open-vault/cli/commands.go

388 lines
10 KiB
Go
Raw Normal View History

package cli
2015-03-04 07:03:24 +00:00
import (
"os"
2015-04-05 01:07:53 +00:00
auditFile "github.com/hashicorp/vault/builtin/audit/file"
2016-12-07 04:35:30 +00:00
auditSocket "github.com/hashicorp/vault/builtin/audit/socket"
2015-04-24 18:06:19 +00:00
auditSyslog "github.com/hashicorp/vault/builtin/audit/syslog"
"github.com/hashicorp/vault/physical"
2015-11-09 18:52:55 +00:00
"github.com/hashicorp/vault/version"
2015-04-05 01:07:53 +00:00
2017-08-16 14:31:34 +00:00
credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
2015-04-05 01:40:21 +00:00
credAppId "github.com/hashicorp/vault/builtin/credential/app-id"
2016-05-30 18:30:01 +00:00
credAppRole "github.com/hashicorp/vault/builtin/credential/approle"
Create unified aws auth backend (#2441) * Rename builtin/credential/aws-ec2 to aws The aws-ec2 authentication backend is being expanded and will become the generic aws backend. This is a small rename commit to keep the commit history clean. * Expand aws-ec2 backend to more generic aws This adds the ability to authenticate arbitrary AWS IAM principals using AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to just AWS with the expansion. * Add missing aws auth handler to CLI This was omitted from the previous commit * aws auth backend general variable name cleanup Also fixed a bug where allowed auth types weren't being checked upon login, and added tests for it. * Update docs for the aws auth backend * Refactor aws bind validation * Fix env var override in aws backend test Intent is to override the AWS environment variables with the TEST_* versions if they are set, but the reverse was happening. * Update docs on use of IAM authentication profile AWS now allows you to change the instance profile of a running instance, so the use case of "a long-lived instance that's not in an instance profile" no longer means you have to use the the EC2 auth method. You can now just change the instance profile on the fly. * Fix typo in aws auth cli help * Respond to PR feedback * More PR feedback * Respond to additional PR feedback * Address more feedback on aws auth PR * Make aws auth_type immutable per role * Address more aws auth PR feedback * Address more iam auth PR feedback * Rename aws-ec2.html.md to aws.html.md Per PR feedback, to go along with new backend name. * Add MountType to logical.Request * Make default aws auth_type dependent upon MountType When MountType is aws-ec2, default to ec2 auth_type for backwards compatibility with legacy roles. Otherwise, default to iam. * Pass MountPoint and MountType back up to the core Previously the request router reset the MountPoint and MountType back to the empty string before returning to the core. This ensures they get set back to the correct values.
2017-04-24 19:15:50 +00:00
credAws "github.com/hashicorp/vault/builtin/credential/aws"
2015-04-24 04:46:30 +00:00
credCert "github.com/hashicorp/vault/builtin/credential/cert"
2015-04-05 01:40:21 +00:00
credGitHub "github.com/hashicorp/vault/builtin/credential/github"
credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
2017-01-27 00:08:52 +00:00
credOkta "github.com/hashicorp/vault/builtin/credential/okta"
2017-02-07 21:04:27 +00:00
credRadius "github.com/hashicorp/vault/builtin/credential/radius"
credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
2015-04-05 01:07:53 +00:00
physAzure "github.com/hashicorp/vault/physical/azure"
physCassandra "github.com/hashicorp/vault/physical/cassandra"
physCockroachDB "github.com/hashicorp/vault/physical/cockroachdb"
physConsul "github.com/hashicorp/vault/physical/consul"
physCouchDB "github.com/hashicorp/vault/physical/couchdb"
physDynamoDB "github.com/hashicorp/vault/physical/dynamodb"
physEtcd "github.com/hashicorp/vault/physical/etcd"
physFile "github.com/hashicorp/vault/physical/file"
physGCS "github.com/hashicorp/vault/physical/gcs"
physInmem "github.com/hashicorp/vault/physical/inmem"
physMSSQL "github.com/hashicorp/vault/physical/mssql"
physMySQL "github.com/hashicorp/vault/physical/mysql"
