Merge pull request #229 from Venafi/headless-registration-avoid-manda…

…tory-url Avoid -u flag as mandatory for VaaS user register
Venafi · May 17, 2022 · e9e3c6a · e9e3c6a
2 parents 2331c42 + e56f10a
commit e9e3c6a
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 4 deletions.
diff --git a/cmd/vcert/flags.go b/cmd/vcert/flags.go
@@ -60,7 +60,7 @@ var (
 
 	flagEmail = &cli.StringFlag{
 		Name:        "email",
-		Usage:       "Use to specify the email for headless registration on VaaS.",
+		Usage:       "REQUIRED/VaaS. Use to specify the email for headless registration on VaaS.",
 		Destination: &flags.email,
 	}
 

diff --git a/cmd/vcert/utils.go b/cmd/vcert/utils.go
@@ -624,3 +624,34 @@ func randRunes(n int) string {
 	}
 	return string(b)
 }
+
+func getUserParameterProvidedForGetCred() (string, error) {
+
+	tppTokenS := flags.tppToken
+	if tppTokenS == "" {
+		tppTokenS = getPropertyFromEnvironment(vCertToken)
+	}
+
+	identityParameters := map[string]bool{
+		flagTPPUser.Name:   flags.tppUser != "",
+		flagTPPToken.Name:  tppTokenS != "",
+		flagClientP12.Name: flags.clientP12 != "",
+		flagEmail.Name:     flags.email != "",
+	}
+
+	var uniqueIdentity string
+	for identityName, identityValue := range identityParameters {
+		if identityValue {
+			if uniqueIdentity != "" {
+				return "", fmt.Errorf("only one of either --username, --p12-file, -t or --email can be specified")
+			}
+			uniqueIdentity = identityName
+		}
+	}
+
+	if uniqueIdentity == "" {
+		return "", fmt.Errorf("either --username, --p12-file, -t or --email must be specified")
+	}
+
+	return uniqueIdentity, nil
+}
diff --git a/cmd/vcert/validators.go b/cmd/vcert/validators.go
@@ -391,17 +391,26 @@ func validateCredMgmtFlags1(commandName string) error {
 		if flags.testMode {
 			return fmt.Errorf("There is no test mode for %s command", commandName)
 		}
+		getCredForVaaS := false
 		if commandName == commandGetCredName {
-			if flags.tppUser == "" && tppTokenS == "" && flags.clientP12 == "" && flags.email == "" {
-				return fmt.Errorf("either --username, --p12-file, -t or -email must be specified")
+
+			userParameterProvided, err := getUserParameterProvidedForGetCred()
+
+			if err != nil {
+				return err
 			}
+
+			if userParameterProvided == flagEmail.Name {
+				getCredForVaaS = true
+			}
+
 		} else {
 			if tppTokenS == "" {
 				return fmt.Errorf("missing -t (access token) parameter")
 			}
 		}
 
-		if flags.url == "" && getPropertyFromEnvironment(vCertURL) == "" {
+		if flags.url == "" && getPropertyFromEnvironment(vCertURL) == "" && !getCredForVaaS {
 			return fmt.Errorf("missing -u (URL) parameter")
 		}