luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/command/commands.go

908 lines
28 KiB
Go
Raw Normal View History

adding copyright header (#19555) * adding copyright header * fix fmt and a test
2023-03-15 16:00:52 +00:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
Wire all commands together
2017-09-05 04:05:53 +00:00
package command
import (
"os"
"os/signal"
"syscall"
"github.com/hashicorp/vault/audit"
Run all builtins as plugins (#5536)
2018-11-07 01:21:24 +00:00
"github.com/hashicorp/vault/builtin/plugin"
Create sdk/ and api/ submodules (#6583)
2019-04-12 21:54:35 +00:00
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/physical"
Move version out of SDK. (#14229) Move version out of SDK. For now it's a copy rather than move: the part not addressed by this change is sdk/helper/useragent.String, which we'll want to remove in favour of PluginString. That will have to wait until we've removed uses of useragent.String from all builtins.
2022-12-07 18:29:51 +00:00
"github.com/hashicorp/vault/version"
Wire all commands together
2017-09-05 04:05:53 +00:00
"github.com/mitchellh/cli"
Run all builtins as plugins (#5536)
2018-11-07 01:21:24 +00:00
/*
The builtinplugins package is initialized here because it, in turn,
initializes the database plugins.
They register multiple database drivers for the "database/sql" package.
*/
_ "github.com/hashicorp/vault/helper/builtinplugins"
Wire all commands together
2017-09-05 04:05:53 +00:00
auditFile "github.com/hashicorp/vault/builtin/audit/file"
auditSocket "github.com/hashicorp/vault/builtin/audit/socket"
auditSyslog "github.com/hashicorp/vault/builtin/audit/syslog"
Add alicloud auth (#5123) * add alicloud auth commands * add dependencies
2018-08-16 19:17:49 +00:00
credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud"
Add centrify plugin as builtin
2018-01-19 11:03:33 +00:00
credCentrify "github.com/hashicorp/vault-plugin-auth-centrify"
rename pcf to cf maintaining backwards compat (#7346)
2019-08-26 16:55:08 +00:00
credCF "github.com/hashicorp/vault-plugin-auth-cf"
Add gcp and kubernetes back now that they're updated
2018-01-19 10:56:34 +00:00
credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
Create alias and command for OIDC (#6206)
2019-02-11 21:37:55 +00:00
credOIDC "github.com/hashicorp/vault-plugin-auth-jwt"
Add Kerberos SPNEGO auth plugin (#7908)
2019-12-11 19:18:37 +00:00
credKerb "github.com/hashicorp/vault-plugin-auth-kerberos"
Bundle OCI Auth method (#7422)
2019-09-04 23:46:00 +00:00
credOCI "github.com/hashicorp/vault-plugin-auth-oci"
Wire all commands together
2017-09-05 04:05:53 +00:00
credAws "github.com/hashicorp/vault/builtin/credential/aws"
credCert "github.com/hashicorp/vault/builtin/credential/cert"
credGitHub "github.com/hashicorp/vault/builtin/credential/github"
credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
credOkta "github.com/hashicorp/vault/builtin/credential/okta"
credToken "github.com/hashicorp/vault/builtin/credential/token"
credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
Run all builtins as plugins (#5536)
2018-11-07 01:21:24 +00:00
logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
logicalDb "github.com/hashicorp/vault/builtin/logical/database"
Aerospike storage backend (#10131) * add an Aerospike storage backend * go mod vendor * add Aerospike storage configuration docs * review fixes * bump aerospike client to v3.1.1 * rename the defaultHostname variable * relocate the docs page
2021-01-12 23:26:07 +00:00
physAerospike "github.com/hashicorp/vault/physical/aerospike"
Alibaba Object Storage support (#4783)
2018-08-13 21:03:24 +00:00
physAliCloudOSS "github.com/hashicorp/vault/physical/alicloudoss"
Wire all commands together
2017-09-05 04:05:53 +00:00
physAzure "github.com/hashicorp/vault/physical/azure"
physCassandra "github.com/hashicorp/vault/physical/cassandra"
physCockroachDB "github.com/hashicorp/vault/physical/cockroachdb"
physConsul "github.com/hashicorp/vault/physical/consul"
physCouchDB "github.com/hashicorp/vault/physical/couchdb"
physDynamoDB "github.com/hashicorp/vault/physical/dynamodb"
physEtcd "github.com/hashicorp/vault/physical/etcd"
FoundationDB physical backend (#4900)
2018-07-16 14:18:09 +00:00
physFoundationDB "github.com/hashicorp/vault/physical/foundationdb"
Wire all commands together
2017-09-05 04:05:53 +00:00
physGCS "github.com/hashicorp/vault/physical/gcs"
