2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2017-09-05 04:05:53 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"os"
|
|
|
|
"os/signal"
|
|
|
|
"syscall"
|
|
|
|
|
|
|
|
"github.com/hashicorp/vault/audit"
|
2018-11-07 01:21:24 +00:00
|
|
|
"github.com/hashicorp/vault/builtin/plugin"
|
2019-04-12 21:54:35 +00:00
|
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
|
|
"github.com/hashicorp/vault/sdk/physical"
|
2022-12-07 18:29:51 +00:00
|
|
|
"github.com/hashicorp/vault/version"
|
2017-09-05 04:05:53 +00:00
|
|
|
"github.com/mitchellh/cli"
|
|
|
|
|
2018-11-07 01:21:24 +00:00
|
|
|
/*
|
|
|
|
The builtinplugins package is initialized here because it, in turn,
|
|
|
|
initializes the database plugins.
|
|
|
|
They register multiple database drivers for the "database/sql" package.
|
|
|
|
*/
|
|
|
|
_ "github.com/hashicorp/vault/helper/builtinplugins"
|
2017-09-05 04:05:53 +00:00
|
|
|
|
|
|
|
auditFile "github.com/hashicorp/vault/builtin/audit/file"
|
|
|
|
auditSocket "github.com/hashicorp/vault/builtin/audit/socket"
|
|
|
|
auditSyslog "github.com/hashicorp/vault/builtin/audit/syslog"
|
|
|
|
|
2018-08-16 19:17:49 +00:00
|
|
|
credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud"
|
2018-01-19 11:03:33 +00:00
|
|
|
credCentrify "github.com/hashicorp/vault-plugin-auth-centrify"
|
2019-08-26 16:55:08 +00:00
|
|
|
credCF "github.com/hashicorp/vault-plugin-auth-cf"
|
2018-01-19 10:56:34 +00:00
|
|
|
credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
|
2019-02-11 21:37:55 +00:00
|
|
|
credOIDC "github.com/hashicorp/vault-plugin-auth-jwt"
|
2019-12-11 19:18:37 +00:00
|
|
|
credKerb "github.com/hashicorp/vault-plugin-auth-kerberos"
|
2019-09-04 23:46:00 +00:00
|
|
|
credOCI "github.com/hashicorp/vault-plugin-auth-oci"
|
2017-09-05 04:05:53 +00:00
|
|
|
credAws "github.com/hashicorp/vault/builtin/credential/aws"
|
|
|
|
credCert "github.com/hashicorp/vault/builtin/credential/cert"
|
|
|
|
credGitHub "github.com/hashicorp/vault/builtin/credential/github"
|
|
|
|
credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
|
|
|
|
credOkta "github.com/hashicorp/vault/builtin/credential/okta"
|
|
|
|
credToken "github.com/hashicorp/vault/builtin/credential/token"
|
|
|
|
credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
|
|
|
|
|
2018-11-07 01:21:24 +00:00
|
|
|
logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
|
|
|
|
logicalDb "github.com/hashicorp/vault/builtin/logical/database"
|
|
|
|
|
2021-01-12 23:26:07 +00:00
|
|
|
physAerospike "github.com/hashicorp/vault/physical/aerospike"
|
2018-08-13 21:03:24 +00:00
|
|
|
physAliCloudOSS "github.com/hashicorp/vault/physical/alicloudoss"
|
2017-09-05 04:05:53 +00:00
|
|
|
physAzure "github.com/hashicorp/vault/physical/azure"
|
|
|
|
physCassandra "github.com/hashicorp/vault/physical/cassandra"
|
|
|
|
physCockroachDB "github.com/hashicorp/vault/physical/cockroachdb"
|
|
|
|
physConsul "github.com/hashicorp/vault/physical/consul"
|
|
|
|
physCouchDB "github.com/hashicorp/vault/physical/couchdb"
|
|
|
|
physDynamoDB "github.com/hashicorp/vault/physical/dynamodb"
|
|
|
|
physEtcd "github.com/hashicorp/vault/physical/etcd"
|
2018-07-16 14:18:09 +00:00
|
|
|
physFoundationDB "github.com/hashicorp/vault/physical/foundationdb"
|
2017-09-05 04:05:53 +00:00
|
|
|
physGCS "github.com/hashicorp/vault/physical/gcs"
|
2018-02-12 23:22:41 +00:00
|
|
|
physManta "github.com/hashicorp/vault/physical/manta"
|
2017-09-05 04:05:53 +00:00
|
|
|
physMSSQL "github.com/hashicorp/vault/physical/mssql"
|
|
|
|
physMySQL "github.com/hashicorp/vault/physical/mysql"
|
2019-09-04 18:33:16 +00:00
|
|
|
physOCI "github.com/hashicorp/vault/physical/oci"
|
2017-09-05 04:05:53 +00:00
|
|
|
physPostgreSQL "github.com/hashicorp/vault/physical/postgresql"
|
2019-06-20 19:14:58 +00:00
|
|
|
physRaft "github.com/hashicorp/vault/physical/raft"
|
2017-09-05 04:05:53 +00:00
|
|
|
physS3 "github.com/hashicorp/vault/physical/s3"
|
2018-02-15 01:31:20 +00:00
|
|
|
physSpanner "github.com/hashicorp/vault/physical/spanner"
|
2017-09-05 04:05:53 +00:00
|
|
|
physSwift "github.com/hashicorp/vault/physical/swift"
|
|
|
|
physZooKeeper "github.com/hashicorp/vault/physical/zookeeper"
|
2019-04-15 18:51:33 +00:00
|
|
|
physFile "github.com/hashicorp/vault/sdk/physical/file"
|
2019-04-13 07:44:06 +00:00
|
|
|
physInmem "github.com/hashicorp/vault/sdk/physical/inmem"
|
2019-12-06 14:46:39 +00:00
|
|
|
|
|
|
|
sr "github.com/hashicorp/vault/serviceregistration"
|
|
|
|
csr "github.com/hashicorp/vault/serviceregistration/consul"
|
2020-02-13 17:56:29 +00:00
|
|
|
ksr "github.com/hashicorp/vault/serviceregistration/kubernetes"
|
2017-09-05 04:05:53 +00:00
|
|
|
)
|
|
|
|
|
2018-02-12 23:12:16 +00:00
|
|
|
const (
|
|
|
|
// EnvVaultCLINoColor is an env var that toggles colored UI output.
