scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove delete-version-after from kv put and undelete subcommands

Browse Source 
Removes the optional parameter "delete-version-after" from the following
CLI subcommands:

- kv put
- kv undelete
- kv rollback
This commit is contained in:
Michael Gaffney
2019-06-19 15:44:21 -04:00
parent 12ecac24a9
commit 2dde85e43b
6 changed files with 17 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
command/kv_put.go
View File

@@ -5,7 +5,6 @@ import (
"io" "io"
"os" "os"
"strings" "strings"
"time"
"github.com/mitchellh/cli" "github.com/mitchellh/cli"
"github.com/posener/complete" "github.com/posener/complete"
@@ -17,9 +16,8 @@ var _ cli.CommandAutocomplete = (*KVPutCommand)(nil)
type KVPutCommand struct { type KVPutCommand struct {
*BaseCommand *BaseCommand
flagCAS int flagCAS int
flagDeleteVersionAfter time.Duration testStdin io.Reader // for tests
testStdin io.Reader // for tests
} }
func (c *KVPutCommand) Synopsis() string { func (c *KVPutCommand) Synopsis() string {
@@ -73,19 +71,6 @@ func (c *KVPutCommand) Flags() *FlagSets {
parameter.`, parameter.`,
}) })
f.DurationVar(&DurationVar{
Name: "delete-version-after",
Target: &c.flagDeleteVersionAfter,
Default: 0,
EnvVar: "",
Completion: complete.PredictAnything,
Usage: `Specifies the length of time before this version is
deleted. If not set, the metadata's delete-version-after is used.
Cannot be greater than the metadata's delete-version-after. The
delete-version-after is specified as a numeric string with a suffix
like "30s" or "3h25m19s".`,
})
return set return set
} }
@@ -152,10 +137,6 @@ func (c *KVPutCommand) Run(args []string) int {
if c.flagCAS > -1 { if c.flagCAS > -1 {
data["options"].(map[string]interface{})["cas"] = c.flagCAS data["options"].(map[string]interface{})["cas"] = c.flagCAS
} }
if c.flagDeleteVersionAfter > 0 {
data["options"].(map[string]interface{})["delete_version_after"] = c.flagDeleteVersionAfter.String()
}
} }
secret, err := client.Logical().Write(path, data) secret, err := client.Logical().Write(path, data)

27
command/kv_rollback.go
View File

@@ -4,7 +4,6 @@ import (
"flag" "flag"
"fmt" "fmt"
"strings" "strings"
"time"
"github.com/mitchellh/cli" "github.com/mitchellh/cli"
"github.com/posener/complete" "github.com/posener/complete"
@@ -16,8 +15,7 @@ var _ cli.CommandAutocomplete = (*KVRollbackCommand)(nil)
type KVRollbackCommand struct { type KVRollbackCommand struct {
*BaseCommand *BaseCommand
flagVersion int flagVersion int
flagDeleteVersionAfter time.Duration
} }
func (c *KVRollbackCommand) Synopsis() string { func (c *KVRollbackCommand) Synopsis() string {
@@ -55,19 +53,6 @@ func (c *KVRollbackCommand) Flags() *FlagSets {
Usage: `Specifies the version number that should be made current again.`, Usage: `Specifies the version number that should be made current again.`,
}) })
f.DurationVar(&DurationVar{
Name: "delete-version-after",
Target: &c.flagDeleteVersionAfter,
Default: 0,
EnvVar: "",
Completion: complete.PredictAnything,
Usage: `Specifies the length of time before this version is
deleted. If not set, the metadata's delete-version-after is used.
Cannot be greater than the metadata's delete-version-after. The
delete-version-after is specified as a numeric string with a suffix
like "30s" or "3h25m19s".`,
})
return set return set
} }
@@ -232,18 +217,12 @@ func (c *KVRollbackCommand) Run(args []string) int {
} }
} }
data = map[string]interface{}{ secret, err := client.Logical().Write(path, map[string]interface{}{
"data": data, "data": data,
"options": map[string]interface{}{ "options": map[string]interface{}{
"cas": casVersion, "cas": casVersion,
}, },
} })
if c.flagDeleteVersionAfter > 0 {
data["options"].(map[string]interface{})["delete_version_after"] = c.flagDeleteVersionAfter.String()
}
secret, err := client.Logical().Write(path, data)
if err != nil { if err != nil {
c.UI.Error(fmt.Sprintf("Error writing data to %s: %s", path, err)) c.UI.Error(fmt.Sprintf("Error writing data to %s: %s", path, err))
return 2 return 2

