in source/packages/services/installer/src/commands/modules/service/certificateVendor.ts [57:426]
public async prompts(answers: Answers): Promise<Answers> {
delete answers.certificateVendor?.redeploy;
let updatedAnswers: Answers = await inquirer.prompt(
[redeployIfAlreadyExistsPrompt(this.name, this.stackName)],
answers
);
if ((updatedAnswers.certificateVendor?.redeploy ?? true) === false) {
return updatedAnswers;
}
if (updatedAnswers.certificateVendor === undefined) {
updatedAnswers.certificateVendor = {};
}
const pcaAliases = await this.getPcaAliases(answers);
updatedAnswers.certificateVendor.pcaAliases = pcaAliases;
const iotCaAliases = await this.getIotCaAliases(answers);
updatedAnswers.certificateVendor.iotCaAliases = iotCaAliases;
// eslint-disable-next-line
const _ = this;
updatedAnswers = await inquirer.prompt(
[
{
message: 'Will you be requesting certificates using a CSR?',
type: 'confirm',
name: 'certificateVendor.providingCSRs',
default: false,
askAnswered: true,
},
{
message: 'Will you use ACMPCA to issue the certificate ?',
type: 'confirm',
name: 'certificateVendor.acmpcaEnabled',
default: false,
askAnswered: true,
when(answers: Answers) {
return answers.certificateVendor?.providingCSRs ?? false;
},
},
{
message: `If using ACM PCA, and ACM PCA is located in another AWS Account, enter the IAM cross-account role (leave blank otherwise)`,
type: 'input',
name: 'certificateVendor.acmpcaCrossAccountRoleArn',
default: answers.certificateVendor?.acmpcaCrossAccountRoleArn ?? '',
askAnswered: true,
validate: (answer: string) => {
if (answer?.length === 0) {
return true;
}
return CommonArnValidations.validateAwsIAMRoleArn(answer);
},
when(answers: Answers) {
return (
answers.certificateVendor?.providingCSRs &&
answers.certificateVendor?.acmpcaEnabled
);
},
},
{
message: `If ACM PCA is located in a different region, enter the region name (leave blank for default region)`,
type: 'input',
name: 'certificateVendor.acmpcaRegion',
default: answers.certificateVendor?.acmpcaRegion ?? answers.region,
askAnswered: true,
validate(answer: string) {
if (answer?.length === 0) {
return false;
}
return true;
},
when(answers: Answers) {
return (
answers.certificateVendor?.providingCSRs &&
answers.certificateVendor?.acmpcaEnabled
);
},
},
{
message:
'Enter the CertificateAuthorityArn (caArn) of ACMPCA to be used to sign the certificates with a CSR:',
type: 'input',
name: 'certificateVendor.caArnAcmpca',
default: updatedAnswers.certificateVendor?.caArnAcmpca,
askAnswered: true,
when(answers: Answers) {
return (
answers.certificateVendor?.providingCSRs &&
answers.certificateVendor?.acmpcaEnabled
);
},
validate(answer: string) {
if ((answer?.length ?? 0) === 0) {
return `You must enter the CertificateAuthorityArn (caArn) of certificate ID.`;
}
return true;
},
},
{
message:
'Choose the Signaling Algorithm of ACMPCA to be used to sign the certificates with a CSR:',
type: 'list',
name: 'certificateVendor.acmpcaSigningAlgorithm',
choices: [
'SHA256WITHECDSA',
'SHA384WITHECDSA',
'SHA512WITHECDSA',
'SHA256WITHRSA',
'SHA384WITHRSA',
'SHA512WITHRSA',
],
default: updatedAnswers.certificateVendor?.acmpcaSigningAlgorithm,
askAnswered: true,
when(answers: Answers) {
return (
answers.certificateVendor?.providingCSRs &&
answers.certificateVendor?.acmpcaEnabled
);
},
validate(answer: string) {
if ((answer?.length ?? 0) === 0) {
return `You must choose a Signaling Algorithm.`;
}
return true;
},
},
{
message:
'Enter the CA certificate ID to be used to sign the certificates requested with a CSR:',
type: 'input',
name: 'certificateVendor.caCertificateId',
default: updatedAnswers.certificateVendor?.caCertificateId,
askAnswered: true,
when(answers: Answers) {
return answers.certificateVendor?.providingCSRs ?? false;
},
validate(answer: string) {
if ((answer?.length ?? 0) === 0) {
return `You must enter the CA certificate ID.`;
}
return true;
},
},
],
updatedAnswers
);
updatedAnswers = await inquirer.prompt(
[
{
message: `Create or modify AWS IoT CA alias list?`,
type: 'confirm',
name: 'certificateVendor.setIotCaAliases',
default: answers.certificateVendor?.setIotCaAliases ?? true,
askAnswered: true,
when(answers: Answers) {
return (
answers.certificateVendor?.providingCSRs &&
answers.certificateVendor?.acmpcaEnabled
);
},
},
],
updatedAnswers
);
//Collect the IoT CA List
let iotCaFinished = false;
if (updatedAnswers.certificateVendor?.setIotCaAliases) {
while (!iotCaFinished) {
const iotCaAliases = await this.getIotCaAliases(updatedAnswers);
updatedAnswers.certificateVendor.iotCaAliases = iotCaAliases;
updatedAnswers = await inquirer.prompt(
[..._.getIoTCAPrompt(answers, iotCaAliases)],
updatedAnswers
);
// Update the iotCaAlias to upper case
if (updatedAnswers.certificateVendor.iotCaAlias === undefined) {
updatedAnswers.certificateVendor.iotCaFinished = true;
} else {
updatedAnswers.certificateVendor.iotCaAlias =
updatedAnswers.certificateVendor.iotCaAlias.toUpperCase();
if (
!updatedAnswers.certificateVendor.iotCaAliases.list.includes(
