feat(svc-account-playbook): Fixes aruba tests due to service-account …

…auth changes Closes VC-32061
Venafi · Mar 28, 2024 · 7152485 · 7152485
1 parent 26dbd7c
commit 7152485
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 11 deletions.
diff --git a/aruba/features/firefly/firefly.feature b/aruba/features/firefly/firefly.feature
@@ -27,4 +27,4 @@ Feature: Enroll certificate using Firefly
       And it should write CSR to the file named "csr.pem"
       And it should write private key to the file named "k.pem"
     And I enroll a random certificate with defined platform Firefly with -csr file:csr.pem
-      Then the output should contain "The '-cn' option cannot be used in -csr file: provided mode"
+      Then the output should contain "the '--cn' option cannot be used in --csr file: provided mode"
diff --git a/cmd/vcert/validators.go b/cmd/vcert/validators.go
@@ -143,7 +143,7 @@ func validateConnectionFlags(commandName string) error {
 	//	- Token empty is considered to mean Cloud connector to keep previous behavior where token was exclusive to TPP
 	//	- To use token with VaaS, the platform flag is required.
 	//	- If the platform flag is set we would not be guessing here
-	if flags.userName == "" && tppToken == "" {
+	if flags.userName == "" && tppToken == "" && flags.clientP12 == "" {
 		// should be SaaS endpoint
 		return validateConnectionFlagsCloud(commandName)
 	} else {

diff --git a/cmd/vcert/validatorsFirefly.go b/cmd/vcert/validatorsFirefly.go
@@ -16,7 +16,8 @@ func validateConnectionFlagsFirefly(commandName string) error {
 		clientSecretPresent := flags.clientSecret != "" || getPropertyFromEnvironment(vcertClientSecret) != ""
 		clientIDPresent := flags.clientId != "" || getPropertyFromEnvironment(vcertClientID) != ""
 		userPresent := flags.userName != "" || getPropertyFromEnvironment(vcertUser) != ""
-		passwordPresent := flags.password != "" || getPropertyFromEnvironment(vcertPassword) != ""
+		// Check if noPrompt is false. If False, it means VCert will request the password from user on CLI
+		passwordPresent := flags.password != "" || getPropertyFromEnvironment(vcertPassword) != "" || !flags.noPrompt
 		deviceURLPresent := flags.deviceURL != "" || getPropertyFromEnvironment(vcertDeviceURL) != ""
 
 		credentialsFlowPresent := clientSecretPresent && clientIDPresent
@@ -31,8 +32,8 @@ func validateConnectionFlagsFirefly(commandName string) error {
 			return fmt.Errorf("missing client id for authentication. Set the client-id using --client-id flag")
 		}
 
-		if userPresent && flags.noPrompt && !passwordPresent {
-			return fmt.Errorf("missing password for password flow grant. Set the password using the --password flag")
+		if userPresent && !passwordPresent {
+			return fmt.Errorf("missing password for password flow grant. Set the password using the --password flag or remove --no-prompt flag")
 		}
 
 		advice := "Use only one of --client-id/--client-secret/--client-id, --username/--password/--client-id or --device-url/--client-id"

diff --git a/cmd/vcert/validatorsTPP.go b/cmd/vcert/validatorsTPP.go
@@ -7,8 +7,10 @@ import (
 func validateConnectionFlagsTPP(commandName string) error {
 	tokenPresent := flags.token != "" || getPropertyFromEnvironment(vCertToken) != ""
 	userPresent := flags.userName != "" || getPropertyFromEnvironment(vcertUser) != ""
-	passwordPresent := flags.password != "" || getPropertyFromEnvironment(vcertPassword) != ""
-	clientCertificatePresent := flags.clientP12 != "" && flags.clientP12PW != ""
+	// Check if noPrompt is false. If False, it means VCert will request the password from user on CLI
+	passwordPresent := flags.password != "" || getPropertyFromEnvironment(vcertPassword) != "" || !flags.noPrompt
+	p12PasswordPresent := flags.clientP12PW != "" || !flags.noPrompt
+	clientCertificatePresent := flags.clientP12 != "" && p12PasswordPresent
 	userPasswordPresent := userPresent && passwordPresent
 	urlPresent := flags.url != "" || getPropertyFromEnvironment(vCertURL) != ""
 
@@ -17,13 +19,13 @@ func validateConnectionFlagsTPP(commandName string) error {
 	}
 
 	// mutual TLS with TPP service
-	if flags.clientP12 != "" && flags.clientP12PW == "" {
-		return fmt.Errorf("missing password for client certificate authentication. Set the password using --client-pkcs12-pw flag")
+	if flags.clientP12 != "" && !p12PasswordPresent {
+		return fmt.Errorf("missing password for client certificate authentication. Set the password using --p12-password flag or remove --no-prompt flag")
 	}
 
 	// Username/password combination
-	if userPresent && flags.noPrompt && !passwordPresent {
-		return fmt.Errorf("missing password for username/password authentication. Set the password using --password flag")
+	if userPresent && !passwordPresent {
+		return fmt.Errorf("missing password for username/password authentication. Set the password using --password flag or remove --no-prompt flag")
 	}
 
 	advice := "Use only one of --token (-t), --p12-file/--p12-password] or --username/--password"