Remove deprecated CLI commands (#6112)

command/auth.go

@@ -1,9 +1,6 @@
 package command
 
 import (
-	"flag"
-	"io"
-	"io/ioutil"
 	"strings"
 
 	"github.com/mitchellh/cli"
@@ -13,10 +10,6 @@ var _ cli.Command = (*AuthCommand)(nil)
 
 type AuthCommand struct {
 	*BaseCommand
-
-	Handlers map[string]LoginHandler
-
-	testStdin io.Reader // for tests
 }
 
 func (c *AuthCommand) Synopsis() string {
@@ -52,77 +45,5 @@ Usage: vault auth <subcommand> [options] [args]
 }
 
 func (c *AuthCommand) Run(args []string) int {
-	// If we entered the run method, none of the subcommands picked up. This
+	return cli.RunResultHelp
-	// means the user is still trying to use auth as "vault auth TOKEN" or
-	// similar, so direct them to vault login instead.
-	//
-	// This run command is a bit messy to maintain BC for a bit. In the future,
-	// it will just be a tiny function, but for now we have to maintain bc.
-	//
-	// Deprecation
-	// TODO: remove in 0.9.0
-
-	if len(args) == 0 {
-		return cli.RunResultHelp
-	}
-
-	// Parse the args for our deprecations and defer to the proper areas.
-	for _, arg := range args {
-		switch {
-		case strings.HasPrefix(arg, "-methods"):
-			if Format(c.UI) == "table" {
-				c.UI.Warn(wrapAtLength(
-					"WARNING! The -methods flag is deprecated. Please use "+
-						"\"vault auth list\" instead. This flag will be removed in "+
-						"Vault 1.1.") + "\n")
-			}
-			return (&AuthListCommand{
-				BaseCommand: &BaseCommand{
-					UI:     c.UI,
-					client: c.client,
-				},
-			}).Run(nil)
-		case strings.HasPrefix(arg, "-method-help"):
-			if Format(c.UI) == "table" {
-				c.UI.Warn(wrapAtLength(
-					"WARNING! The -method-help flag is deprecated. Please use "+
-						"\"vault auth help\" instead. This flag will be removed in "+
-						"Vault 1.1.") + "\n")
-			}
-			// Parse the args to pull out the method, suppressing any errors because
-			// there could be other flags that we don't care about.
-			f := flag.NewFlagSet("", flag.ContinueOnError)
-			f.Usage = func() {}
-			f.SetOutput(ioutil.Discard)
-			flagMethod := f.String("method", "", "")
-			f.Parse(args)
-
-			return (&AuthHelpCommand{
-				BaseCommand: &BaseCommand{
-					UI:     c.UI,
-					client: c.client,
-				},
-				Handlers: c.Handlers,
-			}).Run([]string{*flagMethod})
-		}
-	}
-
-	// If we got this far, we have an arg or a series of args that should be
-	// passed directly to the new "vault login" command.
-	if Format(c.UI) == "table" {
-		c.UI.Warn(wrapAtLength(
-			"WARNING! The \"vault auth ARG\" command is deprecated and is now a "+
-				"subcommand for interacting with auth methods. To authenticate "+
-				"locally to Vault, use \"vault login\" instead. This backwards "+
-				"compatibility will be removed in Vault 1.1.") + "\n")
-	}
-	return (&LoginCommand{
-		BaseCommand: &BaseCommand{
-			UI:          c.UI,
-			client:      c.client,
-			tokenHelper: c.tokenHelper,
-			flagAddress: c.flagAddress,
-		},
-		Handlers: c.Handlers,
-	}).Run(args)
 }

command/auth_test.go

@@ -1,13 +1,10 @@
 package command
 
 import (
-	"strings"
 	"testing"
 
 	"github.com/mitchellh/cli"
 
-	credToken "github.com/hashicorp/vault/builtin/credential/token"
-	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
 	"github.com/hashicorp/vault/command/token"
 )
 
