2015-12-29 20:18:59 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"strings"
|
2016-03-10 20:09:16 +00:00
|
|
|
|
|
|
|
"github.com/hashicorp/vault/api"
|
2016-04-01 17:16:05 +00:00
|
|
|
"github.com/hashicorp/vault/meta"
|
2015-12-29 20:18:59 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// TokenLookupCommand is a Command that outputs details about the
|
|
|
|
// provided.
|
|
|
|
type TokenLookupCommand struct {
|
2016-04-01 17:16:05 +00:00
|
|
|
meta.Meta
|
2015-12-29 20:18:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *TokenLookupCommand) Run(args []string) int {
|
|
|
|
var format string
|
2016-03-10 20:09:16 +00:00
|
|
|
var accessor bool
|
2016-04-01 17:16:05 +00:00
|
|
|
flags := c.Meta.FlagSet("token-lookup", meta.FlagSetDefault)
|
2016-03-10 20:09:16 +00:00
|
|
|
flags.BoolVar(&accessor, "accessor", false, "")
|
2015-12-29 20:18:59 +00:00
|
|
|
flags.StringVar(&format, "format", "table", "")
|
|
|
|
flags.Usage = func() { c.Ui.Error(c.Help()) }
|
|
|
|
if err := flags.Parse(args); err != nil {
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
args = flags.Args()
|
|
|
|
if len(args) > 1 {
|
|
|
|
flags.Usage()
|
|
|
|
c.Ui.Error(fmt.Sprintf(
|
|
|
|
"\ntoken-lookup expects at most one argument"))
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
client, err := c.Client()
|
|
|
|
if err != nil {
|
|
|
|
c.Ui.Error(fmt.Sprintf(
|
2016-03-10 20:09:16 +00:00
|
|
|
"error initializing client: %s", err))
|
2015-12-29 20:18:59 +00:00
|
|
|
return 2
|
|
|
|
}
|
|
|
|
|
2016-03-10 20:09:16 +00:00
|
|
|
var secret *api.Secret
|
|
|
|
switch {
|
|
|
|
case !accessor && len(args) == 0:
|
|
|
|
secret, err = client.Auth().Token().LookupSelf()
|
|
|
|
case !accessor && len(args) == 1:
|
|
|
|
secret, err = client.Auth().Token().Lookup(args[0])
|
|
|
|
case accessor && len(args) == 1:
|
|
|
|
secret, err = client.Auth().Token().LookupAccessor(args[0])
|
|
|
|
default:
|
|
|
|
// This happens only when accessor is set and no argument is passed
|
|
|
|
c.Ui.Error(fmt.Sprintf("token-lookup expects an argument when accessor flag is set"))
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2015-12-29 20:18:59 +00:00
|
|
|
if err != nil {
|
|
|
|
c.Ui.Error(fmt.Sprintf(
|
2016-03-10 20:09:16 +00:00
|
|
|
"error looking up token: %s", err))
|
2015-12-29 20:18:59 +00:00
|
|
|
return 1
|
|
|
|
}
|
|
|
|
return OutputSecret(c.Ui, format, secret)
|
|
|
|
}
|
|
|
|
|
|
|
|
func doTokenLookup(args []string, client *api.Client) (*api.Secret, error) {
|
|
|
|
if len(args) == 0 {
|
|
|
|
return client.Auth().Token().LookupSelf()
|
|
|
|
}
|
|
|
|
|
|
|
|
token := args[0]
|
|
|
|
return client.Auth().Token().Lookup(token)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *TokenLookupCommand) Synopsis() string {
|
|
|
|
return "Display information about the specified token"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *TokenLookupCommand) Help() string {
|
|
|
|
helpText := `
|
2016-03-10 22:04:04 +00:00
|
|
|
Usage: vault token-lookup [options] [token|accessor]
|
2015-12-29 20:18:59 +00:00
|
|
|
|
2016-03-10 22:04:04 +00:00
|
|
|
Displays information about the specified token. If no token is specified, the
|
|
|
|
operation is performed on the currently authenticated token i.e. lookup-self.
|
|
|
|
Information about the token can be retrieved using the token accessor via the
|
|
|
|
'-accessor' flag.
|
2015-12-29 20:18:59 +00:00
|
|
|
|
|
|
|
General Options:
|
2016-04-01 20:50:12 +00:00
|
|
|
` + meta.GeneralOptionsUsage() + `
|
2015-12-29 20:18:59 +00:00
|
|
|
Token Lookup Options:
|
2016-03-10 20:09:16 +00:00
|
|
|
-accessor A boolean flag, if set, treats the argument as an accessor of the token.
|
|
|
|
Note that the response of the command when this is set, will not contain
|
|
|
|
the token ID. Accessor is only meant for looking up the token properties
|
|
|
|
(and for revocation via '/auth/token/revoke-accessor/<accessor>' endpoint).
|
2015-12-29 20:18:59 +00:00
|
|
|
|
|
|
|
-format=table The format for output. By default it is a whitespace-
|
|
|
|
delimited table. This can also be json or yaml.
|
|
|
|
|
|
|
|
`
|
|
|
|
return strings.TrimSpace(helpText)
|
|
|
|
}
|