Merge pull request #10 from Keyfactor/rot_all_stores

All stores flag support

Author: spbsoluble

README.md

@@ -45,6 +45,8 @@ export KEYFACTOR_DOMAIN=<mykeyfactordomain>
 
 #### Bulk create cert stores
 
+For full documentation, see [stores import](docs/kfutil_stores_import.md).
+
 This will attempt to process a CSV input file of certificate stores to create. The template can be generated by
 running: `kfutil stores import generate-template` command.
 
@@ -69,9 +71,10 @@ Flags:
 Use "kfutil stores import [command] --help" for more information about a command.
 ```
 
-
 #### Bulk create cert store types
 
+For full documentation, see [store-types](docs/kfutil_store-types.md).
+
 This will attempt to process a CSV input file of certificate store types to create. The template can be generated by
 running: `kfutil generate-template --type bulk-certstore-types` command.
 
@@ -101,10 +104,14 @@ Use "kfutil store-types [command] --help" for more information about a command.
 ```
 
 ### Root of Trust
-The root of trust (rot) utility is a tool that allows you to bulk manage Keyfactor certificate stores and ensure that a 
+
+For full documentation, see [stores rot](docs/kfutil_stores_rot.md).
+
+The root of trust (rot) utility is a tool that allows you to bulk manage Keyfactor certificate stores and ensure that a
 set of defined certificates are present in each store that meets a certain set of criteria or no criteria at all.
 
 ### Root of Trust Quickstart
+
 ```bash
 echo "Generating cert template file certs_template.csv"
 kfutil stores rot generate-template-rot --type certs
@@ -121,6 +128,8 @@ kfutil stores rot reconcile --add-certs certs_template.csv --stores stores_templ
 
 #### Generate Certificate List Template
 
+For full documentation, see [stores rot generate template](docs/kfutil_stores_rot_generate-template.md).
+
 This will write the file `certs_template.csv` to the current directory.
 
 ```bash
@@ -129,34 +138,45 @@ kfutil stores generate-template-rot --type certs
 
 #### Generate Certificate Store List Template
 
-This will write the file `stores_template.csv` to the current directory.
+For full documentation, see [stores rot generate template](docs/kfutil_stores_rot_generate-template.md).
+
+This will write the file `stores_template.csv` to the current directory. For full documentation
 
 ```bash
 kfutil stores generate-template-rot --type stores
 ```
 
 #### Run Root of Trust Audit
 
-Audit will take in a list of certificates and a list of certificate stores and check that the certificate store's 
-inventory either contains the certificate or does not contain the certificate based on the `--add-certs` and 
-`--remove-certs` flags. These flags can be used together or separately. The aforementioned flags take in a path to CSV 
+For full documentation, see [stores rot audit](docs/kfutil_stores_rot_audit.md).
+
+Audit will take in a list of certificates and a list of certificate stores and check that the certificate store's
+inventory either contains the certificate or does not contain the certificate based on the `--add-certs` and
+`--remove-certs` flags. These flags can be used together or separately. The aforementioned flags take in a path to CSV
 files containing a list of certificate thumbprints. To generate a template for these files, run the following command:
+
 ```bash
 kfutil stores rot generate-template --type certs
 ```
+
 To prepopulate the template file you can provide `--cn` multiple times.
+
 ```bash
 kfutil stores rot generate-template --type certs \
   --cn <cert subject name> \
   --cn <additional cert subject name>
 ```
 
-In addition, you must provide a list of stores you wish to audit. To generate a template for this file, run the following
+In addition, you must provide a list of stores you wish to audit. To generate a template for this file, run the
+following
 command:
+
 ```bash
 kfutil stores rot generate-template --type stores
 ```
+
 To prepopulate the template file you can provide `--store-type` and `--container-type` multiple times.
+
 ```bash
 kfutil stores rot generate-template --type stores \
   --store-type <store type name> \
@@ -166,15 +186,19 @@ kfutil stores rot generate-template --type stores \
 ```
 
 With all the files generated and populated, you can now run the audit command:
+
 ```bash
 kfutil stores rot audit \
   --stores stores_template.csv \
   --add-certs certs_template.csv \
   --remove-certs certs_template2.csv
 ```
+
 This will generate an audit file that contains the results of the audit and actions that will be taken if `reconcile` is
-executed. By default, the audit file will be named `rot_audit.csv` and will be written to the current directory. To output
+executed. By default, the audit file will be named `rot_audit.csv` and will be written to the current directory. To
+output
 the audit file to a different location, use the `--output` flag:
+
 ```bash
 kfutil stores rot audit \
   --stores stores.csv \
@@ -183,28 +207,37 @@ kfutil stores rot audit \
   --output /path/to/output/autdit_file.csv
 ```
 
