From 2dde85e43bf028ecbbab12cf2109cfa84a5a00f1 Mon Sep 17 00:00:00 2001 From: Michael Gaffney Date: Wed, 19 Jun 2019 15:44:21 -0400 Subject: [PATCH] Remove delete-version-after from kv put and undelete subcommands Removes the optional parameter "delete-version-after" from the following CLI subcommands: - kv put - kv undelete - kv rollback --- command/kv_put.go | 23 +----- command/kv_rollback.go | 27 +------ command/kv_test.go | 4 +- command/kv_undelete.go | 24 +----- website/source/api/secret/kv/kv-v2.html.md | 24 +----- website/source/docs/secrets/kv/kv-v2.html.md | 82 ++------------------ 6 files changed, 17 insertions(+), 167 deletions(-) diff --git a/command/kv_put.go b/command/kv_put.go index 807236cad3..b4ba76aafa 100644 --- a/command/kv_put.go +++ b/command/kv_put.go @@ -5,7 +5,6 @@ import ( "io" "os" "strings" - "time" "github.com/mitchellh/cli" "github.com/posener/complete" @@ -17,9 +16,8 @@ var _ cli.CommandAutocomplete = (*KVPutCommand)(nil) type KVPutCommand struct { *BaseCommand - flagCAS int - flagDeleteVersionAfter time.Duration - testStdin io.Reader // for tests + flagCAS int + testStdin io.Reader // for tests } func (c *KVPutCommand) Synopsis() string { @@ -73,19 +71,6 @@ func (c *KVPutCommand) Flags() *FlagSets { parameter.`, }) - f.DurationVar(&DurationVar{ - Name: "delete-version-after", - Target: &c.flagDeleteVersionAfter, - Default: 0, - EnvVar: "", - Completion: complete.PredictAnything, - Usage: `Specifies the length of time before this version is - deleted. If not set, the metadata's delete-version-after is used. - Cannot be greater than the metadata's delete-version-after. The - delete-version-after is specified as a numeric string with a suffix - like "30s" or "3h25m19s".`, - }) - return set } @@ -152,10 +137,6 @@ func (c *KVPutCommand) Run(args []string) int { if c.flagCAS > -1 { data["options"].(map[string]interface{})["cas"] = c.flagCAS } - - if c.flagDeleteVersionAfter > 0 { - data["options"].(map[string]interface{})["delete_version_after"] = c.flagDeleteVersionAfter.String() - } } secret, err := client.Logical().Write(path, data) diff --git a/command/kv_rollback.go b/command/kv_rollback.go index 525e60624b..e050aaeb37 100644 --- a/command/kv_rollback.go +++ b/command/kv_rollback.go @@ -4,7 +4,6 @@ import ( "flag" "fmt" "strings" - "time" "github.com/mitchellh/cli" "github.com/posener/complete" @@ -16,8 +15,7 @@ var _ cli.CommandAutocomplete = (*KVRollbackCommand)(nil) type KVRollbackCommand struct { *BaseCommand - flagVersion int - flagDeleteVersionAfter time.Duration + flagVersion int } func (c *KVRollbackCommand) Synopsis() string { @@ -55,19 +53,6 @@ func (c *KVRollbackCommand) Flags() *FlagSets { Usage: `Specifies the version number that should be made current again.`, }) - f.DurationVar(&DurationVar{ - Name: "delete-version-after", - Target: &c.flagDeleteVersionAfter, - Default: 0, - EnvVar: "", - Completion: complete.PredictAnything, - Usage: `Specifies the length of time before this version is - deleted. If not set, the metadata's delete-version-after is used. - Cannot be greater than the metadata's delete-version-after. The - delete-version-after is specified as a numeric string with a suffix - like "30s" or "3h25m19s".`, - }) - return set } @@ -232,18 +217,12 @@ func (c *KVRollbackCommand) Run(args []string) int { } } - data = map[string]interface{}{ + secret, err := client.Logical().Write(path, map[string]interface{}{ "data": data, "options": map[string]interface{}{ "cas": casVersion, }, - } - - if c.flagDeleteVersionAfter > 0 { - data["options"].