open-vault/cli/commands.go

package cli

import (
	"os"
	"os/signal"
	"syscall"

	auditFile "github.com/hashicorp/vault/builtin/audit/file"
	auditSyslog "github.com/hashicorp/vault/builtin/audit/syslog"

	credAppId "github.com/hashicorp/vault/builtin/credential/app-id"
	credCert "github.com/hashicorp/vault/builtin/credential/cert"
	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
	credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"

	"github.com/hashicorp/vault/builtin/logical/aws"
	"github.com/hashicorp/vault/builtin/logical/consul"
	"github.com/hashicorp/vault/builtin/logical/mysql"
	"github.com/hashicorp/vault/builtin/logical/pki"
	"github.com/hashicorp/vault/builtin/logical/postgresql"
	"github.com/hashicorp/vault/builtin/logical/transit"

	"github.com/hashicorp/vault/audit"
	tokenDisk "github.com/hashicorp/vault/builtin/token/disk"
	"github.com/hashicorp/vault/command"
	"github.com/hashicorp/vault/logical"
	"github.com/mitchellh/cli"
)

// Commands returns the mapping of CLI commands for Vault. The meta
// parameter lets you set meta options for all commands.
func Commands(metaPtr *command.Meta) map[string]cli.CommandFactory {
	if metaPtr == nil {
		metaPtr = new(command.Meta)
	}

	meta := *metaPtr
	if meta.Ui == nil {
		meta.Ui = &cli.BasicUi{
			Writer:      os.Stdout,
			ErrorWriter: os.Stderr,
		}
	}

	return map[string]cli.CommandFactory{
		"init": func() (cli.Command, error) {
			return &command.InitCommand{
				Meta: meta,
			}, nil
		},

		"server": func() (cli.Command, error) {
			return &command.ServerCommand{
				Meta: meta,
				AuditBackends: map[string]audit.Factory{
					"file":   auditFile.Factory,
					"syslog": auditSyslog.Factory,
				},
				CredentialBackends: map[string]logical.Factory{
					"cert":     credCert.Factory,
					"app-id":   credAppId.Factory,
					"github":   credGitHub.Factory,
					"userpass": credUserpass.Factory,
					"ldap":     credLdap.Factory,
				},
				LogicalBackends: map[string]logical.Factory{
					"aws":        aws.Factory,
					"consul":     consul.Factory,
					"postgresql": postgresql.Factory,
					"pki":        pki.Factory,
					"transit":    transit.Factory,
					"mysql":      mysql.Factory,
				},
				ShutdownCh: makeShutdownCh(),
			}, nil
		},

		"path-help": func() (cli.Command, error) {
			return &command.PathHelpCommand{
				Meta: meta,
			}, nil
		},

		"auth": func() (cli.Command, error) {
			return &command.AuthCommand{
				Meta: meta,
				Handlers: map[string]command.AuthHandler{
					"github":   &credGitHub.CLIHandler{},
					"userpass": &credUserpass.CLIHandler{},
					"ldap":     &credLdap.CLIHandler{},
				},
			}, nil
		},

		"auth-enable": func() (cli.Command, error) {
			return &command.AuthEnableCommand{
				Meta: meta,
			}, nil
		},

		"auth-disable": func() (cli.Command, error) {
			return &command.AuthDisableCommand{
				Meta: meta,
			}, nil
		},

		"audit-list": func() (cli.Command, error) {
			return &command.AuditListCommand{
				Meta: meta,
			}, nil
		},

		"audit-disable": func() (cli.Command, error) {
			return &command.AuditDisableCommand{
				Meta: meta,
			}, nil
		},

		"audit-enable": func() (cli.Command, error) {
			return &command.AuditEnableCommand{
				Meta: meta,
			}, nil
		},

		"key-status": func() (cli.Command, error) {
			return &command.KeyStatusCommand{
				Meta: meta,
			}, nil
		},

		"policies": func() (cli.Command, error) {
			return &command.PolicyListCommand{
				Meta: meta,
			}, nil
		},

		"policy-delete": func() (cli.Command, error) {
			return &command.PolicyDeleteCommand{
				Meta: meta,
			}, nil
		},

		"policy-write": func() (cli.Command, error) {
			return &command.PolicyWriteCommand{
				Meta: meta,
			}, nil
		},

		"read": func() (cli.Command, error) {
			return &command.ReadCommand{
				Meta: meta,
			}, nil
		},

		"write": func() (cli.Command, error) {
			return &command.WriteCommand{
				Meta: meta,
			}, nil
		},

