2015-03-04 07:34:32 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
2017-09-08 01:56:39 +00:00
|
|
|
"flag"
|
2015-05-21 02:43:47 +00:00
|
|
|
"io"
|
2017-09-08 01:56:39 +00:00
|
|
|
"io/ioutil"
|
2015-03-04 07:34:32 +00:00
|
|
|
"strings"
|
2015-03-30 17:55:41 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
"github.com/mitchellh/cli"
|
2015-03-04 07:34:32 +00:00
|
|
|
)
|
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
var _ cli.Command = (*AuthCommand)(nil)
|
2015-04-06 03:50:18 +00:00
|
|
|
|
2015-03-04 07:34:32 +00:00
|
|
|
type AuthCommand struct {
|
2017-09-05 03:59:24 +00:00
|
|
|
*BaseCommand
|
2015-04-06 03:50:18 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
Handlers map[string]LoginHandler
|
2017-09-05 03:59:24 +00:00
|
|
|
|
|
|
|
testStdin io.Reader // for tests
|
2015-03-04 07:34:32 +00:00
|
|
|
}
|
|
|
|
|
2017-09-05 03:59:24 +00:00
|
|
|
func (c *AuthCommand) Synopsis() string {
|
2017-09-08 01:56:39 +00:00
|
|
|
return "Interact with auth methods"
|
2017-09-05 03:59:24 +00:00
|
|
|
}
|
2015-03-04 07:34:32 +00:00
|
|
|
|
2017-09-05 03:59:24 +00:00
|
|
|
func (c *AuthCommand) Help() string {
|
2017-09-08 01:56:39 +00:00
|
|
|
return strings.TrimSpace(`
|
|
|
|
Usage: vault auth <subcommand> [options] [args]
|
2015-05-21 02:43:47 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
This command groups subcommands for interacting with Vault's auth methods.
|
|
|
|
Users can list, enable, disable, and get help for different auth methods.
|
2015-05-23 18:22:35 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
To authenticate to Vault as a user or machine, use the "vault login" command
|
|
|
|
instead. This command is for interacting with the auth methods themselves, not
|
|
|
|
authenticating to Vault.
|
2015-05-21 02:43:47 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
List all enabled auth methods:
|
2015-03-30 17:55:41 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
$ vault auth list
|
2016-09-08 15:14:47 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
Enable a new auth method "userpass";
|
2015-04-06 03:50:18 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
$ vault auth enable userpass
|
2015-04-06 03:50:18 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
Get detailed help information about how to authenticate to a particular auth
|
|
|
|
method:
|
2015-04-06 16:38:16 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
$ vault auth help github
|
2015-06-18 20:48:04 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
Please see the individual subcommand help for detailed usage information.
|
|
|
|
`)
|
2017-09-05 03:59:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *AuthCommand) Run(args []string) int {
|
2017-09-08 01:56:39 +00:00
|
|
|
// If we entered the run method, none of the subcommands picked up. This
|
|
|
|
// means the user is still trying to use auth as "vault auth TOKEN" or
|
|
|
|
// similar, so direct them to vault login instead.
|
|
|
|
//
|
|
|
|
// This run command is a bit messy to maintain BC for a bit. In the future,
|
|
|
|
// it will just be a tiny function, but for now we have to maintain bc.
|
|
|
|
//
|
|
|
|
// Deprecation
|
2017-09-05 03:59:24 +00:00
|
|
|
// TODO: remove in 0.9.0
|
2015-04-06 03:50:18 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
// Parse the args for our deprecations and defer to the proper areas.
|
|
|
|
for _, arg := range args {
|
|
|
|
switch {
|
|
|
|
case strings.HasPrefix(arg, "-methods"):
|
2018-05-23 21:13:39 +00:00
|
|
|
if Format(c.UI) == "table" {
|
|
|
|
c.UI.Warn(wrapAtLength(
|
|
|
|
"WARNING! The -methods flag is deprecated. Please use "+
|
|
|
|
"\"vault auth list\" instead. This flag will be removed in "+
|
|
|
|
"Vault 0.11 (or later).") + "\n")
|
|
|
|
}
|
2017-09-08 01:56:39 +00:00
|
|
|
return (&AuthListCommand{
|
|
|
|
BaseCommand: &BaseCommand{
|
|
|
|
UI: c.UI,
|
|
|
|
client: c.client,
|
|
|
|
},
|
|
|
|
}).Run(nil)
|
|
|
|
case strings.HasPrefix(arg, "-method-help"):
|
2018-05-23 21:13:39 +00:00
|
|
|
if Format(c.UI) == "table" {
|
|
|
|
c.UI.Warn(wrapAtLength(
|
|
|
|
"WARNING! The -method-help flag is deprecated. Please use "+
|
|
|
|
"\"vault auth help\" instead. This flag will be removed in "+
|
|
|
|
"Vault 0.11 (or later).") + "\n")
|
|
|
|
}
|
2018-03-20 18:54:10 +00:00
|
|
|
// Parse the args to pull out the method, suppressing any errors because
|
2017-09-08 01:56:39 +00:00
|
|
|
// there could be other flags that we don't care about.
|
|
|
|
f := flag.NewFlagSet("", flag.ContinueOnError)
|
|
|
|
f.Usage = func() {}
|
|
|
|
f.SetOutput(ioutil.Discard)
|
|
|
|
flagMethod := f.String("method", "", "")
|
|
|
|
f.Parse(args)
|
|
|
|
|
|
|
|
return (&AuthHelpCommand{
|
|
|
|
BaseCommand: &BaseCommand{
|
|
|
|
UI: c.UI,
|
|
|
|
client: c.client,
|
|
|
|
},
|
|
|
|
Handlers: c.Handlers,
|
|
|
|
}).Run([]string{*flagMethod})
|
2017-09-05 03:59:24 +00:00
|
|
|
}
|
|
|
|
}
|
2015-04-06 03:50:18 +00:00
|
|
|
|
2017-09-08 01:56:39 +00:00
|
|
|
// If we got this far, we have an arg or a series of args that should be
|
|
|
|
// passed directly to the new "vault login" command.
|
2018-05-23 21:13:39 +00:00
|
|
|
if Format(c.UI) == "table" {
|
|
|
|
c.UI.Warn(wrapAtLength(
|
|
|
|
"WARNING! The \"vault auth ARG\" command is deprecated and is now a "+
|
|
|
|
"subcommand for interacting with auth methods. To authenticate "+
|
|
|
|
"locally to Vault, use \"vault login\" instead. This backwards "+
|
|
|
|
"compatibility will be removed in Vault 0.11 (or later).") + "\n")
|
|
|
|
}
|
2017-09-08 01:56:39 +00:00
|
|
|
return (&LoginCommand{
|
|
|
|
BaseCommand: &BaseCommand{
|
2018-03-16 17:52:08 +00:00
|
|
|
UI: c.UI,
|
|
|
|
client: c.client,
|
|
|
|
tokenHelper: c.tokenHelper,
|
|
|
|
flagAddress: c.flagAddress,
|
2017-09-08 01:56:39 +00:00
|
|
|
},
|
|
|
|
Handlers: c.Handlers,
|
|
|
|
}).Run(args)
|
2017-08-24 22:23:40 +00:00
|
|
|
}
|