e.g. web01-cert.pem
web01-key.pem

CONGRATULATIONS

You just broke pki.io

Email [email protected] or create an issue here ...

etc
[panic]

init > pairing key > CAs > node > CSRs > certs > export

auto updating would be nice, but as an alternative we should do some sort of version check and warn if a newer version is available.

Keybase does a nice job.

warn: Upgrade suggested! Run keybase-installer to upgrade to v0.7.5

Something to think about.

all storage needs to be scoped to a name

I added the following line to the usage under "Examples":

pki.io init --org=<org> --admin=<admin>

Then, when running I just got the generic usage:

$ go run *.go init --org hello --admin fscott
Usage:
    pki.io [--version] <command> [<args>...]
exit status 1

Running this worked:

$ go run *.go init 
map[<command>:init <args>:[] --version:false]
command arguments:
[]
init
Hi
Not Implemented ...yet
exit status 1

In order to get this working I had to reformat the usage a bit:

usage := `pki.io
Usage:
  pki.io init --org=<org> --admin=<admin>
  pki.io --version

Options:
  -h --help   Show this screen
  --version   Show version
  --org=<name> Organisation name
  --admin=<name> Administrator name
`

But that meant not using a subcommand function:

    arguments, _ := docopt.Parse(usage, nil, true, "pki.io", false)
    fmt.Println(arguments)

    if arguments["init"].(bool) {
        runInit(arguments)
    }

Here is the output...

$ go run *.go init --org test --admin babc
map[init:true --org:test --admin:babc --version:false]
&{.}
Creating Org entity
Creating Admin entity
Generating Org keys

Standard Makefile usage for working with source generally looks like

$ make && make install

Therefore we need to ensure that the make command (no arguments) does:

• Get any dependencies
• Runs any tests
• Builds binaries

This also works nicely with TravisCI.

The cert CN should come from the node name and not from the CSR. This is to prevent arbitrary subjects being possible for certs.

Update command line to support expiry options.

Rather than using a shared API, the offline mode should allow sync software (dropbox, spideroak etc) to distribute required files between admins in a way that is seamless.

E.g. make lint

Need to look at nice logging packages (or built in?) and choose one for CLI. Presume packages will continue to just return an error with fmt.Errorf() but at the moment we've just been doing panic() in the CLI.

Write tar.gz of selected data to default file, provided file or standard out.

Should cover the CLI functionality, probably using go run

Into helper functions for now, but possibly a shared CLI package in future.

Jon has updated main packages to support EC, need to update admin client to actually use them.

Would be pretty sweet if admin keys were kept off the admin workstation. Not for release 1 i think ;)

Consider changing bats tests to use the built binary instead of running go run. It might speed up testing, perhaps.

See comments on #52

e.g.
E_BAD_COMMAND := 1
E_BAD_SOMETHING_ELSE := 2

Something that can be used across different cli tools (admin, agent, other?) and provides high level load and save for the API.

Currently setting them correctly, but not enforcing on read or write. Need to do this in a clean and central way, perhaps a sort of File struct that stores the path and perms and enforce perms on each interaction.

Do everything gom related via the make file. That way, if we replaced gom with something else, then interface would stay the same. ie it would still be "make get-deps && make build && make test && make install" regardless of what we use under the hood.

Shows code coverage

From https://gobyexample.com/reading-files

func check(e error) {
if e != nil {
panic(e)
}
}

usage:

check(err)

With encrypted private keys for offline mode.

Ability to create more than 1 admin.