open-vault/command/write.go

123 lines
3.1 KiB
Go
Raw Normal View History

2015-03-04 19:08:13 +00:00
package command
import (
2015-03-16 03:35:33 +00:00
"fmt"
"io"
"os"
2015-03-04 19:08:13 +00:00
"strings"
2015-04-08 05:30:25 +00:00
"github.com/hashicorp/vault/helper/kv-builder"
2015-03-04 19:08:13 +00:00
)
2015-03-16 03:35:33 +00:00
// WriteCommand is a Command that puts data into the Vault.
type WriteCommand struct {
2015-03-04 19:08:13 +00:00
Meta
// The fields below can be overwritten for tests
testStdin io.Reader
2015-03-04 19:08:13 +00:00
}
2015-03-16 03:35:33 +00:00
func (c *WriteCommand) Run(args []string) int {
var format string
2015-03-16 03:35:33 +00:00
flags := c.Meta.FlagSet("write", FlagSetDefault)
flags.StringVar(&format, "format", "table", "")
2015-03-04 19:08:13 +00:00
flags.Usage = func() { c.Ui.Error(c.Help()) }
if err := flags.Parse(args); err != nil {
return 1
}
2015-03-16 03:35:33 +00:00
args = flags.Args()
2015-04-01 00:16:12 +00:00
if len(args) < 2 {
c.Ui.Error("write expects at least two arguments")
2015-03-16 03:35:33 +00:00
flags.Usage()
return 1
}
path := args[0]
if path[0] == '/' {
path = path[1:]
}
2015-04-01 00:16:12 +00:00
data, err := c.parseData(args[1:])
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error loading data: %s", err))
return 1
}
2015-03-16 03:35:33 +00:00
client, err := c.Client()
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error initializing client: %s", err))
return 2
}
secret, err := client.Logical().Write(path, data)
if err != nil {
2015-03-16 03:35:33 +00:00
c.Ui.Error(fmt.Sprintf(
"Error writing data to %s: %s", path, err))
return 1
}
if secret == nil {
c.Ui.Output(fmt.Sprintf("Success! Data written to: %s", path))
return 0
}
return OutputSecret(c.Ui, format, secret)
2015-03-04 19:08:13 +00:00
}
2015-04-01 00:16:12 +00:00
func (c *WriteCommand) parseData(args []string) (map[string]interface{}, error) {
2015-04-08 05:30:25 +00:00
var stdin io.Reader = os.Stdin
if c.testStdin != nil {
stdin = c.testStdin
}
builder := &kvbuilder.Builder{Stdin: stdin}
if err := builder.Add(args...); err != nil {
return nil, err
2015-04-01 00:16:12 +00:00
}
2015-04-08 05:30:25 +00:00
return builder.Map(), nil
2015-04-01 00:16:12 +00:00
}
2015-03-16 03:35:33 +00:00
func (c *WriteCommand) Synopsis() string {
return "Write secrets or configuration into Vault"
2015-03-04 19:08:13 +00:00
}
2015-03-16 03:35:33 +00:00
func (c *WriteCommand) Help() string {
2015-03-04 19:08:13 +00:00
helpText := `
2015-04-01 00:16:12 +00:00
Usage: vault write [options] path [data]
2015-03-04 19:08:13 +00:00
Write data (secrets or configuration) into Vault.
2015-03-16 03:35:33 +00:00
Write sends data into Vault at the given path. The behavior of the write
2015-03-04 19:08:13 +00:00
is determined by the backend at the given path. For example, writing
to "aws/policy/ops" will create an "ops" IAM policy for the AWS backend
(configuration), but writing to "consul/foo" will write a value directly
into Consul at that key. Check the documentation of the logical backend
you're using for more information on key structure.
2015-04-01 00:16:12 +00:00
Data is sent via additional arguments in "key=value" pairs. If value
begins with an "@", then it is loaded from a file. If you want to start
the value with a literal "@", then prefix the "@" with a slash: "\@".
2015-03-04 19:08:13 +00:00
General Options:
2015-04-28 16:15:38 +00:00
-address=addr The address of the Vault server.
2015-03-04 19:08:13 +00:00
-ca-cert=path Path to a PEM encoded CA cert file to use to
verify the Vault server SSL certificate.
-ca-path=path Path to a directory of PEM encoded CA cert files
to verify the Vault server SSL certificate. If both
-ca-cert and -ca-path are specified, -ca-path is used.
-insecure Do not verify TLS certificate. This is highly
not recommended. This is especially not recommended
for unsealing a vault.
`
return strings.TrimSpace(helpText)
}