|
|
|
|
EnvVaultCLINoColor = `VAULT_CLI_NO_COLOR`
|
|
|
|
// EnvVaultFormat is the output format
|
|
|
|
EnvVaultFormat = `VAULT_FORMAT`
|
2021-06-07 18:44:20 +00:00
|
|
|
// EnvVaultLicense is an env var used in Vault Enterprise to provide a license blob
|
|
|
|
EnvVaultLicense = "VAULT_LICENSE"
|
|
|
|
// EnvVaultLicensePath is an env var used in Vault Enterprise to provide a
|
|
|
|
// path to a license file on disk
|
|
|
|
EnvVaultLicensePath = "VAULT_LICENSE_PATH"
|
Vault CLI: show detailed information with ListResponseWithInfo (#15417)
* CLI: Add ability to display ListResponseWithInfos
The Vault Server API includes a ListResponseWithInfo call, allowing LIST
responses to contain additional information about their keys. This is in
a key=value mapping format (both for each key, to get the additional
metadata, as well as within each metadata).
Expand the `vault list` CLI command with a `-detailed` flag (and env var
VAULT_DETAILED_LISTS) to print this additional metadata. This looks
roughly like the following:
$ vault list -detailed pki/issuers
Keys issuer_name
---- -----------
0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7 n/a
35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0 n/a
382fad1e-e99c-9c54-e147-bb1faa8033d3 n/a
8bb4a793-2ad9-460c-9fa8-574c84a981f7 n/a
8bd231d7-20e2-f21f-ae1a-7aa3319715e7 n/a
9425d51f-cb81-426d-d6ad-5147d092094e n/a
ae679732-b497-ab0d-3220-806a2b9d81ed n/a
c5a44a1f-2ae4-2140-3acf-74b2609448cc utf8
d41d2419-efce-0e36-c96b-e91179a24dc1 something
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Allow detailed printing of LIST responses in JSON
When using the JSON formatter, only the absolute list of keys were
returned. Reuse the `-detailed` flag value for the `-format=json` list
response printer, allowing us to show the complete API response returned
by Vault.
This returns something like the following:
{
"request_id": "e9a25dcd-b67a-97d7-0f08-3670918ef3ff",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"key_info": {
"0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7": {
"issuer_name": ""
},
"35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0": {
"issuer_name": ""
},
"382fad1e-e99c-9c54-e147-bb1faa8033d3": {
"issuer_name": ""
},
"8bb4a793-2ad9-460c-9fa8-574c84a981f7": {
"issuer_name": ""
},
"8bd231d7-20e2-f21f-ae1a-7aa3319715e7": {
"issuer_name": ""
},
"9425d51f-cb81-426d-d6ad-5147d092094e": {
"issuer_name": ""
},
"ae679732-b497-ab0d-3220-806a2b9d81ed": {
"issuer_name": ""
},
"c5a44a1f-2ae4-2140-3acf-74b2609448cc": {
"issuer_name": "utf8"
},
"d41d2419-efce-0e36-c96b-e91179a24dc1": {
"issuer_name": "something"
}
},
"keys": [
"0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7",
"35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0",
"382fad1e-e99c-9c54-e147-bb1faa8033d3",
"8bb4a793-2ad9-460c-9fa8-574c84a981f7",
"8bd231d7-20e2-f21f-ae1a-7aa3319715e7",
"9425d51f-cb81-426d-d6ad-5147d092094e",
"ae679732-b497-ab0d-3220-806a2b9d81ed",
"c5a44a1f-2ae4-2140-3acf-74b2609448cc",
"d41d2419-efce-0e36-c96b-e91179a24dc1"
]
},
"warnings": null
}
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Use field on UI rather than secret.Data
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Only include headers from visitable key_infos
Certain API endpoints return data from non-visitable key_infos, by
virtue of using a hand-rolled response. Limit our headers to those
from visitable key_infos. This means we won't return entire columns with
n/a entries, if no key matches the key_info key that includes that
header.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Use setupEnv sourced detailed info
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix changelog environment variable
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix broken tests using setupEnv
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-18 17:00:50 +00:00
|
|
|
// EnvVaultDetailed is to output detailed information (e.g., ListResponseWithInfo).