@@ -22,110 +19,12 @@ func testAuthCommand(tb testing.TB) (*cli.MockUi, *AuthCommand) {
 			// Override to our own token helper
 			tokenHelper: token.NewTestingTokenHelper(),
 		},
-		Handlers: map[string]LoginHandler{
-			"token":    &credToken.CLIHandler{},
-			"userpass": &credUserpass.CLIHandler{},
-		},
 	}
 }
 
 func TestAuthCommand_Run(t *testing.T) {
 	t.Parallel()
 
-	// TODO: remove in 0.9.0
-	t.Run("deprecated_methods", func(t *testing.T) {
-		t.Parallel()
-
-		client, closer := testVaultServer(t)
-		defer closer()
-
-		ui, cmd := testAuthCommand(t)
-		cmd.client = client
-
-		// vault auth -methods -> vault auth list
-		code := cmd.Run([]string{"-methods"})
-		if exp := 0; code != exp {
-			t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
-		}
-		stdout, stderr := ui.OutputWriter.String(), ui.ErrorWriter.String()
-
-		if expected := "WARNING!"; !strings.Contains(stderr, expected) {
-			t.Errorf("expected %q to contain %q", stderr, expected)
-		}
-
-		if expected := "token/"; !strings.Contains(stdout, expected) {
-			t.Errorf("expected %q to contain %q", stdout, expected)
-		}
-	})
-
-	t.Run("deprecated_method_help", func(t *testing.T) {
-		t.Parallel()
-
-		client, closer := testVaultServer(t)
-		defer closer()
-
-		ui, cmd := testAuthCommand(t)
-		cmd.client = client
-
-		// vault auth -method=foo -method-help -> vault auth help foo
-		code := cmd.Run([]string{
-			"-method=userpass",
-			"-method-help",
-		})
-		if exp := 0; code != exp {
-			t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
-		}
-		stdout, stderr := ui.OutputWriter.String(), ui.ErrorWriter.String()
-
-		if expected := "WARNING!"; !strings.Contains(stderr, expected) {
-			t.Errorf("expected %q to contain %q", stderr, expected)
-		}
-
-		if expected := "vault login"; !strings.Contains(stdout, expected) {
-			t.Errorf("expected %q to contain %q", stdout, expected)
-		}
-	})
-
-	t.Run("deprecated_login", func(t *testing.T) {
-		t.Parallel()
-
-		client, closer := testVaultServer(t)
-		defer closer()
-
-		if err := client.Sys().EnableAuth("my-auth", "userpass", ""); err != nil {
-			t.Fatal(err)
-		}
-		if _, err := client.Logical().Write("auth/my-auth/users/test", map[string]interface{}{
-			"password": "test",
-			"policies": "default",
-		}); err != nil {
-			t.Fatal(err)
-		}
-
-		ui, cmd := testAuthCommand(t)
-		cmd.client = client
-
-		// vault auth ARGS -> vault login ARGS
-		code := cmd.Run([]string{
-			"-method", "userpass",
-			"-path", "my-auth",
-			"username=test",
-			"password=test",
-		})
-		if exp := 0; code != exp {
-			t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
-		}
-		stdout, stderr := ui.OutputWriter.String(), ui.ErrorWriter.String()
-
-		if expected := "WARNING!"; !strings.Contains(stderr, expected) {
-			t.Errorf("expected %q to contain %q", stderr, expected)
-		}
-
-		if expected := "Success! You are now authenticated."; !strings.Contains(stdout, expected) {
-			t.Errorf("expected %q to contain %q", stdout, expected)
-		}
-	})
-
 	t.Run("no_tabs", func(t *testing.T) {
 		t.Parallel()
 

command/commands.go

@@ -1,7 +1,6 @@
 package command
 
 import (
-	"fmt"
 	"os"
 	"os/signal"
 	"syscall"
@@ -131,43 +130,8 @@ var (
 	}
 )
 
