open-vault/command/list.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package command

import (
	"fmt"
	"strings"

	"github.com/mitchellh/cli"
	"github.com/posener/complete"
)

var (
	_ cli.Command             = (*ListCommand)(nil)
	_ cli.CommandAutocomplete = (*ListCommand)(nil)
)

type ListCommand struct {
	*BaseCommand
}

func (c *ListCommand) Synopsis() string {
	return "List data or secrets"
}

func (c *ListCommand) Help() string {
	helpText := `

Usage: vault list [options] PATH

  Lists data from Vault at the given path. This can be used to list keys in a,
  given secret engine.

  List values under the "my-app" folder of the generic secret engine:

      $ vault list secret/my-app/

  For a full list of examples and paths, please see the documentation that
  corresponds to the secret engine in use. Not all engines support listing.

` + c.Flags().Help()

	return strings.TrimSpace(helpText)
}

func (c *ListCommand) Flags() *FlagSets {
	set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat | FlagSetOutputDetailed)
	return set
}

func (c *ListCommand) AutocompleteArgs() complete.Predictor {
	return c.PredictVaultFolders()
}

func (c *ListCommand) AutocompleteFlags() complete.Flags {
	return c.Flags().Completions()
}

func (c *ListCommand) Run(args []string) int {
	f := c.Flags()

	if err := f.Parse(args); err != nil {
		c.UI.Error(err.Error())
		return 1
	}

	args = f.Args()
	switch {
	case len(args) < 1:
		c.UI.Error(fmt.Sprintf("Not enough arguments (expected 1, got %d)", len(args)))
		return 1
	case len(args) > 1:
		c.UI.Error(fmt.Sprintf("Too many arguments (expected 1, got %d)", len(args)))
		return 1
	}

	client, err := c.Client()
	if err != nil {
		c.UI.Error(err.Error())
		return 2
	}

	path := sanitizePath(args[0])
	secret, err := client.Logical().List(path)
	if err != nil {
		c.UI.Error(fmt.Sprintf("Error listing %s: %s", path, err))
		return 2
	}

	// If the secret is wrapped, return the wrapped response.
	if secret != nil && secret.WrapInfo != nil && secret.WrapInfo.TTL != 0 {
		return OutputSecret(c.UI, secret)
	}

	_, ok := extractListData(secret)
	if Format(c.UI) != "table" {
		if secret == nil || secret.Data == nil || !ok {
			OutputData(c.UI, map[string]interface{}{})
			return 2
		}
	}

	if secret == nil {
		c.UI.Error(fmt.Sprintf("No value found at %s", path))
		return 2
	}
	if secret.Data == nil {
		// If secret wasn't nil, we have warnings, so output them anyways. We
		// may also have non-keys info.
		return OutputSecret(c.UI, secret)
	}

	if !ok {
		c.UI.Error(fmt.Sprintf("No entries found at %s", path))
		return 2
	}

	return OutputList(c.UI, secret)
}
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 16:00:52 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

Updates and documentation 2016-01-14 19:18:27 +00:00			`package command`

			`import (`
			`"fmt"`
			`"strings"`

Update list command 2017-09-05 04:02:15 +00:00			`"github.com/mitchellh/cli"`
			`"github.com/posener/complete"`
Updates and documentation 2016-01-14 19:18:27 +00:00			`)`

Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`var (`
			`_ cli.Command = (*ListCommand)(nil)`
			`_ cli.CommandAutocomplete = (*ListCommand)(nil)`
			`)`
Update list command 2017-09-05 04:02:15 +00:00
Updates and documentation 2016-01-14 19:18:27 +00:00			`type ListCommand struct {`
Update list command 2017-09-05 04:02:15 +00:00			`*BaseCommand`
			`}`

			`func (c *ListCommand) Synopsis() string {`
Update list command 2017-09-08 01:59:46 +00:00			`return "List data or secrets"`
Update list command 2017-09-05 04:02:15 +00:00			`}`