(map[string]interface{})["delete_version_after"] = c.flagDeleteVersionAfter.String() - } - - secret, err := client.Logical().Write(path, data) + }) if err != nil { c.UI.Error(fmt.Sprintf("Error writing data to %s: %s", path, err)) return 2 diff --git a/command/kv_test.go b/command/kv_test.go index 9440e99070..fa99b06142 100644 --- a/command/kv_test.go +++ b/command/kv_test.go @@ -120,7 +120,7 @@ func TestKVPutCommand(t *testing.T) { cmd.client = client code := cmd.Run([]string{ - "-cas", "0", "-delete-version-after", "1h", "kv/write/cas", "bar=baz", + "-cas", "0", "kv/write/cas", "bar=baz", }) if code != 0 { t.Fatalf("expected 0 to be %d", code) @@ -133,7 +133,7 @@ func TestKVPutCommand(t *testing.T) { ui, cmd = testKVPutCommand(t) cmd.client = client code = cmd.Run([]string{ - "-cas", "1", "-delete-version-after", "1h", "kv/write/cas", "bar=baz", + "-cas", "1", "kv/write/cas", "bar=baz", }) if code != 0 { t.Fatalf("expected 0 to be %d", code) diff --git a/command/kv_undelete.go b/command/kv_undelete.go index fce3b34415..7c11e8ce5d 100644 --- a/command/kv_undelete.go +++ b/command/kv_undelete.go @@ -3,7 +3,6 @@ package command import ( "fmt" "strings" - "time" "github.com/mitchellh/cli" "github.com/posener/complete" @@ -15,8 +14,7 @@ var _ cli.CommandAutocomplete = (*KVUndeleteCommand)(nil) type KVUndeleteCommand struct { *BaseCommand - flagVersions []string - flagDeleteVersionAfter time.Duration + flagVersions []string } func (c *KVUndeleteCommand) Synopsis() string { @@ -31,7 +29,7 @@ Usage: vault kv undelete [options] KEY This restores the data, allowing it to be returned on get requests. To undelete version 3 of key "foo": - + $ vault kv undelete -versions=3 secret/foo Additional flags and more advanced use cases are detailed below. @@ -53,20 +51,6 @@ func (c *KVUndeleteCommand) Flags() *FlagSets { Usage: `Specifies the version numbers to undelete.`, }) - f.DurationVar(&DurationVar{ - Name: "delete-version-after", - Target: &c.flagDeleteVersionAfter, - Default: 0, - EnvVar: "", - Completion: complete.PredictAnything, - Usage: `Specifies the length of time before these versions will be - deleted. If not set, the metadata's delete-version-after is used. - Cannot be greater than the metadata's delete-version-after. The - delete-version-after is specified as a numeric string with a suffix - like "30s" or - "3h25m19s".`, - }) - return set } @@ -123,10 +107,6 @@ func (c *KVUndeleteCommand) Run(args []string) int { "versions": kvParseVersionsFlags(c.flagVersions), } - if c.flagDeleteVersionAfter > 0 { - data["delete_version_after"] = c.flagDeleteVersionAfter.String() - } - secret, err := client.Logical().Write(path, data) if err != nil { c.UI.Error(fmt.Sprintf("Error writing data to %s: %s", path, err)) diff --git a/website/source/api/secret/kv/kv-v2.html.md b/website/source/api/secret/kv/kv-v2.html.md index 754491c351..e028828bfb 100644 --- a/website/source/api/secret/kv/kv-v2.html.md +++ b/website/source/api/secret/kv/kv-v2.html.md @@ -158,14 +158,6 @@ have an ACL policy granting the `update` capability. write will only be allowed if the key’s current version matches the version specified in the cas parameter. - - `delete_version_after` (`string:"0s"`) – Set the `delete_version_after` - value to a duration to specify the `deletion_time` for this - version. If not set, the metadata's `delete_version_after` will be used. If - the metadata's `delete_version_after` is not set, the backend's - `delete_version_after` will be used. If the value is greater than the - metadata's `delete_version_after`, the metadata's `delete_version_after` will be - used. Accepts [Go duration format string][duration-godoc]. - - `data` `(Map: )` – The contents of the data map will be stored and returned on read. @@ -174,8 +166,7 @@ have an ACL policy granting the `update` capability. ```json { "options": { - "cas": 0, - "delete_version_after": "3m" + "cas": 0 }, "data": { "foo": "bar", @@ -200,7 +191,7 @@ $ curl \ { "data": { "created_time": "2018-03-22T02:36:43.986212308Z", - "deletion_time": "2018-03-22T02:39:43.986212308Z", + "deletion_time": "", "destroyed": false, "version": 1 } @@ -286,20 +277,11 @@ This restores the data, allowing it to be returned on get requests. - `versions` `([]int: )` - The versions to undelete. The versions will be restored and their data will be returned on normal get requests. -- `delete_version_after` (`string:"0s"`) – Set