mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-01 02:57:59 +00:00
adding back -dr-token flag to generate-root command (#3818)
This commit is contained in:
Chris Hoffman
committed by
Jeff Mitchell
Jeff Mitchell
parent
e9d5863a2e
commit
3f97410fe4
@@ -32,6 +32,7 @@ type OperatorGenerateRootCommand struct {
|
||||
flagPGPKey string
|
||||
flagNonce string
|
||||
flagGenerateOTP bool
|
||||
flagDRToken bool
|
||||
|
||||
// Deprecation
|
||||
// TODO: remove in 0.9.0
|
||||
@@ -135,6 +136,16 @@ func (c *OperatorGenerateRootCommand) Flags() *FlagSets {
|
||||
"suitable for use with the \"-init\" flag.",
|
||||
})
|
||||
|
||||
f.BoolVar(&BoolVar{
|
||||
Name: "dr-token",
|
||||
Target: &c.flagDRToken,
|
||||
Default: false,
|
||||
EnvVar: "",
|
||||
Completion: complete.PredictNothing,
|
||||
Usage: "Set this flag to do generate root operations on DR Operational " +
|
||||
"tokens.",
|
||||
})
|
||||
|
||||
f.StringVar(&StringVar{
|
||||
Name: "otp",
|
||||
Target: &c.flagOTP,
|
||||
@@ -223,18 +234,18 @@ func (c *OperatorGenerateRootCommand) Run(args []string) int {
|
||||
case c.flagDecode != "":
|
||||
return c.decode(c.flagDecode, c.flagOTP)
|
||||
case c.flagCancel:
|
||||
return c.cancel(client)
|
||||
return c.cancel(client, c.flagDRToken)
|
||||
case c.flagInit:
|
||||
return c.init(client, c.flagOTP, c.flagPGPKey)
|
||||
return c.init(client, c.flagOTP, c.flagPGPKey, c.flagDRToken)
|
||||
case c.flagStatus:
|
||||
return c.status(client)
|
||||
return c.status(client, c.flagDRToken)
|
||||
default:
|
||||
// If there are no other flags, prompt for an unseal key.
|
||||
key := ""
|
||||
if len(args) > 0 {
|
||||
key = strings.TrimSpace(args[0])
|
||||
}
|
||||
return c.provide(client, key)
|
||||
return c.provide(client, key, c.flagDRToken)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -298,7 +309,7 @@ func (c *OperatorGenerateRootCommand) decode(encoded, otp string) int {
|
||||
}
|
||||
|
||||
// init is used to start the generation process
|
||||
func (c *OperatorGenerateRootCommand) init(client *api.Client, otp string, pgpKey string) int {
|
||||
func (c *OperatorGenerateRootCommand) init(client *api.Client, otp, pgpKey string, drToken bool) int {
|
||||
// Validate incoming fields. Either OTP OR PGP keys must be supplied.
|
||||
switch {
|
||||
case otp == "" && pgpKey == "":
|
||||
@@ -317,7 +328,11 @@ func (c *OperatorGenerateRootCommand) init(client *api.Client, otp string, pgpKe
|
||||
}
|
||||
|
||||
// Start the root generation
|
||||
status, err := client.Sys().GenerateRootInit(otp, pgpKey)
|
||||
f := client.Sys().GenerateRootInit
|
||||
if drToken {
|
||||
f = client.Sys().GenerateDROperationTokenInit
|
||||
}
|
||||
status, err := f(otp, pgpKey)
|
||||
if err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Error initializing root generation: %s", err))
|
||||
return 2
|
||||
@@ -327,8 +342,12 @@ func (c *OperatorGenerateRootCommand) init(client *api.Client, otp string, pgpKe
|
||||
|
||||
// provide prompts the user for the seal key and posts it to the update root
|
||||
// endpoint. If this is the last unseal, this function outputs it.
|
||||
func (c *OperatorGenerateRootCommand) provide(client *api.Client, key string) int {
|
||||
status, err := client.Sys().GenerateRootStatus()
|
||||
func (c *OperatorGenerateRootCommand) provide(client *api.Client, key string, drToken bool) int {
|
||||
f := client.Sys().GenerateRootStatus
|
||||
if drToken {
|
||||
f = client.Sys().GenerateDROperationTokenStatus
|
||||
}
|
||||
status, err := f()
|
||||
if err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Error getting root generation status: %s", err))
|
||||
return 2
|
||||
@@ -400,7 +419,11 @@ func (c *OperatorGenerateRootCommand) provide(client *api.Client, key string) in
|
||||
}
|
||||
|
||||
// Provide the key, this may potentially complete the update
|
||||
status, err = client.Sys().GenerateRootUpdate(key, nonce)
|
||||
fUpd := client.Sys().GenerateRootUpdate
|
||||
if drToken {
|
||||
fUpd = client.Sys().GenerateDROperationTokenUpdate
|
||||
}
|
||||
status, err = fUpd(key, nonce)
|
||||
if err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Error posting unseal key: %s", err))
|
||||
return 2
|
||||
@@ -409,8 +432,12 @@ func (c *OperatorGenerateRootCommand) provide(client *api.Client, key string) in
|
||||
}
|
||||
|
||||
// cancel cancels the root token generation
|
||||
func (c *OperatorGenerateRootCommand) cancel(client *api.Client) int {
|
||||
if err := client.Sys().GenerateRootCancel(); err != nil {
|
||||
func (c *OperatorGenerateRootCommand) cancel(client *api.Client, drToken bool) int {
|
||||
f := client.Sys().GenerateRootCancel
|
||||
if drToken {
|
||||
f = client.Sys().GenerateDROperationTokenCancel
|
||||
}
|
||||
if err := f(); err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Error canceling root token generation: %s", err))
|
||||
return 2
|
||||
}
|
||||
@@ -419,8 +446,12 @@ func (c *OperatorGenerateRootCommand) cancel(client *api.Client) int {
|
||||
}
|
||||
|
||||
// status is used just to fetch and dump the status
|
||||
func (c *OperatorGenerateRootCommand) status(client *api.Client) int {
|
||||
status, err := client.Sys().GenerateRootStatus()
|
||||
func (c *OperatorGenerateRootCommand) status(client *api.Client, drToken bool) int {
|
||||
f := client.Sys().GenerateRootStatus
|
||||
if drToken {
|
||||
f = client.Sys().GenerateDROperationTokenStatus
|
||||
}
|
||||
status, err := f()
|
||||
if err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Error getting root generation status: %s", err))
|
||||
return 2
|
||||
|
||||
Reference in New Issue
Block a user