From a10a9071f9ba6d4b92905de451d9fe79b82334f0 Mon Sep 17 00:00:00 2001
From: Luis Presuel <luis.presuel@venafi.com>
Date: Tue, 28 May 2024 10:34:14 -0600
Subject: [PATCH 1/3] adds certificate ID File flags for provisioning in VCert
 CLI

---
 README-CLI-CLOUD.md            | 23 ++++++++++----------
 cmd/vcert/args.go              |  1 +
 cmd/vcert/cmdCloudKeystores.go | 39 ++++++++++++++++++++++++----------
 cmd/vcert/flags.go             |  8 +++++++
 cmd/vcert/validators.go        | 13 ++++++++++--
 5 files changed, 60 insertions(+), 24 deletions(-)

diff --git a/README-CLI-CLOUD.md b/README-CLI-CLOUD.md
index 1ea594e9..7c088b9a 100644
--- a/README-CLI-CLOUD.md
+++ b/README-CLI-CLOUD.md
@@ -229,17 +229,18 @@ vcert provisioning cloudkeystore -p vcp -t <access token> [--certificate-id <cer
 ```
 Options:
 
-| Command              | Description                                                                                                                                                                                                            |
-|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `--certificate-id`   | The id of the certificate to be provisioned to a cloud keystore.                                                                                                                                                       |
-| `--pickup-id`        | Use to specify the unique identifier of the certificate returned by the enroll or renew actions if `--no-pickup` was used or a timeout occurred. Required when `--pickup-id-file` is not specified.                    |
-| `--pickup-id-file`   | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
-| `--certificate-name` | Use to specify Cloud Keystore Certificate Name if it supports it                                                                                                                                                       |
-| `--keystore-id`      | The id of the cloud keystore where the certificate will be provisioned.                                                                                                                                                |
-| `--provider-name`    | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.                                                                     |
-| `--keystore-name`    | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.                                                                                                   |
-| `--file`             | Use to specify a file name and a location where the output should be written. Example: --file /path-to/provision-output                                                                                                |
-| `--format`           | The format of the operation output: text or JSON. Defaults to text.                                                                                                                                                    |
+| Command                 | Description                                                                                                                                                                                                            |
+|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `--certificate-id`      | The id of the certificate to be provisioned to a cloud keystore.                                                                                                                                                       |
+| `--certificate-id-file` | Use to specify a file name that contains the unique identifier of the certificate. Required when `--certificate-id` is not specified.                                                                                  |
+| `--pickup-id`           | Use to specify the unique identifier of the certificate returned by the enroll or renew actions. Required when `--pickup-id-file` is not specified.                                                                    |
+| `--pickup-id-file`      | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
+| `--certificate-name`    | Use to specify Cloud Keystore Certificate Name if it supports it                                                                                                                                                       |
+| `--keystore-id`         | The id of the cloud keystore where the certificate will be provisioned.                                                                                                                                                |
+| `--provider-name`       | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.                                                                     |
+| `--keystore-name`       | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.                                                                                                   |