-// DeprecatedCommand is a command that wraps an existing command and prints a
-// deprecation notice and points the user to the new command. Deprecated
-// commands are always hidden from help output.
-type DeprecatedCommand struct {
-	cli.Command
-	UI cli.Ui
-
-	// Old is the old command name, New is the new command name.
-	Old, New string
-}
-
-// Help wraps the embedded Help command and prints a warning about deprecations.
-func (c *DeprecatedCommand) Help() string {
-	c.warn()
-	return c.Command.Help()
-}
-
-// Run wraps the embedded Run command and prints a warning about deprecation.
-func (c *DeprecatedCommand) Run(args []string) int {
-	if Format(c.UI) == "table" {
-		c.warn()
-	}
-	return c.Command.Run(args)
-}
-
-func (c *DeprecatedCommand) warn() {
-	c.UI.Warn(wrapAtLength(fmt.Sprintf(
-		"WARNING! The \"vault %s\" command is deprecated. Please use \"vault %s\" "+
-			"instead. This command will be removed in Vault 1.1.",
-		c.Old,
-		c.New)))
-	c.UI.Warn("")
-}
-
 // Commands is the mapping of all the available commands.
 var Commands map[string]cli.CommandFactory
-var DeprecatedCommands map[string]cli.CommandFactory
 
 func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) {
 	loginHandlers := map[string]LoginHandler{
@@ -235,7 +199,6 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) {
 		"auth": func() (cli.Command, error) {
 			return &AuthCommand{
 				BaseCommand: getBaseCommand(),
-				Handlers:    loginHandlers,
 			}, nil
 		},
 		"auth disable": func() (cli.Command, error) {
@@ -614,328 +577,6 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) {
 			}, nil
 		},
 	}
-
-	// Deprecated commands
-	//
-	// TODO: Remove not before 0.11.0
-	DeprecatedCommands = map[string]cli.CommandFactory{
-		"audit-disable": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "audit-disable",
-				New: "audit disable",
-				UI:  ui,
-				Command: &AuditDisableCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"audit-enable": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "audit-enable",
-				New: "audit enable",
-				UI:  ui,
-				Command: &AuditEnableCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"audit-list": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "audit-list",
-				New: "audit list",
-				UI:  ui,
-				Command: &AuditListCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"auth-disable": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "auth-disable",
-				New: "auth disable",
-				UI:  ui,
-				Command: &AuthDisableCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"auth-enable": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "auth-enable",
-				New: "auth enable",
-				UI:  ui,
-				Command: &AuthEnableCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"capabilities": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "capabilities",
-				New: "token capabilities",
-				UI:  ui,
-				Command: &TokenCapabilitiesCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"generate-root": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "generate-root",
-				New: "operator generate-root",
-				UI:  ui,
-				Command: &OperatorGenerateRootCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"init": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "init",
-				New: "operator init",
-				UI:  ui,
-				Command: &OperatorInitCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"key-status": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "key-status",
-				New: "operator key-status",
-				UI:  ui,
-				Command: &OperatorKeyStatusCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"renew": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "renew",
-				New: "lease renew",
-				UI:  ui,
-				Command: &LeaseRenewCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"revoke": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "revoke",
-				New: "lease revoke",
-				UI:  ui,
-				Command: &LeaseRevokeCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"mount": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "mount",
-				New: "secrets enable",
-				UI:  ui,
-				Command: &SecretsEnableCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"mount-tune": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "mount-tune",
-				New: "secrets tune",
-				UI:  ui,
-				Command: &SecretsTuneCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"mounts": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "mounts",
-				New: "secrets list",
-				UI:  ui,
-				Command: &SecretsListCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"policies": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "policies",
-				New: "policy read\" or \"vault policy list", // lol
-				UI:  ui,
-				Command: &PoliciesDeprecatedCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"policy-delete": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "policy-delete",
-				New: "policy delete",
-				UI:  ui,
-				Command: &PolicyDeleteCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"policy-write": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "policy-write",
-				New: "policy write",
-				UI:  ui,
-				Command: &PolicyWriteCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"rekey": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "rekey",
-				New: "operator rekey",
-				UI:  ui,
-				Command: &OperatorRekeyCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"remount": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "remount",
-				New: "secrets move",
-				UI:  ui,
-				Command: &SecretsMoveCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"rotate": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "rotate",
-				New: "operator rotate",
-				UI:  ui,
-				Command: &OperatorRotateCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"seal": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "seal",
-				New: "operator seal",
-				UI:  ui,
-				Command: &OperatorSealCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"step-down": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "step-down",
-				New: "operator step-down",
-				UI:  ui,
-				Command: &OperatorStepDownCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"token-create": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "token-create",
-				New: "token create",
-				UI:  ui,
-				Command: &TokenCreateCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"token-lookup": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "token-lookup",
-				New: "token lookup",
-				UI:  ui,
-				Command: &TokenLookupCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"token-renew": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "token-renew",
-				New: "token renew",
-				UI:  ui,
-				Command: &TokenRenewCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"token-revoke": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "token-revoke",
-				New: "token revoke",
-				UI:  ui,
-				Command: &TokenRevokeCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"unmount": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "unmount",
-				New: "secrets disable",
-				UI:  ui,
-				Command: &SecretsDisableCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-
-		"unseal": func() (cli.Command, error) {
-			return &DeprecatedCommand{
-				Old: "unseal",
-				New: "operator unseal",
-				UI:  ui,
-				Command: &OperatorUnsealCommand{
-					BaseCommand: getBaseCommand(),
-				},
-			}, nil
-		},
-	}
-
-	// Add deprecated commands back to the main commands so they parse.
-	for k, v := range DeprecatedCommands {
-		if _, ok := Commands[k]; ok {
-			// Can't deprecate an existing command...
-			panic(fmt.Sprintf("command %q defined as deprecated and not at the same time!", k))
-		}
-		Commands[k] = v
-	}
 }
 