4
command/kv_test.go
View File

@@ -120,7 +120,7 @@ func TestKVPutCommand(t *testing.T) {
cmd.client = client cmd.client = client
code := cmd.Run([]string{ code := cmd.Run([]string{
"-cas", "0", "-delete-version-after", "1h", "kv/write/cas", "bar=baz", "-cas", "0", "kv/write/cas", "bar=baz",
}) })
if code != 0 { if code != 0 {
t.Fatalf("expected 0 to be %d", code) t.Fatalf("expected 0 to be %d", code)
@@ -133,7 +133,7 @@ func TestKVPutCommand(t *testing.T) {
ui, cmd = testKVPutCommand(t) ui, cmd = testKVPutCommand(t)
cmd.client = client cmd.client = client
code = cmd.Run([]string{ code = cmd.Run([]string{
"-cas", "1", "-delete-version-after", "1h", "kv/write/cas", "bar=baz", "-cas", "1", "kv/write/cas", "bar=baz",
}) })
if code != 0 { if code != 0 {
t.Fatalf("expected 0 to be %d", code) t.Fatalf("expected 0 to be %d", code)

24
command/kv_undelete.go
View File

@@ -3,7 +3,6 @@ package command
import ( import (
"fmt" "fmt"
"strings" "strings"
"time"
"github.com/mitchellh/cli" "github.com/mitchellh/cli"
"github.com/posener/complete" "github.com/posener/complete"
@@ -15,8 +14,7 @@ var _ cli.CommandAutocomplete = (*KVUndeleteCommand)(nil)
type KVUndeleteCommand struct { type KVUndeleteCommand struct {
*BaseCommand *BaseCommand
flagVersions []string flagVersions []string
flagDeleteVersionAfter time.Duration
} }
func (c *KVUndeleteCommand) Synopsis() string { func (c *KVUndeleteCommand) Synopsis() string {
@@ -31,7 +29,7 @@ Usage: vault kv undelete [options] KEY
This restores the data, allowing it to be returned on get requests. This restores the data, allowing it to be returned on get requests.
To undelete version 3 of key "foo": To undelete version 3 of key "foo":
$ vault kv undelete -versions=3 secret/foo $ vault kv undelete -versions=3 secret/foo
Additional flags and more advanced use cases are detailed below. Additional flags and more advanced use cases are detailed below.
@@ -53,20 +51,6 @@ func (c *KVUndeleteCommand) Flags() *FlagSets {
Usage: `Specifies the version numbers to undelete.`, Usage: `Specifies the version numbers to undelete.`,
}) })
f.DurationVar(&DurationVar{
Name: "delete-version-after",
Target: &c.flagDeleteVersionAfter,
Default: 0,
EnvVar: "",
Completion: complete.PredictAnything,
Usage: `Specifies the length of time before these versions will be
deleted. If not set, the metadata's delete-version-after is used.
Cannot be greater than the metadata's delete-version-after. The
delete-version-after is specified as a numeric string with a suffix
like "30s" or
"3h25m19s".`,
})
return set return set
} }
@@ -123,10 +107,6 @@ func (c *KVUndeleteCommand) Run(args []string) int {
"versions": kvParseVersionsFlags(c.flagVersions), "versions": kvParseVersionsFlags(c.flagVersions),
} }
if c.flagDeleteVersionAfter > 0 {
data["delete_version_after"] = c.flagDeleteVersionAfter.String()
}
secret, err := client.Logical().Write(path, data) secret, err := client.Logical().Write(path, data)
if err != nil { if err != nil {
c.UI.Error(fmt.Sprintf("Error writing data to %s: %s", path, err)) c.UI.Error(fmt.Sprintf("Error writing data to %s: %s", path, err))

