Allow stdin input of cert for needs-renewal

[redrac]

Name of feature:

Allow stdin input of cert for needs-renewal

Pain or issue this feature alleviates:

This allows users who have ephemeral certs (certs only in agents) to use needs-renewal without writing the cert to disk. This functionality already exists for inspect; I merely ported it over.

[redrac]

Now requires: smallstep/crypto#490
Related to: #116

edit: these were merged

[dopey]

Hey @redrac 👋. Thanks for submitting this PR, and apologies for the radio silence!

Overall, this looks good and useful. However, the exit codes that are being returned by this command are intentional and in some cases I think the proposed changes may result in an exit code that does not line up with the documentation. I will try to comment on those exact cases.

See the exit code documentation here - https://github.com/smallstep/cli/blob/master/command/ssh/needsRenewal.go#L39-L43.

[dopey]

I believe we want to exit with code 255 here.

[redrac]

Hey @redrac 👋. Thanks for submitting this PR, and apologies for the radio silence!

Overall, this looks good and useful. However, the exit codes that are being returned by this command are intentional and in some cases I think the proposed changes may result in an exit code that does not line up with the documentation. I will try to comment on those exact cases.

See the exit code documentation here - https://github.com/smallstep/cli/blob/master/command/ssh/needsRenewal.go#L39-L43.

Ah thanks! I will fix this this afternoon most likely

[redrac]

Okay fixed :)

$ ./step ssh needs-renewal
too many arguments: not enough positional arguments were provided in 'step ssh needs-renewal <crt-file>'
$ echo $?
255

$ ./step ssh needs-renewal zz zzz zz
too many arguments: too many positional arguments were provided in 'step ssh needs-renewal <crt-file>'
$ echo $?
255