			`func (c *ListCommand) Help() string {`
			helpText := `

			`Usage: vault list [options] PATH`

			`Lists data from Vault at the given path. This can be used to list keys in a,`
Update list command 2017-09-08 01:59:46 +00:00			`given secret engine.`
Update list command 2017-09-05 04:02:15 +00:00
Update list command 2017-09-08 01:59:46 +00:00			`List values under the "my-app" folder of the generic secret engine:`
Update list command 2017-09-05 04:02:15 +00:00
			`$ vault list secret/my-app/`

			`For a full list of examples and paths, please see the documentation that`
Update list command 2017-09-08 01:59:46 +00:00			`corresponds to the secret engine in use. Not all engines support listing.`
Update list command 2017-09-05 04:02:15 +00:00
			` + c.Flags().Help()

			`return strings.TrimSpace(helpText)`
			`}`

			`func (c ListCommand) Flags() FlagSets {`
Vault CLI: show detailed information with ListResponseWithInfo (#15417) * CLI: Add ability to display ListResponseWithInfos The Vault Server API includes a ListResponseWithInfo call, allowing LIST responses to contain additional information about their keys. This is in a key=value mapping format (both for each key, to get the additional metadata, as well as within each metadata). Expand the `vault list` CLI command with a `-detailed` flag (and env var VAULT_DETAILED_LISTS) to print this additional metadata. This looks roughly like the following: $ vault list -detailed pki/issuers Keys issuer_name ---- ----------- 0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7 n/a 35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0 n/a 382fad1e-e99c-9c54-e147-bb1faa8033d3 n/a 8bb4a793-2ad9-460c-9fa8-574c84a981f7 n/a 8bd231d7-20e2-f21f-ae1a-7aa3319715e7 n/a 9425d51f-cb81-426d-d6ad-5147d092094e n/a ae679732-b497-ab0d-3220-806a2b9d81ed n/a c5a44a1f-2ae4-2140-3acf-74b2609448cc utf8 d41d2419-efce-0e36-c96b-e91179a24dc1 something Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Allow detailed printing of LIST responses in JSON When using the JSON formatter, only the absolute list of keys were returned. Reuse the `-detailed` flag value for the `-format=json` list response printer, allowing us to show the complete API response returned by Vault. This returns something like the following: { "request_id": "e9a25dcd-b67a-97d7-0f08-3670918ef3ff", "lease_id": "", "lease_duration": 0, "renewable": false, "data": { "key_info": { "0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7": { "issuer_name": "" }, "35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0": { "issuer_name": "" }, "382fad1e-e99c-9c54-e147-bb1faa8033d3": { "issuer_name": "" }, "8bb4a793-2ad9-460c-9fa8-574c84a981f7": { "issuer_name": "" }, "8bd231d7-20e2-f21f-ae1a-7aa3319715e7": { "issuer_name": "" }, "9425d51f-cb81-426d-d6ad-5147d092094e": { "issuer_name": "" }, "ae679732-b497-ab0d-3220-806a2b9d81ed": { "issuer_name": "" }, "c5a44a1f-2ae4-2140-3acf-74b2609448cc": { "issuer_name": "utf8" }, "d41d2419-efce-0e36-c96b-e91179a24dc1": { "issuer_name": "something" } }, "keys": [ "0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7", "35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0", "382fad1e-e99c-9c54-e147-bb1faa8033d3", "8bb4a793-2ad9-460c-9fa8-574c84a981f7", "8bd231d7-20e2-f21f-ae1a-7aa3319715e7", "9425d51f-cb81-426d-d6ad-5147d092094e", "ae679732-b497-ab0d-3220-806a2b9d81ed", "c5a44a1f-2ae4-2140-3acf-74b2609448cc", "d41d2419-efce-0e36-c96b-e91179a24dc1" ] }, "warnings": null } Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use field on UI rather than secret.Data Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Only include headers from visitable key_infos Certain API endpoints return data from non-visitable key_infos, by virtue of using a hand-rolled response. Limit our headers to those from visitable key_infos. This means we won't return entire columns with n/a entries, if no key matches the key_info key that includes that header. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use setupEnv sourced detailed info Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Fix changelog environment variable Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Fix broken tests using setupEnv Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> 2022-05-18 17:00:50 +00:00			`set := c.flagSet(FlagSetHTTP \| FlagSetOutputFormat \| FlagSetOutputDetailed)`
			`return set`
Update list command 2017-09-05 04:02:15 +00:00			`}`