 // MakeShutdownCh returns a channel that can be used for shutdown

command/login.go

@@ -28,10 +28,6 @@ type LoginCommand struct {
 	flagNoPrint   bool
 	flagTokenOnly bool
 
-	// Deprecations
-	// TODO: remove in 0.9.0
-	flagNoVerify bool
-
 	testStdin io.Reader // for tests
 }
 
@@ -132,16 +128,6 @@ func (c *LoginCommand) Flags() *FlagSets {
 			"values will have no affect.",
 	})
 
-	// Deprecations
-	// TODO: remove in 0.9.0
-	f.BoolVar(&BoolVar{
-		Name:    "no-verify",
-		Target:  &c.flagNoVerify,
-		Hidden:  true,
-		Default: false,
-		Usage:   "",
-	})
-
 	return set
 }
 
@@ -163,39 +149,6 @@ func (c *LoginCommand) Run(args []string) int {
 
 	args = f.Args()
 
-	// Deprecations
-	// TODO: remove in 0.10.0
-	switch {
-	case c.flagNoVerify:
-		if Format(c.UI) == "table" {
-			c.UI.Warn(wrapAtLength(
-				"WARNING! The -no-verify flag is deprecated. In the past, Vault " +
-					"performed a lookup on a token after authentication. This is no " +
-					"longer the case for all auth methods except \"token\". Vault will " +
-					"still attempt to perform a lookup when given a token directly " +
-					"because that is how it gets the list of policies, ttl, and other " +
-					"metadata. To disable this lookup, specify \"lookup=false\" as a " +
-					"configuration option to the token auth method, like this:"))
-			c.UI.Warn("")
-			c.UI.Warn("    $ vault auth token=ABCD lookup=false")
-			c.UI.Warn("")
-			c.UI.Warn("Or omit the token and Vault will prompt for it:")
-			c.UI.Warn("")
-			c.UI.Warn("    $ vault auth lookup=false")
-			c.UI.Warn("    Token (will be hidden): ...")
-			c.UI.Warn("")
-			c.UI.Warn(wrapAtLength(
-				"If you are not using token authentication, you can safely omit this " +
-					"flag. Vault will not perform a lookup after authentication."))
-			c.UI.Warn("")
-		}
-
-		// There's no point in passing this to other auth handlers...
-		if c.flagMethod == "token" {
-			args = append(args, "lookup=false")
-		}
-	}
-
 	// Set the right flags if the user requested token-only - this overrides
 	// any previously configured values, as documented.
 	if c.flagTokenOnly {

command/login_test.go

@@ -443,51 +443,6 @@ func TestLoginCommand_Run(t *testing.T) {
 		}
 	})
 
