open-vault/command/auth_disable.go

93 lines
2.1 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
2015-04-02 00:14:11 +00:00
package command
import (
"fmt"
"strings"
2016-04-01 17:16:05 +00:00
2017-09-05 03:59:33 +00:00
"github.com/mitchellh/cli"
"github.com/posener/complete"
2015-04-02 00:14:11 +00:00
)
var (
_ cli.Command = (*AuthDisableCommand)(nil)
_ cli.CommandAutocomplete = (*AuthDisableCommand)(nil)
)
2017-09-05 03:59:33 +00:00
2015-04-02 00:14:11 +00:00
type AuthDisableCommand struct {
2017-09-05 03:59:33 +00:00
*BaseCommand
}
func (c *AuthDisableCommand) Synopsis() string {
2017-09-08 01:56:39 +00:00
return "Disables an auth method"
2017-09-05 03:59:33 +00:00
}
func (c *AuthDisableCommand) Help() string {
helpText := `
2017-09-08 01:56:39 +00:00
Usage: vault auth disable [options] PATH
2017-09-05 03:59:33 +00:00
2017-09-08 01:56:39 +00:00
Disables an existing auth method at the given PATH. The argument corresponds
to the PATH of the mount, not the TYPE!. Once the auth method is disabled its
path can no longer be used to authenticate.
2017-09-05 03:59:33 +00:00
2017-09-08 01:56:39 +00:00
All access tokens generated via the disabled auth method are immediately
revoked. This command will block until all tokens are revoked.
2017-09-05 03:59:33 +00:00
2017-09-08 01:56:39 +00:00
Disable the auth method at userpass/:
2017-09-05 03:59:33 +00:00
2017-09-08 01:56:39 +00:00
$ vault auth disable userpass/
2017-09-05 03:59:33 +00:00
` + c.Flags().Help()
return strings.TrimSpace(helpText)
}
func (c *AuthDisableCommand) Flags() *FlagSets {
return c.flagSet(FlagSetHTTP)
}
func (c *AuthDisableCommand) AutocompleteArgs() complete.Predictor {
return c.PredictVaultAuths()
}
func (c *AuthDisableCommand) AutocompleteFlags() complete.Flags {
return c.Flags().Completions()
2015-04-02 00:14:11 +00:00
}
func (c *AuthDisableCommand) Run(args []string) int {
2017-09-05 03:59:33 +00:00
f := c.Flags()
if err := f.Parse(args); err != nil {
c.UI.Error(err.Error())
2015-04-02 00:14:11 +00:00
return 1
}
2017-09-05 03:59:33 +00:00
args = f.Args()
switch {
case len(args) < 1:
c.UI.Error(fmt.Sprintf("Not enough arguments (expected 1, got %d)", len(args)))
return 1
case len(args) > 1:
c.UI.Error(fmt.Sprintf("Too many arguments (expected 1, got %d)", len(args)))
2015-04-02 00:14:11 +00:00
return 1
}
2017-09-05 03:59:33 +00:00
path := ensureTrailingSlash(sanitizePath(args[0]))
2015-04-02 00:14:11 +00:00
client, err := c.Client()
if err != nil {
2017-09-05 03:59:33 +00:00
c.UI.Error(err.Error())
2015-04-02 00:14:11 +00:00
return 2
}
if err := client.Sys().DisableAuth(path); err != nil {
2017-09-08 01:56:39 +00:00
c.UI.Error(fmt.Sprintf("Error disabling auth method at %s: %s", path, err))
2015-04-02 00:14:11 +00:00
return 2
}
2017-09-08 01:56:39 +00:00
c.UI.Output(fmt.Sprintf("Success! Disabled the auth method (if it existed) at: %s", path))
2015-04-02 00:14:11 +00:00
return 0
}