physPostgreSQL "github.com/hashicorp/vault/physical/postgresql"
physS3 "github.com/hashicorp/vault/physical/s3"
physSwift "github.com/hashicorp/vault/physical/swift"
physZooKeeper "github.com/hashicorp/vault/physical/zookeeper"
2015-03-20 18:32:18 +00:00
"github.com/hashicorp/vault/builtin/logical/aws"
"github.com/hashicorp/vault/builtin/logical/cassandra"
2015-03-21 16:25:12 +00:00
"github.com/hashicorp/vault/builtin/logical/consul"
2016-12-19 18:15:58 +00:00
"github.com/hashicorp/vault/builtin/logical/database"
2016-05-13 20:42:09 +00:00
"github.com/hashicorp/vault/builtin/logical/mongodb"
2016-03-03 14:19:17 +00:00
"github.com/hashicorp/vault/builtin/logical/mssql"
"github.com/hashicorp/vault/builtin/logical/mysql"
"github.com/hashicorp/vault/builtin/logical/pki"
2015-04-19 01:44:23 +00:00
"github.com/hashicorp/vault/builtin/logical/postgresql"
2015-11-18 16:25:42 +00:00
"github.com/hashicorp/vault/builtin/logical/rabbitmq"
"github.com/hashicorp/vault/builtin/logical/ssh"
Implemented TOTP Secret Backend (#2492) * Initialized basic outline of TOTP backend using Postgresql backend as template * Updated TOTP backend.go's structure and help string * Updated TOTP path_roles.go's structure and help strings * Updated TOTP path_role_create.go's structure and help strings * Fixed typo in path_roles.go * Fixed errors in path_role_create.go and path_roles.go * Added TOTP secret backend information to cli commands * Fixed build errors in path_roles.go and path_role_create.go * Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords * Initialized TOTP test file based on structure of postgresql test file * Added enforcement of input values * Added otp library to vendor folder * Added test steps and cleaned up errors * Modified read credential test step, not working yet * Use of vendored package not allowed - Test error * Removed vendor files for TOTP library * Revert "Removed vendor files for TOTP library" This reverts commit fcd030994bc1741dbf490f3995944e091b11da61. * Hopefully fixed vendor folder issue with TOTP Library * Added additional tests for TOTP backend * Cleaned up comments in TOTP backend_test.go * Added default values of period, algorithm and digits to field schema * Changed account_name and issuer fields to optional * Removed MD5 as a hash algorithm option * Implemented requested pull request changes * Added ability to validate TOTP codes * Added ability to have a key generated * Added skew, qr size and key size parameters * Reset vendor.json prior to merge * Readded otp and barcode libraries to vendor.json * Modified help strings for path_role_create.go * Fixed test issue in testAccStepReadRole * Cleaned up error formatting, variable names and path names. Also added some additional documentation * Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes * Added ability to pass in TOTP urls * Added additional tests for TOTP server functions * Removed unused QRSize, URL and Generate members of keyEntry struct * Removed unnecessary urlstring variable from pathKeyCreate * Added website documentation for TOTP secret backend * Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation. * Updated website documentation and added QR example * Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests * Updated API documentation to inlude to exported variable and qr size option * Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
2017-05-04 17:49:42 +00:00
"github.com/hashicorp/vault/builtin/logical/totp"
2015-04-16 00:08:12 +00:00
"github.com/hashicorp/vault/builtin/logical/transit"
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
"github.com/hashicorp/vault/builtin/plugin"
2015-04-05 01:07:53 +00:00
"github.com/hashicorp/vault/audit"
2015-03-04 07:03:24 +00:00
"github.com/hashicorp/vault/command"
2015-03-20 18:32:18 +00:00
"github.com/hashicorp/vault/logical"
2016-04-01 17:16:05 +00:00
"github.com/hashicorp/vault/meta"
2015-03-04 07:03:24 +00:00
"github.com/mitchellh/cli"
)
2015-04-13 00:19:26 +00:00
// Commands returns the mapping of CLI commands for Vault. The meta
// parameter lets you set meta options for all commands.
