chore: Generated docs

chore(deps): Bump Keyfactor go client and cobra packages.
feat: Added `--makedocs` to main to generate Markdown docs.
fix(cmd): Exporting CLI root as `RootCmd`
feat(cmd): Root of Trust (rot) audit file now includes cert and issuer DNs.
fix(cmd): Root of Trust will now output an error if removing a cert fails.
fix(cmd): Root of Trust will not output a message if an input store does not fit the root store criteria flags.
fix(cmd): Shadowed variable caused `rot audit` to produce an empty file when only `--remove-certs` was passed.
fix(cmd): Root of Trust will not output an error if it's unable to write a file to disk.
fix(cmd): Root of Trust template generation will now output where template is written to.
fix: storeTypes now use structs defined in the API  client for: `PasswordOptions`, `EntryParameters`, and `SupportedOperations`

Author: spbsoluble

cmd/containers.go

@@ -90,7 +90,7 @@ var containersListCmd = &cobra.Command{
 }
 
 func init() {
-	rootCmd.AddCommand(containersCmd)
+	RootCmd.AddCommand(containersCmd)
 	// LIST containers command
 	containersCmd.AddCommand(containersListCmd)
 	// GET containers command

cmd/orchs.go

@@ -161,7 +161,7 @@ var listOrchestratorsCmd = &cobra.Command{
 func init() {
 	var client string
 
-	rootCmd.AddCommand(orchsCmd)
+	RootCmd.AddCommand(orchsCmd)
 
 	// LIST orchestrators command
 	orchsCmd.AddCommand(listOrchestratorsCmd)

cmd/root.go

@@ -1,15 +1,13 @@
 /*
 Copyright © 2022 NAME HERE <EMAIL ADDRESS>
-
 */
 package cmd
 
 import (
-	"os"
-
 	"github.com/Keyfactor/keyfactor-go-client/api"
 	"github.com/spf13/cobra"
 	"log"
+	"os"
 )
 
 func initClient() (*api.Client, error) {
@@ -31,8 +29,8 @@ func initClient() (*api.Client, error) {
 	return c, err
 }
 
-// rootCmd represents the base command when called without any subcommands
-var rootCmd = &cobra.Command{
+// RootCmd represents the base command when called without any subcommands
+var RootCmd = &cobra.Command{
 	Use:   "kfutil",
 	Short: "Keyfactor CLI utilities",
 	Long:  `A CLI wrapper around the Keyfactor Platform API.`,
@@ -44,7 +42,7 @@ var rootCmd = &cobra.Command{
 // Execute adds all child commands to the root command and sets flags appropriately.
 // This is called by main.main(). It only needs to happen once to the rootCmd.
 func Execute() {
-	err := rootCmd.Execute()
+	err := RootCmd.Execute()
 	if err != nil {
 		os.Exit(1)
 	}
@@ -59,7 +57,7 @@ func init() {
 
 	// Cobra also supports local flags, which will only run
 	// when this action is called directly.
-	rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
+	RootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 }
 
 func boolToPointer(b bool) *bool {

cmd/rot.go

@@ -51,7 +51,7 @@ const (
 )
 