|
|
|
|
EnvVaultDetailed = `VAULT_DETAILED`
|
2022-11-29 14:07:04 +00:00
|
|
|
// EnvVaultLogFormat is used to specify the log format. Supported values are "standard" and "json"
|
|
|
|
EnvVaultLogFormat = "VAULT_LOG_FORMAT"
|
2022-11-11 10:59:16 +00:00
|
|
|
// EnvVaultLogLevel is used to specify the log level applied to logging
|
|
|
|
// Supported log levels: Trace, Debug, Error, Warn, Info
|
|
|
|
EnvVaultLogLevel = "VAULT_LOG_LEVEL"
|
2023-01-16 16:07:18 +00:00
|
|
|
// EnvVaultExperiments defines the experiments to enable for a server as a
|
|
|
|
// comma separated list. See experiments.ValidExperiments() for the list of
|
|
|
|
// valid experiments. Not mutable or persisted in storage, only read and
|
|
|
|
// logged at startup _per node_. This was initially introduced for the events
|
|
|
|
// system being developed over multiple release cycles.
|
|
|
|
EnvVaultExperiments = "VAULT_EXPERIMENTS"
|
2018-03-09 19:32:28 +00:00
|
|
|
|
2019-02-28 22:29:28 +00:00
|
|
|
// flagNameAddress is the flag used in the base command to read in the
|
|
|
|
// address of the Vault server.
|
|
|
|
flagNameAddress = "address"
|
|
|
|
// flagnameCACert is the flag used in the base command to read in the CA
|
|
|
|
// cert.
|
|
|
|
flagNameCACert = "ca-cert"
|
|
|
|
// flagnameCAPath is the flag used in the base command to read in the CA
|
|
|
|
// cert path.
|
|
|
|
flagNameCAPath = "ca-path"
|
2021-04-08 16:43:39 +00:00
|
|
|
// flagNameClientCert is the flag used in the base command to read in the
|
|
|
|
// client key
|
2019-03-01 20:11:16 +00:00
|
|
|
flagNameClientKey = "client-key"
|
2021-04-08 16:43:39 +00:00
|
|
|
// flagNameClientCert is the flag used in the base command to read in the
|
|
|
|
// client cert
|
2019-03-01 20:11:16 +00:00
|
|
|
flagNameClientCert = "client-cert"
|
2019-02-28 22:29:28 +00:00
|
|
|
// flagNameTLSSkipVerify is the flag used in the base command to read in
|
|
|
|
// the option to ignore TLS certificate verification.
|
|
|
|
flagNameTLSSkipVerify = "tls-skip-verify"
|
2019-10-29 13:11:01 +00:00
|
|
|
// flagTLSServerName is the flag used in the base command to read in
|
|
|
|
// the TLS server name.
|
|
|
|
flagTLSServerName = "tls-server-name"
|
2018-03-09 19:32:28 +00:00
|
|
|
// flagNameAuditNonHMACRequestKeys is the flag name used for auth/secrets enable
|
|
|
|
flagNameAuditNonHMACRequestKeys = "audit-non-hmac-request-keys"
|
|
|
|
// flagNameAuditNonHMACResponseKeys is the flag name used for auth/secrets enable
|
|
|
|
flagNameAuditNonHMACResponseKeys = "audit-non-hmac-response-keys"
|
2018-07-12 15:15:50 +00:00
|
|
|
// flagNameDescription is the flag name used for tuning the secret and auth mount description parameter
|
|
|
|
flagNameDescription = "description"
|
2018-03-20 03:16:33 +00:00
|
|
|
// flagListingVisibility is the flag to toggle whether to show the mount in the UI-specific listing endpoint
|
|
|
|
flagNameListingVisibility = "listing-visibility"
|
2018-03-21 23:56:47 +00:00
|
|
|
// flagNamePassthroughRequestHeaders is the flag name used to set passthrough request headers to the backend
|
|
|
|
flagNamePassthroughRequestHeaders = "passthrough-request-headers"
|
2019-02-05 21:02:15 +00:00
|
|
|
// flagNameAllowedResponseHeaders is used to set allowed response headers from a plugin
|
|
|
|
flagNameAllowedResponseHeaders = "allowed-response-headers"
|
2018-10-15 16:56:24 +00:00
|
|
|
// flagNameTokenType is the flag name used to force a specific token type
|
|
|
|
flagNameTokenType = "token-type"
|
2021-12-10 17:08:28 +00:00
|
|
|
// flagNameAllowedManagedKeys is the flag name used for auth/secrets enable
|
|
|
|
flagNameAllowedManagedKeys = "allowed-managed-keys"
|
2022-09-22 19:55:46 +00:00
|
|
|
// flagNamePluginVersion selects what version of a plugin should be used.
|
|
|
|
flagNamePluginVersion = "plugin-version"
|
2022-11-01 18:02:07 +00:00
|
|
|
// flagNameUserLockoutThreshold is the flag name used for tuning the auth mount lockout threshold parameter
|
|
|
|
flagNameUserLockoutThreshold = "user-lockout-threshold"
|
|
|
|
// flagNameUserLockoutDuration is the flag name used for tuning the auth mount lockout duration parameter
|
|
|
|
flagNameUserLockoutDuration = "user-lockout-duration"
|
|
|
|
// flagNameUserLockoutCounterResetDuration is the flag name used for tuning the auth mount lockout counter reset parameter
|
|
|
|
flagNameUserLockoutCounterResetDuration = "user-lockout-counter-reset-duration"
|
|
|
|
// flagNameUserLockoutDisable is the flag name used for tuning the auth mount disable lockout parameter
|
|
|
|
flagNameUserLockoutDisable = "user-lockout-disable"
|
2022-09-30 08:29:37 +00:00
|
|
|
// flagNameDisableRedirects is used to prevent the client from honoring a single redirect as a response to a request
|
|
|
|
flagNameDisableRedirects = "disable-redirects"
|
2022-11-29 14:07:04 +00:00
|
|
|
// flagNameCombineLogs is used to specify whether log output should be combined and sent to stdout
|
|
|
|
flagNameCombineLogs = "combine-logs"
|
2022-11-11 10:59:16 +00:00
|
|
|
// flagNameLogFile is used to specify the path to the log file that Vault should use for logging
|
|
|
|
flagNameLogFile = "log-file"
|
2022-11-29 14:07:04 +00:00
|
|
|
// flagNameLogRotateBytes is the flag used to specify the number of bytes a log file should be before it is rotated.