2016-04-01 17:16:05 +00:00
func Commands(metaPtr *meta.Meta) map[string]cli.CommandFactory {
2015-04-13 00:19:26 +00:00
if metaPtr == nil {
2016-04-01 18:23:15 +00:00
metaPtr = &meta.Meta{
TokenHelper: command.DefaultTokenHelper,
}
2015-03-04 07:34:32 +00:00
}
2015-03-04 07:03:24 +00:00
2016-04-01 17:16:05 +00:00
if metaPtr.Ui == nil {
metaPtr.Ui = &cli.BasicUi{
2015-04-13 00:19:26 +00:00
Writer: os.Stdout,
ErrorWriter: os.Stderr,
}
}
return map[string]cli.CommandFactory{
2015-04-07 20:46:35 +00:00
"init": func() (cli.Command, error) {
return &command.InitCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-07 20:46:35 +00:00
}, nil
},
"server": func() (cli.Command, error) {
c := &command.ServerCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-07 20:46:35 +00:00
AuditBackends: map[string]audit.Factory{
2015-04-24 18:06:19 +00:00
"file": auditFile.Factory,
"syslog": auditSyslog.Factory,
2016-12-07 04:35:30 +00:00
"socket": auditSocket.Factory,
2015-04-07 20:46:35 +00:00
},
CredentialBackends: map[string]logical.Factory{
2016-05-30 18:30:01 +00:00
"approle": credAppRole.Factory,
2015-04-24 04:46:30 +00:00
"cert": credCert.Factory,
Create unified aws auth backend (#2441) * Rename builtin/credential/aws-ec2 to aws The aws-ec2 authentication backend is being expanded and will become the generic aws backend. This is a small rename commit to keep the commit history clean. * Expand aws-ec2 backend to more generic aws This adds the ability to authenticate arbitrary AWS IAM principals using AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to just AWS with the expansion. * Add missing aws auth handler to CLI This was omitted from the previous commit * aws auth backend general variable name cleanup Also fixed a bug where allowed auth types weren't being checked upon login, and added tests for it. * Update docs for the aws auth backend * Refactor aws bind validation * Fix env var override in aws backend test Intent is to override the AWS environment variables with the TEST_* versions if they are set, but the reverse was happening. * Update docs on use of IAM authentication profile AWS now allows you to change the instance profile of a running instance, so the use case of "a long-lived instance that's not in an instance profile" no longer means you have to use the the EC2 auth method. You can now just change the instance profile on the fly. * Fix typo in aws auth cli help * Respond to PR feedback * More PR feedback * Respond to additional PR feedback * Address more feedback on aws auth PR * Make aws auth_type immutable per role * Address more aws auth PR feedback * Address more iam auth PR feedback * Rename aws-ec2.html.md to aws.html.md Per PR feedback, to go along with new backend name. * Add MountType to logical.Request * Make default aws auth_type dependent upon MountType When MountType is aws-ec2, default to ec2 auth_type for backwards compatibility with legacy roles. Otherwise, default to iam. * Pass MountPoint and MountType back up to the core Previously the request router reset the MountPoint and MountType back to the empty string before returning to the core. This ensures they get set back to the correct values.
