mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-31 02:28:09 +00:00
API Lock CLI OSS port (#12925)
* api lock in oss * add namespace lock/unlock help
This commit is contained in:
swayne275
87
command/namespace_api_lock.go
Normal file
87
command/namespace_api_lock.go
Normal file
@@ -0,0 +1,87 @@
|
||||
package command
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/hashicorp/vault/helper/namespace"
|
||||
"github.com/mitchellh/cli"
|
||||
"github.com/posener/complete"
|
||||
)
|
||||
|
||||
var (
|
||||
_ cli.Command = (*NamespaceAPILockCommand)(nil)
|
||||
_ cli.CommandAutocomplete = (*NamespaceAPILockCommand)(nil)
|
||||
)
|
||||
|
||||
type NamespaceAPILockCommand struct {
|
||||
*BaseCommand
|
||||
}
|
||||
|
||||
func (c *NamespaceAPILockCommand) Synopsis() string {
|
||||
return "Lock the API for particular namespaces"
|
||||
}
|
||||
|
||||
func (c *NamespaceAPILockCommand) Help() string {
|
||||
helpText := `
|
||||
Usage: vault namespace lock PATH
|
||||
|
||||
Lock the current namespace, and all descendants:
|
||||
|
||||
$ vault namespace lock
|
||||
|
||||
Lock a child namespace, and all of its descendants (e.g. ns1/ns2/):
|
||||
|
||||
$ vault namespace lock ns1/ns2
|
||||
|
||||
` + c.Flags().Help()
|
||||
|
||||
return strings.TrimSpace(helpText)
|
||||
}
|
||||
|
||||
func (c *NamespaceAPILockCommand) Flags() *FlagSets {
|
||||
return c.flagSet(FlagSetHTTP | FlagSetOutputFormat)
|
||||
}
|
||||
|
||||
func (c *NamespaceAPILockCommand) AutocompleteArgs() complete.Predictor {
|
||||
return c.PredictVaultNamespaces()
|
||||
}
|
||||
|
||||
func (c *NamespaceAPILockCommand) AutocompleteFlags() complete.Flags {
|
||||
return c.Flags().Completions()
|
||||
}
|
||||
|
||||
func (c *NamespaceAPILockCommand) Run(args []string) int {
|
||||
f := c.Flags()
|
||||
|
||||
if err := f.Parse(args); err != nil {
|
||||
c.UI.Error(err.Error())
|
||||
return 1
|
||||
}
|
||||
|
||||
args = f.Args()
|
||||
if len(args) > 1 {
|
||||
c.UI.Error(fmt.Sprintf("Too many arguments (expected 0 or 1, got %d)", len(args)))
|
||||
return 1
|
||||
}
|
||||
|
||||
// current namespace is already encoded in the :client:
|
||||
client, err := c.Client()
|
||||
if err != nil {
|
||||
c.UI.Error(err.Error())
|
||||
return 2
|
||||
}
|
||||
|
||||
optionalChildNSPath := ""
|
||||
if len(args) == 1 {
|
||||
optionalChildNSPath = fmt.Sprintf("/%s", namespace.Canonicalize(args[0]))
|
||||
}
|
||||
|
||||
resp, err := client.Logical().Write(fmt.Sprintf("sys/namespaces/api-lock/lock%s", optionalChildNSPath), nil)
|
||||
if err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Error locking namespace: %v", err))
|
||||
return 2
|
||||
}
|
||||
|
||||
return OutputSecret(c.UI, resp)
|
||||
}
|
||||
Reference in New Issue
Block a user