Skip to content

Commit daaf9ce

Browse files
spbsolublespbsoluble
committed
fix(rot): Audit file missing date.
chore: rot docs update
1 parent aebe004 commit daaf9ce

File tree

2 files changed

+39
-8
lines changed

2 files changed

+39
-8
lines changed

cmd/rot.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -131,7 +131,7 @@ func generateAuditReport(addCerts map[string]string, removeCerts map[string]stri
131131
for _, store := range stores {
132132
if _, ok := store.Thumbprints[cert]; ok {
133133
// Cert is already in the store do nothing
134-
row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "false", "false", "true"}
134+
row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "false", "false", "true", GetCurrentTime()}
135135
data = append(data, row)
136136
wErr := csvWriter.Write(row)
137137
if wErr != nil {
@@ -140,7 +140,7 @@ func generateAuditReport(addCerts map[string]string, removeCerts map[string]stri
140140
}
141141
} else {
142142
// Cert is not deployed to this store and will need to be added
143-
row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "true", "false", "false"}
143+
row := []string{cert, certIDStr, certLookup.IssuedDN, certLookup.IssuerDN, store.ID, store.Type, store.Machine, store.Path, "true", "false", "false", GetCurrentTime()}
144144
data = append(data, row)
145145
wErr := csvWriter.Write(row)
146146
if wErr != nil {

readme_source.md

Lines changed: 37 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -85,17 +85,33 @@ files containing a list of certificate thumbprints. To generate a template for t
8585
```bash
8686
kfutil stores rot generate-template --type certs
8787
```
88+
To prepopulate the template file you can provide `--cn` multiple times.
89+
```bash
90+
kfutil stores rot generate-template --type certs \
91+
--cn <cert subject name> \
92+
--cn <additional cert subject name>
93+
```
94+
8895
In addition, you must provide a list of stores you wish to audit. To generate a template for this file, run the following
8996
command:
9097
```bash
9198
kfutil stores rot generate-template --type stores
9299
```
100+
To prepopulate the template file you can provide `--store-type` and `--container-type` multiple times.
101+
```bash
102+
kfutil stores rot generate-template --type stores \
103+
--store-type <store type name> \
104+
--store-type <additional store type name> \
105+
--container-type <container type name> \
106+
--container-type <additional container type name>
107+
```
108+
93109
With all the files generated and populated, you can now run the audit command:
94110
```bash
95111
kfutil stores rot audit \
96-
--stores stores.csv \
97-
--add-certs addCerts.csv \
98-
--remove-certs removeCerts.csv
112+
--stores stores_template.csv \
113+
--add-certs certs_template.csv \
114+
--remove-certs certs_template2.csv
99115
```
100116
This will generate an audit file that contains the results of the audit and actions that will be taken if `reconcile` is
101117
executed. By default, the audit file will be named `rot_audit.csv` and will be written to the current directory. To output
@@ -118,17 +134,32 @@ files containing a list of certificate thumbprints. To generate a template for t
118134
```bash
119135
kfutil stores rot generate-template --type certs
120136
```
137+
To prepopulate the template file you can provide `--cn` multiple times.
138+
```bash
139+
kfutil stores rot generate-template --type certs \
140+
--cn <cert subject name> \
141+
--cn <additional cert subject name>
142+
```
121143
In addition, you must provide a list of stores you wish to reconcile. To generate a template for this file, run the following
122144
command:
123145
```bash
124146
kfutil stores rot generate-template --type stores
125147
```
148+
To pre-populate the stores template file you can provide multiple values in any combination of the following flags:
149+
```bash
150+
kfutil stores rot generate-template --type stores \
151+
--store-type <store type name> \
152+
--store-type <additional store type name> \
153+
--container-type <container type name> \
154+
--container-type <additional container type name>
155+
```
156+
126157
With all the files generated and populated, you can now run the reconcile command:
127158
```bash
128159
kfutil stores rot reconcile \
129-
--stores stores.csv \
130-
--add-certs addCerts.csv \
131-
--remove-certs removeCerts.csv
160+
--stores stores_template.csv \
161+
--add-certs certs_template.csv \
162+
--remove-certs certs_template2.csv
132163
```
133164
This will generate an audit file that contains the results of the audit and actions will immediately execute those actions.
134165
By default, the reconcile file will be named `rot_audit.csv` and will be written to the current directory. To output

0 commit comments

Comments
 (0)