2015-04-02 05:58:37 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
"os"
|
|
|
|
"strings"
|
2016-04-01 17:16:05 +00:00
|
|
|
|
2017-09-05 04:03:29 +00:00
|
|
|
"github.com/mitchellh/cli"
|
|
|
|
"github.com/posener/complete"
|
2015-04-02 05:58:37 +00:00
|
|
|
)
|
|
|
|
|
2017-09-05 04:03:29 +00:00
|
|
|
var _ cli.Command = (*PolicyWriteCommand)(nil)
|
|
|
|
var _ cli.CommandAutocomplete = (*PolicyWriteCommand)(nil)
|
|
|
|
|
2015-04-02 05:58:37 +00:00
|
|
|
type PolicyWriteCommand struct {
|
2017-09-05 04:03:29 +00:00
|
|
|
*BaseCommand
|
|
|
|
|
|
|
|
testStdin io.Reader // for tests
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *PolicyWriteCommand) Synopsis() string {
|
2017-09-08 02:00:21 +00:00
|
|
|
return "Uploads a named policy from a file"
|
2017-09-05 04:03:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *PolicyWriteCommand) Help() string {
|
|
|
|
helpText := `
|
2017-09-08 02:00:21 +00:00
|
|
|
Usage: vault policy write [options] NAME PATH
|
2017-09-05 04:03:29 +00:00
|
|
|
|
2017-09-08 02:00:21 +00:00
|
|
|
Uploads a policy with name NAME from the contents of a local file PATH or
|
|
|
|
stdin. If PATH is "-", the policy is read from stdin. Otherwise, it is
|
|
|
|
loaded from the file at the given path on the local disk.
|
2017-09-05 04:03:29 +00:00
|
|
|
|
2017-09-08 02:00:21 +00:00
|
|
|
Upload a policy named "my-policy" from "/tmp/policy.hcl" on the local disk:
|
2017-09-05 04:03:29 +00:00
|
|
|
|
2017-09-08 02:00:21 +00:00
|
|
|
$ vault policy write my-policy /tmp/policy.hcl
|
2017-09-05 04:03:29 +00:00
|
|
|
|
|
|
|
Upload a policy from stdin:
|
|
|
|
|
2017-09-08 02:00:21 +00:00
|
|
|
$ cat my-policy.hcl | vault policy write my-policy -
|
2017-09-05 04:03:29 +00:00
|
|
|
|
|
|
|
` + c.Flags().Help()
|
|
|
|
|
|
|
|
return strings.TrimSpace(helpText)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *PolicyWriteCommand) Flags() *FlagSets {
|
|
|
|
return c.flagSet(FlagSetHTTP)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *PolicyWriteCommand) AutocompleteArgs() complete.Predictor {
|
|
|
|
return complete.PredictFunc(func(args complete.Args) []string {
|
|
|
|
// Predict the LAST argument hcl files - we don't want to predict the
|
|
|
|
// name argument as a filepath.
|
|
|
|
if len(args.All) == 3 {
|
|
|
|
return complete.PredictFiles("*.hcl").Predict(args)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *PolicyWriteCommand) AutocompleteFlags() complete.Flags {
|
|
|
|
return c.Flags().Completions()
|
2015-04-02 05:58:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *PolicyWriteCommand) Run(args []string) int {
|
2017-09-05 04:03:29 +00:00
|
|
|
f := c.Flags()
|
|
|
|
|
|
|
|
if err := f.Parse(args); err != nil {
|
|
|
|
c.UI.Error(err.Error())
|
2015-04-02 05:58:37 +00:00
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2017-09-05 04:03:29 +00:00
|
|
|
args = f.Args()
|
|
|
|
switch {
|
|
|
|
case len(args) < 2:
|
|
|
|
c.UI.Error(fmt.Sprintf("Not enough arguments (expected 2, got %d)", len(args)))
|
|
|
|
return 1
|
|
|
|
case len(args) > 2:
|
|
|
|
c.UI.Error(fmt.Sprintf("Too many arguments (expected 2, got %d)", len(args)))
|
2015-04-02 05:58:37 +00:00
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
client, err := c.Client()
|
|
|
|
if err != nil {
|
2017-09-05 04:03:29 +00:00
|
|
|
c.UI.Error(err.Error())
|
2015-04-02 05:58:37 +00:00
|
|
|
return 2
|
|
|
|
}
|
|
|
|
|
2017-08-18 23:47:23 +00:00
|
|
|
// Policies are normalized to lowercase
|
2017-09-05 04:03:29 +00:00
|
|
|
name := strings.TrimSpace(strings.ToLower(args[0]))
|
|
|
|
path := strings.TrimSpace(args[1])
|
2015-04-02 05:58:37 +00:00
|
|
|
|
2017-09-05 04:03:29 +00:00
|
|
|
// Get the policy contents, either from stdin of a file
|
|
|
|
var reader io.Reader
|
|
|
|
if path == "-" {
|
|
|
|
reader = os.Stdin
|
|
|
|
if c.testStdin != nil {
|
|
|
|
reader = c.testStdin
|
|
|
|
}
|
|
|
|
} else {
|
2015-04-02 05:58:37 +00:00
|
|
|
file, err := os.Open(path)
|
|
|
|
if err != nil {
|
2017-09-05 04:03:29 +00:00
|
|
|
c.UI.Error(fmt.Sprintf("Error opening policy file: %s", err))
|
|
|
|
return 2
|
2015-04-02 05:58:37 +00:00
|
|
|
}
|
|
|
|
defer file.Close()
|
2017-09-05 04:03:29 +00:00
|
|
|
reader = file
|
2015-04-02 05:58:37 +00:00
|
|
|
}
|
2017-09-05 04:03:29 +00:00
|
|
|
|
|
|
|
// Read the policy
|
2015-04-02 05:58:37 +00:00
|
|
|
var buf bytes.Buffer
|
2017-09-05 04:03:29 +00:00
|
|
|
if _, err := io.Copy(&buf, reader); err != nil {
|
|
|
|
c.UI.Error(fmt.Sprintf("Error reading policy: %s", err))
|
|
|
|
return 2
|
2015-04-02 05:58:37 +00:00
|
|
|
}
|
|
|
|
rules := buf.String()
|
|
|
|
|
|
|
|
if err := client.Sys().PutPolicy(name, rules); err != nil {
|
2017-09-05 04:03:29 +00:00
|
|
|
c.UI.Error(fmt.Sprintf("Error uploading policy: %s", err))
|
|
|
|
return 2
|
2015-04-02 05:58:37 +00:00
|
|
|
}
|
|
|
|
|
2017-09-05 04:03:29 +00:00
|
|
|
c.UI.Output(fmt.Sprintf("Success! Uploaded policy: %s", name))
|
2015-04-02 05:58:37 +00:00
|
|
|
return 0
|
|
|
|
}
|