-	// Deprecations
-	// TODO: remove in 0.9.0
-	t.Run("deprecated_no_verify", func(t *testing.T) {
-		t.Parallel()
-
-		client, closer := testVaultServer(t)
-		defer closer()
-
-		secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
-			Policies: []string{"default"},
-			TTL:      "30m",
-			NumUses:  1,
-		})
-		if err != nil {
-			t.Fatal(err)
-		}
-		token := secret.Auth.ClientToken
-
-		_, cmd := testLoginCommand(t)
-		cmd.client = client
-
-		code := cmd.Run([]string{
-			"-no-verify",
-			token,
-		})
-		if exp := 0; code != exp {
-			t.Errorf("expected %d to be %d", code, exp)
-		}
-
-		lookup, err := client.Auth().Token().Lookup(token)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		// There was 1 use to start, make sure we didn't use it (verifying would
-		// use it).
-		uses, err := lookup.TokenRemainingUses()
-		if err != nil {
-			t.Fatal(err)
-		}
-		if uses != 1 {
-			t.Errorf("expected %d to be %d", uses, 1)
-		}
-	})
-
 	t.Run("no_tabs", func(t *testing.T) {
 		t.Parallel()
 

command/main.go

@@ -159,12 +159,7 @@ func RunCustom(args []string, runOpts *RunOptions) int {
 
 	initCommands(ui, serverCmdUi, runOpts)
 
-	// Calculate hidden commands from the deprecated ones
+	hiddenCommands := []string{"version"}
-	hiddenCommands := make([]string, 0, len(DeprecatedCommands)+1)
-	for k := range DeprecatedCommands {
-		hiddenCommands = append(hiddenCommands, k)
-	}
-	hiddenCommands = append(hiddenCommands, "version")
 
 	cli := &cli.CLI{
 		Name:     "vault",

command/operator_generate_root.go

@@ -36,10 +36,6 @@ type OperatorGenerateRootCommand struct {
 	flagGenerateOTP bool
 	flagDRToken     bool
 
-	// Deprecation
-	// TODO: remove in 0.9.0
-	flagGenOTP bool
-
 	testStdin io.Reader // for tests
 }
 
@@ -179,15 +175,6 @@ func (c *OperatorGenerateRootCommand) Flags() *FlagSets {
 			"must be provided with each unseal key.",
 	})
 
-	// Deprecations: prefer longer-form, descriptive flags
-	// TODO: remove in 0.9.0
-	f.BoolVar(&BoolVar{
-		Name:    "genotp", // -generate-otp
-		Target:  &c.flagGenOTP,
-		Default: false,
-		Hidden:  true,
-	})
-
 	return set
 }
 
@@ -213,18 +200,6 @@ func (c *OperatorGenerateRootCommand) Run(args []string) int {
 		return 1
 	}
 
-	// Deprecations
-	// TODO: remove in 0.9.0
-	switch {
-	case c.flagGenOTP:
-		if Format(c.UI) == "table" {
-			c.UI.Warn(wrapAtLength(
-				"WARNING! The -gen-otp flag is deprecated. Please use the -generate-otp flag " +
-					"instead."))
-		}
-		c.flagGenerateOTP = c.flagGenOTP
-	}
-
 	client, err := c.Client()
 	if err != nil {
 		c.UI.Error(err.Error())

command/operator_init.go

@@ -27,7 +27,6 @@ type OperatorInitCommand struct {
 	flagRootTokenPGPKey string
 
 	// HSM
-	flagStoredShares      int
 	flagRecoveryShares    int
 	flagRecoveryThreshold int
 	flagRecoveryPGPKeys   []string
@@ -35,11 +34,6 @@ type OperatorInitCommand struct {
 	// Consul
 	flagConsulAuto    bool
 	flagConsulService string
-
-	// Deprecations
-	// TODO: remove in 0.9.0
-	flagAuto  bool
-	flagCheck bool
 }
 
 func (c *OperatorInitCommand) Synopsis() string {
@@ -196,32 +190,6 @@ func (c *OperatorInitCommand) Flags() *FlagSets {
 			"is only used in HSM mode.",
 	})
 
