the code
-#        uses: actions/checkout@v3
-#      - run: |
-#          echo "INC_LEVEL=${{ needs.get-versions.outputs.INC_LEVEL}}"
-#      - name: Check if initial release
-#        if: needs.get-versions.outputs.LATEST_TAG == ''
-#        run: |
-#          echo "INITIAL_VERSION=${{needs.get-versions.outputs.PR_BASE_TAG}}.0-rc.0" | tee -a "$GITHUB_STEP_SUMMARY" | tee -a "$GITHUB_ENV"
-#          echo "MANUAL_VERSION=${{needs.get-versions.outputs.PR_BASE_TAG}}.0-rc.0" | tee -a "$GITHUB_ENV"
-#      - name: Set semver info
-#        id: set-semver-info
-#        if: needs.get-versions.outputs.LATEST_TAG != ''
-#        uses: fiddlermikey/action-bump-semver@main
-#        with:
-#          current_version: ${{ needs.get-versions.outputs.LATEST_TAG}}
-#          level: ${{ needs.get-versions.outputs.INC_LEVEL}}
-#          preID: rc
-#      - name: Show next sem-version
-#        if: needs.get-versions.outputs.LATEST_TAG != ''
-#        run: |
-#          echo "MANUAL_VERSION=${{ steps.set-semver-info.outputs.new_version }}" > "$GITHUB_ENV"
-#      - run: |
-#          echo "Next version: ${{ env.MANUAL_VERSION }}" | tee -a "$GITHUB_STEP_SUMMARY"
-#
-#      - name: Get Package Version
-#        id: get-pkg-version
-#        run: |
-#          pwd
-#          ls -la
-#          echo "CURRENT_PKG_VERSION=$(cat pkg/version/version.go | grep 'const VERSION' | awk '{print $NF}' | tr -d '"')" | tee -a "$GITHUB_ENV"
-#      - name: Compare package version
-#        id: check_version
-#        run: |
-#          if [ "${{ env.CURRENT_PKG_VERSION }}" != "${{ env.MANUAL_VERSION }}" ]; then
-#            echo "Updating version in version.go"
-#            echo "update_version=true" | tee -a $GITHUB_ENV | tee -a $GITHUB_OUTPUT
-#            echo "update_version=true" | tee -a "$GITHUB_STEP_SUMMARY"
-#          else
-#            echo "Versions match, no update needed"
-#            echo "update_version=false" | tee -a $GITHUB_ENV | tee -a $GITHUB_OUTPUT
-#            echo "update_version=false" | tee -a $GITHUB_STEP_SUMMARY
-#          fi
-#        env:
-#          UPDATE_VERSION: ${{ steps.check_version.outputs.update_version }}
-#
-#      - name: Set Outputs
-#        id: set-outputs
-#        if: needs.get-versions.outputs.LATEST_TAG != ''
-#        run: |
-#          echo "UPDATE_VERSION=${{ steps.check_version.outputs.update_version }}" | tee -a "$GITHUB_OUTPUT"
-#          echo "CURRENT_PKG_VERSION=${{ env.CURRENT_PKG_VERSION }}" | tee -a "$GITHUB_OUTPUT"
-#          echo "MANUAL_VERSION=${{ env.MANUAL_VERSION }}" | tee -a "$GITHUB_OUTPUT"
-#          echo "NEW_PKG_VERSION=${{ env.MANUAL_VERSION }}" | tee -a "$GITHUB_OUTPUT"
-#
-#  update-pkg-version:
-#    needs:
-#      - check-package-version
-#    runs-on: ubuntu-latest
-#
-#    steps:
-#      - name: Checkout repository
-#        uses: actions/checkout@v3
-#        with:
-#          token: ${{ secrets.V2BUILDTOKEN}}
-#      - name: No Update
-#        if: ${{ needs.check-package-version.outputs.update_version != 'true' }}
-#        run: |
-#          echo "Versions match, no update needed"
-#          exit 0
-#
-#      - name: Commit to PR branch
-#        id: commit-version
-#        if: ${{ needs.check-package-version.outputs.update_version == 'true' }}
-#        env:
-#          AUTHOR_EMAIL: keyfactor@keyfactor.github.io
-#          AUTHOR_NAME: Keyfactor Robot
-#          GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}}
-#        run: |
-#          git remote -v
-#          echo "Checking out ${{ github.head_ref }}"
-#          git fetch
-#          echo "git checkout -b ${{ github.head_ref }}"
-#          git checkout -b ${{ github.head_ref }}
-#          git reset --hard origin/${{ github.head_ref }}
-#          sed -i "s/const VERSION = .*/const VERSION = \"${{ needs.check-package-version.outputs.next_version }}\"/" pkg/version/version.go
-#          git add pkg/version/version.go
-#          git config --global user.email "${{ env.AUTHOR_EMAIL }}"
-#          git config --global user.name "${{ env.AUTHOR_NAME }}"
-#          git commit -m "Bump package version to ${{ needs.check-package-version.outputs.next_version }}"
-#          git push --set-upstream origin ${{ github.head_ref }}
-#          echo "Version mismatch! Please create a new pull request with the updated version."
