open-vault/command/token_renew.go

145 lines
3.5 KiB
Go
Raw Permalink Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
2015-04-20 01:04:01 +00:00
package command
import (
"fmt"
"strings"
"time"
"github.com/hashicorp/vault/api"
2017-09-05 04:05:09 +00:00
"github.com/mitchellh/cli"
"github.com/posener/complete"
2015-04-20 01:04:01 +00:00
)
var (
_ cli.Command = (*TokenRenewCommand)(nil)
_ cli.CommandAutocomplete = (*TokenRenewCommand)(nil)
)
2017-09-05 04:05:09 +00:00
2015-04-20 01:04:01 +00:00
type TokenRenewCommand struct {
2017-09-05 04:05:09 +00:00
*BaseCommand
flagAccessor bool
2017-09-05 04:05:09 +00:00
flagIncrement time.Duration
}
func (c *TokenRenewCommand) Synopsis() string {
2017-09-08 01:58:13 +00:00
return "Renew a token lease"
2017-09-05 04:05:09 +00:00
}
func (c *TokenRenewCommand) Help() string {
helpText := `
2017-09-08 01:58:13 +00:00
Usage: vault token renew [options] [TOKEN]
2017-09-05 04:05:09 +00:00
Renews a token's lease, extending the amount of time it can be used. If a
TOKEN is not provided, the locally authenticated token is used. A token
accessor can be used as well. Lease renewal will fail if the token is not
renewable, the token has already been revoked, or if the token has already
reached its maximum TTL.
2017-09-05 04:05:09 +00:00
Renew a token (this uses the /auth/token/renew endpoint and permission):
2017-09-08 01:58:13 +00:00
$ vault token renew 96ddf4bc-d217-f3ba-f9bd-017055595017
2017-09-05 04:05:09 +00:00
Renew the currently authenticated token (this uses the /auth/token/renew-self
endpoint and permission):
2017-09-08 01:58:13 +00:00
$ vault token renew
2017-09-05 04:05:09 +00:00
Renew a token requesting a specific increment value:
2017-09-08 01:58:13 +00:00
$ vault token renew -increment=30m 96ddf4bc-d217-f3ba-f9bd-017055595017
2017-09-05 04:05:09 +00:00
For a full list of examples, please see the documentation.
` + c.Flags().Help()
return strings.TrimSpace(helpText)
}
func (c *TokenRenewCommand) Flags() *FlagSets {
set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat)
f := set.NewFlagSet("Command Options")
f.BoolVar(&BoolVar{
Name: "accessor",
Target: &c.flagAccessor,
Default: false,
EnvVar: "",
Completion: complete.PredictNothing,
Usage: "Treat the argument as an accessor instead of a token. When " +
"this option is selected, the output will NOT include the token.",
})
2017-09-05 04:05:09 +00:00
f.DurationVar(&DurationVar{
Name: "increment",
Aliases: []string{"i"},
Target: &c.flagIncrement,
Default: 0,
EnvVar: "",
Completion: complete.PredictAnything,
Usage: "Request a specific increment for renewal. This increment may " +
"not be honored, for instance in the case of periodic tokens. If not " +
"supplied, Vault will use the default TTL. This is specified as a " +
"numeric string with suffix like \"30s\" or \"5m\".",
2017-09-05 04:05:09 +00:00
})
return set
}
func (c *TokenRenewCommand) AutocompleteArgs() complete.Predictor {
return c.PredictVaultFiles()
}
func (c *TokenRenewCommand) AutocompleteFlags() complete.Flags {
return c.Flags().Completions()
2015-04-20 01:04:01 +00:00
}
func (c *TokenRenewCommand) Run(args []string) int {
2017-09-05 04:05:09 +00:00
f := c.Flags()
2015-04-20 01:04:01 +00:00
2017-09-05 04:05:09 +00:00
if err := f.Parse(args); err != nil {
c.UI.Error(err.Error())
2015-04-20 01:04:01 +00:00
return 1
}
2017-09-05 04:05:09 +00:00
token := ""
increment := c.flagIncrement
args = f.Args()
switch len(args) {
case 0:
// Use the local token
case 1:
token = strings.TrimSpace(args[0])
default:
c.UI.Error(fmt.Sprintf("Too many arguments (expected 1, got %d)", len(args)))
return 1
2015-04-20 01:04:01 +00:00
}
client, err := c.Client()
if err != nil {
2017-09-05 04:05:09 +00:00
c.UI.Error(err.Error())
2015-04-20 01:04:01 +00:00
return 2
}
var secret *api.Secret
2017-09-05 04:05:09 +00:00
inc := truncateToSeconds(increment)
switch {
case token == "":
secret, err = client.Auth().Token().RenewSelf(inc)
case c.flagAccessor:
secret, err = client.Auth().Token().RenewAccessor(token, inc)
default:
secret, err = client.Auth().Token().Renew(token, inc)
}
2015-04-20 01:04:01 +00:00
if err != nil {
2017-09-05 04:05:09 +00:00
c.UI.Error(fmt.Sprintf("Error renewing token: %s", err))
return 2
2015-04-20 01:04:01 +00:00
}
CLI Enhancements (#3897) * Use Colored UI if stdout is a tty * Add format options to operator unseal * Add format test on operator unseal * Add -no-color output flag, and use BasicUi if no-color flag is provided * Move seal status formatting logic to OutputSealStatus * Apply no-color to warnings from DeprecatedCommands as well * Add OutputWithFormat to support arbitrary data, add format option to auth list * Add ability to output arbitrary list data on TableFormatter * Clear up switch logic on format * Add format option for list-related commands * Add format option to rest of commands that returns a client API response * Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead * Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead * Remove -no-color flag, use env var exclusively to toggle colored output * Fix compile * Remove -no-color flag in main.go * Add missing FlagSetOutputFormat * Fix generate-root/decode test * Migrate init functions to main.go * Add no-color flag back as hidden * Handle non-supported data types for TableFormatter.OutputList * Pull formatting much further up to remove the need to use c.flagFormat (#3950) * Pull formatting much further up to remove the need to use c.flagFormat Also remove OutputWithFormat as the logic can cause issues. * Use const for env var * Minor updates * Remove unnecessary check * Fix SSH output and some tests * Fix tests * Make race detector not run on generate root since it kills Travis these days * Update docs * Update docs * Address review feedback * Handle --format as well as -format
2018-02-12 23:12:16 +00:00
return OutputSecret(c.UI, secret)
2015-04-20 01:04:01 +00:00
}