-	// Deprecations
-	// TODO: remove in 0.9.0
-	f.BoolVar(&BoolVar{
-		Name:    "check", // prefer -status
-		Target:  &c.flagCheck,
-		Default: false,
-		Hidden:  true,
-		Usage:   "",
-	})
-	f.BoolVar(&BoolVar{
-		Name:    "auto", // prefer -consul-auto
-		Target:  &c.flagAuto,
-		Default: false,
-		Hidden:  true,
-		Usage:   "",
-	})
-
-	// Kept to keep scripts passing the flag working, but not used
-	f.IntVar(&IntVar{
-		Name:    "stored-shares",
-		Target:  &c.flagStoredShares,
-		Default: 0,
-		Hidden:  true,
-		Usage:   "",
-	})
-
 	return set
 }
 
@@ -241,23 +209,6 @@ func (c *OperatorInitCommand) Run(args []string) int {
 		return 1
 	}
 
-	// Deprecations
-	// TODO: remove in 0.9.0
-	if c.flagAuto {
-		if Format(c.UI) == "table" {
-			c.UI.Warn(wrapAtLength("WARNING! -auto is deprecated. Please use " +
-				"-consul-auto instead. This will be removed in Vault 1.1."))
-		}
-		c.flagConsulAuto = true
-	}
-	if c.flagCheck {
-		if Format(c.UI) == "table" {
-			c.UI.Warn(wrapAtLength("WARNING! -check is deprecated. Please use " +
-				"-status instead. This will be removed in Vault 1.1."))
-		}
-		c.flagStatus = true
-	}
-
 	args = f.Args()
 	if len(args) > 0 {
 		c.UI.Error(fmt.Sprintf("Too many arguments (expected 0, got %d)", len(args)))
@@ -271,7 +222,6 @@ func (c *OperatorInitCommand) Run(args []string) int {
 		PGPKeys:         c.flagPGPKeys,
 		RootTokenPGPKey: c.flagRootTokenPGPKey,
 
-		StoredShares:      c.flagStoredShares,
 		RecoveryShares:    c.flagRecoveryShares,
 		RecoveryThreshold: c.flagRecoveryThreshold,
 		RecoveryPGPKeys:   c.flagRecoveryPGPKeys,

command/operator_rekey.go

@@ -36,13 +36,6 @@ type OperatorRekeyCommand struct {
 	flagBackupDelete   bool
 	flagBackupRetrieve bool
 
-	// Deprecations
-	// TODO: remove in 0.9.0
-	flagDelete       bool
-	flagRecoveryKey  bool
-	flagRetrieve     bool
-	flagStoredShares int
-
 	testStdin io.Reader // for tests
 }
 
@@ -216,41 +209,6 @@ func (c *OperatorRekeyCommand) Flags() *FlagSets {
 			"if the PGP keys were provided and the backup has not been deleted.",
 	})
 
-	// Deprecations
-	// TODO: remove in 0.9.0
-	f.BoolVar(&BoolVar{
-		Name:    "delete", // prefer -backup-delete
-		Target:  &c.flagDelete,
-		Default: false,
-		Hidden:  true,
-		Usage:   "",
-	})
-
-	f.BoolVar(&BoolVar{
-		Name:    "retrieve", // prefer -backup-retrieve
-		Target:  &c.flagRetrieve,
-		Default: false,
-		Hidden:  true,
-		Usage:   "",
-	})
-
-	f.BoolVar(&BoolVar{
-		Name:    "recovery-key", // prefer -target=recovery
-		Target:  &c.flagRecoveryKey,
-		Default: false,
-		Hidden:  true,
-		Usage:   "",
-	})
-
-	// Kept to keep scripts passing the flag working, but not used
-	f.IntVar(&IntVar{
-		Name:    "stored-shares",
-		Target:  &c.flagStoredShares,
-		Default: 0,
-		Hidden:  true,
-		Usage:   "",
-	})
-
 	return set
 }
 
@@ -276,33 +234,6 @@ func (c *OperatorRekeyCommand) Run(args []string) int {
 		return 1
 	}
 
