open-vault/command/revoke.go

package command

import (
	"fmt"
	"strings"
)

// RevokeCommand is a Command that mounts a new mount.
type RevokeCommand struct {
	Meta
}

func (c *RevokeCommand) Run(args []string) int {
	var prefix bool
	flags := c.Meta.FlagSet("revoke", FlagSetDefault)
	flags.BoolVar(&prefix, "prefix", false, "")
	flags.Usage = func() { c.Ui.Error(c.Help()) }
	if err := flags.Parse(args); err != nil {
		return 1
	}

	args = flags.Args()
	if len(args) != 1 {
		flags.Usage()
		c.Ui.Error(fmt.Sprintf(
			"\nRevoke expects one argument: the ID to revoke"))
		return 1
	}
	leaseId := args[0]

	client, err := c.Client()
	if err != nil {
		c.Ui.Error(fmt.Sprintf(
			"Error initializing client: %s", err))
		return 2
	}

	if prefix {
		err = client.Sys().RevokePrefix(leaseId)
	} else {
		err = client.Sys().Revoke(leaseId)
	}
	if err != nil {
		c.Ui.Error(fmt.Sprintf(
			"Revoke error: %s", err))
		return 1
	}

	c.Ui.Output(fmt.Sprintf("Key revoked with ID '%s'.", leaseId))
	return 0
}

func (c *RevokeCommand) Synopsis() string {
	return "Revoke a secret."
}

func (c *RevokeCommand) Help() string {
	helpText := `
Usage: vault revoke [options] id

  Revoke a secret by its lease ID.

  This command revokes a secret by its lease ID that was returned
  with it. Once the key is revoked, it is no longer valid.

  With the -prefix flag, the revoke is done by prefix: any secret prefixed
  with the given partial ID is revoked. Lease IDs are structured in such
  a way to make revocation of prefixes useful.

General Options:

  -address=addr           The address of the Vault server.

  -ca-cert=path           Path to a PEM encoded CA cert file to use to
                          verify the Vault server SSL certificate.

  -ca-path=path           Path to a directory of PEM encoded CA cert files
                          to verify the Vault server SSL certificate. If both
                          -ca-cert and -ca-path are specified, -ca-path is used.

  -tls-skip-verify        Do not verify TLS certificate. This is highly
                          not recommended. This is especially not recommended
                          for unsealing a vault.

Revoke Options:

  -prefix=true            Revoke all secrets with the matching prefix. This
                          defaults to false: an exact revocation.

`
	return strings.TrimSpace(helpText)
}
command/revoke: revoke 2015-04-01 02:21:02 +00:00			`package command`

			`import (`
			`"fmt"`
			`"strings"`
			`)`

			`// RevokeCommand is a Command that mounts a new mount.`
			`type RevokeCommand struct {`
			`Meta`
			`}`

			`func (c *RevokeCommand) Run(args []string) int {`
			`var prefix bool`
			`flags := c.Meta.FlagSet("revoke", FlagSetDefault)`
			`flags.BoolVar(&prefix, "prefix", false, "")`
			`flags.Usage = func() { c.Ui.Error(c.Help()) }`
			`if err := flags.Parse(args); err != nil {`
			`return 1`
			`}`

			`args = flags.Args()`
			`if len(args) != 1 {`
			`flags.Usage()`
			`c.Ui.Error(fmt.Sprintf(`
			`"\nRevoke expects one argument: the ID to revoke"))`
			`return 1`
			`}`
command/revoke: rename vars to leaseId 2015-04-11 03:49:10 +00:00			`leaseId := args[0]`
command/revoke: revoke 2015-04-01 02:21:02 +00:00
			`client, err := c.Client()`
			`if err != nil {`
			`c.Ui.Error(fmt.Sprintf(`
			`"Error initializing client: %s", err))`
			`return 2`
			`}`

command/revoke: prefix 2015-04-01 02:33:16 +00:00			`if prefix {`
command/revoke: rename vars to leaseId 2015-04-11 03:49:10 +00:00			`err = client.Sys().RevokePrefix(leaseId)`
command/revoke: prefix 2015-04-01 02:33:16 +00:00			`} else {`
command/revoke: rename vars to leaseId 2015-04-11 03:49:10 +00:00			`err = client.Sys().Revoke(leaseId)`
command/revoke: prefix 2015-04-01 02:33:16 +00:00			`}`
			`if err != nil {`
command/revoke: revoke 2015-04-01 02:21:02 +00:00			`c.Ui.Error(fmt.Sprintf(`
			`"Revoke error: %s", err))`
			`return 1`
			`}`

command/revoke: rename vars to leaseId 2015-04-11 03:49:10 +00:00			`c.Ui.Output(fmt.Sprintf("Key revoked with ID '%s'.", leaseId))`
command/revoke: revoke 2015-04-01 02:21:02 +00:00			`return 0`
			`}`

			`func (c *RevokeCommand) Synopsis() string {`
			`return "Revoke a secret."`
			`}`

			`func (c *RevokeCommand) Help() string {`
			helpText := `
			`Usage: vault revoke [options] id`

rename vault id to lease id all over 2015-04-11 03:35:14 +00:00			`Revoke a secret by its lease ID.`
command/revoke: revoke 2015-04-01 02:21:02 +00:00
rename vault id to lease id all over 2015-04-11 03:35:14 +00:00			`This command revokes a secret by its lease ID that was returned`
command/revoke: revoke 2015-04-01 02:21:02 +00:00			`with it. Once the key is revoked, it is no longer valid.`

			`With the -prefix flag, the revoke is done by prefix: any secret prefixed`
rename vault id to lease id all over 2015-04-11 03:35:14 +00:00			`with the given partial ID is revoked. Lease IDs are structured in such`
command/revoke: revoke 2015-04-01 02:21:02 +00:00			`a way to make revocation of prefixes useful.`

			`General Options:`

command/*: fix spacing 2015-04-28 16:15:21 +00:00			`-address=addr The address of the Vault server.`
command/revoke: revoke 2015-04-01 02:21:02 +00:00
			`-ca-cert=path Path to a PEM encoded CA cert file to use to`
			`verify the Vault server SSL certificate.`

			`-ca-path=path Path to a directory of PEM encoded CA cert files`
			`to verify the Vault server SSL certificate. If both`
			`-ca-cert and -ca-path are specified, -ca-path is used.`

command/*: -tls-skip-verify [GH-130] 2015-05-11 18:01:20 +00:00			`-tls-skip-verify Do not verify TLS certificate. This is highly`
command/revoke: revoke 2015-04-01 02:21:02 +00:00			`not recommended. This is especially not recommended`
			`for unsealing a vault.`

			`Revoke Options:`

			`-prefix=true Revoke all secrets with the matching prefix. This`
			`defaults to false: an exact revocation.`

			`
			`return strings.TrimSpace(helpText)`
			`}`