|
|
|
|
flagNameLogRotateBytes = "log-rotate-bytes"
|
|
|
|
// flagNameLogRotateDuration is the flag used to specify the duration after which a log file should be rotated.
|
|
|
|
flagNameLogRotateDuration = "log-rotate-duration"
|
|
|
|
// flagNameLogRotateMaxFiles is the flag used to specify the maximum number of older/archived log files to keep.
|
|
|
|
flagNameLogRotateMaxFiles = "log-rotate-max-files"
|
|
|
|
// flagNameLogFormat is the flag used to specify the log format. Supported values are "standard" and "json"
|
|
|
|
flagNameLogFormat = "log-format"
|
2022-11-11 10:59:16 +00:00
|
|
|
// flagNameLogLevel is used to specify the log level applied to logging
|
|
|
|
// Supported log levels: Trace, Debug, Error, Warn, Info
|
|
|
|
flagNameLogLevel = "log-level"
|
2018-02-12 23:12:16 +00:00
|
|
|
)
|
|
|
|
|
2018-02-01 16:30:04 +00:00
|
|
|
var (
|
|
|
|
auditBackends = map[string]audit.Factory{
|
|
|
|
"file": auditFile.Factory,
|
|
|
|
"socket": auditSocket.Factory,
|
|
|
|
"syslog": auditSyslog.Factory,
|
|
|
|
}
|
|
|
|
|
|
|
|
credentialBackends = map[string]logical.Factory{
|
2018-11-07 01:21:24 +00:00
|
|
|
"plugin": plugin.Factory,
|
2018-02-01 16:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
logicalBackends = map[string]logical.Factory{
|
2018-11-07 01:21:24 +00:00
|
|
|
"plugin": plugin.Factory,
|
|
|
|
"database": logicalDb.Factory,
|
|
|
|
// This is also available in the plugin catalog, but is here due to the need to
|
|
|
|
// automatically mount it.
|
|
|
|
"kv": logicalKv.Factory,
|
2018-02-01 16:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
physicalBackends = map[string]physical.Factory{
|
2021-01-12 23:26:07 +00:00
|
|
|
"aerospike": physAerospike.NewAerospikeBackend,
|
2018-08-13 21:03:24 +00:00
|
|
|
"alicloudoss": physAliCloudOSS.NewAliCloudOSSBackend,
|
2018-02-01 16:30:04 +00:00
|
|
|
"azure": physAzure.NewAzureBackend,
|
|
|
|
"cassandra": physCassandra.NewCassandraBackend,
|
|
|
|
"cockroachdb": physCockroachDB.NewCockroachDBBackend,
|
|
|
|
"consul": physConsul.NewConsulBackend,
|
|
|
|
"couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend,
|
|
|
|
"couchdb": physCouchDB.NewCouchDBBackend,
|
|
|
|
"dynamodb": physDynamoDB.NewDynamoDBBackend,
|
|
|
|
"etcd": physEtcd.NewEtcdBackend,
|
|
|
|
"file_transactional": physFile.NewTransactionalFileBackend,
|
|
|
|
"file": physFile.NewFileBackend,
|
2018-07-16 14:18:09 +00:00
|
|
|
"foundationdb": physFoundationDB.NewFDBBackend,
|
2018-03-30 16:36:37 +00:00
|
|
|
"gcs": physGCS.NewBackend,
|
2018-02-01 16:30:04 +00:00
|
|
|
"inmem_ha": physInmem.NewInmemHA,
|
|
|
|
"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
|
|
|
|
"inmem_transactional": physInmem.NewTransactionalInmem,
|
|
|
|
"inmem": physInmem.NewInmem,
|
2018-02-13 02:01:14 +00:00
|
|
|
"manta": physManta.NewMantaBackend,
|
2018-02-01 16:30:04 +00:00
|
|
|
"mssql": physMSSQL.NewMSSQLBackend,
|
|
|
|
"mysql": physMySQL.NewMySQLBackend,
|
2019-09-04 18:33:16 +00:00
|
|
|
"oci": physOCI.NewBackend,
|
2018-02-01 16:30:04 +00:00
|
|
|
"postgresql": physPostgreSQL.NewPostgreSQLBackend,
|
|
|
|
"s3": physS3.NewS3Backend,
|
2018-02-15 01:31:20 +00:00
|
|
|
"spanner": physSpanner.NewBackend,
|
2018-02-01 16:30:04 +00:00
|
|
|
"swift": physSwift.NewSwiftBackend,
|
2019-06-20 19:14:58 +00:00
|
|
|
"raft": physRaft.NewRaftBackend,
|
2018-02-01 16:30:04 +00:00
|
|
|
"zookeeper": physZooKeeper.NewZooKeeperBackend,
|
|
|
|
}
|
2019-12-06 14:46:39 +00:00
|
|
|
|
|
|
|
serviceRegistrations = map[string]sr.Factory{
|
2020-02-13 17:56:29 +00:00
|
|
|
"consul": csr.NewServiceRegistration,
|
|
|
|
"kubernetes": ksr.NewServiceRegistration,
|
2019-12-06 14:46:39 +00:00
|
|
|
}
|
2021-06-07 18:44:20 +00:00
|
|
|
|
2023-01-31 13:18:21 +00:00
|
|
|
initCommandsEnt = func(ui, serverCmdUi cli.Ui, runOpts *RunOptions, commands map[string]cli.CommandFactory) {}
|
2018-02-01 16:30:04 +00:00
|
|
|
)
|
|
|
|
|
2023-01-31 13:18:21 +00:00
|
|
|
func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.CommandFactory {
|
2017-09-08 02:05:54 +00:00
|
|
|
loginHandlers := map[string]LoginHandler{
|
2018-08-16 19:17:49 +00:00
|
|
|
"alicloud": &credAliCloud.CLIHandler{},
|
2018-02-05 15:56:57 +00:00
|
|
|
"aws": &credAws.CLIHandler{},
|
|
|
|
"centrify": &credCentrify.CLIHandler{},
|
|
|
|
"cert": &credCert.CLIHandler{},
|
2019-09-04 23:46:00 +00:00
|
|
|
"cf": &credCF.CLIHandler{},
|
2018-05-30 00:36:24 +00:00
|
|
|
"gcp": &credGcp.CLIHandler{},
|
2018-02-05 15:56:57 +00:00
|
|
|
"github": &credGitHub.CLIHandler{},
|
2019-12-11 19:18:37 +00:00
|
|
|
"kerberos": &credKerb.CLIHandler{},
|
2018-02-05 15:56:57 +00:00
|
|
|
"ldap": &credLdap.CLIHandler{},
|
2019-09-04 23:46:00 +00:00
|
|
|
"oci": &credOCI.CLIHandler{},
|
2019-02-11 21:37:55 +00:00
|
|
|
"oidc": &credOIDC.CLIHandler{},
|
2018-02-05 15:56:57 +00:00
|
|
|
"okta": &credOkta.CLIHandler{},
|
2019-08-26 16:55:08 +00:00
|
|
|
"pcf": &credCF.CLIHandler{}, // Deprecated.
|
2017-09-05 04:05:53 +00:00
|
|
|
"radius": &credUserpass.CLIHandler{
|
|
|
|
DefaultMount: "radius",
|
|
|
|
},
|
|
|
|
"token": &credToken.CLIHandler{},
|
|
|
|
"userpass": &credUserpass.CLIHandler{
|
|
|
|