-	// Deprecations
-	// TODO: remove in 0.9.0
-	if c.flagDelete {
-		if Format(c.UI) == "table" {
-			c.UI.Warn(wrapAtLength(
-				"WARNING! The -delete flag is deprecated. Please use -backup-delete " +
-					"instead. This flag will be removed in Vault 1.1."))
-		}
-		c.flagBackupDelete = true
-	}
-	if c.flagRetrieve {
-		if Format(c.UI) == "table" {
-			c.UI.Warn(wrapAtLength(
-				"WARNING! The -retrieve flag is deprecated. Please use -backup-retrieve " +
-					"instead. This flag will be removed in Vault 1.1."))
-		}
-		c.flagBackupRetrieve = true
-	}
-	if c.flagRecoveryKey {
-		if Format(c.UI) == "table" {
-			c.UI.Warn(wrapAtLength(
-				"WARNING! The -recovery-key flag is deprecated. Please use -target=recovery " +
-					"instead. This flag will be removed in Vault 1.1."))
-		}
-		c.flagTarget = "recovery"
-	}
-
 	// Create the client
 	client, err := c.Client()
 	if err != nil {
@@ -349,7 +280,6 @@ func (c *OperatorRekeyCommand) init(client *api.Client) int {
 	status, err := fn(&api.RekeyInitRequest{
 		SecretShares:        c.flagKeyShares,
 		SecretThreshold:     c.flagKeyThreshold,
-		StoredShares:        c.flagStoredShares,
 		PGPKeys:             c.flagPGPKeys,
 		Backup:              c.flagBackup,
 		RequireVerification: c.flagVerify,

command/operator_unseal_test.go

@@ -1,10 +1,7 @@
 package command
 
 import (
-	"bytes"
-	"encoding/json"
 	"io/ioutil"
-	"os"
 	"strings"
 	"testing"
 

command/policies_deprecated.go

@@ -1,57 +0,0 @@
-package command
-
-import (
-	"github.com/mitchellh/cli"
-)
-
-// Deprecation
-// TODO: remove in 0.9.0
-
-var _ cli.Command = (*PoliciesDeprecatedCommand)(nil)
-
-type PoliciesDeprecatedCommand struct {
-	*BaseCommand
-}
-
-func (c *PoliciesDeprecatedCommand) Synopsis() string { return "" }
-
-func (c *PoliciesDeprecatedCommand) Help() string {
-	return (&PolicyListCommand{
-		BaseCommand: c.BaseCommand,
-	}).Help()
-}
-
-func (c *PoliciesDeprecatedCommand) Run(args []string) int {
-	oargs := args
-
-	f := c.flagSet(FlagSetHTTP)
-	if err := f.Parse(args); err != nil {
-		c.UI.Error(err.Error())
-		return 1
-	}
-
-	args = f.Args()
-
-	// Got an arg, this is trying to read a policy
-	if len(args) > 0 {
-		return (&PolicyReadCommand{
-			BaseCommand: &BaseCommand{
-				UI:          c.UI,
-				client:      c.client,
-				tokenHelper: c.tokenHelper,
-				flagAddress: c.flagAddress,
-			},
-		}).Run(oargs)
-	}
-
-	// No args, probably ran "vault policies" and we want to translate that to
-	// "vault policy list"
-	return (&PolicyListCommand{
-		BaseCommand: &BaseCommand{
-			UI:          c.UI,
-			client:      c.client,
-			tokenHelper: c.tokenHelper,
-			flagAddress: c.flagAddress,
-		},
-	}).Run(oargs)
-}