 var (
-	AuditHeader = []string{"Thumbprint", "CertID", "StoreID", "StoreType", "Machine", "Path", "AddCert", "RemoveCert", "Deployed"}
+	AuditHeader = []string{"Thumbprint", "CertID", "SubjectName", "Issuer", "StoreID", "StoreType", "Machine", "Path", "AddCert", "RemoveCert", "Deployed"}
 	StoreHeader = []string{"StoreID", "StoreType", "StoreMachine", "StorePath"}
 	CertHeader  = []string{"Thumbprint"}
 )
@@ -115,6 +115,7 @@ func generateAuditReport(addCerts map[string]string, removeCerts map[string]stri
 		}
 		certLookup, err := kfClient.GetCertificateContext(&certLookupReq)
 		if err != nil {
+			fmt.Printf("Error looking up certificate %s: %s\n", cert, err)
 			log.Printf("[ERROR] Error looking up cert: %s\n%v", cert, err)
 			continue
 		}
@@ -123,20 +124,20 @@ func generateAuditReport(addCerts map[string]string, removeCerts map[string]stri
 		for _, store := range stores {
 			if _, ok := store.Thumbprints[cert]; ok {
 				// Cert is already in the store do nothing
-				row := []string{cert, certIDStr, store.ID, store.Type, store.Machine, store.Path, "false", "false", "true"}
+				row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "false", "false", "true"}
 				data = append(data, row)
 				wErr := csvWriter.Write(row)
 				if wErr != nil {
-					fmt.Printf("%s", wErr)
+					fmt.Printf("Error writing audit file row: %s\n", wErr)
 					log.Printf("[ERROR] Error writing audit row: %s", wErr)
 				}
 			} else {
 				// Cert is not deployed to this store and will need to be added
-				row := []string{cert, certIDStr, store.ID, store.Type, store.Machine, store.Path, "true", "false", "false"}
+				row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "true", "false", "false"}
 				data = append(data, row)
 				wErr := csvWriter.Write(row)
 				if wErr != nil {
-					fmt.Printf("%s", wErr)
+					fmt.Printf("Error writing audit file row: %s\n", wErr)
 					log.Printf("[ERROR] Error writing audit row: %s", wErr)
 				}
 				actions[cert] = append(actions[cert], ROTAction{
@@ -259,10 +260,11 @@ func reconcileRoots(actions map[string][]ROTAction, kfClient *api.Client, dryRun
 					}
 					_, err := kfClient.RemoveCertificateFromStores(&removeReq)
 					if err != nil {
-						fmt.Printf("Error removing cert %s (%d) from store %s (%s): %s", a.Thumbprint, a.CertID, a.StoreID, a.StorePath, err)
-						log.Fatalf("[ERROR] Error removing cert from store: %s", err)
+						fmt.Printf("Error removing cert %s (ID: %d) from store %s (%s): %s\n", a.Thumbprint, a.CertID, a.StoreID, a.StorePath, err)
+						//log.Fatalf("[ERROR] Error removing cert from store: %s", err)
 					}
 				} else {
+					fmt.Printf("DRY RUN: Would have removed cert %s from store %s\n", thumbprint, a.StoreID)
 					log.Printf("[INFO] DRY RUN: Would have removed cert %s from store %s", thumbprint, a.StoreID)
 				}
 			}
@@ -325,7 +327,19 @@ var (
 	rotCmd = &cobra.Command{
 		Use:   "rot",
 		Short: "Root of trust utility",
-		Long:  `Root of trust allows you to manage your trusted roots using Keyfactor certificate stores.`,
+		Long: `Root of trust allows you to manage your trusted roots using Keyfactor certificate stores.
+For example if you wish to add a list of "root" certs to a list of certificate stores you would simply generate and fill
+out the template CSV file. These template files can be generated with the following commands:
+kfutil stores rot generate-template --type certs
+kfutil stores rot generate-template --type stores
+Once those files are filled out you can use the following command to add the certs to the stores:
+kfutil stores rot audit --certs-file <certs-file> --stores-file <stores-file>
+Will generate a CSV report file 'rot_audit.csv' of what actions will be taken. If those actions are correct you can run
+the following command to actually perform the actions:
+kfutil stores rot reconcile --certs-file <certs-file> --stores-file <stores-file>
+OR if you want to used the audit report file generated you can run this command:
+kfutil stores rot reconcile --import-csv <audit-file>
+`,
 	}
 	rotAuditCmd = &cobra.Command{
 		Use:                    "audit",
@@ -389,6 +403,7 @@ var (
 				}
 