DefaultMount: "userpass",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2018-05-23 13:56:47 +00:00
|
|
|
getBaseCommand := func() *BaseCommand {
|
|
|
|
return &BaseCommand{
|
|
|
|
UI: ui,
|
|
|
|
tokenHelper: runOpts.TokenHelper,
|
|
|
|
flagAddress: runOpts.Address,
|
2018-05-23 20:45:17 +00:00
|
|
|
client: runOpts.Client,
|
2018-05-23 13:56:47 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-31 13:18:21 +00:00
|
|
|
commands := map[string]cli.CommandFactory{
|
2018-07-25 02:02:27 +00:00
|
|
|
"agent": func() (cli.Command, error) {
|
|
|
|
return &AgentCommand{
|
|
|
|
BaseCommand: &BaseCommand{
|
|
|
|
UI: serverCmdUi,
|
|
|
|
},
|
|
|
|
ShutdownCh: MakeShutdownCh(),
|
2023-01-10 17:45:34 +00:00
|
|
|
SighupCh: MakeSighupCh(),
|
2018-07-25 02:02:27 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2023-05-19 17:42:19 +00:00
|
|
|
"agent generate-config": func() (cli.Command, error) {
|
|
|
|
return &AgentGenerateConfigCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"audit": func() (cli.Command, error) {
|
|
|
|
return &AuditCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"audit disable": func() (cli.Command, error) {
|
2017-09-05 04:05:53 +00:00
|
|
|
return &AuditDisableCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"audit enable": func() (cli.Command, error) {
|
2017-09-05 04:05:53 +00:00
|
|
|
return &AuditEnableCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"audit list": func() (cli.Command, error) {
|
2017-09-05 04:05:53 +00:00
|
|
|
return &AuditListCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"auth tune": func() (cli.Command, error) {
|
|
|
|
return &AuthTuneCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-05 04:05:53 +00:00
|
|
|
"auth": func() (cli.Command, error) {
|
|
|
|
return &AuthCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"auth disable": func() (cli.Command, error) {
|
2017-09-05 04:05:53 +00:00
|
|
|
return &AuthDisableCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"auth enable": func() (cli.Command, error) {
|
2017-09-05 04:05:53 +00:00
|
|
|
return &AuthEnableCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"auth help": func() (cli.Command, error) {
|
2017-09-05 04:05:53 +00:00
|
|
|
return &AuthHelpCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
Handlers: loginHandlers,
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"auth list": func() (cli.Command, error) {
|
2017-09-05 04:05:53 +00:00
|
|
|
return &AuthListCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2022-02-18 16:50:05 +00:00
|
|
|
"auth move": func() (cli.Command, error) {
|
|
|
|
return &AuthMoveCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2019-10-15 22:39:19 +00:00
|
|
|
"debug": func() (cli.Command, error) {
|
|
|
|
return &DebugCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
ShutdownCh: MakeShutdownCh(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"delete": func() (cli.Command, error) {
|
|
|
|
return &DeleteCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2023-02-09 21:18:58 +00:00
|
|
|
"events subscribe": func() (cli.Command, error) {
|
|
|
|
return &EventsSubscribeCommands{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"lease": func() (cli.Command, error) {
|
|
|
|
return &LeaseCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"lease renew": func() (cli.Command, error) {
|
|
|
|
return &LeaseRenewCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2021-03-18 16:11:09 +00:00
|
|
|
"lease lookup": func() (cli.Command, error) {
|
|
|
|
return &LeaseLookupCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"lease revoke": func() (cli.Command, error) {
|
|
|
|
return &LeaseRevokeCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"list": func() (cli.Command, error) {
|
|
|
|
return &ListCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"login": func() (cli.Command, error) {
|
|
|
|
return &LoginCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
Handlers: loginHandlers,
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2018-08-10 16:17:17 +00:00
|
|
|
"namespace": func() (cli.Command, error) {
|
|
|
|
return &NamespaceCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"namespace list": func() (cli.Command, error) {
|
|
|
|
return &NamespaceListCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"namespace lookup": func() (cli.Command, error) {
|
|
|
|
return &NamespaceLookupCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"namespace create": func() (cli.Command, error) {
|
|
|
|
return &NamespaceCreateCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2022-08-09 15:38:03 +00:00
|
|
|
"namespace patch": func() (cli.Command, error) {
|
|
|
|
return &NamespacePatchCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2018-08-10 16:17:17 +00:00
|
|
|
"namespace delete": func() (cli.Command, error) {
|
|
|
|
return &NamespaceDeleteCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2021-10-26 16:52:29 +00:00
|
|
|
"namespace lock": func() (cli.Command, error) {
|
|
|
|
return &NamespaceAPILockCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"namespace unlock": func() (cli.Command, error) {
|
|
|
|
return &NamespaceAPIUnlockCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"operator": func() (cli.Command, error) {
