ref/cmd/principal: Add more blessing information getters.
This closes veyron/release-issues#991.
This change add the following commands to make driling into
blessings more command line friendly:
(1) 'principal get publickey' gets the publickey of the principal.
(2) 'principal get default' and 'principal get forpeer <peer>'
now take the following flags.
(a) 'principal get default --names' prints the names of the blessings.
(b) 'principal get default --rootkey <chainname> prints the root key of
one of the names from (a).
(c) 'principal get default --caveats <chainname> prints the caveats of
one fo the names from (a).
Change-Id: I00754e2dd047748931c9be504033118e3171ca68
diff --git a/cmd/principal/doc.go b/cmd/principal/doc.go
index 93a5977..9ffcd6d 100644
--- a/cmd/principal/doc.go
+++ b/cmd/principal/doc.go
@@ -223,7 +223,7 @@
The principal dump flags are:
-s=false
- If true, show a only the default blessing names
+ If true, show only the default blessing names
Principal Dumpblessings
@@ -389,6 +389,7 @@
The principal get commands are:
default Return blessings marked as default
forpeer Return blessings marked for the provided peer
+ publickey Prints the public key of the principal.
recognizedroots Return recognized blessings, and their associated public key.
peermap Shows the map from peer pattern to which blessing name to
present.
@@ -396,22 +397,29 @@
Principal Get Default
Returns blessings that are marked as default in the BlessingStore specified by
-the environment that this tool is running in.
+the environment that this tool is running in. Providing --names will print the
+default blessings' chain names. Providing --rootkey <chain_name> will print the
+root key of the certificate chain with chain_name. Providing --caveats
+<chain_name> will print the caveats on the certificate chain with chain_name.
Usage:
principal get default [flags]
The principal get default flags are:
- -name=false
+ -caveats=
+ Shows the caveats on the provided certificate chain name.
+ -names=false
If true, shows the value of the blessing name to be presented to the peer
- -rootkey=false
- If true, shows the value of the root key of the certificate chain to be
- presented to the peer
+ -rootkey=
+ Shows the value of the root key of the provided certificate chain name.
Principal Get Forpeer
Returns blessings that are marked for the provided peer in the BlessingStore
-specified by the environment that this tool is running in.
+specified by the environment that this tool is running in. Providing --names
+will print the blessings' chain names. Providing --rootkey <chain_name> will
+print the root key of the certificate chain with chain_name. Providing --caveats
+<chain_name> will print the caveats on the certificate chain with chain_name.
Usage:
principal get forpeer [flags] [<peer_1> ... <peer_k>]
@@ -423,11 +431,20 @@
the "..." pattern).
The principal get forpeer flags are:
- -name=false
+ -caveats=
+ Shows the caveats on the provided certificate chain name.
+ -names=false
If true, shows the value of the blessing name to be presented to the peer
- -rootkey=false
- If true, shows the value of the root key of the certificate chain to be
- presented to the peer
+ -rootkey=
+ Shows the value of the root key of the provided certificate chain name.
+
+Principal Get Publickey
+
+Prints out the public key of the principal specified by the environment that
+this tool is running in.
+
+Usage:
+ principal get publickey
Principal Get Recognizedroots