Adding Manta Storage Backend (#3720) This PR adds a new Storage Backend for Triton's Object Storage - Manta ``` make testacc TEST=./physical/manta ==> Checking that code complies with gofmt requirements... ==> Checking that build is using go version >= 1.9.1... go generate VAULT_ACC=1 go test -tags='vault' ./physical/manta -v -timeout 45m === RUN TestMantaBackend --- PASS: TestMantaBackend (61.18s) PASS ok github.com/hashicorp/vault/physical/manta 61.210s ``` Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value` The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
2018-02-12 23:22:41 +00:00
physManta "github.com/hashicorp/vault/physical/manta"
Wire all commands together
2017-09-05 04:05:53 +00:00
physMSSQL "github.com/hashicorp/vault/physical/mssql"
physMySQL "github.com/hashicorp/vault/physical/mysql"
Added OCI Object Storage Plugin (#6985)
2019-09-04 18:33:16 +00:00
physOCI "github.com/hashicorp/vault/physical/oci"
Wire all commands together
2017-09-05 04:05:53 +00:00
physPostgreSQL "github.com/hashicorp/vault/physical/postgresql"
Raft Storage Backend (#6888) * Work on raft backend * Add logstore locally * Add encryptor and unsealable interfaces * Add clustering support to raft * Remove client and handler * Bootstrap raft on init * Cleanup raft logic a bit * More raft work * Work on TLS config * More work on bootstrapping * Fix build * More work on bootstrapping * More bootstrapping work * fix build * Remove consul dep * Fix build * merged oss/master into raft-storage * Work on bootstrapping * Get bootstrapping to work * Clean up FMS and node-id * Update local node ID logic * Cleanup node-id change * Work on snapshotting * Raft: Add remove peer API (#906) * Add remove peer API * Add some comments * Fix existing snapshotting (#909) * Raft get peers API (#912) * Read raft configuration * address review feedback * Use the Leadership Transfer API to step-down the active node (#918) * Raft join and unseal using Shamir keys (#917) * Raft join using shamir * Store AEAD instead of master key * Split the raft join process to answer the challenge after a successful unseal * get the follower to standby state * Make unseal work * minor changes * Some input checks * reuse the shamir seal access instead of new default seal access * refactor joinRaftSendAnswer function * Synchronously send answer in auto-unseal case * Address review feedback * Raft snapshots (#910) * Fix existing snapshotting * implement the noop snapshotting * Add comments and switch log libraries * add some snapshot tests * add snapshot test file * add TODO * More work on raft snapshotting * progress on the ConfigStore strategy * Don't use two buckets * Update the snapshot store logic to hide the file logic * Add more backend tests * Cleanup code a bit * [WIP] Raft recovery (#938) * Add recovery functionality * remove fmt.Printfs * Fix a few fsm bugs * Add max size value for raft backend (#942) * Add max size value for raft backend * Include physical.ErrValueTooLarge in the message * Raft snapshot Take/Restore API (#926) * Inital work on raft snapshot APIs * Always redirect snapshot install/download requests * More work on the snapshot APIs * Cleanup code a bit * On restore handle special cases * Use the seal to encrypt the sha sum file * Add sealer mechanism and fix some bugs * Call restore while state lock is held * Send restore cb trigger through raft log * Make error messages nicer * Add test helpers * Add snapshot test * Add shamir unseal test * Add more raft snapshot API tests * Fix locking * Change working to initalize * Add underlying raw object to test cluster core * Move leaderUUID to core * Add raft TLS rotation logic (#950) * Add TLS rotation logic * Cleanup logic a bit * Add/Remove from follower state on add/remove peer * add comments * Update more comments * Update request_forwarding_service.proto * Make sure we populate all nodes in the followerstate obj * Update times * Apply review feedback * Add more raft config setting (#947) * Add performance config setting * Add more config options and fix tests * Test Raft Recovery (#944) * Test raft recovery * Leave out a node during recovery * remove unused struct * Update physical/raft/snapshot_test.go * Update physical/raft/snapshot_test.go * fix vendoring * Switch to new raft interface * Remove unused files * Switch a gogo -> proto instance * Remove unneeded vault dep in go.sum * Update helper/testhelpers/testhelpers.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update vault/cluster/cluster.go * track active key within the keyring itself (#6915) * track active key within the keyring itself * lookup and store using the active key ID * update docstring * minor refactor * Small text fixes (#6912) * Update physical/raft/raft.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * review feedback * Move raft logical system into separate file * Update help text a bit * Enforce cluster addr is set and use it for raft bootstrapping * Fix tests * fix http test panic * Pull in latest raft-snapshot library * Add comment