|
|
|
|
return &OperatorCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2021-05-04 19:47:56 +00:00
|
|
|
"operator diagnose": func() (cli.Command, error) {
|
|
|
|
return &OperatorDiagnoseCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"operator generate-root": func() (cli.Command, error) {
|
|
|
|
return &OperatorGenerateRootCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"operator init": func() (cli.Command, error) {
|
|
|
|
return &OperatorInitCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"operator key-status": func() (cli.Command, error) {
|
|
|
|
return &OperatorKeyStatusCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2018-09-25 23:18:22 +00:00
|
|
|
"operator migrate": func() (cli.Command, error) {
|
|
|
|
return &OperatorMigrateCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
PhysicalBackends: physicalBackends,
|
|
|
|
ShutdownCh: MakeShutdownCh(),
|
|
|
|
}, nil
|
|
|
|
},
|
2019-07-16 07:31:00 +00:00
|
|
|
"operator raft": func() (cli.Command, error) {
|
|
|
|
return &OperatorRaftCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2021-03-03 18:59:50 +00:00
|
|
|
"operator raft autopilot get-config": func() (cli.Command, error) {
|
|
|
|
return &OperatorRaftAutopilotGetConfigCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"operator raft autopilot set-config": func() (cli.Command, error) {
|
|
|
|
return &OperatorRaftAutopilotSetConfigCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"operator raft autopilot state": func() (cli.Command, error) {
|
|
|
|
return &OperatorRaftAutopilotStateCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2020-03-06 22:40:50 +00:00
|
|
|
"operator raft list-peers": func() (cli.Command, error) {
|
|
|
|
return &OperatorRaftListPeersCommand{
|
2019-06-21 01:32:00 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"operator raft join": func() (cli.Command, error) {
|
|
|
|
return &OperatorRaftJoinCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"operator raft remove-peer": func() (cli.Command, error) {
|
|
|
|
return &OperatorRaftRemovePeerCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2019-07-16 07:31:00 +00:00
|
|
|
"operator raft snapshot": func() (cli.Command, error) {
|
|
|
|
return &OperatorRaftSnapshotCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2019-06-21 01:32:00 +00:00
|
|
|
"operator raft snapshot restore": func() (cli.Command, error) {
|
|
|
|
return &OperatorRaftSnapshotRestoreCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"operator raft snapshot save": func() (cli.Command, error) {
|
|
|
|
return &OperatorRaftSnapshotSaveCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"operator rekey": func() (cli.Command, error) {
|
|
|
|
return &OperatorRekeyCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"operator rotate": func() (cli.Command, error) {
|
|
|
|
return &OperatorRotateCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"operator seal": func() (cli.Command, error) {
|
|
|
|
return &OperatorSealCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"operator step-down": func() (cli.Command, error) {
|
|
|
|
return &OperatorStepDownCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2020-11-23 20:57:35 +00:00
|
|
|
"operator usage": func() (cli.Command, error) {
|
|
|
|
return &OperatorUsageCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"operator unseal": func() (cli.Command, error) {
|
|
|
|
return &OperatorUnsealCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2021-11-30 19:49:58 +00:00
|
|
|
"operator members": func() (cli.Command, error) {
|
|
|
|
return &OperatorMembersCommand{
|
2022-10-26 18:30:40 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"patch": func() (cli.Command, error) {
|
|
|
|
return &PatchCommand{
|
2021-11-30 19:49:58 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-05 04:05:53 +00:00
|
|
|
"path-help": func() (cli.Command, error) {
|
|
|
|
return &PathHelpCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2022-12-21 15:01:57 +00:00
|
|
|
"pki": func() (cli.Command, error) {
|
|
|
|
return &PKICommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"pki health-check": func() (cli.Command, error) {
|
|
|
|
return &PKIHealthCheckCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2023-01-27 21:41:16 +00:00
|
|
|
"pki issue": func() (cli.Command, error) {
|
|
|
|
return &PKIIssueCACommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2023-01-27 15:34:31 +00:00
|
|
|
"pki list-intermediates": func() (cli.Command, error) {
|
2023-01-27 16:37:42 +00:00
|
|
|
return &PKIListIntermediateCommand{
|
2023-01-27 15:34:31 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2023-02-10 20:27:36 +00:00
|
|
|
"pki reissue": func() (cli.Command, error) {
|
|
|
|
return &PKIReIssueCACommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2023-01-26 15:21:13 +00:00
|
|
|
"pki verify-sign": func() (cli.Command, error) {
|
|
|
|
return &PKIVerifySignCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2018-07-13 17:35:08 +00:00
|
|
|
"plugin": func() (cli.Command, error) {
|
|
|
|
return &PluginCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"plugin deregister": func() (cli.Command, error) {
