open-vault/command/status.go

142 lines
3.1 KiB
Go
Raw Normal View History

2015-03-13 18:33:17 +00:00
package command
import (
"fmt"
"strings"
"github.com/hashicorp/vault/api"
2017-09-05 04:04:39 +00:00
"github.com/mitchellh/cli"
"github.com/posener/complete"
2015-03-13 18:33:17 +00:00
)
2017-09-05 04:04:39 +00:00
var _ cli.Command = (*StatusCommand)(nil)
var _ cli.CommandAutocomplete = (*StatusCommand)(nil)
2015-04-20 19:11:21 +00:00
type StatusCommand struct {
2017-09-05 04:04:39 +00:00
*BaseCommand
}
func (c *StatusCommand) Synopsis() string {
2017-09-08 02:03:57 +00:00
return "Print seal and HA status"
2017-09-05 04:04:39 +00:00
}
func (c *StatusCommand) Help() string {
helpText := `
Usage: vault status [options]
Prints the current state of Vault including whether it is sealed and if HA
mode is enabled. This command prints regardless of whether the Vault is
sealed.
The exit code reflects the seal status:
- 0 - unsealed
- 1 - error
- 2 - sealed
` + c.Flags().Help()
return strings.TrimSpace(helpText)
}
func (c *StatusCommand) Flags() *FlagSets {
return c.flagSet(FlagSetHTTP)
}
func (c *StatusCommand) AutocompleteArgs() complete.Predictor {
return complete.PredictNothing
}
func (c *StatusCommand) AutocompleteFlags() complete.Flags {
return c.Flags().Completions()
2015-03-13 18:33:17 +00:00
}
2015-04-20 19:11:21 +00:00
func (c *StatusCommand) Run(args []string) int {
2017-09-05 04:04:39 +00:00
f := c.Flags()
if err := f.Parse(args); err != nil {
c.UI.Error(err.Error())
return 1
}
args = f.Args()
if len(args) > 0 {
c.UI.Error(fmt.Sprintf("Too many arguments (expected 0, got %d)", len(args)))
return 1
2015-03-13 18:33:17 +00:00
}
client, err := c.Client()
if err != nil {
2017-09-05 04:04:39 +00:00
c.UI.Error(err.Error())
// We return 2 everywhere else, but 2 is reserved for "sealed" here
return 1
2015-03-13 18:33:17 +00:00
}
2015-04-20 19:08:54 +00:00
sealStatus, err := client.Sys().SealStatus()
2015-03-13 18:33:17 +00:00
if err != nil {
2017-09-05 04:04:39 +00:00
c.UI.Error(fmt.Sprintf("Error checking seal status: %s", err))
return 1
2015-03-13 18:33:17 +00:00
}
outStr := fmt.Sprintf(
"Sealed: %v\n"+
2015-04-21 18:11:15 +00:00
"Key Shares: %d\n"+
"Key Threshold: %d\n"+
"Unseal Progress: %d\n"+
2017-02-17 16:23:20 +00:00
"Unseal Nonce: %v\n"+
"Version: %s",
sealStatus.Sealed,
sealStatus.N,
sealStatus.T,
sealStatus.Progress,
sealStatus.Nonce,
sealStatus.Version)
if sealStatus.ClusterName != "" && sealStatus.ClusterID != "" {
outStr = fmt.Sprintf("%s\nCluster Name: %s\nCluster ID: %s", outStr, sealStatus.ClusterName, sealStatus.ClusterID)
}
2017-09-05 04:04:39 +00:00
c.UI.Output(outStr)
2015-03-13 18:33:17 +00:00
2017-09-05 04:04:39 +00:00
// Mask the 'Vault is sealed' error, since this means HA is enabled, but that
// we cannot query for the leader since we are sealed.
2015-04-20 19:08:54 +00:00
leaderStatus, err := client.Sys().Leader()
if err != nil && strings.Contains(err.Error(), "Vault is sealed") {
leaderStatus = &api.LeaderResponse{HAEnabled: true}
err = nil
}
2015-04-20 19:08:54 +00:00
if err != nil {
2017-09-05 04:04:39 +00:00
c.UI.Error(fmt.Sprintf("Error checking leader status: %s", err))
return 1
2015-04-20 19:08:54 +00:00
}
// Output if HA is enabled
2017-09-05 04:04:39 +00:00
c.UI.Output("")
c.UI.Output(fmt.Sprintf("High-Availability Enabled: %v", leaderStatus.HAEnabled))
if leaderStatus.HAEnabled {
if sealStatus.Sealed {
2017-09-05 04:04:39 +00:00
c.UI.Output("\tMode: sealed")
} else {
mode := "standby"
if leaderStatus.IsSelf {
mode = "active"
}
2017-09-05 04:04:39 +00:00
c.UI.Output(fmt.Sprintf("\tMode: %s", mode))
if leaderStatus.LeaderAddress == "" {
leaderStatus.LeaderAddress = "<none>"
}
if leaderStatus.LeaderClusterAddress == "" {
leaderStatus.LeaderClusterAddress = "<none>"
}
2017-09-05 04:04:39 +00:00
c.UI.Output(fmt.Sprintf("\tLeader Cluster Address: %s", leaderStatus.LeaderClusterAddress))
}
}
2015-03-13 18:33:17 +00:00
2015-04-20 19:08:54 +00:00
if sealStatus.Sealed {
return 2
2015-03-13 18:33:17 +00:00
}
2017-09-05 04:04:39 +00:00
return 0
2015-03-13 18:33:17 +00:00
}