		"delete": func() (cli.Command, error) {
			return &command.DeleteCommand{
				Meta: meta,
			}, nil
		},

		"rekey": func() (cli.Command, error) {
			return &command.RekeyCommand{
				Meta: meta,
			}, nil
		},

		"renew": func() (cli.Command, error) {
			return &command.RenewCommand{
				Meta: meta,
			}, nil
		},

		"revoke": func() (cli.Command, error) {
			return &command.RevokeCommand{
				Meta: meta,
			}, nil
		},

		"seal": func() (cli.Command, error) {
			return &command.SealCommand{
				Meta: meta,
			}, nil
		},

		"status": func() (cli.Command, error) {
			return &command.StatusCommand{
				Meta: meta,
			}, nil
		},

		"unseal": func() (cli.Command, error) {
			return &command.UnsealCommand{
				Meta: meta,
			}, nil
		},

		"mount": func() (cli.Command, error) {
			return &command.MountCommand{
				Meta: meta,
			}, nil
		},

		"mounts": func() (cli.Command, error) {
			return &command.MountsCommand{
				Meta: meta,
			}, nil
		},

		"remount": func() (cli.Command, error) {
			return &command.RemountCommand{
				Meta: meta,
			}, nil
		},

		"rotate": func() (cli.Command, error) {
			return &command.RotateCommand{
				Meta: meta,
			}, nil
		},

		"unmount": func() (cli.Command, error) {
			return &command.UnmountCommand{
				Meta: meta,
			}, nil
		},

		"token-create": func() (cli.Command, error) {
			return &command.TokenCreateCommand{
				Meta: meta,
			}, nil
		},

		"token-renew": func() (cli.Command, error) {
			return &command.TokenRenewCommand{
				Meta: meta,
			}, nil
		},

		"token-revoke": func() (cli.Command, error) {
			return &command.TokenRevokeCommand{
				Meta: meta,
			}, nil
		},

		"version": func() (cli.Command, error) {
			ver := Version
			rel := VersionPrerelease
			if GitDescribe != "" {
				ver = GitDescribe
			}
			if GitDescribe == "" && rel == "" && VersionPrerelease != "" {
				rel = "dev"
			}

			return &command.VersionCommand{
				Revision:          GitCommit,
				Version:           ver,
				VersionPrerelease: rel,
				Ui:                meta.Ui,
			}, nil
		},

		// The commands below are hidden from the help output
		"token-disk": func() (cli.Command, error) {
			return &tokenDisk.Command{}, nil
		},
	}
}

// makeShutdownCh returns a channel that can be used for shutdown
// notifications for commands. This channel will send a message for every
// interrupt or SIGTERM received.
func makeShutdownCh() <-chan struct{} {
	resultCh := make(chan struct{})