2019-06-20 19:14:58 +00:00
physRaft "github.com/hashicorp/vault/physical/raft"
Wire all commands together
2017-09-05 04:05:53 +00:00
physS3 "github.com/hashicorp/vault/physical/s3"
Add support for Google Cloud Spanner (#3977)
2018-02-15 01:31:20 +00:00
physSpanner "github.com/hashicorp/vault/physical/spanner"
Wire all commands together
2017-09-05 04:05:53 +00:00
physSwift "github.com/hashicorp/vault/physical/swift"
physZooKeeper "github.com/hashicorp/vault/physical/zookeeper"
Move physical/file to sdk
2019-04-15 18:51:33 +00:00
physFile "github.com/hashicorp/vault/sdk/physical/file"
Switch to go modules (#6585) * Switch to go modules * Make fmt
2019-04-13 07:44:06 +00:00
physInmem "github.com/hashicorp/vault/sdk/physical/inmem"
Introduce optional service_registration stanza (#7887) * move ServiceDiscovery into methods * add ServiceDiscoveryFactory * add serviceDiscovery field to vault.Core * refactor ConsulServiceDiscovery into separate struct * cleanup * revert accidental change to go.mod * cleanup * get rid of un-needed struct tags in vault.CoreConfig * add service_discovery parser * add ServiceDiscovery to config * cleanup * cleanup * add test for ConfigServiceDiscovery to Core * unit testing for config service_discovery stanza * cleanup * get rid of un-needed redirect_addr stuff in service_discovery stanza * improve test suite * cleanup * clean up test a bit * create docs for service_discovery * check if service_discovery is configured, but storage does not support HA * tinker with test * tinker with test * tweak docs * move ServiceDiscovery into its own package * tweak a variable name * fix comment * rename service_discovery to service_registration * tweak service_registration config * Revert "tweak service_registration config" This reverts commit 5509920a8ab4c5a216468f262fc07c98121dce35. * simplify naming * refactor into ./serviceregistration/consul
2019-12-06 14:46:39 +00:00
sr "github.com/hashicorp/vault/serviceregistration"
csr "github.com/hashicorp/vault/serviceregistration/consul"
Add Kubernetes service registration (#8249)
2020-02-13 17:56:29 +00:00
ksr "github.com/hashicorp/vault/serviceregistration/kubernetes"
Wire all commands together
2017-09-05 04:05:53 +00:00
)
CLI Enhancements (#3897) * Use Colored UI if stdout is a tty * Add format options to operator unseal * Add format test on operator unseal * Add -no-color output flag, and use BasicUi if no-color flag is provided * Move seal status formatting logic to OutputSealStatus * Apply no-color to warnings from DeprecatedCommands as well * Add OutputWithFormat to support arbitrary data, add format option to auth list * Add ability to output arbitrary list data on TableFormatter * Clear up switch logic on format * Add format option for list-related commands * Add format option to rest of commands that returns a client API response * Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead * Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead * Remove -no-color flag, use env var exclusively to toggle colored output * Fix compile * Remove -no-color flag in main.go * Add missing FlagSetOutputFormat * Fix generate-root/decode test * Migrate init functions to main.go * Add no-color flag back as hidden * Handle non-supported data types for TableFormatter.OutputList * Pull formatting much further up to remove the need to use c.flagFormat (#3950) * Pull formatting much further up to remove the need to use c.flagFormat Also remove OutputWithFormat as the logic can cause issues. * Use const for env var * Minor updates * Remove unnecessary check * Fix SSH output and some tests * Fix tests * Make race detector not run on generate root since it kills Travis these days * Update docs * Update docs * Address review feedback * Handle --format as well as -format
2018-02-12 23:12:16 +00:00
const (
// EnvVaultCLINoColor is an env var that toggles colored UI output.