command/policies_deprecated_test.go

@@ -1,96 +0,0 @@
-package command
-
-import (
-	"strings"
-	"testing"
-
-	"github.com/mitchellh/cli"
-)
-
-func testPoliciesDeprecatedCommand(tb testing.TB) (*cli.MockUi, *PoliciesDeprecatedCommand) {
-	tb.Helper()
-
-	ui := cli.NewMockUi()
-	return ui, &PoliciesDeprecatedCommand{
-		BaseCommand: &BaseCommand{
-			UI: ui,
-		},
-	}
-}
-
-func TestPoliciesDeprecatedCommand_Run(t *testing.T) {
-	t.Parallel()
-
-	// TODO: remove in 0.9.0
-	t.Run("deprecated_arg", func(t *testing.T) {
-		t.Parallel()
-
-		client, closer := testVaultServer(t)
-		defer closer()
-
-		ui, cmd := testPoliciesDeprecatedCommand(t)
-		cmd.client = client
-
-		// vault policies ARG -> vault policy read ARG
-		code := cmd.Run([]string{"default"})
-		if exp := 0; code != exp {
-			t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
-		}
-		stdout := ui.OutputWriter.String()
-
-		if expected := "token/"; !strings.Contains(stdout, expected) {
-			t.Errorf("expected %q to contain %q", stdout, expected)
-		}
-	})
-
-	t.Run("deprecated_no_args", func(t *testing.T) {
-		t.Parallel()
-
-		client, closer := testVaultServer(t)
-		defer closer()
-
-		ui, cmd := testPoliciesDeprecatedCommand(t)
-		cmd.client = client
-
-		// vault policies -> vault policy list
-		code := cmd.Run([]string{})
-		if exp := 0; code != exp {
-			t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
-		}
-		stdout := ui.OutputWriter.String()
-
-		if expected := "root"; !strings.Contains(stdout, expected) {
-			t.Errorf("expected %q to contain %q", stdout, expected)
-		}
-	})
-
-	t.Run("deprecated_with_flags", func(t *testing.T) {
-		t.Parallel()
-
-		client, closer := testVaultServer(t)
-		defer closer()
-
-		ui, cmd := testPoliciesDeprecatedCommand(t)
-		cmd.client = client
-
-		// vault policies -flag -> vault policy list
-		code := cmd.Run([]string{
-			"-address", client.Address(),
-		})
-		if exp := 0; code != exp {
-			t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
-		}
-		stdout := ui.OutputWriter.String()
-
-		if expected := "root"; !strings.Contains(stdout, expected) {
-			t.Errorf("expected %q to contain %q", stdout, expected)
-		}
-	})
-
-	t.Run("no_tabs", func(t *testing.T) {
-		t.Parallel()
-
-		_, cmd := testPoliciesDeprecatedCommand(t)
-		assertNoTabs(t, cmd)
-	})
-}

command/token_create.go

@@ -29,9 +29,6 @@ type TokenCreateCommand struct {
 	flagType            string
 	flagMetadata        map[string]string
 	flagPolicies        []string
-
-	// Deprecated flags
-	flagLease time.Duration
 }
 
 func (c *TokenCreateCommand) Synopsis() string {
@@ -179,15 +176,6 @@ func (c *TokenCreateCommand) Flags() *FlagSets {
 			"specified multiple times to attach multiple policies.",
 	})
 
-	// Deprecated flags
-	// TODO: remove in 0.9.0
-	f.DurationVar(&DurationVar{
-		Name:    "lease", // prefer -ttl
-		Target:  &c.flagLease,
-		Default: 0,
-		Hidden:  true,
-	})
-
 	return set
 }
 
@@ -213,14 +201,6 @@ func (c *TokenCreateCommand) Run(args []string) int {
 		return 1
 	}
 
-	// TODO: remove in 0.9.0
-	if c.flagLease != 0 {
-		if Format(c.UI) == "table" {
-			c.UI.Warn("The -lease flag is deprecated. Please use -ttl instead.")
-			c.flagTTL = c.flagLease
-		}
-	}
-
 	if c.flagType == "batch" {
 		c.flagRenewable = false
 	}

command/token_renew.go

@@ -97,19 +97,6 @@ func (c *TokenRenewCommand) Run(args []string) int {
 		// Use the local token
 	case 1:
 		token = strings.TrimSpace(args[0])
-	case 2:
-		// TODO: remove in 0.9.0 - backwards compat
-		if Format(c.UI) == "table" {
-			c.UI.Warn("Specifying increment as a second argument is deprecated. " +
-				"Please use -increment instead.")
-		}
-		token = strings.TrimSpace(args[0])
-		parsed, err := time.ParseDuration(appendDurationSuffix(args[1]))
-		if err != nil {
-			c.UI.Error(fmt.Sprintf("Invalid increment: %s", err))
-			return 1
-		}
-		increment = parsed
 	default:
 		c.UI.Error(fmt.Sprintf("Too many arguments (expected 1, got %d)", len(args)))
 		return 1