[Bug]: Updating cloud provisioners TOFU doesn't work #939
Description
Steps to Reproduce
Attempt to update trust of first use for a given provisioner
root@step-ca:~# step ca provisioner update "Amazon Web Services" --disable-trust-on-first-use $STEPAUTH
Check configuration:
root@step-ca:~# step ca provisioner list | jq '.[] | select(.name == "Amazon Web Services") | .'
{
"type": "AWS",
"name": "Amazon Web Services",
"accounts": [
"------"
],
"disableCustomSANs": true,
"disableTrustOnFirstUse": false,
"imdsVersions": [
"v2",
"v1"
],
"instanceAge": "0s",
"claims": {
"enableSSHCA": true,
"disableRenewal": false,
"allowRenewalAfterExpiry": false
},
"options": {
"x509": {},
"ssh": {}
}
}
Nothing changes
Your Environment
- OS -
#31~20.04.1-Ubuntu stepCLI Version - 0.24.4step-caVersion - 0.24.1- using remote management w/ mysql, unable to manually change ca.json, and unable to parse mysql entry to change that manually
Expected Behavior
The provisioner policy changes to
{
"type": "AWS",
"name": "Amazon Web Services",
"accounts": [
"------"
],
"disableCustomSANs": true,
"disableTrustOnFirstUse": true,
"imdsVersions": [
"v2",
"v1"
],
"instanceAge": "0s",
"claims": {
"enableSSHCA": true,
"disableRenewal": false,
"allowRenewalAfterExpiry": false
},
"options": {
"x509": {},
"ssh": {}
}
}
Actual Behavior
The configuration doesn't change
Additional Context
From looking at the code, seems like this line and similar lines for the other cloud providers is wrong: https://github.com/smallstep/cli/blob/master/command/ca/provisioner/update.go#L803
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).