	signalCh := make(chan os.Signal, 4)
	signal.Notify(signalCh, os.Interrupt, syscall.SIGTERM)
	go func() {
		for {
			<-signalCh
			resultCh <- struct{}{}
		}
	}()
	return resultCh
}
move the cli to the cli/ package so enterprising individuals can call it 2015-04-12 23:58:45 +00:00			`package cli`
basic main boilerplate stuff 2015-03-04 07:03:24 +00:00
			`import (`
			`"os"`
server: graceful shutdown for fast failover. Fixes #308 2015-06-18 01:24:56 +00:00			`"os/signal"`
			`"syscall"`
basic main boilerplate stuff 2015-03-04 07:03:24 +00:00
builtin/audit: add file audit 2015-04-05 01:07:53 +00:00			`auditFile "github.com/hashicorp/vault/builtin/audit/file"`
audit/syslog: first pass 2015-04-24 18:06:19 +00:00			`auditSyslog "github.com/hashicorp/vault/builtin/audit/syslog"`
builtin/audit: add file audit 2015-04-05 01:07:53 +00:00
credential/app-id 2015-04-05 01:40:21 +00:00			`credAppId "github.com/hashicorp/vault/builtin/credential/app-id"`
Enable the credential backend 2015-04-24 04:46:30 +00:00			`credCert "github.com/hashicorp/vault/builtin/credential/cert"`
credential/app-id 2015-04-05 01:40:21 +00:00			`credGitHub "github.com/hashicorp/vault/builtin/credential/github"`
Initial implementation of the LDAP credential backend 2015-05-06 01:54:27 +00:00			`credLdap "github.com/hashicorp/vault/builtin/credential/ldap"`
credentials/userpass: integrate into auth cli 2015-04-19 22:17:24 +00:00			`credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"`
builtin/audit: add file audit 2015-04-05 01:07:53 +00:00
main: enable AWS backend 2015-03-20 18:32:18 +00:00			`"github.com/hashicorp/vault/builtin/logical/aws"`
main: hook up consul backend 2015-03-21 16:25:12 +00:00			`"github.com/hashicorp/vault/builtin/logical/consul"`
commands: enable the mysql secret backend 2015-04-25 19:06:08 +00:00			`"github.com/hashicorp/vault/builtin/logical/mysql"`
Initial PKI backend implementation. Complete: * Up-to-date API documents * Backend configuration (root certificate and private key) * Highly granular role configuration * Certificate generation * CN checking against role * IP and DNS subject alternative names * Server, client, and code signing usage types * Later certificate (but not private key) retrieval * CRL creation and update * CRL/CA bare endpoints (for cert extensions) * Revocation (both Vault-native and by serial number) * CRL force-rotation endpoint Missing: * OCSP support (can't implement without changes in Vault) * Unit tests Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com> 2015-05-15 16:13:05 +00:00			`"github.com/hashicorp/vault/builtin/logical/pki"`
cli: add postgresql 2015-04-19 01:44:23 +00:00			`"github.com/hashicorp/vault/builtin/logical/postgresql"`
Adding transit logical backend 2015-04-16 00:08:12 +00:00			`"github.com/hashicorp/vault/builtin/logical/transit"`
builtin/audit: add file audit 2015-04-05 01:07:53 +00:00
			`"github.com/hashicorp/vault/audit"`
token/disk: implement unencrypted disk store 2015-03-30 16:21:59 +00:00			`tokenDisk "github.com/hashicorp/vault/builtin/token/disk"`
basic main boilerplate stuff 2015-03-04 07:03:24 +00:00			`"github.com/hashicorp/vault/command"`
main: enable AWS backend 2015-03-20 18:32:18 +00:00			`"github.com/hashicorp/vault/logical"`
basic main boilerplate stuff 2015-03-04 07:03:24 +00:00			`"github.com/mitchellh/cli"`
			`)`

cli: make commands more customizable 2015-04-13 00:19:26 +00:00			`// Commands returns the mapping of CLI commands for Vault. The meta`
			`// parameter lets you set meta options for all commands.`
			`func Commands(metaPtr *command.Meta) map[string]cli.CommandFactory {`
			`if metaPtr == nil {`
			`metaPtr = new(command.Meta)`
command/auth 2015-03-04 07:34:32 +00:00			`}`
basic main boilerplate stuff 2015-03-04 07:03:24 +00:00
cli: make commands more customizable 2015-04-13 00:19:26 +00:00			`meta := *metaPtr`
			`if meta.Ui == nil {`
			`meta.Ui = &cli.BasicUi{`
			`Writer: os.Stdout,`
			`ErrorWriter: os.Stderr,`
			`}`
			`}`

			`return map[string]cli.CommandFactory{`
shuffling some bits 2015-04-07 20:46:35 +00:00			`"init": func() (cli.Command, error) {`
			`return &command.InitCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

			`"server": func() (cli.Command, error) {`
			`return &command.ServerCommand{`
			`Meta: meta,`
			`AuditBackends: map[string]audit.Factory{`
audit/syslog: first pass 2015-04-24 18:06:19 +00:00			`"file": auditFile.Factory,`
			`"syslog": auditSyslog.Factory,`
shuffling some bits 2015-04-07 20:46:35 +00:00			`},`
			`CredentialBackends: map[string]logical.Factory{`
Enable the credential backend 2015-04-24 04:46:30 +00:00			`"cert": credCert.Factory,`
credentials/userpass: integrate into auth cli 2015-04-19 22:17:24 +00:00			`"app-id": credAppId.Factory,`
			`"github": credGitHub.Factory,`
			`"userpass": credUserpass.Factory,`
Initial implementation of the LDAP credential backend 2015-05-06 01:54:27 +00:00			`"ldap": credLdap.Factory,`
shuffling some bits 2015-04-07 20:46:35 +00:00			`},`
			`LogicalBackends: map[string]logical.Factory{`
cli: add postgresql 2015-04-19 01:44:23 +00:00			`"aws": aws.Factory,`
			`"consul": consul.Factory,`
			`"postgresql": postgresql.Factory,`
Initial PKI backend implementation. Complete: * Up-to-date API documents * Backend configuration (root certificate and private key) * Highly granular role configuration * Certificate generation * CN checking against role * IP and DNS subject alternative names * Server, client, and code signing usage types * Later certificate (but not private key) retrieval * CRL creation and update * CRL/CA bare endpoints (for cert extensions) * Revocation (both Vault-native and by serial number) * CRL force-rotation endpoint Missing: * OCSP support (can't implement without changes in Vault) * Unit tests Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com> 2015-05-15 16:13:05 +00:00			`"pki": pki.Factory,`
cli: add postgresql 2015-04-19 01:44:23 +00:00			`"transit": transit.Factory,`
commands: enable the mysql secret backend 2015-04-25 19:06:08 +00:00			`"mysql": mysql.Factory,`
shuffling some bits 2015-04-07 20:46:35 +00:00			`},`
server: graceful shutdown for fast failover. Fixes #308 2015-06-18 01:24:56 +00:00			`ShutdownCh: makeShutdownCh(),`
shuffling some bits 2015-04-07 20:46:35 +00:00			`}, nil`
			`},`