the `delete_version_after` value - to a duration to specify the `deletion_time` for the versions being - undeleted. If not set, the metadata's `delete_version_after` will be used. If - the metadata's `delete_version_after` is not set, the backend's `delete_version_after` - will be used. If the value is greater than the metadata's - `delete_version_after`, the metadata's `delete_version_after` will be used. Accepts - [Go duration format string][duration-godoc]. - ### Sample Payload ```json { - "versions": [1, 2], - "delete_version_after": "25m" + "versions": [1, 2] } ``` diff --git a/website/source/docs/secrets/kv/kv-v2.html.md b/website/source/docs/secrets/kv/kv-v2.html.md index 5a1f392c40..964a1e1b49 100644 --- a/website/source/docs/secrets/kv/kv-v2.html.md +++ b/website/source/docs/secrets/kv/kv-v2.html.md @@ -246,71 +246,6 @@ allows for writing keys with arbitrary values. my-value s3cr3t ``` -1. Write another version which will be deleted after a specified - duration. The `-delete-version-after` flag can optionally be passed to specify - a duration of time until the version will be deleted. The previous - versions will still be accessible. - - ```text - $ vault kv put -delete-version-after=2m secret/my-secret my-value=short-lived-s3cr3t - Key Value - --- ----- - created_time 2019-06-19T17:23:21.834403Z - deletion_time 2019-06-19T17:25:21.834403Z - destroyed false - version 3 - ``` - -1. Reading now will return the newest version of the data and show the - `deletion_time`: - - ```text - $ vault kv get secret/my-secret - ====== Metadata ====== - Key Value - --- ----- - created_time 2019-06-19T17:23:21.834403Z - deletion_time 2019-06-19T17:25:21.834403Z - destroyed false - version 3 - - ====== Data ====== - Key Value - --- ----- - my-value short-lived-s3cr3t - ``` - -1. Reading after the `deletion_time` will only return metadata: - - ```text - $ vault kv get secret/my-secret - ====== Metadata ====== - Key Value - --- ----- - created_time 2019-06-19T17:23:21.834403Z - deletion_time 2019-06-19T17:25:21.834403Z - destroyed false - version 3 - ``` - -1. Previous versions not deleted can still be accessed with the `-version` flag: - - ```text - $ vault kv get -version=2 secret/my-secret - ====== Metadata ====== - Key Value - --- ----- - created_time 2019-06-19T17:22:23.369372Z - deletion_time n/a - destroyed false - version 2 - - ====== Data ====== - Key Value - --- ----- - my-value new-s3cr3t - ``` - ### Deleting and Destroying Data When deleting data the standard `vault kv delete` command will perform a @@ -338,7 +273,7 @@ See the commands below for more information: 1. Versions can be undeleted: ```text - $ vault kv undelete -versions=3 secret/my-secret + $ vault kv undelete -versions=2 secret/my-secret Success! Data written to: secret/undelete/my-secret $ vault kv get secret/my-secret @@ -348,7 +283,7 @@ See the commands below for more information: created_time 2019-06-19T17:23:21.834403Z deletion_time n/a destroyed false - version 3 + version 2 ====== Data ====== Key Value @@ -359,7 +294,7 @@ See the commands below for more information: 1. Destroying a version permanently deletes the underlying data: ```text - $ vault kv destroy -versions=3 secret/my-secret + $ vault kv destroy -versions=2 secret/my-secret Success! Data written to: secret/destroy/my-secret ``` @@ -380,11 +315,11 @@ See the commands below for more information: --- ----- cas_required false created_time 2019-06-19T17:20:22.985303Z - current_version 3 + current_version 2 delete_version_after 0s max_versions 0 oldest_version 0 - updated_time 2019-06-19T17:23:21.834403Z + updated_time 2019-06-19T17:22:23.369372Z ====== Version 1 ====== Key Value @@ -398,13 +333,6 @@ See the commands below for more information: --- ----- created_time 2019-06-19T17:22:23.369372Z deletion_time n/a - destroyed false - - ====== Version 3 ====== - Key Value - --- ----- - created_time 2019-06-19T17:23:21.834403Z - deletion_time n/a destroyed true ```