-
 #### Run Root of Trust Reconcile
 
+For full documentation, see [stores rot](docs/kfutil_stores_rot_reconcile.md).
+
 Reconcile will take in a list of certificates and a list of certificate stores and check that the certificate store's
 inventory either contains the certificate or does not contain the certificate based on the `--add-certs` and
 `--remove-certs` flags. These flags can be used together or separately. The aforementioned flags take in a path to CSV
 files containing a list of certificate thumbprints. To generate a template for these files, run the following command:
+
 ```bash
 kfutil stores rot generate-template --type certs
 ```
-To prepopulate the template file you can provide `--cn` multiple times.
+
+To pre-populate the template file you can provide `--cn` multiple times.
+
 ```bash
 kfutil stores rot generate-template --type certs \
   --cn <cert subject name> \
   --cn <additional cert subject name>
 ```
-In addition, you must provide a list of stores you wish to reconcile. To generate a template for this file, run the following
+
+In addition, you must provide a list of stores you wish to reconcile. To generate a template for this file, run the
+following
 command:
+
 ```bash
 kfutil stores rot generate-template --type stores
 ```
+
 To pre-populate the stores template file you can provide multiple values in any combination of the following flags:
+
 ```bash
 kfutil stores rot generate-template --type stores \
   --store-type <store type name> \
@@ -214,33 +247,92 @@ kfutil stores rot generate-template --type stores \
 ```
 
 With all the files generated and populated, you can now run the reconcile command:
+
 ```bash
 kfutil stores rot reconcile \
   --stores stores_template.csv \
   --add-certs certs_template.csv \
   --remove-certs certs_template2.csv
 ```
-This will generate an audit file that contains the results of the audit and actions will immediately execute those actions.
+
+This will generate an audit file that contains the results of the audit and actions will immediately execute those
+actions.
 By default, the reconcile file will be named `rot_audit.csv` and will be written to the current directory. To output
 the reconcile file to a different location, use the `--output` flag:
+
 ```bash
 kfutil stores rot reconcile \
   --stores stores.csv \
   --add-certs addCerts.csv \
   --remove-certs removeCerts.csv \
   --output /path/to/output/audit_file.csv
 ```
+
 Alternatively you can provide an audit CSV file as an input to the reconcile command using the `--import-csv` flag:
+
 ```bash
 kfutil stores rot reconcile \
   --import-csv /path/to/audit_file.csv
 ```
 
-### Development
+### Certificate Store Inventory
+
+For full documentation, see [stores inventory](docs/kfutil_stores_inventory.md).
+
+#### Show the inventory of a certificate store
+
+For full documentation, see [stores inventory show](docs/kfutil_stores_inventory_show.md).
+
+```bash
+# Show by store ID:
+```bash
+kfutil stores inventory show --sid <store id>
+
+# Nested command lookup: shows inventory of first cert store found
+kfutil stores inventory show \
+  --sid $(kfutil stores list | jq -r ".[0].Id")
+```
+
+Show by client machine name:
+
+```bash
+kfutil stores inventory show --client <machine name>
+
+# Nested command lookup: shows inventory of first cert store found
+kfutil stores inventory show \
+  --client $(kfutil orchs list | jq -r ".[0].ClientMachine")
+```
+
+#### Add certificates to certificate stores
+
+For full documentation, see [stores inventory add](docs/kfutil_stores_inventory_add.md).
+
+```bash
+# Add 2 certs to 2 certificate stores
+kfutil stores inventory add \
+  --sid <store id> \
+  --sid <additional store id> \
+  --cn <cert subject name> \
+  --cn <additional cert subject name>
+```
+
+#### Remove certificates from certificate stores
+
+For full documentation, see [stores inventory remove](docs/kfutil_stores_inventory_remove.md).
+
+```bash
+# Remove 2 certs from all stores associated with a client machine
+kfutil stores inventory remove \
+  --client <machine name> \
+  --cn <cert subject name> \
+  --cn <additional cert subject name>
+```
+
+## Development
 
 This CLI developed using [cobra](https://umarcor.github.io/cobra/)
 
-#### Adding a new command
+### Adding a new command
 
 ```bash
 cobra-cli add <my-new-command>

cmd/certificates.go

@@ -8,6 +8,7 @@ package cmd
 
 import (
 	"fmt"
+	"github.com/Keyfactor/keyfactor-go-client/api"
 
 	"github.com/spf13/cobra"
 )
@@ -35,3 +36,14 @@ func init() {
 	// is called directly, e.g.:
 	// certificatesCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 }
+
+func certToString(response *api.GetCertificateResponse) string {
+	sansString := ""
+	for _, san := range response.SubjectAltNameElements {
+		sansString += fmt.Sprintf("%s,", san.Value)
+	}
+	if len(sansString) > 0 {
+		sansString = sansString[:len(sansString)-1]
+	}
+	return fmt.Sprintf("DN=(%s),SANs=(%s),TP=(%s),ID=(%d)", response.IssuedDN, sansString, response.Thumbprint, response.Id)
+}