2017-04-24 19:15:50 +00:00
"aws": credAws.Factory,
"app-id": credAppId.Factory,
2017-08-16 14:31:34 +00:00
"gcp": credGcp.Factory,
"github": credGitHub.Factory,
"userpass": credUserpass.Factory,
"ldap": credLdap.Factory,
2017-01-27 00:08:52 +00:00
"okta": credOkta.Factory,
2017-02-07 21:04:27 +00:00
"radius": credRadius.Factory,
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
"plugin": plugin.Factory,
2015-04-07 20:46:35 +00:00
},
LogicalBackends: map[string]logical.Factory{
2015-04-19 01:44:23 +00:00
"aws": aws.Factory,
"consul": consul.Factory,
"postgresql": postgresql.Factory,
"cassandra": cassandra.Factory,
"pki": pki.Factory,
2015-04-19 01:44:23 +00:00
"transit": transit.Factory,
2016-05-13 20:42:09 +00:00
"mongodb": mongodb.Factory,
2016-03-03 14:19:17 +00:00
"mssql": mssql.Factory,
"mysql": mysql.Factory,
"ssh": ssh.Factory,
2015-11-18 16:25:42 +00:00
"rabbitmq": rabbitmq.Factory,
2016-12-19 18:15:58 +00:00
"database": database.Factory,
Implemented TOTP Secret Backend (#2492) * Initialized basic outline of TOTP backend using Postgresql backend as template * Updated TOTP backend.go's structure and help string * Updated TOTP path_roles.go's structure and help strings * Updated TOTP path_role_create.go's structure and help strings * Fixed typo in path_roles.go * Fixed errors in path_role_create.go and path_roles.go * Added TOTP secret backend information to cli commands * Fixed build errors in path_roles.go and path_role_create.go * Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords * Initialized TOTP test file based on structure of postgresql test file * Added enforcement of input values * Added otp library to vendor folder * Added test steps and cleaned up errors * Modified read credential test step, not working yet * Use of vendored package not allowed - Test error * Removed vendor files for TOTP library * Revert "Removed vendor files for TOTP library" This reverts commit fcd030994bc1741dbf490f3995944e091b11da61. * Hopefully fixed vendor folder issue with TOTP Library * Added additional tests for TOTP backend * Cleaned up comments in TOTP backend_test.go * Added default values of period, algorithm and digits to field schema * Changed account_name and issuer fields to optional * Removed MD5 as a hash algorithm option * Implemented requested pull request changes * Added ability to validate TOTP codes * Added ability to have a key generated * Added skew, qr size and key size parameters * Reset vendor.json prior to merge * Readded otp and barcode libraries to vendor.json * Modified help strings for path_role_create.go * Fixed test issue in testAccStepReadRole * Cleaned up error formatting, variable names and path names. Also added some additional documentation * Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes * Added ability to pass in TOTP urls * Added additional tests for TOTP server functions * Removed unused QRSize, URL and Generate members of keyEntry struct * Removed unnecessary urlstring variable from pathKeyCreate * Added website documentation for TOTP secret backend * Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation. * Updated website documentation and added QR example * Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests * Updated API documentation to inlude to exported variable and qr size option * Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
2017-05-04 17:49:42 +00:00
"totp": totp.Factory,
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
"plugin": plugin.Factory,
2015-04-07 20:46:35 +00:00
},
2016-09-30 04:06:40 +00:00
ShutdownCh: command.MakeShutdownCh(),
SighupCh: command.MakeSighupCh(),
}
c.PhysicalBackends = map[string]physical.Factory{
"azure": physAzure.NewAzureBackend,
"cassandra": physCassandra.NewCassandraBackend,
"cockroachdb": physCockroachDB.NewCockroachDBBackend,
"consul": physConsul.NewConsulBackend,
"couchdb": physCouchDB.NewCouchDBBackend,
"couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend,
"dynamodb": physDynamoDB.NewDynamoDBBackend,
"etcd": physEtcd.NewEtcdBackend,
"file": physFile.NewFileBackend,
"file_transactional": physFile.NewTransactionalFileBackend,
"gcs": physGCS.NewGCSBackend,
"inmem": physInmem.NewInmem,
"inmem_ha": physInmem.NewInmemHA,
"inmem_transactional": physInmem.NewTransactionalInmem,
"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
"mssql": physMSSQL.NewMSSQLBackend,
"mysql": physMySQL.NewMySQLBackend,
"postgresql": physPostgreSQL.NewPostgreSQLBackend,
"s3": physS3.NewS3Backend,
"swift": physSwift.NewSwiftBackend,
