fixes bug where wrong pickup-id variable was set. fixes bug for ARN a…

…s the value from websocket is not responding with that value. Thus this required update in function provisionToMachineIdentiy to find out before hand the keystore type (if keystore was not provided in request

cmd/vcert/cmdCloudKeystores.go

@@ -79,7 +79,7 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
 	}
 	switch metadata.CloudKeystoreType {
 	case domain.CloudKeystoreTypeACM:
-		result.ARN = metadata.ARN
+		result.ARN = metadata.CertificateID
 	case domain.CloudKeystoreTypeAKV:
 		result.AzureID = metadata.CertificateID
 		result.AzureName = metadata.CertificateName

cmd/vcert/utils.go

@@ -621,7 +621,7 @@ func randRunes(n int) string {
 func fillProvisioningRequest(req *domain.ProvisioningRequest, keystore domain.CloudKeystore, cf *commandFlags) (*domain.ProvisioningRequest, *domain.ProvisioningOptions) {
 	req.CertificateID = cleanEmptyStringPointer(cf.certificateID)
 	req.Keystore = &keystore
-	req.PickupID = &(cf.pickupID)
+	req.PickupID = &(cf.provisionPickupID)
 
 	if cf.keystoreCertName == "" {
 		return req, nil

examples/provisionWithCertificateRequest/main.go

@@ -89,7 +89,7 @@ func main() {
 
 	// Example to get values from other keystores machine identities metadata
 	if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeACM {
-		log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.ARN)
+		log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.CertificateID)
 	}
 	if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeAKV {
 		log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.CertificateID)

examples/provisionWithServiceAccount/main.go

@@ -103,7 +103,7 @@ func main() {
 
 	// Example to get values from other keystores machine identities metadata
 	if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeACM {
-		log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.ARN)
+		log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.CertificateID)
 	}
 	if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeAKV {
 		log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.CertificateID)

pkg/domain/provisioning.go

@@ -17,7 +17,6 @@ type ProvisioningRequest struct {
 
 type ProvisioningMetadata struct {
 	CloudKeystoreType         CloudKeystoreType
-	ARN                       string
 	CertificateID             string
 	CertificateName           string
 	CertificateVersion        string

pkg/venafi/cloud/cloudproviders.go

@@ -18,7 +18,6 @@ import (
 )
 
 type CloudKeystoreProvisioningResult struct {
-	Arn                        string `json:"arn"`
 	CloudProviderCertificateID string `json:"cloudProviderCertificateId"`
 	CloudCertificateName       string `json:"cloudProviderCertificateName"`
 	CloudCertificateVersion    string `json:"cloudProviderCertificateVersion"`
@@ -133,7 +132,7 @@ func (c *Connector) ProvisionCertificate(req *domain.ProvisioningRequest, option
 
 	// parsing metadata from websocket response
 	log.Printf("Getting Cloud Metadata of Certificate ID %s and Keystore ID: %s", certificateIDString, cloudKeystore.ID)
-	cloudMetadata, err := getCloudMetadataFromWebsocketResponse(workflowResponse.Data.Result)
+	cloudMetadata, err := getCloudMetadataFromWebsocketResponse(workflowResponse.Data.Result, cloudKeystore.Type)
 	if err != nil {
 		return nil, err
 	}
@@ -201,9 +200,24 @@ func (c *Connector) ProvisionCertificateToMachineIdentity(req domain.Provisionin
 		return nil, err
 	}
 
+	keystoreType := domain.CloudKeystoreTypeUnknown
+	if req.Keystore == nil {
+		log.Printf("fetching machine identity to get type")
+		machineIdentity, err := c.cloudProvidersClient.GetMachineIdentity(ctx, domain.GetCloudMachineIdentityRequest{
+			MachineIdentityID: req.MachineIdentityID,
+		})
+		if err != nil {
+			return nil, fmt.Errorf("failed to get machine identity: %w", err)
+		}
+		log.Printf("successfully fetched machine identity")
+		keystoreType = machineIdentity.Metadata.GetKeystoreType()
+	} else {
+		keystoreType = req.Keystore.Type
+	}
+
 	// parsing metadata from websocket response
 	log.Printf("Getting Cloud Metadata of Machine Identity with ID: %s", machineIdentityID)
-	cloudMetadata, err := getCloudMetadataFromWebsocketResponse(ar.Data.Result)
+	cloudMetadata, err := getCloudMetadataFromWebsocketResponse(ar.Data.Result, keystoreType)
 	if err != nil {
 		return nil, err
 	}
@@ -329,7 +343,7 @@ func (c *Connector) getGraphqlHTTPClient() *http.Client {
 	return httpclient
 }
 
-func getCloudMetadataFromWebsocketResponse(resultMap interface{}) (*domain.ProvisioningMetadata, error) {
+func getCloudMetadataFromWebsocketResponse(resultMap interface{}, keystoreType domain.CloudKeystoreType) (*domain.ProvisioningMetadata, error) {
 
 	result := CloudKeystoreProvisioningResult{}
 	resultBytes, err := json.Marshal(resultMap)
@@ -348,25 +362,13 @@ func getCloudMetadataFromWebsocketResponse(resultMap interface{}) (*domain.Provi
 	}
 
 	cloudMetadata := &domain.ProvisioningMetadata{
-		CloudKeystoreType:         domain.CloudKeystoreTypeUnknown,
-		ARN:                       result.Arn,
+		CloudKeystoreType:         keystoreType,
 		CertificateID:             result.CloudProviderCertificateID,
 		CertificateName:           result.CloudCertificateName,
 		CertificateVersion:        result.CloudCertificateVersion,
 		MachineIdentityID:         result.MachineIdentityId,
 		MachineIdentityActionType: result.MachineIdentityActionType,
 	}
 
-	// Only ACM returns an ARN value
-	if result.Arn != "" {
-		cloudMetadata.CloudKeystoreType = domain.CloudKeystoreTypeACM
-	} else if result.CloudCertificateVersion != "" {
-		// Only Azure returns a certificate version value
-		cloudMetadata.CloudKeystoreType = domain.CloudKeystoreTypeAKV
-	} else {
-		// No ARN and no certificate version, default to GCM
-		cloudMetadata.CloudKeystoreType = domain.CloudKeystoreTypeGCM
-	}
-
 	return cloudMetadata, err
 }