scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ca28cde14b087ad158f7544bf1f9bff838f98b27
vault/command/audit_enable.go
Seth Vargo 78160740f0 Update audit-enable command
2017-10-24 09:28:06 -04:00

160 lines
3.6 KiB
Go
Raw Blame History

package command
import (
"fmt"
"io"
"os"
"strings"
"github.com/hashicorp/vault/api"
"github.com/mitchellh/cli"
"github.com/posener/complete"
)
// Ensure we are implementing the right interfaces.
var _ cli.Command = (*AuditEnableCommand)(nil)
var _ cli.CommandAutocomplete = (*AuditEnableCommand)(nil)
// AuditEnableCommand is a Command that mounts a new mount.
type AuditEnableCommand struct {
*BaseCommand
flagDescription string
flagPath string
flagLocal bool
testStdin io.Reader // For tests
}
func (c *AuditEnableCommand) Synopsis() string {
return "Enables an audit backend"
}
func (c *AuditEnableCommand) Help() string {
helpText := `
Usage: vault audit-enable [options] TYPE [CONFIG K=V...]
Enables an audit backend at a given path.
This command enables an audit backend of type "type". Additional
options for configuring the audit backend can be specified after the
type in the same format as the "vault write" command in key/value pairs.
For example, to configure the file audit backend to write audit logs at
the path /var/log/audit.log:
$ vault audit-enable file file_path=/var/log/audit.log
For information on available configuration options, please see the
documentation.
` + c.Flags().Help()
return strings.TrimSpace(helpText)
}
func (c *AuditEnableCommand) Flags() *FlagSets {
set := c.flagSet(FlagSetHTTP)
f := set.NewFlagSet("Command Options")
f.StringVar(&StringVar{
Name: "description",
Target: &c.flagDescription,
Default: "",
EnvVar: "",
Completion: complete.PredictAnything,
Usage: "Human-friendly description for the purpose of this audit " +
"backend.",
})
f.StringVar(&StringVar{
Name: "path",
Target: &c.flagPath,
Default: "", // The default is complex, so we have to manually document
EnvVar: "",
Completion: complete.PredictAnything,
Usage: "Place where the audit backend will be accessible. This must be " +
"unique across all audit backends. This defaults to the \"type\" of the " +
"audit backend.",
})
f.BoolVar(&BoolVar{
Name: "local",
Target: &c.flagLocal,
Default: false,
EnvVar: "",
Usage: "Mark the audit backend as a local-only backned. Local backends " +
"are not replicated nor removed by replication.",
})
return set
}
func (c *AuditEnableCommand) AutocompleteArgs() complete.Predictor {
return complete.PredictSet(
"file",
"syslog",
"socket",
)
}
func (c *AuditEnableCommand) AutocompleteFlags() complete.Flags {
return c.Flags().Completions()
}
func (c *AuditEnableCommand) Run(args []string) int {
f := c.Flags()
if err := f.Parse(args); err != nil {
c.UI.Error(err.Error())
return 1
}
args = f.Args()
if len(args) < 1 {
c.UI.Error("Missing TYPE!")
return 1
}
// Grab the type
auditType := strings.TrimSpace(args[0])
auditPath := c.flagPath
if auditPath == "" {
auditPath = auditType
}
auditPath = ensureTrailingSlash(auditPath)
// Pull our fake stdin if needed
stdin := (io.Reader)(os.Stdin)
if c.testStdin != nil {
stdin = c.testStdin
}
options, err := parseArgsDataString(stdin, args[1:])
if err != nil {
c.UI.Error(fmt.Sprintf("Failed to parse K=V data: %s", err))
return 1
}
client, err := c.Client()
if err != nil {
c.UI.Error(err.Error())
return 2
}
if err := client.Sys().EnableAuditWithOptions(auditPath, &api.EnableAuditOptions{
Type: auditType,
Description: c.flagDescription,
Options: options,
Local: c.flagLocal,
}); err != nil {
c.UI.Error(fmt.Sprintf("Error enabling audit backend: %s", err))
return 2
}
c.UI.Output(fmt.Sprintf("Success! Enabled the %s audit backend at: %s", auditType, auditPath))
return 0
}
Reference in New Issue View Git Blame Copy Permalink