"zookeeper": physZooKeeper.NewZooKeeperBackend,
}
return c, nil
2015-04-07 20:46:35 +00:00
},
"ssh": func() (cli.Command, error) {
2015-07-01 15:58:49 +00:00
return &command.SSHCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
}, nil
},
"path-help": func() (cli.Command, error) {
return &command.PathHelpCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-03 05:42:05 +00:00
}, nil
},
2015-03-04 07:34:32 +00:00
"auth": func() (cli.Command, error) {
return &command.AuthCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-06 16:53:43 +00:00
Handlers: map[string]command.AuthHandler{
"github": &credGitHub.CLIHandler{},
"userpass": &credUserpass.CLIHandler{DefaultMount: "userpass"},
"ldap": &credLdap.CLIHandler{},
2017-01-27 00:08:52 +00:00
"okta": &credOkta.CLIHandler{},
2015-06-30 03:29:41 +00:00
"cert": &credCert.CLIHandler{},
Create unified aws auth backend (#2441) * Rename builtin/credential/aws-ec2 to aws The aws-ec2 authentication backend is being expanded and will become the generic aws backend. This is a small rename commit to keep the commit history clean. * Expand aws-ec2 backend to more generic aws This adds the ability to authenticate arbitrary AWS IAM principals using AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to just AWS with the expansion. * Add missing aws auth handler to CLI This was omitted from the previous commit * aws auth backend general variable name cleanup Also fixed a bug where allowed auth types weren't being checked upon login, and added tests for it. * Update docs for the aws auth backend * Refactor aws bind validation * Fix env var override in aws backend test Intent is to override the AWS environment variables with the TEST_* versions if they are set, but the reverse was happening. * Update docs on use of IAM authentication profile AWS now allows you to change the instance profile of a running instance, so the use case of "a long-lived instance that's not in an instance profile" no longer means you have to use the the EC2 auth method. You can now just change the instance profile on the fly. * Fix typo in aws auth cli help * Respond to PR feedback * More PR feedback * Respond to additional PR feedback * Address more feedback on aws auth PR * Make aws auth_type immutable per role * Address more aws auth PR feedback * Address more iam auth PR feedback * Rename aws-ec2.html.md to aws.html.md Per PR feedback, to go along with new backend name. * Add MountType to logical.Request * Make default aws auth_type dependent upon MountType When MountType is aws-ec2, default to ec2 auth_type for backwards compatibility with legacy roles. Otherwise, default to iam. * Pass MountPoint and MountType back up to the core Previously the request router reset the MountPoint and MountType back to the empty string before returning to the core. This ensures they get set back to the correct values.
2017-04-24 19:15:50 +00:00
"aws": &credAws.CLIHandler{},
2017-02-07 21:04:27 +00:00
"radius": &credUserpass.CLIHandler{DefaultMount: "radius"},
2015-04-06 16:53:43 +00:00
},
2015-03-04 07:34:32 +00:00
}, nil
},
2015-04-02 00:09:11 +00:00
"auth-enable": func() (cli.Command, error) {
return &command.AuthEnableCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-02 00:09:11 +00:00
}, nil
},
2015-04-02 00:14:11 +00:00
"auth-disable": func() (cli.Command, error) {
return &command.AuthDisableCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-02 00:14:11 +00:00
}, nil
},
2015-04-08 01:19:44 +00:00
"audit-list": func() (cli.Command, error) {
return &command.AuditListCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-08 01:19:44 +00:00
}, nil
},
2015-04-08 01:23:28 +00:00
"audit-disable": func() (cli.Command, error) {
return &command.AuditDisableCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-08 01:23:28 +00:00
}, nil
},
2015-04-08 05:42:04 +00:00
"audit-enable": func() (cli.Command, error) {
return &command.AuditEnableCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-08 05:42:04 +00:00
}, nil
},
"key-status": func() (cli.Command, error) {
return &command.KeyStatusCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
}, nil
},
"policies": func() (cli.Command, error) {
2015-04-02 01:45:11 +00:00
return &command.PolicyListCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-02 01:45:11 +00:00
}, nil
},
2015-04-19 23:36:11 +00:00
"policy-delete": func() (cli.Command, error) {
return &command.PolicyDeleteCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-19 23:36:11 +00:00
}, nil
},
2015-04-02 05:58:37 +00:00
