mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-01 02:57:59 +00:00
adding back -dr-token flag to generate-root command (#3818)
This commit is contained in:
Chris Hoffman
committed by
Jeff Mitchell
Jeff Mitchell
parent
e9d5863a2e
commit
3f97410fe4
@@ -32,6 +32,7 @@ type OperatorGenerateRootCommand struct {
|
|||||||
flagPGPKey string
|
flagPGPKey string
|
||||||
flagNonce string
|
flagNonce string
|
||||||
flagGenerateOTP bool
|
flagGenerateOTP bool
|
||||||
|
flagDRToken bool
|
||||||
|
|
||||||
// Deprecation
|
// Deprecation
|
||||||
// TODO: remove in 0.9.0
|
// TODO: remove in 0.9.0
|
||||||
@@ -135,6 +136,16 @@ func (c *OperatorGenerateRootCommand) Flags() *FlagSets {
|
|||||||
"suitable for use with the \"-init\" flag.",
|
"suitable for use with the \"-init\" flag.",
|
||||||
})
|
})
|
||||||
|
|
||||||
|
f.BoolVar(&BoolVar{
|
||||||
|
Name: "dr-token",
|
||||||
|
Target: &c.flagDRToken,
|
||||||
|
Default: false,
|
||||||
|
EnvVar: "",
|
||||||
|
Completion: complete.PredictNothing,
|
||||||
|
Usage: "Set this flag to do generate root operations on DR Operational " +
|
||||||
|
"tokens.",
|
||||||
|
})
|
||||||
|
|
||||||
f.StringVar(&StringVar{
|
f.StringVar(&StringVar{
|
||||||
Name: "otp",
|
Name: "otp",
|
||||||
Target: &c.flagOTP,
|
Target: &c.flagOTP,
|
||||||
@@ -223,18 +234,18 @@ func (c *OperatorGenerateRootCommand) Run(args []string) int {
|
|||||||
case c.flagDecode != "":
|
case c.flagDecode != "":
|
||||||
return c.decode(c.flagDecode, c.flagOTP)
|
return c.decode(c.flagDecode, c.flagOTP)
|
||||||
case c.flagCancel:
|
case c.flagCancel:
|
||||||
return c.cancel(client)
|
return c.cancel(client, c.flagDRToken)
|
||||||
case c.flagInit:
|
case c.flagInit:
|
||||||
return c.init(client, c.flagOTP, c.flagPGPKey)
|
return c.init(client, c.flagOTP, c.flagPGPKey, c.flagDRToken)
|
||||||
case c.flagStatus:
|
case c.flagStatus:
|
||||||
return c.status(client)
|
return c.status(client, c.flagDRToken)
|
||||||
default:
|
default:
|
||||||
// If there are no other flags, prompt for an unseal key.
|
// If there are no other flags, prompt for an unseal key.
|
||||||
key := ""
|
key := ""
|
||||||
if len(args) > 0 {
|
if len(args) > 0 {
|
||||||
key = strings.TrimSpace(args[0])
|
key = strings.TrimSpace(args[0])
|
||||||
}
|
}
|
||||||
return c.provide(client, key)
|
return c.provide(client, key, c.flagDRToken)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -298,7 +309,7 @@ func (c *OperatorGenerateRootCommand) decode(encoded, otp string) int {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// init is used to start the generation process
|
// init is used to start the generation process
|
||||||
func (c *OperatorGenerateRootCommand) init(client *api.Client, otp string, pgpKey string) int {
|
func (c *OperatorGenerateRootCommand) init(client *api.Client, otp, pgpKey string, drToken bool) int {
|
||||||
// Validate incoming fields. Either OTP OR PGP keys must be supplied.
|
// Validate incoming fields. Either OTP OR PGP keys must be supplied.