 				if !isRootStore(apiResp, inventory, minCerts, maxLeaves, maxKeys) {
+					fmt.Printf("Store %s is not a root store, skipping.\n", entry[0])
 					log.Printf("[WARN] Store %s is not a root store", apiResp.Id)
 					continue
 				} else {
@@ -437,11 +452,11 @@ var (
 			// Read in the remove removeCerts CSV
 			var certsToRemove = make(map[string]string)
 			if removeRootsFile != "" {
-				certsToRemove, rErr := readCertsFile(removeRootsFile, kfClient)
-				if rErr != nil {
-					fmt.Printf("Error reading removeCerts file: %s", rErr)
-					log.Fatalf("Error reading removeCerts file: %s", rErr)
-				}
+				certsToRemove, _ = readCertsFile(removeRootsFile, kfClient)
+				//if rErr != nil {
+				//	fmt.Printf("Error reading removeCerts file: %s", rErr)
+				//	log.Fatalf("Error reading removeCerts file: %s", rErr)
+				//}
 				removeCertsJSON, _ := json.Marshal(certsToRemove)
 				log.Printf("[DEBUG] remove certs JSON: %s", string(removeCertsJSON))
 			} else {
@@ -731,6 +746,7 @@ var (
 			}
 			file, err := os.Create(filePath)
 			if err != nil {
+				fmt.Printf("Error creating file: %s", err)
 				log.Fatal("Cannot create file", err)
 			}
 
@@ -759,7 +775,7 @@ var (
 					log.Fatal("Cannot write to file", err)
 				}
 			}
-
+			fmt.Printf("Template file created at %s", filePath)
 		},
 		RunE:                       nil,
 		PostRun:                    nil,

cmd/status.go

@@ -1,6 +1,5 @@
 /*
 Copyright © 2022 NAME HERE <EMAIL ADDRESS>
-
 */
 package cmd
 
@@ -32,7 +31,7 @@ var statusCmd = &cobra.Command{
 }
 
 func init() {
-	rootCmd.AddCommand(statusCmd)
+	RootCmd.AddCommand(statusCmd)
 
 	// Here you will define your flags and configuration settings.
 

cmd/storeTypes.go

@@ -147,26 +147,16 @@ var storesTypeCreateCmd = &cobra.Command{
 				Name:       storeTypeConfig[storeType].(map[string]interface{})["Name"].(string),
 				ShortName:  storeTypeConfig[storeType].(map[string]interface{})["ShortName"].(string),
 				Capability: storeTypeConfig[storeType].(map[string]interface{})["Capability"].(string),
-				SupportedOperations: struct {
-					Add        bool `json:"Add"`
-					Create     bool `json:"Create"`
-					Discovery  bool `json:"Discovery"`
-					Enrollment bool `json:"Enrollment"`
-					Remove     bool `json:"Remove"`
-				}{
+				SupportedOperations: &api.StoreTypeSupportedOperations{
 					Add:        storeTypeConfig[storeType].(map[string]interface{})["SupportedOperations"].(map[string]interface{})["Add"].(bool),
 					Create:     storeTypeConfig[storeType].(map[string]interface{})["SupportedOperations"].(map[string]interface{})["Create"].(bool),
 					Discovery:  storeTypeConfig[storeType].(map[string]interface{})["SupportedOperations"].(map[string]interface{})["Discovery"].(bool),
 					Enrollment: storeTypeConfig[storeType].(map[string]interface{})["SupportedOperations"].(map[string]interface{})["Enrollment"].(bool),
 					Remove:     storeTypeConfig[storeType].(map[string]interface{})["SupportedOperations"].(map[string]interface{})["Remove"].(bool),
 				},
-				Properties:      props,
-				EntryParameters: []api.EntryParameter{},
-				PasswordOptions: struct {
-					EntrySupported bool   `json:"EntrySupported"`
-					StoreRequired  bool   `json:"StoreRequired"`
-					Style          string `json:"Style"`
-				}{
+				Properties:      &props,
+				EntryParameters: &[]api.EntryParameter{},
+				PasswordOptions: &api.StoreTypePasswordOptions{
 					EntrySupported: storeTypeConfig[storeType].(map[string]interface{})["PasswordOptions"].(map[string]interface{})["EntrySupported"].(bool),
 					StoreRequired:  storeTypeConfig[storeType].(map[string]interface{})["PasswordOptions"].(map[string]interface{})["StoreRequired"].(bool),
 					Style:          storeTypeConfig[storeType].(map[string]interface{})["PasswordOptions"].(map[string]interface{})["Style"].(string),
@@ -305,7 +295,7 @@ func getValidStoreTypes() []string {
 func init() {
 
