novafarma/gcloud auth application-default login/google-cloud-sdk/lib/surface/privateca/certificates/export.py

# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Export a pem-encoded certificate to a file."""

from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals

from googlecloudsdk.api_lib.privateca import base as privateca_base
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.privateca import pem_utils
from googlecloudsdk.command_lib.privateca import resource_args
from googlecloudsdk.core import log
from googlecloudsdk.core.util import files


_DETAILED_HELP = {
    'EXAMPLES':
        """\
        To export a single pem-encoded certificate to a file, run the following:

          $ {command} my-cert --issuer=my-ca --issuer-location=us-west1 --output-file=cert.pem

        To export a pem-encoded certificate along with its issuing chain in the
        same file, run the following:

          $ {command} my-cert --issuer=my-ca --issuer-location=us-west1 --include-chain --output-file=chain.pem

        You can omit the --issuer-location flag in both of the above examples if
        you've already set the privateca/location property. For example:

          $ {top_command} config set privateca/location us-west1

          # The following is equivalent to the first example above.
          $ {command} my-cert --issuer=my-ca --output-file=cert.pem

          # The following is equivalent to the second example above.
          $ {command} my-cert --issuer=my-ca --include-chain --output-file=chain.pem
        """
}


@base.ReleaseTracks(base.ReleaseTrack.GA)
class Export(base.SilentCommand):
  r"""Export a pem-encoded certificate to a file.

  ## EXAMPLES

  To export a single pem-encoded certificate to a file, run the following:

    $ {command} my-cert --issuer-pool=my-pool --issuer-location=us-west1 \
      --output-file=cert.pem

  To export a pem-encoded certificate along with its issuing chain in the
  same file, run the following:

  $ {command} my-cert --issuer-pool=my-pool --issuer-location=us-west1 \
    --include-chain \
    --output-file=chain.pem

  You can omit the --issuer-location flag in both of the above examples if
  you've already set the privateca/location property. For example:

  $ {top_command} config set privateca/location us-west1

  # The following is equivalent to the first example above.
  $ {command} my-cert --issuer-pool=my-pool --output-file=cert.pem

  # The following is equivalent to the second example above.
  $ {command} my-cert --issuer-pool=my-pool --include-chain \
    --output-file=chain.pem
  """

  @staticmethod
  def Args(parser):
    resource_args.AddCertPositionalResourceArg(parser, 'to export')
    base.Argument(
        '--output-file',
        help='The path where the resulting PEM-encoded certificate will be '
             'written.',
        required=True).AddToParser(parser)
    base.Argument(
        '--include-chain',
        help="Whether to include the certificate's issuer chain in the "
             "exported file. If this is set, the resulting file will contain "
             "the pem-encoded certificate and its issuing chain, ordered from "
             "leaf to root.",
        action='store_true',
        default=False,
        required=False).AddToParser(parser)

  def Run(self, args):
    client = privateca_base.GetClientInstance(api_version='v1')
    messages = privateca_base.GetMessagesModule(api_version='v1')

    certificate_ref = args.CONCEPTS.certificate.Parse()
    certificate = client.projects_locations_caPools_certificates.Get(
        messages
        .PrivatecaProjectsLocationsCaPoolsCertificatesGetRequest(
            name=certificate_ref.RelativeName()))

    pem_chain = [certificate.pemCertificate]
    if args.include_chain:
      pem_chain += certificate.pemCertificateChain

    files.WriteFileContents(args.output_file,
                            pem_utils.PemChainForOutput(pem_chain))
    log.status.write('Exported certificate [{}] to [{}].'.format(
        certificate_ref.RelativeName(), args.output_file))