smallstep/cli

[Bug]: `step ca init` with `--pki` ignores `--context` flag

tashian opened this issue · 0 comments

tashian commented

Steps to Reproduce

step ca init --context abc --pki --name="Tiny" --deployment-type standalone

Your Environment

  • OS - macOS
  • step CLI Version - 0.27.2

Expected Behavior

Even if it doesn't create a full context,
I expected it to write to $(step path)/authorities/abc/...

OR, it could error. Perhaps --context (and --profile and --authority) aren't compatible with --pki?

Actual Behavior

It writes to $(step path).

Additional Context

Full example with the --pki flag:

$ export STEPPATH=/tmp
$ step ca init --context abc --pki --name="Tiny" --deployment-type standalone
Choose a password for your CA keys.
✔ [leave empty and we'll generate one]:

Generating root certificate... done!
Generating intermediate certificate... done!

✔ Root certificate: /tmp/certs/root_ca.crt
✔ Root private key: /tmp/secrets/root_ca_key
✔ Root fingerprint: f31b0d5606d139f9dcb6caa02c7282349883ba9851790bff977d4bdbfa32074a
✔ Intermediate certificate: /tmp/certs/intermediate_ca.crt
✔ Intermediate private key: /tmp/secrets/intermediate_ca_key

Without the --pki flag:

$ step ca init --context abc --name="Tiny" --deployment-type standalone
What DNS names or IP addresses will clients use to reach your CA?
✔ (e.g. ca.example.com[,10.1.2.3,etc.]): ca.example.com
What IP and port will your new CA bind to? (:443 will bind to 0.0.0.0:443)
✔ (e.g. :443 or 127.0.0.1:443): :443
What would you like to name the CA's first provisioner?
✔ (e.g. you@smallstep.com): carl@smallstep.com
Choose a password for your CA keys and first provisioner.
✔ [leave empty and we'll generate one]:

Generating root certificate... done!
Generating intermediate certificate... done!

✔ Root certificate: /tmp/authorities/abc/certs/root_ca.crt
✔ Root private key: /tmp/authorities/abc/secrets/root_ca_key
✔ Root fingerprint: 798bd560eabef45a35f0436a612eb0882fb770fc36a9c0f3827da64cd4d8e847
✔ Intermediate certificate: /tmp/authorities/abc/certs/intermediate_ca.crt
✔ Intermediate private key: /tmp/authorities/abc/secrets/intermediate_ca_key
✔ Database folder: /tmp/authorities/abc/db
✔ Default configuration: /tmp/authorities/abc/config/defaults.json
✔ Default profile configuration: /tmp/profiles/abc/config/defaults.json
✔ Certificate Authority configuration: /tmp/authorities/abc/config/ca.json

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).