			`func (c *ListCommand) AutocompleteArgs() complete.Predictor {`
			`return c.PredictVaultFolders()`
			`}`

			`func (c *ListCommand) AutocompleteFlags() complete.Flags {`
			`return c.Flags().Completions()`
Updates and documentation 2016-01-14 19:18:27 +00:00			`}`

			`func (c *ListCommand) Run(args []string) int {`
Update list command 2017-09-05 04:02:15 +00:00			`f := c.Flags()`
Updates and documentation 2016-01-14 19:18:27 +00:00
Update list command 2017-09-05 04:02:15 +00:00			`if err := f.Parse(args); err != nil {`
			`c.UI.Error(err.Error())`
Updates and documentation 2016-01-14 19:18:27 +00:00			`return 1`
			`}`

Update list command 2017-09-05 04:02:15 +00:00			`args = f.Args()`
Update list command 2017-09-08 01:59:46 +00:00			`switch {`
			`case len(args) < 1:`
			`c.UI.Error(fmt.Sprintf("Not enough arguments (expected 1, got %d)", len(args)))`
Update list command 2017-09-05 04:02:15 +00:00			`return 1`
Update list command 2017-09-08 01:59:46 +00:00			`case len(args) > 1:`
Update list command 2017-09-05 04:02:15 +00:00			`c.UI.Error(fmt.Sprintf("Too many arguments (expected 1, got %d)", len(args)))`
			`return 1`
On the CLI, ensure listing ends with /. 2016-02-04 02:08:46 +00:00			`}`

Updates and documentation 2016-01-14 19:18:27 +00:00			`client, err := c.Client()`
			`if err != nil {`
Update list command 2017-09-05 04:02:15 +00:00			`c.UI.Error(err.Error())`
Updates and documentation 2016-01-14 19:18:27 +00:00			`return 2`
			`}`

address various issues with the output-policy flag (#19160) * update error message and properly handle list requests * since we do agressive sanitizes we need to optionally check trailing slash * added changelog record * remove redundant path formating * Update changelog/13106.txt Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * addressed comments from review * also remove code that duplicates efforts in kv_list * abstracted helper func for testing * added test cases for the policy builder * updated the changelog to the correct one * removed calls that apear not to do anything given test case results * fixed spacing issue in output string * remove const representation of list url param * addressed comments for pr --------- Co-authored-by: lursu <leland.ursu@hashicorp.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> 2023-02-21 15:12:45 +00:00			`path := sanitizePath(args[0])`
Update list command 2017-09-05 04:02:15 +00:00			`secret, err := client.Logical().List(path)`
Updates and documentation 2016-01-14 19:18:27 +00:00			`if err != nil {`
Update list command 2017-09-05 04:02:15 +00:00			`c.UI.Error(fmt.Sprintf("Error listing %s: %s", path, err))`
			`return 2`
Updates and documentation 2016-01-14 19:18:27 +00:00			`}`
Audit listing with format json returns json, not a string (#6776) * Audit listing with format json returns json, not a string Fixes #6775 * list, kv list and namespace list with format json returns json, not a string * Changed audit list return code to 2 which aligns with other list commands return codes 2019-06-04 17:36:34 +00:00
Make the `list` and `kv list` commands work with wrapping, e.g. for controlgroups (#12031) 2021-07-09 16:08:58 +00:00			`// If the secret is wrapped, return the wrapped response.`
			`if secret != nil && secret.WrapInfo != nil && secret.WrapInfo.TTL != 0 {`
			`return OutputSecret(c.UI, secret)`
			`}`