-#          exit 1
-
   call-starter-workflow:
     uses: keyfactor/actions/.github/workflows/starter.yml@v2
-    needs: get-versions
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}

README.md

@@ -440,3 +440,4 @@ alternatively you can specify the parent command
 cobra-cli add <my-new-command> -p '<parent>Cmd'
 ```
 
+

cmd/constants.go

@@ -1,4 +1,4 @@
-// Copyright 2024 Keyfactor
+// Package cmd Copyright 2024 Keyfactor
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,28 +16,47 @@ package cmd
 import "fmt"
 
 const (
-	ColorRed                = "\033[31m"
-	ColorWhite              = "\033[37m"
-	DefaultAPIPath          = "KeyfactorAPI"
-	DefaultConfigFileName   = "command_config.json"
-	FailedAuthMsg           = "Login failed!"
-	SuccessfulAuthMsg       = "Login successful!"
-	XKeyfactorRequestedWith = "APIClient"
-	XKeyfactorApiVersion    = "1"
-	FlagGitRef              = "git-ref"
-	FlagFromFile            = "from-file"
-	DebugFuncEnter          = "entered: %s"
-	DebugFuncExit           = "exiting: %s"
-	DebugFuncCall           = "calling: %s"
+	ColorRed                              = "\033[31m"
+	ColorWhite                            = "\033[37m"
+	DefaultAPIPath                        = "KeyfactorAPI"
+	DefaultConfigFileName                 = "command_config.json"
+	DefaultROTAuditStoresOutfilePath      = "rot_audit_selected_stores.csv"
+	DefaultROTAuditAddCertsOutfilePath    = "rot_audit_selected_certs_add.csv"
+	DefaultROTAuditRemoveCertsOutfilePath = "rot_audit_selected_certs_remove.csv"
+	FailedAuthMsg                         = "Login failed!"
+	SuccessfulAuthMsg                     = "Login successful!"
+	XKeyfactorRequestedWith               = "APIClient"
+	XKeyfactorApiVersion                  = "1"
+	FlagGitRef                            = "git-ref"
+	FlagFromFile                          = "from-file"
+	DebugFuncEnter                        = "entered: %s"
+	DebugFuncExit                         = "exiting: %s"
+	DebugFuncCall                         = "calling: %s"
+	ErrMsgEmptyResponse                   = "empty response received from Keyfactor Command %s"
+)
+
+// CLI Menu Defaults
+const (
+	DefaultMenuPageSizeSmall = 25
+	DefaultMenuPageSizeLarge = 100
+)
+
+var (
+	DefaultSourceTypeOptions = []string{"API", "File"}
 )
 
 var ProviderTypeChoices = []string{
 	"azid",
 }
 var ValidAuthProviders = [2]string{"azure-id", "azid"}
+var ErrKfcEmptyResponse = fmt.Errorf("empty response recieved from Keyfactor Command")
 
 // Error messages
 var (
-	StoreTypeReadError = fmt.Errorf("error reading store type from configuration file")
-	InvalidInputError  = fmt.Errorf("invalid input")
+	StoreTypeReadError      = fmt.Errorf("error reading store type from configuration file")
+	InvalidInputError       = fmt.Errorf("invalid input")
+	InvalidROTCertsInputErr = fmt.Errorf(
+		"at least one of `--add-certs` or `--remove-certs` is required to perform a" +
+			" root of trust audit",
+	)
 )

cmd/export.go

@@ -18,12 +18,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"os"
+	"strconv"
+
 	"github.com/Keyfactor/keyfactor-go-client-sdk/api/keyfactor"