24
website/source/api/secret/kv/kv-v2.html.md
View File

@@ -158,14 +158,6 @@ have an ACL policy granting the `update` capability.
write will only be allowed if the keys current version matches the write will only be allowed if the keys current version matches the
version specified in the cas parameter. version specified in the cas parameter.
- `delete_version_after` (`string:"0s"`) Set the `delete_version_after`
value to a duration to specify the `deletion_time` for this
version. If not set, the metadata's `delete_version_after` will be used. If
the metadata's `delete_version_after` is not set, the backend's
`delete_version_after` will be used. If the value is greater than the
metadata's `delete_version_after`, the metadata's `delete_version_after` will be
used. Accepts [Go duration format string][duration-godoc].
- `data` `(Map: <required>)`  The contents of the data map will be stored and - `data` `(Map: <required>)`  The contents of the data map will be stored and
returned on read. returned on read.
@@ -174,8 +166,7 @@ have an ACL policy granting the `update` capability.
```json ```json
{ {
"options": { "options": {
"cas": 0, "cas": 0
"delete_version_after": "3m"
}, },
"data": { "data": {
"foo": "bar", "foo": "bar",
@@ -200,7 +191,7 @@ $ curl \
{ {
"data": { "data": {
"created_time": "2018-03-22T02:36:43.986212308Z", "created_time": "2018-03-22T02:36:43.986212308Z",
"deletion_time": "2018-03-22T02:39:43.986212308Z", "deletion_time": "",
"destroyed": false, "destroyed": false,
"version": 1 "version": 1
} }
@@ -286,20 +277,11 @@ This restores the data, allowing it to be returned on get requests.
- `versions` `([]int: <required>)` - The versions to undelete. The versions will - `versions` `([]int: <required>)` - The versions to undelete. The versions will
be restored and their data will be returned on normal get requests. be restored and their data will be returned on normal get requests.
- `delete_version_after` (`string:"0s"`) Set the `delete_version_after` value
to a duration to specify the `deletion_time` for the versions being
undeleted. If not set, the metadata's `delete_version_after` will be used. If
the metadata's `delete_version_after` is not set, the backend's `delete_version_after`
will be used. If the value is greater than the metadata's
`delete_version_after`, the metadata's `delete_version_after` will be used. Accepts
[Go duration format string][duration-godoc].
### Sample Payload ### Sample Payload
```json ```json
{ {
"versions": [1, 2], "versions": [1, 2]
"delete_version_after": "25m"
} }
``` ```

82
website/source/docs/secrets/kv/kv-v2.html.md
View File

@@ -246,71 +246,6 @@ allows for writing keys with arbitrary values.
my-value s3cr3t my-value s3cr3t
``` ```
1. Write another version which will be deleted after a specified
duration. The `-delete-version-after` flag can optionally be passed to specify
a duration of time until the version will be deleted. The previous
versions will still be accessible.
```text
$ vault kv put -delete-version-after=2m secret/my-secret my-value=short-lived-s3cr3t
Key Value
--- -----
created_time 2019-06-19T17:23:21.834403Z
deletion_time 2019-06-19T17:25:21.834403Z
destroyed false
version 3
```
1. Reading now will return the newest version of the data and show the
`deletion_time`:
```text
$ vault kv get secret/my-secret
====== Metadata ======
Key Value
--- -----
created_time 2019-06-19T17:23:21.834403Z
deletion_time 2019-06-19T17:25:21.834403Z
destroyed false
version 3
====== Data ======
Key Value
--- -----
my-value short-lived-s3cr3t
```
1. Reading after the `deletion_time` will only return metadata:
```text
$ vault kv get secret/my-secret
====== Metadata ======
Key Value
--- -----
created_time 2019-06-19T17:23:21.834403Z
deletion_time 2019-06-19T17:25:21.834403Z
destroyed false
version 3
```
1. Previous versions not deleted can still be accessed with the `-version` flag:
```text
$ vault kv get -version=2 secret/my-secret
====== Metadata ======
Key Value
--- -----
created_time 2019-06-19T17:22:23.369372Z
deletion_time n/a
destroyed false
version 2
====== Data ======
Key Value
--- -----
my-value new-s3cr3t
```
### Deleting and Destroying Data ### Deleting and Destroying Data
When deleting data the standard `vault kv delete` command will perform a When deleting data the standard `vault kv delete` command will perform a
@@ -338,7 +273,7 @@ See the commands below for more information:
1. Versions can be undeleted: 1. Versions can be undeleted:
```text ```text
$ vault kv undelete -versions=3 secret/my-secret $ vault kv undelete -versions=2 secret/my-secret
Success! Data written to: secret/undelete/my-secret Success! Data written to: secret/undelete/my-secret
$ vault kv get secret/my-secret $ vault kv get secret/my-secret
@@ -348,7 +283,7 @@ See the commands below for more information:
created_time 2019-06-19T17:23:21.834403Z created_time 2019-06-19T17:23:21.834403Z
deletion_time n/a deletion_time n/a
destroyed false destroyed false
version 3 version 2
====== Data ====== ====== Data ======
Key Value Key Value
@@ -359,7 +294,7 @@ See the commands below for more information:
1. Destroying a version permanently deletes the underlying data: 1. Destroying a version permanently deletes the underlying data:
```text ```text
$ vault kv destroy -versions=3 secret/my-secret $ vault kv destroy -versions=2 secret/my-secret
Success! Data written to: secret/destroy/my-secret Success! Data written to: secret/destroy/my-secret
``` ```
@@ -380,11 +315,11 @@ See the commands below for more information:
--- ----- --- -----
cas_required false cas_required false
created_time 2019-06-19T17:20:22.985303Z created_time 2019-06-19T17:20:22.985303Z
current_version 3 current_version 2
delete_version_after 0s delete_version_after 0s
max_versions 0 max_versions 0
oldest_version 0 oldest_version 0
updated_time 2019-06-19T17:23:21.834403Z updated_time 2019-06-19T17:22:23.369372Z
====== Version 1 ====== ====== Version 1 ======
Key Value Key Value
@@ -398,13 +333,6 @@ See the commands below for more information:
--- ----- --- -----
created_time 2019-06-19T17:22:23.369372Z created_time 2019-06-19T17:22:23.369372Z
deletion_time n/a deletion_time n/a
destroyed false
====== Version 3 ======
Key Value
--- -----
created_time 2019-06-19T17:23:21.834403Z
deletion_time n/a
destroyed true destroyed true
``` ```