updatedAnswers.certificateVendor.iotCaAlias
)
) {
const alias = updatedAnswers.certificateVendor.iotCaAlias;
const value = updatedAnswers.certificateVendor.iotCaID;
updatedAnswers.certificateVendor.iotCaAliases.cas.push({ alias, value });
updatedAnswers.certificateVendor.iotCaAliases.list.push(alias);
}
}
iotCaFinished = updatedAnswers.certificateVendor.iotCaFinished;
}
}
updatedAnswers = await inquirer.prompt(
[
{
message: `Create or modify ACM PCA CA alias list?`,
type: 'confirm',
name: 'certificateVendor.setPcaAliases',
default: answers.certificateVendor?.setPcaAliases ?? true,
askAnswered: true,
when(answers: Answers) {
return (
answers.certificateVendor?.providingCSRs &&
answers.certificateVendor?.acmpcaEnabled
);
},
},
],
updatedAnswers
);
//Collect the ACM PCA List
let pcaFinished = false;
if (updatedAnswers.certificateVendor?.setPcaAliases) {
while (!pcaFinished) {
const pcaAliases = await this.getPcaAliases(updatedAnswers);
updatedAnswers.certificateVendor.pcaAliases = pcaAliases;
updatedAnswers = await inquirer.prompt(
[..._.getPCAPrompt(answers, pcaAliases)],
updatedAnswers
);
if (updatedAnswers.certificateVendor.pcaAlias === undefined) {
updatedAnswers.certificateVendor.pcaFinished = true;
} else {
// Update the pcaAlias to upper case to be stored in the installer config
updatedAnswers.certificateVendor.pcaAlias =
updatedAnswers.certificateVendor.pcaAlias.toUpperCase();
if (
!updatedAnswers.certificateVendor.pcaAliases.list.includes(
updatedAnswers.certificateVendor.pcaAlias
)
) {
const alias = updatedAnswers.certificateVendor.pcaAlias;
const value = updatedAnswers.certificateVendor.pcaArn;
updatedAnswers.certificateVendor.pcaAliases.cas.push({ alias, value });
updatedAnswers.certificateVendor.pcaAliases.list.push(alias);
}
}
pcaFinished = updatedAnswers.certificateVendor.pcaFinished;
}
}
updatedAnswers = await inquirer.prompt(
[
{
message:
'Will you be using the default policy for rotated certificates(answer No to inheret the policies from old cert)? ',
type: 'confirm',
name: 'certificateVendor.useDefaultPolicy',
default: true,
askAnswered: true,
},
{
message:
'Enter the name of the policy to associate with certificates requested with a CSR:',
type: 'input',
name: 'certificateVendor.rotatedCertificatePolicy',
default: updatedAnswers.certificateVendor?.rotatedCertificatePolicy,
askAnswered: true,
when(answers: Answers) {
return (
answers.certificateVendor?.providingCSRs &&
answers.certificateVendor?.useDefaultPolicy
);
},
validate(answer: string) {
if ((answer?.length ?? 0) === 0) {
return `You must enter the policy name.`;
}
return true;
},
},
...applicationConfigurationPrompt(this.name, answers, [
{
defaultConfiguration: 'certificates/',
propertyName: 'certificatesPrefix',
question: 'The key prefix where certificates are stored',
},
{
defaultConfiguration: '.zip',
propertyName: 'certificatesSuffix',
question: 'The key suffix where certificates are stored',
},
{
defaultConfiguration: 300,
propertyName: 'presignedUrlExpiryInSeconds',
question: 'S3 Presigned Url expiry in seconds',
},
{
defaultConfiguration: 'cdfRotateCertificates',
propertyName: 'rotateCertificatesThingGroup',
question:
'Change the name of the thing group if you want to use an alternate thing group.',
},
{
defaultConfiguration: 'cdf/certificates/{thingName}/get/accepted',
propertyName: 'getSuccessTopic',
question: 'MQTT Topic for Get Success',
},
{
defaultConfiguration: 'cdf/certificates/{thingName}/get/rejected',
propertyName: 'getFailureTopic',
question: 'MQTT Topic for Get Failure',
},
{
defaultConfiguration: 'cdf/certificates/+/get',
propertyName: 'getRootTopic',
question: 'MQTT Topic for Get Root',
},
{
defaultConfiguration: 'cdf/certificates/{thingName}/ack/accepted',
propertyName: 'ackSuccessTopic',
question: 'MQTT Topic for Ack Success',
},
{
defaultConfiguration: 'cdf/certificates/{thingName}/ack/rejected',
propertyName: 'ackFailureTopic',
question: 'MQTT Topic for Ack Failure',
},
{
defaultConfiguration: 'cdf/certificates/+/ack',
propertyName: 'ackRootTopic',
question: 'MQTT Topic for Ack Root',
},
{
defaultConfiguration: false,
propertyName: 'deletePreviousCertificate',
question:
'A feature toggle to enable deleting of the old certificate once rotated.',
},
{
defaultConfiguration: 'status',
propertyName: 'deviceStatusSuccessKey',
question:
'The key to use when updating the device state in the Device Registry or Asset Library',
},
{
defaultConfiguration: 'active',
propertyName: 'deviceStatusSuccessValue',
question:
'The value to use when updating the device state in the Device Registry or Asset Library',
},
{
defaultConfiguration: 1095,
propertyName: 'certificateExpiryInDays',
question:
'If creating a new certificate from a CSR, the expiration date to set.',
},
{
defaultConfiguration: 'AssetLibrary',
propertyName: 'registryMode',
question: 'Which data store to use to validate the status of a device',
},
]),
],
updatedAnswers
);
return updatedAnswers;
}