command/path-help: rename command, better error if sealed. Fixes #234 2015-06-18 22:56:42 +00:00			`"path-help": func() (cli.Command, error) {`
			`return &command.PathHelpCommand{`
command/help 2015-04-03 05:42:05 +00:00			`Meta: meta,`
			`}, nil`
			`},`

command/auth 2015-03-04 07:34:32 +00:00			`"auth": func() (cli.Command, error) {`
			`return &command.AuthCommand{`
			`Meta: meta,`
credential/github: CLI handler 2015-04-06 16:53:43 +00:00			`Handlers: map[string]command.AuthHandler{`
credentials/userpass: integrate into auth cli 2015-04-19 22:17:24 +00:00			`"github": &credGitHub.CLIHandler{},`
			`"userpass": &credUserpass.CLIHandler{},`
Initial implementation of the LDAP credential backend 2015-05-06 01:54:27 +00:00			`"ldap": &credLdap.CLIHandler{},`
credential/github: CLI handler 2015-04-06 16:53:43 +00:00			`},`
command/auth 2015-03-04 07:34:32 +00:00			`}, nil`
			`},`

command/auth-enable 2015-04-02 00:09:11 +00:00			`"auth-enable": func() (cli.Command, error) {`
			`return &command.AuthEnableCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/auth-disable 2015-04-02 00:14:11 +00:00			`"auth-disable": func() (cli.Command, error) {`
			`return &command.AuthDisableCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/audit-list 2015-04-08 01:19:44 +00:00			`"audit-list": func() (cli.Command, error) {`
			`return &command.AuditListCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/audit-disable 2015-04-08 01:23:28 +00:00			`"audit-disable": func() (cli.Command, error) {`
			`return &command.AuditDisableCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/audit-enable 2015-04-08 05:42:04 +00:00			`"audit-enable": func() (cli.Command, error) {`
			`return &command.AuditEnableCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/key-status: Adding new key-status command 2015-05-28 01:17:02 +00:00			`"key-status": func() (cli.Command, error) {`
			`return &command.KeyStatusCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

Revert "command/policy" This reverts commit da81ab3b4c813b0c207555b9cdf46c6e67319546. 2015-04-02 06:07:49 +00:00			`"policies": func() (cli.Command, error) {`
command/policy-list 2015-04-02 01:45:11 +00:00			`return &command.PolicyListCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/policy-delete 2015-04-19 23:36:11 +00:00			`"policy-delete": func() (cli.Command, error) {`
			`return &command.PolicyDeleteCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/policy-write 2015-04-02 05:58:37 +00:00			`"policy-write": func() (cli.Command, error) {`
			`return &command.PolicyWriteCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/write 2015-03-16 03:35:33 +00:00			`"read": func() (cli.Command, error) {`
			`return &command.ReadCommand{`
command/get,put 2015-03-04 19:08:13 +00:00			`Meta: meta,`
			`}, nil`
			`},`
command/auth 2015-03-04 07:34:32 +00:00
command/write 2015-03-16 03:35:33 +00:00			`"write": func() (cli.Command, error) {`
			`return &command.WriteCommand{`
command/get,put 2015-03-04 19:08:13 +00:00			`Meta: meta,`
			`}, nil`
			`},`
command/auth 2015-03-04 07:34:32 +00:00
command/delete 2015-04-07 18:16:08 +00:00			`"delete": func() (cli.Command, error) {`
			`return &command.DeleteCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/rekey: first pass at rekey 2015-05-28 22:08:09 +00:00			`"rekey": func() (cli.Command, error) {`
			`return &command.RekeyCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/renew 2015-04-14 00:37:39 +00:00			`"renew": func() (cli.Command, error) {`
			`return &command.RenewCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/revoke: revoke 2015-04-01 02:21:02 +00:00			`"revoke": func() (cli.Command, error) {`
			`return &command.RevokeCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/seal 2015-03-04 16:56:10 +00:00			`"seal": func() (cli.Command, error) {`
			`return &command.SealCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command: Rename seal-status to status 2015-04-20 19:11:21 +00:00			`"status": func() (cli.Command, error) {`
			`return &command.StatusCommand{`
command/seal-status 2015-03-13 18:33:17 +00:00			`Meta: meta,`
			`}, nil`
			`},`

