Add no-default-policy flag and API parameter to allow exclusion of the

default policy from a token create command.

command/token_create.go

@@ -17,7 +17,7 @@ type TokenCreateCommand struct {
 func (c *TokenCreateCommand) Run(args []string) int {
 	var format string
 	var id, displayName, lease, ttl string
-	var orphan bool
+	var orphan, noDefaultPolicy bool
 	var metadata map[string]string
 	var numUses int
 	var policies []string
@@ -28,6 +28,7 @@ func (c *TokenCreateCommand) Run(args []string) int {
 	flags.StringVar(&lease, "lease", "", "")
 	flags.StringVar(&ttl, "ttl", "", "")
 	flags.BoolVar(&orphan, "orphan", false, "")
+	flags.BoolVar(&noDefaultPolicy, "no-default-policy", false, "")
 	flags.IntVar(&numUses, "use-limit", 0, "")
 	flags.Var((*kvFlag.Flag)(&metadata), "metadata", "")
 	flags.Var((*sliceflag.StringFlag)(&policies), "policy", "")
@@ -55,13 +56,14 @@ func (c *TokenCreateCommand) Run(args []string) int {
 		ttl = lease
 	}
 	secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
-		ID:          id,
-		Policies:    policies,
-		Metadata:    metadata,
-		TTL:         ttl,
-		NoParent:    orphan,
-		DisplayName: displayName,
-		NumUses:     numUses,
+		ID:              id,
+		Policies:        policies,
+		Metadata:        metadata,
+		TTL:             ttl,
+		NoParent:        orphan,
+		NoDefaultPolicy: noDefaultPolicy,
+		DisplayName:     displayName,
+		NumUses:         numUses,
 	})
 
 	if err != nil {
@@ -122,6 +124,9 @@ Token Options:
                           root tokens can create orphan tokens. This prevents
                           the new token from being revoked with your token.
 
+  -no-default-policy      If specified, the token will not have the "default"
+                          policy included in its policy set.
+
   -policy="name"          Policy to associate with this token. This can be
                           specified multiple times.