Reviewed 19 of 22 files at r1.
Reviewable status: 19 of 22 files reviewed, 11 unresolved discussions (waiting on @karampok and @oncilla)

a discussion (no related file):
I miss the readme file where I would like to see

# Installation
go get ....

# How to get help
./scion-pki help v2

# An end to end example (copy paste should just work)
./bin/scion-pki v2 tmpl topo topology/Tiny.topo -d gen-test
./bin/scion-pki v2 keys private '*' -d gen-test
./bin/scion-pki v2 trcs gen '*' -d gen-test
 ./bin/scion-pki v2 certs issuer '*' -d gen-test
 ./bin/scion-pki v2 certs chain '*' -d gen-test
[extra] start scion topology based on get-test
[extra] run integration tests

# Debug  tips
./bin/scion-pki v2 certs human gen-test/ISD1/ASff00_0_111/certs/ISD1-ASff00_0_111-V1.crt

go/tools/scion-pki/internal/v2/certs/cmd.go, line 35 at r1 (raw file):

Selector:
	*-*

text is already long maybe merge this lines, in overall try to keep as minimal as possible

go/tools/scion-pki/internal/v2/certs/cmd.go, line 42 at r1 (raw file):

		A specific AS X-Y, e.g. AS 1-ff00:0:300

'certs' needs to be pointed to the root directory where all keys and configurations

certs needs to can be subcommand does that. It expect an existing root directory in the following format.

go/tools/scion-pki/internal/v2/certs/cmd.go, line 43 at r1 (raw file):

'certs' needs to be pointed to the root directory where all keys and configurations
are stored on disk (-d flag). It expects the contents of the root directory to

add something like see ./bin/scion-pki v2 tmpl topo topology/Tiny.topo -d gen-test
Also I like the tree output directly

12:33 $ tree gen-test/
gen-test/
└── ISD1
    ├── ASff00_0_110
    │   ├── as-v1.toml       #issuer certificate generated by `scion-pki v2 issuer`
    │   ├── issuer-v1.toml
    │   └── keys.toml
     ...
    └── trc-v1.tom

Maybe also inline the description

go/tools/scion-pki/internal/v2/conf/doc.go, line 1 at r1 (raw file):

// Copyright 2019 Anapaya Systems

2020?

go/tools/scion-pki/internal/v2/conf/doc.go, line 42 at r1 (raw file):

// The directory structure how config files are arranged and the file naming is
// rigid. A sample tree is shown below. This package exposes a set of helper
// functions to determine the correct file names.

maybe part of scion-pki help v2

go/tools/scion-pki/internal/v2/keys/cmd.go, line 38 at r1 (raw file):

		A specific AS X-Y, e.g. AS 1-ff00:0:300

'keys' needs to be pointed to the root directory where all key configuration files

this look similar to certs.
In that case maybe transfer the long help message in scion-pki help v2

go/tools/scion-pki/internal/v2/keys/cmd.go, line 68 at r1 (raw file):

	Short: "Generate private keys",
	Long: `
'private' generates the private keys based on the selector.

What I miss here is an example

e.g.  ./bin/scion-pki v2 keys private '*' -d gen-test

go/tools/scion-pki/internal/v2/trcs/cmd.go, line 52 at r1 (raw file):

		ISD X.

'trcs' needs to be pointed to the root directory where all keys and configurations

looks same, add it to scion help v2
and an example

go/tools/scion-pki/internal/v2/trcs/cmd.go, line 87 at r1 (raw file):

	Long: `
'gen' generates the TRCS based on the selector.
The version to generate can be supplied through the version flag.

There should be a native way to add flags and documentation

	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.cobra.yaml)")

https://github.com/spf13/cobra#flags

go/tools/scion-pki/internal/v2/trcs/cmd.go, line 91 at r1 (raw file):

This command coalesces the prototype, sign and combine step of the trc generation.

This command requires a valid TRC configuration file. Further, all private keys

there is a lot of requires, a suggested interface would be that in case of failure because the requirement are not fulfilled,
the binary itself let you know what step you missed.

./scion-pki v2 gen trcs
-- failed, have you try first `scion-pki tmp`?

Reviewable status: 19 of 22 files reviewed, 11 unresolved discussions (waiting on @karampok and @oncilla)

a discussion (no related file):

see #3588

Reviewable status: 16 of 23 files reviewed, 11 unresolved discussions (waiting on @karampok and @oncilla)

go/tools/scion-pki/internal/v2/certs/cmd.go, line 35 at r1 (raw file):

Done.

go/tools/scion-pki/internal/v2/certs/cmd.go, line 43 at r1 (raw file):

done in v2/cmd/cmd.go
note that the scion-pki v2 tmpl sample is only available in #3588

go/tools/scion-pki/internal/v2/conf/doc.go, line 1 at r1 (raw file):

Done.

go/tools/scion-pki/internal/v2/conf/doc.go, line 42 at r1 (raw file):

Done.

go/tools/scion-pki/internal/v2/keys/cmd.go, line 38 at r1 (raw file):

Done.

go/tools/scion-pki/internal/v2/keys/cmd.go, line 68 at r1 (raw file):

Done.

$ scion-pki help v2 keys private
...
Examples:
  scion-pki v2 keys private 1-ff00:0:110
  scion-pki v2 keys private '*'
  scion-pki v2 keys private 1-ff00:0:110 -d $SPKI_ROOT_DIR
...

go/tools/scion-pki/internal/v2/trcs/cmd.go, line 52 at r1 (raw file):

Done.

go/tools/scion-pki/internal/v2/trcs/cmd.go, line 87 at r1 (raw file):

Done.

go/tools/scion-pki/internal/v2/trcs/cmd.go, line 91 at r1 (raw file):

While this would be really nice to have. Most of the time the suggestion is not really straight forward, as the application does not really know whether it runs in the "sample" mode or the real mode with muiltiple parties involved,

Reviewable status: 16 of 23 files reviewed, 11 unresolved discussions (waiting on @karampok)

go/tools/scion-pki/internal/v2/certs/cmd.go, line 42 at r1 (raw file):

Done.

Reviewed 1 of 22 files at r1, 6 of 6 files at r2.
Reviewable status: complete! all files reviewed, all discussions resolved