command/unseal 2015-03-04 07:57:23 +00:00			`"unseal": func() (cli.Command, error) {`
			`return &command.UnsealCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/mount 2015-03-31 23:28:46 +00:00			`"mount": func() (cli.Command, error) {`
			`return &command.MountCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/mounts 2015-03-16 04:28:31 +00:00			`"mounts": func() (cli.Command, error) {`
			`return &command.MountsCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/remount 2015-04-07 17:46:47 +00:00			`"remount": func() (cli.Command, error) {`
			`return &command.RemountCommand{`
			`Meta: meta,`
			`}, nil`
command/rotate: Adding new rotate command 2015-05-28 17:16:33 +00:00			`},`

			`"rotate": func() (cli.Command, error) {`
			`return &command.RotateCommand{`
			`Meta: meta,`
			`}, nil`
command/remount 2015-04-07 17:46:47 +00:00			`},`

command/unmount 2015-04-07 17:38:51 +00:00			`"unmount": func() (cli.Command, error) {`
			`return &command.UnmountCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/token-create 2015-04-07 21:20:18 +00:00			`"token-create": func() (cli.Command, error) {`
			`return &command.TokenCreateCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

cli: add token-renew 2015-04-20 01:04:24 +00:00			`"token-renew": func() (cli.Command, error) {`
			`return &command.TokenRenewCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

command/token-revoke 2015-04-07 21:36:17 +00:00			`"token-revoke": func() (cli.Command, error) {`
			`return &command.TokenRevokeCommand{`
			`Meta: meta,`
			`}, nil`
			`},`

basic main boilerplate stuff 2015-03-04 07:03:24 +00:00			`"version": func() (cli.Command, error) {`
			`ver := Version`
			`rel := VersionPrerelease`
			`if GitDescribe != "" {`
			`ver = GitDescribe`
			`}`
cli: should be != 2015-05-11 18:45:48 +00:00			`if GitDescribe == "" && rel == "" && VersionPrerelease != "" {`
basic main boilerplate stuff 2015-03-04 07:03:24 +00:00			`rel = "dev"`
			`}`

			`return &command.VersionCommand{`
			`Revision: GitCommit,`
			`Version: ver,`
			`VersionPrerelease: rel,`
cli: make commands more customizable 2015-04-13 00:19:26 +00:00			`Ui: meta.Ui,`
basic main boilerplate stuff 2015-03-04 07:03:24 +00:00			`}, nil`
			`},`
token/disk: implement unencrypted disk store 2015-03-30 16:21:59 +00:00
cli: make commands more customizable 2015-04-13 00:19:26 +00:00			`// The commands below are hidden from the help output`
			`"token-disk": func() (cli.Command, error) {`
			`return &tokenDisk.Command{}, nil`
			`},`
token/disk: implement unencrypted disk store 2015-03-30 16:21:59 +00:00			`}`
basic main boilerplate stuff 2015-03-04 07:03:24 +00:00			`}`
server: graceful shutdown for fast failover. Fixes #308 2015-06-18 01:24:56 +00:00
			`// makeShutdownCh returns a channel that can be used for shutdown`
			`// notifications for commands. This channel will send a message for every`
			`// interrupt or SIGTERM received.`
			`func makeShutdownCh() <-chan struct{} {`
			`resultCh := make(chan struct{})`

			`signalCh := make(chan os.Signal, 4)`
			`signal.Notify(signalCh, os.Interrupt, syscall.SIGTERM)`
			`go func() {`
			`for {`
			`<-signalCh`
			`resultCh <- struct{}{}`
			`}`
			`}()`
			`return resultCh`
			`}`