+| `--file`                | Use to specify a file name and a location where the output should be written. Example: --file /path-to/provision-output                                                                                                |
+| `--format`              | The format of the operation output: text or JSON. Defaults to text.                                                                                                                                                    |
 
 ## Parameters for Applying Certificate Policy
 API key:
diff --git a/cmd/vcert/args.go b/cmd/vcert/args.go
index 60a3f886..a2c18d85 100644
--- a/cmd/vcert/args.go
+++ b/cmd/vcert/args.go
@@ -147,6 +147,7 @@ type commandFlags struct {
 	sshFileCertEnroll    string
 	sshFileGetConfig     string
 	certificateID        string
+	certificateIDFile    string
 	keystoreID           string
 	providerName         string
 	keystoreName         string
diff --git a/cmd/vcert/cmdCloudKeystores.go b/cmd/vcert/cmdCloudKeystores.go
index dd612d2e..4aa13829 100644
--- a/cmd/vcert/cmdCloudKeystores.go
+++ b/cmd/vcert/cmdCloudKeystores.go
@@ -32,12 +32,18 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
 	if err != nil {
 		return err
 	}
+	var flagsP *commandFlags
+	flagsP, err = gettingIDsFromFiles(&flags)
+	if err != nil {
+		return err
+	}
+
 	err = setTLSConfig()
 	if err != nil {
 		return err
 	}
 
-	cfg, err := buildConfig(c, &flags)
+	cfg, err := buildConfig(c, flagsP)
 	if err != nil {
 		return fmt.Errorf("failed to build vcert config: %s", err)
 	}
@@ -53,22 +59,14 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
 	var options *endpoint.ProvisioningOptions
 
 	log.Printf("fetching keystore information for provided keystore information from flags. KeystoreID: %s, KeystoreName: %s, ProviderName: %s", flags.keystoreID, flags.keystoreName, flags.providerName)
-	getKeystoreReq := buildGetCloudKeystoreRequest(&flags)
+	getKeystoreReq := buildGetCloudKeystoreRequest(flagsP)
 	cloudKeystore, err := connector.(*cloud.Connector).GetCloudKeystore(getKeystoreReq)
 	if err != nil {
 		return err
 	}
 	log.Printf("successfully fetched keystore")
 
-	if flags.pickupIDFile != "" {
-		bytes, err := os.ReadFile(flags.pickupIDFile)
-		if err != nil {
-			return fmt.Errorf("failed to read Pickup ID value: %s", err)
-		}
-		flags.pickupID = strings.TrimSpace(string(bytes))
-	}
-
-	req, options = fillProvisioningRequest(req, *cloudKeystore, &flags)
+	req, options = fillProvisioningRequest(req, *cloudKeystore, flagsP)
 
 	metadata, err := connector.ProvisionCertificate(req, options)
 	if err != nil {
@@ -94,3 +92,22 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
 	}
 	return nil
 }
+
+func gettingIDsFromFiles(flags *commandFlags) (*commandFlags, error) {
+	if flags.pickupIDFile != "" {
+		fmt.Printf("pickupIDFILE is not empty string")
+		bytes, err := os.ReadFile(flags.pickupIDFile)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read Pickup ID value: %s", err)
+		}
+		flags.pickupID = strings.TrimSpace(string(bytes))
+	}
+	if flags.certificateIDFile != "" {
+		bytes, err := os.ReadFile(flags.certificateIDFile)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read Certificate ID value: %s", err)
+		}
+		flags.certificateID = strings.TrimSpace(string(bytes))
+	}
+	return flags, nil
+}
diff --git a/cmd/vcert/flags.go b/cmd/vcert/flags.go
index 9f8ff6c9..bf10cbf9 100644
--- a/cmd/vcert/flags.go
+++ b/cmd/vcert/flags.go
@@ -714,6 +714,13 @@ var (
 		Destination: &flags.certificateID,
 	}
 
+	flagCertificateIDFile = &cli.StringFlag{
+		Name: "certificate-id-file",
+		Usage: "Use to specify the file name from where to read or write the Certificate ID. " +
+			"Either --certificate-id or --certificate-id-file is required.",
+		Destination: &flags.certificateIDFile,
+	}
+
 	flagKeystoreID = &cli.StringFlag{
 		Name:        "keystore-id",
 		Usage:       "The id of the cloud keystore where the certificate will be provisioned.",
@@ -900,6 +907,7 @@ var (
 		credentialsFlags,
 		flagPlatform,
 		flagCertificateID,
+		flagCertificateIDFile,
 		flagProvisionPickupID,
 		flagPickupIDFile,
 		flagKeystoreCertName,
diff --git a/cmd/vcert/validators.go b/cmd/vcert/validators.go
index 3bc2f49f..e66fa48d 100644
--- a/cmd/vcert/validators.go
+++ b/cmd/vcert/validators.go
@@ -732,8 +732,8 @@ func validateProvisionFlags(commandName string) error {
 		return fmt.Errorf("unexpected output format: %s", flags.format)
 	}
 
-	if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" {
-		return fmt.Errorf("please, provide any of --certificate-id or --pickup-id or --pickup-id-file")
+	if flags.certificateID == "" && flags.provisionPickupID == "" && flags.pickupIDFile == "" && flags.certificateIDFile == "" {
+		return fmt.Errorf("please, provide any of --certificate-id or --certificate-id-file or --pickup-id or --pickup-id-file")
 	}
 
 	if flags.pickupIDFile != "" {
@@ -745,6 +745,15 @@ func validateProvisionFlags(commandName string) error {
 		}
 	}
 
+	if flags.certificateIDFile != "" {
+		if flags.pickupID != "" {
+			return fmt.Errorf("both --certificate-id and --pickup-id-file options cannot be specified at the same time")