 	validTypesString := strings.Join(getValidStoreTypes(), ", ")
-	rootCmd.AddCommand(storeTypesCmd)
+	RootCmd.AddCommand(storeTypesCmd)
 
 	// GET store type templates
 	storeTypesCmd.AddCommand(fetchStoreTypes)

cmd/stores.go

@@ -1,6 +1,5 @@
 /*
 Copyright © 2022 NAME HERE <EMAIL ADDRESS>
-
 */
 package cmd
 
@@ -63,7 +62,7 @@ var storesGetCmd = &cobra.Command{
 
 func init() {
 	var storeId string
-	rootCmd.AddCommand(storesCmd)
+	RootCmd.AddCommand(storesCmd)
 	storesCmd.AddCommand(storesListCmd)
 	storesCmd.AddCommand(storesGetCmd)
 	storesGetCmd.Flags().StringVarP(&storeId, "id", "i", "", "ID of the certificate store to get.")

docs/kfutil.md

@@ -0,0 +1,24 @@
+## kfutil
+
+Keyfactor CLI utilities
+
+### Synopsis
+
+A CLI wrapper around the Keyfactor Platform API.
+
+### Options
+
+```
+  -h, --help     help for kfutil
+  -t, --toggle   Help message for toggle
+```
+
+### SEE ALSO
+
+* [kfutil containers](kfutil_containers.md)	 - Keyfactor CertificateStoreContainer API and utilities.
+* [kfutil orchs](kfutil_orchs.md)	 - Keyfactor agents/orchestrators APIs and utilities.
+* [kfutil status](kfutil_status.md)	 - List the status of Keyfactor services.
+* [kfutil store-types](kfutil_store-types.md)	 - Keyfactor certificate store types APIs and utilities.
+* [kfutil stores](kfutil_stores.md)	 - Keyfactor certificate stores APIs and utilities.
+
+###### Auto generated by spf13/cobra on 24-Oct-2022

docs/kfutil_containers.md

@@ -0,0 +1,21 @@
+## kfutil containers
+
+Keyfactor CertificateStoreContainer API and utilities.
+
+### Synopsis
+
+A collections of APIs and utilities for interacting with Keyfactor certificate store containers.
+
+### Options
+
+```
+  -h, --help   help for containers
+```
+
+### SEE ALSO
+
+* [kfutil](kfutil.md)	 - Keyfactor CLI utilities
+* [kfutil containers get](kfutil_containers_get.md)	 - Get certificate store container by ID or name.
+* [kfutil containers list](kfutil_containers_list.md)	 - List certificate store containers.
+
+###### Auto generated by spf13/cobra on 24-Oct-2022

docs/kfutil_containers_get.md

@@ -0,0 +1,24 @@
+## kfutil containers get
+
+Get certificate store container by ID or name.
+
+### Synopsis
+
+Get certificate store container by ID or name.
+
+```
+kfutil containers get [flags]
+```
+
+### Options
+
+```
+  -h, --help        help for get
+  -i, --id string   ID or name of the cert store container.
+```
+
+### SEE ALSO
+
+* [kfutil containers](kfutil_containers.md)	 - Keyfactor CertificateStoreContainer API and utilities.
+
+###### Auto generated by spf13/cobra on 24-Oct-2022