"policy-write": func() (cli.Command, error) {
return &command.PolicyWriteCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-02 05:58:37 +00:00
}, nil
},
2015-03-16 03:35:33 +00:00
"read": func() (cli.Command, error) {
return &command.ReadCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-03-04 19:08:13 +00:00
}, nil
},
2015-03-04 07:34:32 +00:00
"unwrap": func() (cli.Command, error) {
return &command.UnwrapCommand{
Meta: *metaPtr,
}, nil
},
2016-01-14 19:18:27 +00:00
"list": func() (cli.Command, error) {
return &command.ListCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-03-04 19:08:13 +00:00
}, nil
},
2015-03-04 07:34:32 +00:00
2016-01-14 19:18:27 +00:00
"write": func() (cli.Command, error) {
return &command.WriteCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-07 18:16:08 +00:00
}, nil
},
2016-01-14 19:18:27 +00:00
"delete": func() (cli.Command, error) {
return &command.DeleteCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
}, nil
},
2015-05-28 22:08:09 +00:00
"rekey": func() (cli.Command, error) {
return &command.RekeyCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-05-28 22:08:09 +00:00
}, nil
},
"generate-root": func() (cli.Command, error) {
return &command.GenerateRootCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
}, nil
},
2015-04-14 00:37:39 +00:00
"renew": func() (cli.Command, error) {
return &command.RenewCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-14 00:37:39 +00:00
}, nil
},
2015-04-01 02:21:02 +00:00
"revoke": func() (cli.Command, error) {
return &command.RevokeCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-01 02:21:02 +00:00
}, nil
},
2015-03-04 16:56:10 +00:00
"seal": func() (cli.Command, error) {
return &command.SealCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-03-04 16:56:10 +00:00
}, nil
},
2015-04-20 19:11:21 +00:00
"status": func() (cli.Command, error) {
return &command.StatusCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-03-13 18:33:17 +00:00
}, nil
},
2015-03-04 07:57:23 +00:00
"unseal": func() (cli.Command, error) {
return &command.UnsealCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-03-04 07:57:23 +00:00
}, nil
},
"step-down": func() (cli.Command, error) {
return &command.StepDownCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
}, nil
},
2015-03-31 23:28:46 +00:00
"mount": func() (cli.Command, error) {
return &command.MountCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-03-31 23:28:46 +00:00
}, nil
},
2015-03-16 04:28:31 +00:00
"mounts": func() (cli.Command, error) {
return &command.MountsCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-03-16 04:28:31 +00:00
}, nil
},
"mount-tune": func() (cli.Command, error) {
return &command.MountTuneCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
}, nil
},
2015-04-07 17:46:47 +00:00
"remount": func() (cli.Command, error) {
return &command.RemountCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-07 17:46:47 +00:00
}, nil
},
"rotate": func() (cli.Command, error) {
return &command.RotateCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
}, nil
2015-04-07 17:46:47 +00:00
},
2015-04-07 17:38:51 +00:00
"unmount": func() (cli.Command, error) {
return &command.UnmountCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-07 17:38:51 +00:00
}, nil
},
2015-04-07 21:20:18 +00:00
"token-create": func() (cli.Command, error) {
return &command.TokenCreateCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-07 21:20:18 +00:00
}, nil
},
"token-lookup": func() (cli.Command, error) {
return &command.TokenLookupCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
}, nil
},
2015-04-20 01:04:24 +00:00
"token-renew": func() (cli.Command, error) {
return &command.TokenRenewCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-20 01:04:24 +00:00
}, nil
},
2015-04-07 21:36:17 +00:00
"token-revoke": func() (cli.Command, error) {
return &command.TokenRevokeCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2015-04-07 21:36:17 +00:00
}, nil
},
2016-03-02 18:42:32 +00:00
"capabilities": func() (cli.Command, error) {
return &command.CapabilitiesCommand{
2016-04-01 17:16:05 +00:00
Meta: *metaPtr,
2016-03-02 18:42:32 +00:00
}, nil
},
2015-03-04 07:03:24 +00:00
"version": func() (cli.Command, error) {
2015-11-09 18:52:55 +00:00
versionInfo := version.GetVersion()
2015-03-04 07:03:24 +00:00
return &command.VersionCommand{
2015-11-09 18:52:55 +00:00
VersionInfo: versionInfo,
2016-04-01 17:16:05 +00:00
Ui: metaPtr.Ui,
2015-03-04 07:03:24 +00:00
}, nil
},
}
2015-03-04 07:03:24 +00:00
}