add cluster x kube-sign

src/bin/dls.rs

@@ -45,11 +45,20 @@ enum ClusterCommand {
         user_public_key: String,
         #[arg(long, default_value = "root")]
         principal: String,
-        #[arg(long, default_value = "+1d")]
+        #[arg(long, default_value = "1d")]
         validity: String,
         #[arg(long)]
         options: Vec<String>,
     },
+    KubeSign {
+        csr: String,
+        #[arg(long, default_value = "anonymous", env = "USER")]
+        user: String,
+        #[arg(long)]
+        group: Option<String>,
+        #[arg(long, default_value = "1d")]
+        validity: String,
+    },
 }
 
 #[tokio::main(flavor = "current_thread")]
@@ -87,7 +96,7 @@ async fn main() -> Result<()> {
                 }) => {
                     let pub_key = tokio::fs::read_to_string(user_public_key).await?;
                     let cert = cluster
-                        .sign_ssh_user_pubkey(&dls::SshSignReq {
+                        .ssh_userca_sign(&dls::SshSignReq {
                             pub_key,
                             principal,
                             validity: Some(validity).filter(|s| s != ""),
@@ -96,6 +105,23 @@ async fn main() -> Result<()> {
                         .await?;
                     write_raw(&cert);
                 }
+                Some(CC::KubeSign {
+                    csr,
+                    user,
+                    group,
+                    validity,
+                }) => {
+                    let csr = tokio::fs::read_to_string(csr).await?;
+                    let cert = cluster
+                        .kube_sign(&dls::KubeSignReq {
+                            csr,
+                            user,
+                            group,
+                            validity: Some(validity).filter(|s| s != ""),
+                        })
+                        .await?;
+                    write_raw(&cert);
+                }
             }
         }
         C::Hosts => write_json(&dls.hosts().await?),