From e881439d0b255d68ce02ec2b3c5e27a0b2928b5c Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Fri, 13 Mar 2015 11:33:17 -0700 Subject: [PATCH] command/seal-status --- command/seal_status.go | 83 +++++++++++++++++++++++++++++++++++++ command/seal_status_test.go | 38 +++++++++++++++++ commands.go | 6 +++ 3 files changed, 127 insertions(+) create mode 100644 command/seal_status.go create mode 100644 command/seal_status_test.go diff --git a/command/seal_status.go b/command/seal_status.go new file mode 100644 index 0000000000..333b37340e --- /dev/null +++ b/command/seal_status.go @@ -0,0 +1,83 @@ +package command + +import ( + "fmt" + "strings" +) + +// SealStatusCommand is a Command that outputs the status of whether +// Vault is sealed or not. +type SealStatusCommand struct { + Meta +} + +func (c *SealStatusCommand) Run(args []string) int { + flags := c.Meta.FlagSet("seal-status", FlagSetDefault) + flags.Usage = func() { c.Ui.Error(c.Help()) } + if err := flags.Parse(args); err != nil { + return 1 + } + + client, err := c.Client() + if err != nil { + c.Ui.Error(fmt.Sprintf( + "Error initializing client: %s", err)) + return 2 + } + + status, err := client.Sys().SealStatus() + if err != nil { + c.Ui.Error(fmt.Sprintf( + "Error checking seal status: %s", err)) + return 2 + } + + c.Ui.Output(fmt.Sprintf( + "Sealed: %v\n"+ + "Key Shares: %d\n"+ + "Key Threshold: %d\n"+ + "Unseal Progress: %d", + status.Sealed, + status.N, + status.T, + status.Progress, + )) + + if status.Sealed { + return 1 + } else { + return 0 + } +} + +func (c *SealStatusCommand) Synopsis() string { + return "Outputs status of whether Vault is sealed" +} + +func (c *SealStatusCommand) Help() string { + helpText := ` +Usage: vault seal-status [options] + + Outputs the state of the Vault, sealed or unsealed. + + This command outputs whether or not the Vault is sealed. The exit + code also reflects the seal status (0 unsealed, 1 sealed, 2+ error). + +General Options: + + -address=TODO The address of the Vault server. + + -ca-cert=path Path to a PEM encoded CA cert file to use to + verify the Vault server SSL certificate. + + -ca-path=path Path to a directory of PEM encoded CA cert files + to verify the Vault server SSL certificate. If both + -ca-cert and -ca-path are specified, -ca-path is used. + + -insecure Do not verify TLS certificate. This is highly + not recommended. This is especially not recommended + for unsealing a vault. + +` + return strings.TrimSpace(helpText) +} diff --git a/command/seal_status_test.go b/command/seal_status_test.go new file mode 100644 index 0000000000..6d553581aa --- /dev/null +++ b/command/seal_status_test.go @@ -0,0 +1,38 @@ +package command + +import ( + "testing" + + "github.com/hashicorp/vault/http" + "github.com/hashicorp/vault/vault" + "github.com/mitchellh/cli" +) + +func TestSealStatus(t *testing.T) { + ui := new(cli.MockUi) + c := &SealStatusCommand{ + Meta: Meta{ + Ui: ui, + }, + } + + core := vault.TestCore(t) + keys := vault.TestCoreInit(t, core) + ln, addr := http.TestServer(t, core) + defer ln.Close() + + args := []string{"-address", addr} + if code := c.Run(args); code != 1 { + t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String()) + } + + for _, k := range keys { + if _, err := core.Unseal(k); err != nil { + t.Fatalf("err: %s", err) + } + } + + if code := c.Run(args); code != 0 { + t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String()) + } +} diff --git a/commands.go b/commands.go index e7909cc7e6..34d7132f29 100644 --- a/commands.go +++ b/commands.go @@ -42,6 +42,12 @@ func init() { }, nil }, + "seal-status": func() (cli.Command, error) { + return &command.SealStatusCommand{ + Meta: meta, + }, nil + }, + "unseal": func() (cli.Command, error) { return &command.UnsealCommand{ Meta: meta,