Audit listing with format json returns json, not a string (#6776) * Audit listing with format json returns json, not a string Fixes #6775 * list, kv list and namespace list with format json returns json, not a string * Changed audit list return code to 2 which aligns with other list commands return codes 2019-06-04 17:36:34 +00:00			`_, ok := extractListData(secret)`
			`if Format(c.UI) != "table" {`
			`if secret == nil \|\| secret.Data == nil \|\| !ok {`
			`OutputData(c.UI, map[string]interface{}{})`
			`return 2`
			`}`
			`}`

Allow returning warnings and other data in 404s in the Go API (#4256) * Allow returning list information and other data in 404s. On read it'll output data and/or warnings on a 404 if they exist. On list, the same behavior; the actual 'vault list' command doesn't change behavior though in terms of output unless there are no actual keys (so it doesn't just magically show other data). This corrects some assumptions in response_util and wrapping.go; it also corrects a few places in the latter where it could leak a (useless) token in some error cases. * Use same 404 logic in delete/put too * Add the same secret parsing logic to the KV request functions 2018-04-04 02:35:45 +00:00			`if secret == nil {`
Update list command 2017-09-05 04:02:15 +00:00			`c.UI.Error(fmt.Sprintf("No value found at %s", path))`
			`return 2`
Updates and documentation 2016-01-14 19:18:27 +00:00			`}`
Allow returning warnings and other data in 404s in the Go API (#4256) * Allow returning list information and other data in 404s. On read it'll output data and/or warnings on a 404 if they exist. On list, the same behavior; the actual 'vault list' command doesn't change behavior though in terms of output unless there are no actual keys (so it doesn't just magically show other data). This corrects some assumptions in response_util and wrapping.go; it also corrects a few places in the latter where it could leak a (useless) token in some error cases. * Use same 404 logic in delete/put too * Add the same secret parsing logic to the KV request functions 2018-04-04 02:35:45 +00:00			`if secret.Data == nil {`
			`// If secret wasn't nil, we have warnings, so output them anyways. We`
			`// may also have non-keys info.`
			`return OutputSecret(c.UI, secret)`
			`}`
Update list command 2017-09-05 04:02:15 +00:00
Audit listing with format json returns json, not a string (#6776) * Audit listing with format json returns json, not a string Fixes #6775 * list, kv list and namespace list with format json returns json, not a string * Changed audit list return code to 2 which aligns with other list commands return codes 2019-06-04 17:36:34 +00:00			`if !ok {`
Update list command 2017-09-05 04:02:15 +00:00			`c.UI.Error(fmt.Sprintf("No entries found at %s", path))`
			`return 2`
Updates and documentation 2016-01-14 19:18:27 +00:00			`}`

CLI Enhancements (#3897) * Use Colored UI if stdout is a tty * Add format options to operator unseal * Add format test on operator unseal * Add -no-color output flag, and use BasicUi if no-color flag is provided * Move seal status formatting logic to OutputSealStatus * Apply no-color to warnings from DeprecatedCommands as well * Add OutputWithFormat to support arbitrary data, add format option to auth list * Add ability to output arbitrary list data on TableFormatter * Clear up switch logic on format * Add format option for list-related commands * Add format option to rest of commands that returns a client API response * Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead * Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead * Remove -no-color flag, use env var exclusively to toggle colored output * Fix compile * Remove -no-color flag in main.go * Add missing FlagSetOutputFormat * Fix generate-root/decode test * Migrate init functions to main.go * Add no-color flag back as hidden * Handle non-supported data types for TableFormatter.OutputList * Pull formatting much further up to remove the need to use c.flagFormat (#3950) * Pull formatting much further up to remove the need to use c.flagFormat Also remove OutputWithFormat as the logic can cause issues. * Use const for env var * Minor updates * Remove unnecessary check * Fix SSH output and some tests * Fix tests * Make race detector not run on generate root since it kills Travis these days * Update docs * Update docs * Address review feedback * Handle --format as well as -format 2018-02-12 23:12:16 +00:00			`return OutputList(c.UI, secret)`
Updates and documentation 2016-01-14 19:18:27 +00:00			`}`