open-vault/command/read.go

134 lines
3.1 KiB
Go
Raw Normal View History

2015-03-04 19:08:13 +00:00
package command
import (
2015-03-16 03:52:28 +00:00
"bytes"
"encoding/json"
"fmt"
2015-03-04 19:08:13 +00:00
"strings"
2015-04-01 03:50:05 +00:00
"github.com/hashicorp/vault/api"
"github.com/ryanuber/columnize"
2015-03-04 19:08:13 +00:00
)
2015-04-01 00:16:12 +00:00
// ReadCommand is a Command that reads data from the Vault.
2015-03-16 03:35:33 +00:00
type ReadCommand struct {
2015-03-04 19:08:13 +00:00
Meta
}
2015-03-16 03:35:33 +00:00
func (c *ReadCommand) Run(args []string) int {
2015-04-01 03:50:05 +00:00
var format string
2015-03-16 03:35:33 +00:00
flags := c.Meta.FlagSet("read", FlagSetDefault)
2015-04-01 03:50:05 +00:00
flags.StringVar(&format, "format", "table", "")
2015-03-04 19:08:13 +00:00
flags.Usage = func() { c.Ui.Error(c.Help()) }
if err := flags.Parse(args); err != nil {
return 1
}
2015-03-16 03:52:28 +00:00
args = flags.Args()
2015-04-01 23:44:20 +00:00
if len(args) < 1 || len(args) > 2 {
c.Ui.Error("read expects one or two arguments")
2015-03-16 03:52:28 +00:00
flags.Usage()
return 1
}
path := args[0]
client, err := c.Client()
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error initializing client: %s", err))
return 2
}
secret, err := client.Logical().Read(path)
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error reading %s: %s", path, err))
return 1
}
2015-04-01 03:50:05 +00:00
switch format {
case "json":
return c.formatJSON(secret)
case "table":
fallthrough
default:
2015-04-01 23:44:20 +00:00
return c.formatTable(secret, true)
2015-04-01 03:50:05 +00:00
}
return 0
}
func (c *ReadCommand) formatJSON(s *api.Secret) int {
b, err := json.Marshal(s)
2015-03-16 03:52:28 +00:00
if err != nil {
c.Ui.Error(fmt.Sprintf(
2015-04-01 03:50:05 +00:00
"Error formatting secret: %s", err))
2015-03-16 03:52:28 +00:00
return 1
}
var out bytes.Buffer
json.Indent(&out, b, "", "\t")
c.Ui.Output(out.String())
2015-03-04 19:08:13 +00:00
return 0
}
2015-04-01 03:50:05 +00:00
func (c *ReadCommand) formatTable(s *api.Secret, whitespace bool) int {
config := columnize.DefaultConfig()
config.Delim = "♨"
2015-04-01 23:44:20 +00:00
config.Glue = "\t"
2015-04-01 03:50:05 +00:00
config.Prefix = ""
input := make([]string, 0, 5)
input = append(input, fmt.Sprintf("Key %s Value", config.Delim))
if s.VaultId != "" {
input = append(input, fmt.Sprintf("vault_id %s %s", config.Delim, s.VaultId))
}
for k, v := range s.Data {
input = append(input, fmt.Sprintf("%s %s %v", k, config.Delim, v))
}
c.Ui.Output(columnize.Format(input, config))
return 0
}
2015-03-16 03:35:33 +00:00
func (c *ReadCommand) Synopsis() string {
return "Read data or secrets from Vault"
2015-03-04 19:08:13 +00:00
}
2015-03-16 03:35:33 +00:00
func (c *ReadCommand) Help() string {
2015-03-04 19:08:13 +00:00
helpText := `
2015-04-01 00:16:12 +00:00
Usage: vault read [options] path
2015-03-04 19:08:13 +00:00
Read data from Vault.
Read reads data at the given path from Vault. This can be used to
read secrets and configuration as well as generate dynamic values from
materialized backends. Please reference the documentation for the
backends in use to determine key structure.
General Options:
-address=TODO The address of the Vault server.
-ca-cert=path Path to a PEM encoded CA cert file to use to
verify the Vault server SSL certificate.
-ca-path=path Path to a directory of PEM encoded CA cert files
to verify the Vault server SSL certificate. If both
-ca-cert and -ca-path are specified, -ca-path is used.
-insecure Do not verify TLS certificate. This is highly
not recommended. This is especially not recommended
for unsealing a vault.
2015-04-01 03:50:05 +00:00
Read Options:
2015-04-01 23:44:20 +00:00
-format=table The format for output. By default it is a whitespace-
delimited table. This can also be json.
2015-04-01 03:50:05 +00:00
2015-03-04 19:08:13 +00:00
`
return strings.TrimSpace(helpText)
}