|
|
|
|
return &PluginDeregisterCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"plugin info": func() (cli.Command, error) {
|
|
|
|
return &PluginInfoCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"plugin list": func() (cli.Command, error) {
|
|
|
|
return &PluginListCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"plugin register": func() (cli.Command, error) {
|
|
|
|
return &PluginRegisterCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2020-05-04 18:14:23 +00:00
|
|
|
"plugin reload": func() (cli.Command, error) {
|
|
|
|
return &PluginReloadCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2020-06-30 15:26:52 +00:00
|
|
|
"plugin reload-status": func() (cli.Command, error) {
|
|
|
|
return &PluginReloadStatusCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2023-05-17 13:38:34 +00:00
|
|
|
"proxy": func() (cli.Command, error) {
|
|
|
|
return &ProxyCommand{
|
|
|
|
BaseCommand: &BaseCommand{
|
|
|
|
UI: serverCmdUi,
|
|
|
|
},
|
|
|
|
ShutdownCh: MakeShutdownCh(),
|
|
|
|
SighupCh: MakeSighupCh(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"policy": func() (cli.Command, error) {
|
|
|
|
return &PolicyCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"policy delete": func() (cli.Command, error) {
|
2017-09-05 04:05:53 +00:00
|
|
|
return &PolicyDeleteCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"policy fmt": func() (cli.Command, error) {
|
|
|
|
return &PolicyFmtCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"policy list": func() (cli.Command, error) {
|
|
|
|
return &PolicyListCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"policy read": func() (cli.Command, error) {
|
|
|
|
return &PolicyReadCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-08 02:05:54 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"policy write": func() (cli.Command, error) {
|
2017-09-05 04:05:53 +00:00
|
|
|
return &PolicyWriteCommand{
|
2019-02-01 22:13:51 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2019-02-11 19:19:08 +00:00
|
|
|
"print": func() (cli.Command, error) {
|
|
|
|
return &PrintCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2019-02-01 22:13:51 +00:00
|
|
|
"print token": func() (cli.Command, error) {
|
|
|
|
return &PrintTokenCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"read": func() (cli.Command, error) {
|
|
|
|
return &ReadCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"secrets": func() (cli.Command, error) {
|
|
|
|
return &SecretsCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"secrets disable": func() (cli.Command, error) {
|
|
|
|
return &SecretsDisableCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"secrets enable": func() (cli.Command, error) {
|
|
|
|
return &SecretsEnableCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"secrets list": func() (cli.Command, error) {
|
|
|
|
return &SecretsListCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"secrets move": func() (cli.Command, error) {
|
|
|
|
return &SecretsMoveCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"secrets tune": func() (cli.Command, error) {
|
|
|
|
return &SecretsTuneCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"server": func() (cli.Command, error) {
|
|
|
|
return &ServerCommand{
|
|
|
|
BaseCommand: &BaseCommand{
|
2018-03-16 15:31:00 +00:00
|
|
|
UI: serverCmdUi,
|
2018-03-16 16:31:26 +00:00
|
|
|
tokenHelper: runOpts.TokenHelper,
|
2018-03-16 17:14:32 +00:00
|
|
|
flagAddress: runOpts.Address,
|
2017-09-05 04:05:53 +00:00
|
|
|
},
|
2018-02-01 16:30:04 +00:00
|
|
|
AuditBackends: auditBackends,
|
|
|
|
CredentialBackends: credentialBackends,
|
|
|
|
LogicalBackends: logicalBackends,
|
|
|
|
PhysicalBackends: physicalBackends,
|
2019-12-06 14:46:39 +00:00
|
|
|
|
|
|
|
ServiceRegistrations: serviceRegistrations,
|
|
|
|
|
|
|
|
ShutdownCh: MakeShutdownCh(),
|
|
|
|
SighupCh: MakeSighupCh(),
|
|
|
|
SigUSR2Ch: MakeSigUSR2Ch(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"ssh": func() (cli.Command, error) {
|
|
|
|
return &SSHCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"status": func() (cli.Command, error) {
|
|
|
|
return &StatusCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2023-05-25 20:33:27 +00:00
|
|
|
"transform": func() (cli.Command, error) {
|
|
|
|
return &TransformCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"transform import": func() (cli.Command, error) {
|
|
|
|
return &TransformImportCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"transform import-version": func() (cli.Command, error) {
|
|
|
|
return &TransformImportVersionCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2023-02-28 14:43:05 +00:00
|
|
|
"transit": func() (cli.Command, error) {
|
|
|
|
return &TransitCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2023-01-30 18:46:57 +00:00
|
|
|
"transit import": func() (cli.Command, error) {
|
|
|
|
return &TransitImportCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"transit import-version": func() (cli.Command, error) {
|
|
|
|
return &TransitImportVersionCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"token": func() (cli.Command, error) {