EnvVaultCLINoColor = `VAULT_CLI_NO_COLOR`
// EnvVaultFormat is the output format
EnvVaultFormat = `VAULT_FORMAT`
Pull out license commands, and make the OSS changes needed for the license inspect PR in ent. (#11783)
2021-06-07 18:44:20 +00:00
// EnvVaultLicense is an env var used in Vault Enterprise to provide a license blob
EnvVaultLicense = "VAULT_LICENSE"
// EnvVaultLicensePath is an env var used in Vault Enterprise to provide a
// path to a license file on disk
EnvVaultLicensePath = "VAULT_LICENSE_PATH"
Vault CLI: show detailed information with ListResponseWithInfo (#15417) * CLI: Add ability to display ListResponseWithInfos The Vault Server API includes a ListResponseWithInfo call, allowing LIST responses to contain additional information about their keys. This is in a key=value mapping format (both for each key, to get the additional metadata, as well as within each metadata). Expand the `vault list` CLI command with a `-detailed` flag (and env var VAULT_DETAILED_LISTS) to print this additional metadata. This looks roughly like the following: $ vault list -detailed pki/issuers Keys issuer_name ---- ----------- 0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7 n/a 35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0 n/a 382fad1e-e99c-9c54-e147-bb1faa8033d3 n/a 8bb4a793-2ad9-460c-9fa8-574c84a981f7 n/a 8bd231d7-20e2-f21f-ae1a-7aa3319715e7 n/a 9425d51f-cb81-426d-d6ad-5147d092094e n/a ae679732-b497-ab0d-3220-806a2b9d81ed n/a c5a44a1f-2ae4-2140-3acf-74b2609448cc utf8 d41d2419-efce-0e36-c96b-e91179a24dc1 something Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Allow detailed printing of LIST responses in JSON When using the JSON formatter, only the absolute list of keys were returned. Reuse the `-detailed` flag value for the `-format=json` list response printer, allowing us to show the complete API response returned by Vault. This returns something like the following: { "request_id": "e9a25dcd-b67a-97d7-0f08-3670918ef3ff", "lease_id": "", "lease_duration": 0, "renewable": false, "data": { "key_info": { "0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7": { "issuer_name": "" }, "35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0": { "issuer_name": "" }, "382fad1e-e99c-9c54-e147-bb1faa8033d3": { "issuer_name": "" }, "8bb4a793-2ad9-460c-9fa8-574c84a981f7": { "issuer_name": "" }, "8bd231d7-20e2-f21f-ae1a-7aa3319715e7": { "issuer_name": "" }, "9425d51f-cb81-426d-d6ad-5147d092094e": { "issuer_name": "" }, "ae679732-b497-ab0d-3220-806a2b9d81ed": { "issuer_name": "" }, "c5a44a1f-2ae4-2140-3acf-74b2609448cc": { "issuer_name": "utf8" }, "d41d2419-efce-0e36-c96b-e91179a24dc1": { "issuer_name": "something" } }, "keys": [ "0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7", "35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0", "382fad1e-e99c-9c54-e147-bb1faa8033d3", "8bb4a793-2ad9-460c-9fa8-574c84a981f7", "8bd231d7-20e2-f21f-ae1a-7aa3319715e7", "9425d51f-cb81-426d-d6ad-5147d092094e", "ae679732-b497-ab0d-3220-806a2b9d81ed", "c5a44a1f-2ae4-2140-3acf-74b2609448cc", "d41d2419-efce-0e36-c96b-e91179a24dc1" ] }, "warnings": null } Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use field on UI rather than secret.Data Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Only include headers from visitable key_infos Certain API endpoints return data from non-visitable key_infos, by virtue of using a hand-rolled response. Limit our headers to those from visitable key_infos. This means we won't return entire columns with n/a entries, if no key matches the key_info key that includes that header. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use setupEnv sourced detailed info Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Fix changelog environment variable Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Fix broken tests using setupEnv Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-18 17:00:50 +00:00
// EnvVaultDetailed is to output detailed information (e.g., ListResponseWithInfo).