|
||||||
switch {
|
switch {
|
||||||
case otp == "" && pgpKey == "":
|
case otp == "" && pgpKey == "":
|
||||||
@@ -317,7 +328,11 @@ func (c *OperatorGenerateRootCommand) init(client *api.Client, otp string, pgpKe
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Start the root generation
|
// Start the root generation
|
||||||
status, err := client.Sys().GenerateRootInit(otp, pgpKey)
|
f := client.Sys().GenerateRootInit
|
||||||
|
if drToken {
|
||||||
|
f = client.Sys().GenerateDROperationTokenInit
|
||||||
|
}
|
||||||
|
status, err := f(otp, pgpKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.UI.Error(fmt.Sprintf("Error initializing root generation: %s", err))
|
c.UI.Error(fmt.Sprintf("Error initializing root generation: %s", err))
|
||||||
return 2
|
return 2
|
||||||
@@ -327,8 +342,12 @@ func (c *OperatorGenerateRootCommand) init(client *api.Client, otp string, pgpKe
|
|||||||
|
|
||||||
// provide prompts the user for the seal key and posts it to the update root
|
// provide prompts the user for the seal key and posts it to the update root
|
||||||
// endpoint. If this is the last unseal, this function outputs it.
|
// endpoint. If this is the last unseal, this function outputs it.
|
||||||
func (c *OperatorGenerateRootCommand) provide(client *api.Client, key string) int {
|
func (c *OperatorGenerateRootCommand) provide(client *api.Client, key string, drToken bool) int {
|
||||||
status, err := client.Sys().GenerateRootStatus()
|
f := client.Sys().GenerateRootStatus
|
||||||
|
if drToken {
|
||||||
|
f = client.Sys().GenerateDROperationTokenStatus
|
||||||
|
}
|
||||||
|
status, err := f()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.UI.Error(fmt.Sprintf("Error getting root generation status: %s", err))
|
c.UI.Error(fmt.Sprintf("Error getting root generation status: %s", err))
|
||||||
return 2
|
return 2
|
||||||
@@ -400,7 +419,11 @@ func (c *OperatorGenerateRootCommand) provide(client *api.Client, key string) in
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Provide the key, this may potentially complete the update
|
// Provide the key, this may potentially complete the update
|
||||||
status, err = client.Sys().GenerateRootUpdate(key, nonce)
|
fUpd := client.Sys().GenerateRootUpdate
|
||||||
|
if drToken {
|
||||||
|
fUpd = client.Sys().GenerateDROperationTokenUpdate
|
||||||
|
}
|
||||||
|
status, err = fUpd(key, nonce)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.UI.Error(fmt.Sprintf("Error posting unseal key: %s", err))
|
c.UI.Error(fmt.Sprintf("Error posting unseal key: %s", err))
|
||||||
return 2
|
return 2
|
||||||
@@ -409,8 +432,12 @@ func (c *OperatorGenerateRootCommand) provide(client *api.Client, key string) in
|
|||||||
}
|
}
|
||||||
|
|
||||||
// cancel cancels the root token generation
|
// cancel cancels the root token generation
|
||||||
func (c *OperatorGenerateRootCommand) cancel(client *api.Client) int {
|
func (c *OperatorGenerateRootCommand) cancel(client *api.Client, drToken bool) int {
|
||||||
if err := client.Sys().GenerateRootCancel(); err != nil {
|
f := client.Sys().GenerateRootCancel
|
||||||
|
if drToken {
|
||||||
|
f = client.Sys().GenerateDROperationTokenCancel
|
||||||
|
}
|
||||||
|
if err := f(); err != nil {
|
||||||
c.UI.Error(fmt.Sprintf("Error canceling root token generation: %s", err))
|
c.UI.Error(fmt.Sprintf("Error canceling root token generation: %s", err))
|
||||||
return 2
|
return 2
|
||||||
}
|
}
|
||||||
@@ -419,8 +446,12 @@ func (c *OperatorGenerateRootCommand) cancel(client *api.Client) int {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// status is used just to fetch and dump the status
|
// status is used just to fetch and dump the status
|
||||||
func (c *OperatorGenerateRootCommand) status(client *api.Client) int {
|
func (c *OperatorGenerateRootCommand) status(client *api.Client, drToken bool) int {
|
||||||
status, err := client.Sys().GenerateRootStatus()
|
f := client.Sys().GenerateRootStatus
|
||||||
|
if drToken {
|
||||||
|
f = client.Sys().GenerateDROperationTokenStatus
|
||||||
|
}
|
||||||
|
status, err := f()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.UI.Error(fmt.Sprintf("Error getting root generation status: %s", err))
|
c.UI.Error(fmt.Sprintf("Error getting root generation status: %s", err))
|
||||||
return 2
|
return 2
|
||||||
|
|||||||
Reference in New Issue
Block a user