mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-31 18:48:08 +00:00
command/path-help: rename command, better error if sealed. Fixes #234
This commit is contained in:
Armon Dadgar
88
command/path_help.go
Normal file
88
command/path_help.go
Normal file
@@ -0,0 +1,88 @@
|
||||
package command
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// PathHelpCommand is a Command that lists the mounts.
|
||||
type PathHelpCommand struct {
|
||||
Meta
|
||||
}
|
||||
|
||||
func (c *PathHelpCommand) Run(args []string) int {
|
||||
flags := c.Meta.FlagSet("help", FlagSetDefault)
|
||||
flags.Usage = func() { c.Ui.Error(c.Help()) }
|
||||
if err := flags.Parse(args); err != nil {
|
||||
return 1
|
||||
}
|
||||
|
||||
args = flags.Args()
|
||||
if len(args) != 1 {
|
||||
flags.Usage()
|
||||
c.Ui.Error("\nhelp expects a single argument")
|
||||
return 1
|
||||
}
|
||||
|
||||
path := args[0]
|
||||
|
||||
client, err := c.Client()
|
||||
if err != nil {
|
||||
c.Ui.Error(fmt.Sprintf(
|
||||
"Error initializing client: %s", err))
|
||||
return 2
|
||||
}
|
||||
|
||||
help, err := client.Help(path)
|
||||
if err != nil {
|
||||
if strings.Contains(err.Error(), "Vault is sealed") {
|
||||
c.Ui.Error(`Error: Vault is sealed.
|
||||
|
||||
The path-help command requires the Vault to be unsealed so that
|
||||
mount points of secret backends are known.`)
|
||||
} else {
|
||||
c.Ui.Error(fmt.Sprintf(
|
||||
"Error reading help: %s", err))
|
||||
}
|
||||
return 1
|
||||
}
|
||||
|
||||
c.Ui.Output(help.Help)
|
||||
return 0
|
||||
}
|
||||
|
||||
func (c *PathHelpCommand) Synopsis() string {
|
||||
return "Look up the help for a path"
|
||||
}
|
||||
|
||||
func (c *PathHelpCommand) Help() string {
|
||||
helpText := `
|
||||
Usage: vault path-help [options] path
|
||||
|
||||
Look up the help for a path.
|
||||
|
||||
All endpoints in Vault from system paths, secret paths, and credential
|
||||
providers provide built-in help. This command looks up and outputs that
|
||||
help.
|
||||
|
||||
The command requires that the Vault be unsealed, because otherwise
|
||||
the mount points of the backends are unknown.
|
||||
|
||||
General Options:
|
||||
|
||||
-address=addr The address of the Vault server.
|
||||
|
||||
-ca-cert=path Path to a PEM encoded CA cert file to use to
|
||||
verify the Vault server SSL certificate.
|
||||
|
||||
-ca-path=path Path to a directory of PEM encoded CA cert files
|
||||
to verify the Vault server SSL certificate. If both
|
||||
-ca-cert and -ca-path are specified, -ca-path is used.
|
||||
|
||||
-tls-skip-verify Do not verify TLS certificate. This is highly
|
||||
not recommended. This is especially not recommended
|
||||
for unsealing a vault.
|
||||
|
||||
`
|
||||
return strings.TrimSpace(helpText)
|
||||
}
|
||||
Reference in New Issue
Block a user