+		}
+		if flags.certificateID != "" {
+			return fmt.Errorf("both --certificate-id and --certificate-id-file options cannot be specified at the same time")
+		}
+	}
+
 	if flags.keystoreID == "" {
 		if flags.keystoreName == "" || flags.providerName == "" {
 			return fmt.Errorf("any of keystore ID or both Provider Name and Keystore Name must be provided for provisioning")

From 011af0b4834c0d5c8ff17e0b511fc5ee77121034 Mon Sep 17 00:00:00 2001
From: Luis Presuel <luis.presuel@venafi.com>
Date: Tue, 28 May 2024 11:52:28 -0600
Subject: [PATCH 2/3] rearranges flags in documentation so they are in
 alphabetical order

---
 README-CLI-CLOUD.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README-CLI-CLOUD.md b/README-CLI-CLOUD.md
index 7c088b9a..e7034cb7 100644
--- a/README-CLI-CLOUD.md
+++ b/README-CLI-CLOUD.md
@@ -233,14 +233,14 @@ Options:
 |-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `--certificate-id`      | The id of the certificate to be provisioned to a cloud keystore.                                                                                                                                                       |
 | `--certificate-id-file` | Use to specify a file name that contains the unique identifier of the certificate. Required when `--certificate-id` is not specified.                                                                                  |
-| `--pickup-id`           | Use to specify the unique identifier of the certificate returned by the enroll or renew actions. Required when `--pickup-id-file` is not specified.                                                                    |
-| `--pickup-id-file`      | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
 | `--certificate-name`    | Use to specify Cloud Keystore Certificate Name if it supports it                                                                                                                                                       |
-| `--keystore-id`         | The id of the cloud keystore where the certificate will be provisioned.                                                                                                                                                |
-| `--provider-name`       | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.                                                                     |
-| `--keystore-name`       | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.                                                                                                   |
 | `--file`                | Use to specify a file name and a location where the output should be written. Example: --file /path-to/provision-output                                                                                                |
 | `--format`              | The format of the operation output: text or JSON. Defaults to text.                                                                                                                                                    |
+| `--keystore-id`         | The id of the cloud keystore where the certificate will be provisioned.                                                                                                                                                |
+| `--keystore-name`       | The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.                                                                                                   |
+| `--pickup-id-file`      | Use to specify a file name that contains the unique identifier of the certificate returned by the enroll or renew actions if --no-pickup was used or a timeout occurred. Required when `--pickup-id` is not specified. |
+| `--pickup-id`           | Use to specify the unique identifier of the certificate returned by the enroll or renew actions. Required when `--pickup-id-file` is not specified.                                                                    |
+| `--provider-name`       | The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.                                                                     |
 
 ## Parameters for Applying Certificate Policy
 API key:

From 65cf690f8b47cb5394d80e6a422877bef69e473f Mon Sep 17 00:00:00 2001
From: Luis Presuel <luis.presuel@venafi.com>
Date: Tue, 28 May 2024 12:05:06 -0600
Subject: [PATCH 3/3] removes unneeded debug print

---
 cmd/vcert/cmdCloudKeystores.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/cmd/vcert/cmdCloudKeystores.go b/cmd/vcert/cmdCloudKeystores.go
index 4aa13829..6da6793e 100644
--- a/cmd/vcert/cmdCloudKeystores.go
+++ b/cmd/vcert/cmdCloudKeystores.go
@@ -95,7 +95,6 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error {
 
 func gettingIDsFromFiles(flags *commandFlags) (*commandFlags, error) {
 	if flags.pickupIDFile != "" {
-		fmt.Printf("pickupIDFILE is not empty string")
 		bytes, err := os.ReadFile(flags.pickupIDFile)
 		if err != nil {
 			return nil, fmt.Errorf("failed to read Pickup ID value: %s", err)