 	"github.com/Keyfactor/keyfactor-go-client/v2/api"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
-	"os"
-	"strconv"
 )
 
 var exportPath string
@@ -371,8 +372,10 @@ func getIssuedAlerts(kfClient *keyfactor.APIClient) []keyfactor.KeyfactorApiMode
 func getDeniedAlerts(kfClient *keyfactor.APIClient) []keyfactor.KeyfactorApiModelsAlertsDeniedDeniedAlertCreationRequest {
 
 	alerts, _, reqErr := kfClient.DeniedAlertApi.DeniedAlertGetDeniedAlerts(
-		context.Background()).XKeyfactorRequestedWith(
-		XKeyfactorRequestedWith).XKeyfactorApiVersion(XKeyfactorApiVersion).Execute()
+		context.Background(),
+	).XKeyfactorRequestedWith(
+		XKeyfactorRequestedWith,
+	).XKeyfactorApiVersion(XKeyfactorApiVersion).Execute()
 	if reqErr != nil {
 		fmt.Printf("%s Error! Unable to get denied cert alerts %s%s\n", ColorRed, reqErr, ColorWhite)
 	}
@@ -575,7 +578,13 @@ func init() {
 	exportCmd.Flags().Lookup("collections").NoOptDefVal = "true"
 	exportCmd.Flags().BoolVarP(&fMetadata, "metadata", "m", false, "export metadata to JSON file")
 	exportCmd.Flags().Lookup("metadata").NoOptDefVal = "true"
-	exportCmd.Flags().BoolVarP(&fExpirationAlerts, "expiration-alerts", "e", false, "export expiration cert alerts to JSON file")
+	exportCmd.Flags().BoolVarP(
+		&fExpirationAlerts,
+		"expiration-alerts",
+		"e",
+		false,
+		"export expiration cert alerts to JSON file",
+	)
 	exportCmd.Flags().Lookup("expiration-alerts").NoOptDefVal = "true"
 	exportCmd.Flags().BoolVarP(&fIssuedAlerts, "issued-alerts", "i", false, "export issued cert alerts to JSON file")
 	exportCmd.Flags().Lookup("issued-alerts").NoOptDefVal = "true"
@@ -585,7 +594,13 @@ func init() {
 	exportCmd.Flags().Lookup("pending-alerts").NoOptDefVal = "true"
 	exportCmd.Flags().BoolVarP(&fNetworks, "networks", "n", false, "export SSL networks to JSON file")
 	exportCmd.Flags().Lookup("networks").NoOptDefVal = "true"
-	exportCmd.Flags().BoolVarP(&fWorkflowDefinitions, "workflow-definitions", "w", false, "export workflow definitions to JSON file")
+	exportCmd.Flags().BoolVarP(
+		&fWorkflowDefinitions,
+		"workflow-definitions",
+		"w",
+		false,
+		"export workflow definitions to JSON file",
+	)
 	exportCmd.Flags().Lookup("workflow-definitions").NoOptDefVal = "true"
 	exportCmd.Flags().BoolVarP(&fReports, "reports", "r", false, "export reports to JSON file")
 	exportCmd.Flags().Lookup("reports").NoOptDefVal = "true"

cmd/helpers.go

@@ -19,18 +19,34 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/google/uuid"
-	"github.com/rs/zerolog"
-	"github.com/rs/zerolog/log"
-	"github.com/spf13/cobra"
 	"io"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strconv"
 	"time"
+
+	"github.com/google/uuid"
+	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
+	"github.com/spf13/cobra"
 )
 
+func mergeErrsToString(errs *[]error, indent bool) string {
+	var errStr string
+	if errs == nil || len(*errs) == 0 {
+		return ""
+	}
+	for _, err := range *errs {
+		if indent {
+			errStr += fmt.Sprintf(" \t%s\r\n", err)
+			continue
+		}
+		errStr += fmt.Sprintf("%s\r\n", err)
+	}
+	return errStr
+}
+
 func boolToPointer(b bool) *bool {
 	return &b
 }