vcert icon indicating copy to clipboard operation
vcert copied to clipboard
verified publisher icon Venafi

getpolicy doesn't work with `-p | --platform`; Breaks Venafi Control Plane usage

Open hawksight opened this issue 1 year ago • 1 comments

PROBLEM SUMMARY

> vcert getpolicy -p vcp -t $VCP_ACCESS_TOKEN -z "tlspk-peter/default"

Incorrect Usage: flag provided but not defined: -p

NAME:
   vcert getpolicy - To retrieve the certificate policy of a zone

USAGE:
    vcert getpolicy <Required Venafi Control Plane -OR- Trust Protection Platform Config> <Options>
           vcert getpolicy -u https://tpp.example.com -t <TPP access token> -z "<policy folder DN>"
       vcert getpolicy -p vcp -t <VCP access token> -z "<app name>\<CIT alias>"

COMMANDS:
   help, h  Shows a list of commands or help for one command

OPTIONS:
   --apiKey value, -k value  REQUIRED/VaaS. Your API key for Venafi as a Service.  Example: -k aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
   --file value              Use to specify the location of a certificate policy specification. REQUIRED for the setpolicy action
   --starter                 Use to generate an empty policy specification file, when using this flag credentials should be avoided (default: false)
   --token value, -t value   REQUIRED/TPP/VaaS/Firefly. Your access token (or refresh token for getcred) for Trust Protection Platform, Venafi as a Service or Firefly. Example: -t Ab01Cd23Ef45Uv67Wx89Yz==
   --trust-bundle value      Use to specify a PEM file name to be used as trust anchors when communicating with the remote server.
   --url value, -u value     REQUIRED/TPP/Firefly/OIDC. The URL of the service.
                               TPP example: -u https://tpp.example.com
                               Firefly example: -u https://firefly.example.com
                               OIDC example: -u https://my.okta.domain//oauth2/v1/token
   --verbose                 Use to increase the level of logging detail, which is helpful when troubleshooting issues (default: false)
   --zone value, -z value    REQUIRED. Use to specify target zone for applying or retrieving certificate policy. In Trust Protection Platform this is the path (DN) of a policy folder and in Venafi as a Service this is the name of an Application and Issuing Template separated by a backslash. Example: -z Engineering\Internal Certs
   --help, -h                show help
vCert: 2024/07/24 14:28:02 flag provided but not defined: -p


> vcert getpolicy -t $VCP_ACCESS_TOKEN -z "tlspk-peter/default"
vCert: 2024/07/24 14:29:53 Warning: --platform not set. Attempting to best-guess platform from connection flags
vCert: 2024/07/24 14:29:53 vcert error: your data contains problems: failed to normalize URL: The specified TPP URL is invalid.
Expected TPP URL format 'https://tpp.company.com/vedsdk/'

STEPS TO REPRODUCE

See above ^

EXPECTED RESULTS

I should be able to use vcert getpolicy with TLS Protect Cloud / Venafi Control Place

ACTUAL RESULTS

Warning if not set:

Warning: --platform not set. Attempting to best-guess platform from connection flags

Error when set:

Incorrect Usage: flag provided but not defined: -p

ENVIRONMENT DETAILS

MacOSx:

> sw_vers
ProductName:		macOS
ProductVersion:		14.5
BuildVersion:		23F79

> vcert --version
vcert version v5.7.1

COMMENTS/WORKAROUNDS

No workarounds.

Please note that I raised this issue as a comment previosuly in issue #462.

hawksight avatar Jul 24 '24 13:07 hawksight

vcert pickup has the same issue. It will throw an error if the -p | --platform switch is used

jyppy avatar Sep 04 '24 02:09 jyppy

@hawksight , @jyppy , we didn't have this support for that flag. Now this is added in latest VCert version (as the moment of making this comment) v5.9.1 and I'll close this ticket accordingly. If you still encounter issues related to this issue, feel free to re-open the ticket.

luispresuelVenafi avatar May 30 '25 19:05 luispresuelVenafi