From 8ecae27594d221a94669fbf7d5a52b8517814d27 Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Fri, 11 Oct 2024 18:14:02 +0200 Subject: [PATCH] Reorder sq pki certify's options. - Reorder `sq pki certify`'s arguments so that they appear in a more logical order when reading `--help` (required arguments first, then grouped and approximately ordered by how often they are likely to be used). --- src/cli/pki/certify.rs | 214 +++++++++++++++++++++-------------------- 1 file changed, 110 insertions(+), 104 deletions(-) diff --git a/src/cli/pki/certify.rs b/src/cli/pki/certify.rs index 47e6fca7..4f81f153 100644 --- a/src/cli/pki/certify.rs +++ b/src/cli/pki/certify.rs @@ -91,110 +91,6 @@ reference time. )] #[clap(group(ArgGroup::new("certifier_input").args(&["certifier_file", "certifier"]).required(true)))] pub struct Command { - #[clap( - help = FileOrStdout::HELP_OPTIONAL, - long, - value_name = FileOrStdout::VALUE_NAME, - )] - pub output: Option, - #[clap( - long, - help = "Emit binary data", - )] - pub binary: bool, - #[clap( - long = "depth", - value_name = "TRUST_DEPTH", - default_value = "0", - help = "Set the trust depth", - long_help = - "Set the trust depth (sometimes referred to as the trust level). \ - 0 means a normal certification of . \ - 1 means CERTIFICATE is also a trusted introducer, 2 means \ - CERTIFICATE is a meta-trusted introducer, etc.", - )] - pub depth: u8, - #[clap( - long = "amount", - value_name = "AMOUNT", - default_value = "full", - help = "Set the amount of trust", - long_help = - "Set the amount of trust. Values between 1 and 120 are meaningful. \ - 120 means fully trusted. Values less than 120 indicate the degree \ - of trust. 60 is usually used for partially trusted.", - )] - pub amount: TrustAmount, - #[clap( - long = "regex", - value_name = "REGEX", - requires = "depth", - help = "Add a regular expression to constrain \ - what a trusted introducer can certify", - long_help = - "Add a regular expression to constrain \ - what a trusted introducer can certify. \ - The regular expression must match \ - the certified User ID in all intermediate \ - introducers, and the certified certificate. \ - Multiple regular expressions may be \ - specified. In that case, at least \ - one must match.", - )] - pub regex: Vec, - #[clap( - long = "local", - help = "Make the certification a local certification", - long_help = - "Make the certification a local \ - certification. Normally, local \ - certifications are not exported.", - )] - pub local: bool, - #[clap( - long = "non-revocable", - help = "Mark the certification as being non-revocable", - long_help = - "Mark the certification as being non-revocable. \ - That is, you cannot later revoke this \ - certification. This should normally only \ - be used with an expiration.", - )] - pub non_revocable: bool, - #[clap( - long, - value_names = &["NAME", "VALUE"], - number_of_values = 2, - help = "Add a notation to the certification.", - long_help = "Add a notation to the certification. \ - A user-defined notation's name must be of the form \ - `name@a.domain.you.control.org`. If the notation's name starts \ - with a !, then the notation is marked as being critical. If a \ - consumer of a signature doesn't understand a critical notation, \ - then it will ignore the signature. The notation is marked as \ - being human readable." - )] - pub notation: Vec, - #[clap( - long = "expiration", - value_name = "EXPIRATION", - default_value_t = - Expiration::Duration(THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION), - help = - "Define EXPIRATION for the certification as ISO 8601 formatted string or \ - custom duration.", - long_help = - "Define EXPIRATION for the certification as ISO 8601 formatted string or \ - custom duration. \ - If an ISO 8601 formatted string is provided, the validity period \ - reaches from the reference time (may be set using `--time`) to \ - the provided time. \ - Custom durations starting from the reference time may be set using \ - `N[ymwds]`, for N years, months, weeks, days, or seconds. \ - The special keyword `never` sets an unlimited expiry.", - )] - pub expiration: Expiration, - #[clap( long, value_name = "KEY", @@ -222,4 +118,114 @@ pub struct Command { "Add the given user ID if it doesn't exist in the certificate.", )] pub add_userid: bool, + + #[clap( + long = "amount", + value_name = "AMOUNT", + default_value = "full", + help = "Set the amount of trust", + long_help = + "Set the amount of trust. Values between 1 and 120 are meaningful. \ + 120 means fully trusted. Values less than 120 indicate the degree \ + of trust. 60 is usually used for partially trusted.", + )] + pub amount: TrustAmount, + + #[clap( + long = "depth", + value_name = "TRUST_DEPTH", + default_value = "0", + help = "Set the trust depth", + long_help = + "Set the trust depth (sometimes referred to as the trust level). \ + 0 means a normal certification of . \ + 1 means CERTIFICATE is also a trusted introducer, 2 means \ + CERTIFICATE is a meta-trusted introducer, etc.", + )] + pub depth: u8, + + #[clap( + long = "regex", + value_name = "REGEX", + requires = "depth", + help = "Add a regular expression to constrain \ + what a trusted introducer can certify", + long_help = + "Add a regular expression to constrain \ + what a trusted introducer can certify. \ + The regular expression must match \ + the certified User ID in all intermediate \ + introducers, and the certified certificate. \ + Multiple regular expressions may be \ + specified. In that case, at least \ + one must match.", + )] + pub regex: Vec, + + #[clap( + long = "expiration", + value_name = "EXPIRATION", + default_value_t = + Expiration::Duration(THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION), + help = + "Define EXPIRATION for the certification as ISO 8601 formatted string or \ + custom duration.", + long_help = + "Define EXPIRATION for the certification as ISO 8601 formatted string or \ + custom duration. \ + If an ISO 8601 formatted string is provided, the validity period \ + reaches from the reference time (may be set using `--time`) to \ + the provided time. \ + Custom durations starting from the reference time may be set using \ + `N[ymwds]`, for N years, months, weeks, days, or seconds. \ + The special keyword `never` sets an unlimited expiry.", + )] + pub expiration: Expiration, + + #[clap( + long = "local", + help = "Make the certification a local certification", + long_help = + "Make the certification a local \ + certification. Normally, local \ + certifications are not exported.", + )] + pub local: bool, + #[clap( + long = "non-revocable", + help = "Mark the certification as being non-revocable", + long_help = + "Mark the certification as being non-revocable. \ + That is, you cannot later revoke this \ + certification. This should normally only \ + be used with an expiration.", + )] + pub non_revocable: bool, + + #[clap( + long, + value_names = &["NAME", "VALUE"], + number_of_values = 2, + help = "Add a notation to the certification.", + long_help = "Add a notation to the certification. \ + A user-defined notation's name must be of the form \ + `name@a.domain.you.control.org`. If the notation's name starts \ + with a !, then the notation is marked as being critical. If a \ + consumer of a signature doesn't understand a critical notation, \ + then it will ignore the signature. The notation is marked as \ + being human readable." + )] + pub notation: Vec, + + #[clap( + help = FileOrStdout::HELP_OPTIONAL, + long, + value_name = FileOrStdout::VALUE_NAME, + )] + pub output: Option, + #[clap( + long, + help = "Emit binary data", + )] + pub binary: bool, }