|
|
|
|
return &TokenCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"token create": func() (cli.Command, error) {
|
2017-09-05 04:05:53 +00:00
|
|
|
return &TokenCreateCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"token capabilities": func() (cli.Command, error) {
|
|
|
|
return &TokenCapabilitiesCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"token lookup": func() (cli.Command, error) {
|
|
|
|
return &TokenLookupCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"token renew": func() (cli.Command, error) {
|
|
|
|
return &TokenRenewCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2017-09-08 02:05:54 +00:00
|
|
|
"token revoke": func() (cli.Command, error) {
|
|
|
|
return &TokenRevokeCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"unwrap": func() (cli.Command, error) {
|
|
|
|
return &UnwrapCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"version": func() (cli.Command, error) {
|
|
|
|
return &VersionCommand{
|
|
|
|
VersionInfo: version.GetVersion(),
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2022-02-14 20:26:57 +00:00
|
|
|
"version-history": func() (cli.Command, error) {
|
|
|
|
return &VersionHistoryCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-05 04:05:53 +00:00
|
|
|
"write": func() (cli.Command, error) {
|
|
|
|
return &WriteCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2017-09-05 04:05:53 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2018-03-21 22:02:41 +00:00
|
|
|
"kv": func() (cli.Command, error) {
|
|
|
|
return &KVCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"kv put": func() (cli.Command, error) {
|
|
|
|
return &KVPutCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2018-04-23 22:00:02 +00:00
|
|
|
"kv patch": func() (cli.Command, error) {
|
|
|
|
return &KVPatchCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-04-23 22:00:02 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2018-06-15 19:34:17 +00:00
|
|
|
"kv rollback": func() (cli.Command, error) {
|
|
|
|
return &KVRollbackCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2018-03-21 22:02:41 +00:00
|
|
|
"kv get": func() (cli.Command, error) {
|
|
|
|
return &KVGetCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"kv delete": func() (cli.Command, error) {
|
|
|
|
return &KVDeleteCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"kv list": func() (cli.Command, error) {
|
|
|
|
return &KVListCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"kv destroy": func() (cli.Command, error) {
|
|
|
|
return &KVDestroyCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"kv undelete": func() (cli.Command, error) {
|
|
|
|
return &KVUndeleteCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"kv enable-versioning": func() (cli.Command, error) {
|
|
|
|
return &KVEnableVersioningCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"kv metadata": func() (cli.Command, error) {
|
|
|
|
return &KVMetadataCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"kv metadata put": func() (cli.Command, error) {
|
|
|
|
return &KVMetadataPutCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2022-01-12 17:05:27 +00:00
|
|
|
"kv metadata patch": func() (cli.Command, error) {
|
|
|
|
return &KVMetadataPatchCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
}, nil
|
|
|
|
},
|
2018-03-21 22:02:41 +00:00
|
|
|
"kv metadata get": func() (cli.Command, error) {
|
|
|
|
return &KVMetadataGetCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
"kv metadata delete": func() (cli.Command, error) {
|
|
|
|
return &KVMetadataDeleteCommand{
|
2018-05-23 13:56:47 +00:00
|
|
|
BaseCommand: getBaseCommand(),
|
2018-03-21 22:02:41 +00:00
|
|
|
}, nil
|
|
|
|
},
|
2020-05-21 20:07:50 +00:00
|
|
|
"monitor": func() (cli.Command, error) {
|
|
|
|
return &MonitorCommand{
|
|
|
|
BaseCommand: getBaseCommand(),
|
|
|
|
ShutdownCh: MakeShutdownCh(),
|
|
|
|
}, nil
|
|
|
|
},
|
2017-09-05 04:05:53 +00:00
|
|
|
}
|
2021-02-02 20:15:10 +00:00
|
|
|
|
2023-01-31 13:18:21 +00:00
|
|
|
initCommandsEnt(ui, serverCmdUi, runOpts, commands)
|
|
|
|
return commands
|
2017-09-05 04:05:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// MakeShutdownCh returns a channel that can be used for shutdown
|
|
|
|
// notifications for commands. This channel will send a message for every
|
|
|
|
// SIGINT or SIGTERM received.
|
|
|
|
func MakeShutdownCh() chan struct{} {
|
|
|
|
resultCh := make(chan struct{})
|
|
|
|
|
|
|
|
shutdownCh := make(chan os.Signal, 4)
|
|
|
|
signal.Notify(shutdownCh, os.Interrupt, syscall.SIGTERM)
|
|
|
|
go func() {
|
|
|
|
<-shutdownCh
|
|
|
|
close(resultCh)
|
|
|
|
}()
|
|
|
|
return resultCh
|
|
|
|
}
|
|
|
|
|
|
|
|
// MakeSighupCh returns a channel that can be used for SIGHUP
|
|
|
|
// reloading. This channel will send a message for every
|
|
|
|
// SIGHUP received.
|
|
|
|
func MakeSighupCh() chan struct{} {
|
|
|
|
resultCh := make(chan struct{})
|
|
|
|
|
|
|
|
signalCh := make(chan os.Signal, 4)
|
|
|
|
signal.Notify(signalCh, syscall.SIGHUP)
|
|
|
|
go func() {
|
|
|
|
for {
|
|
|
|
<-signalCh
|
|
|
|
resultCh <- struct{}{}
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
return resultCh
|
|
|
|
}
|