open-vault/command/token_renew.go

99 lines
2.3 KiB
Go
Raw Normal View History

2015-04-20 01:04:01 +00:00
package command
import (
"fmt"
"strconv"
"strings"
"github.com/hashicorp/vault/api"
2015-04-20 01:04:01 +00:00
)
// TokenRenewCommand is a Command that mounts a new mount.
type TokenRenewCommand struct {
Meta
}
func (c *TokenRenewCommand) Run(args []string) int {
var format string
flags := c.Meta.FlagSet("token-renew", FlagSetDefault)
flags.StringVar(&format, "format", "table", "")
flags.Usage = func() { c.Ui.Error(c.Help()) }
if err := flags.Parse(args); err != nil {
return 1
}
args = flags.Args()
if len(args) < 1 {
flags.Usage()
c.Ui.Error(fmt.Sprintf(
"\ntoken-renew expects at least one argument"))
return 1
}
var increment int
token := args[0]
if len(args) > 1 {
value, err := strconv.ParseInt(args[1], 10, 0)
if err != nil {
c.Ui.Error(fmt.Sprintf("Invalid increment: %s", err))
return 1
}
increment = int(value)
}
client, err := c.Client()
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error initializing client: %s", err))
return 2
}
// If the given token is the same as the client's, use renew-self instead
// as this is far more likely to be allowed via policy
var secret *api.Secret
if client.Token() == token {
secret, err = client.Auth().Token().RenewSelf(increment)
} else {
secret, err = client.Auth().Token().Renew(token, increment)
}
2015-04-20 01:04:01 +00:00
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error renewing token: %s", err))
return 1
}
return OutputSecret(c.Ui, format, secret)
2015-04-20 01:04:01 +00:00
}
func (c *TokenRenewCommand) Synopsis() string {
2015-09-12 01:08:32 +00:00
return "Renew an auth token if there is an associated lease"
2015-04-20 01:04:01 +00:00
}
func (c *TokenRenewCommand) Help() string {
helpText := `
Usage: vault token-renew [options] token [increment]
Renew an auth token, extending the amount of time it can be used.
2015-09-12 01:08:32 +00:00
Token is renewable only if there is a lease associated with it.
2015-04-20 01:04:01 +00:00
This command is similar to "renew", but "renew" is only for lease IDs.
This command is only for tokens.
An optional increment can be given to request a certain number of
seconds to increment the lease. This request is advisory; Vault may not
adhere to it at all.
General Options:
` + generalOptionsUsage() + `
2015-04-20 01:04:01 +00:00
Token Renew Options:
-format=table The format for output. By default it is a whitespace-
delimited table. This can also be json or yaml.
2015-04-20 01:04:01 +00:00
`
return strings.TrimSpace(helpText)
}