EnvVaultDetailed = `VAULT_DETAILED`
VAULT-9900: Log rotation for 'agent' and 'server' commands (#18031) * Work to unify log-file for agent/server and add rotation * Updates to rotation code, tried to centralise the log config setup * logging + tests * Move LogFile to ShareConfig in test * Docs
2022-11-29 14:07:04 +00:00
// EnvVaultLogFormat is used to specify the log format. Supported values are "standard" and "json"
EnvVaultLogFormat = "VAULT_LOG_FORMAT"
VAULT-8732: Add `log-file` to Vault Agent (#17841) * Started work on adding log-file support to Agent * Allow log file to be picked up and appended * Use NewLogFile everywhere * Tried to pull out the config aggregation from Agent.Run Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-11-11 10:59:16 +00:00
// EnvVaultLogLevel is used to specify the log level applied to logging
// Supported log levels: Trace, Debug, Error, Warn, Info
EnvVaultLogLevel = "VAULT_LOG_LEVEL"
Add experiment system + events experiment (#18682)
2023-01-16 16:07:18 +00:00
// EnvVaultExperiments defines the experiments to enable for a server as a
// comma separated list. See experiments.ValidExperiments() for the list of
// valid experiments. Not mutable or persisted in storage, only read and
// logged at startup _per node_. This was initially introduced for the events
// system being developed over multiple release cycles.
EnvVaultExperiments = "VAULT_EXPERIMENTS"
Audit HMAC values on AuthConfig (#4077) * Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs * docs: Add ttl params to auth enable endpoint * Rewording of go string to simply string * Add audit hmac keys as CLI flags on auth/secrets enable * Fix copypasta mistake * Add audit hmac keys to auth and secrets list * Only set config values if they exist * Fix http sys/auth tests * More auth plugin_name test fixes * Pass API values into MountEntry's config when creating auth/secrets mount * Update usage wording
2018-03-09 19:32:28 +00:00
SSCT Tokens Feature [OSS] (#14109) * port SSCT OSS * port header hmac key to ent and generate token proto without make command * remove extra nil check in request handling * add changelog * add comment to router.go * change test var to use length constants * remove local index is 0 check and extra defer which can be removed after use of ExternalID
2022-02-17 19:43:07 +00:00
// DisableSSCTokens is an env var used to disable index bearing
// token functionality
DisableSSCTokens = "VAULT_DISABLE_SERVER_SIDE_CONSISTENT_TOKENS"
Support reading Vault's address from Agent's config file (#6306) * Support reading Vault's address from Agent's config file * use consts and switch * Add tls options to agent config vault block * Update command/agent/config/config.go Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com> * remove fmt.Printfs
2019-02-28 22:29:28 +00:00
// flagNameAddress is the flag used in the base command to read in the
// address of the Vault server.
flagNameAddress = "address"
// flagnameCACert is the flag used in the base command to read in the CA
// cert.
flagNameCACert = "ca-cert"
// flagnameCAPath is the flag used in the base command to read in the CA
// cert path.
flagNameCAPath = "ca-path"
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor
2021-04-08 16:43:39 +00:00
// flagNameClientCert is the flag used in the base command to read in the
// client key
added client_key and client_cert options to the agent config (#6319)
2019-03-01 20:11:16 +00:00
flagNameClientKey = "client-key"
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor
2021-04-08 16:43:39 +00:00
// flagNameClientCert is the flag used in the base command to read in the
// client cert
added client_key and client_cert options to the agent config (#6319)
2019-03-01 20:11:16 +00:00
flagNameClientCert = "client-cert"
Support reading Vault's address from Agent's config file (#6306) * Support reading Vault's address from Agent's config file * use consts and switch * Add tls options to agent config vault block * Update command/agent/config/config.go Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com> * remove fmt.Printfs
2019-02-28 22:29:28 +00:00
// flagNameTLSSkipVerify is the flag used in the base command to read in
// the option to ignore TLS certificate verification.
flagNameTLSSkipVerify = "tls-skip-verify"
Add TLS server name to Vault stanza of Agent configuration (#7519)
2019-10-29 13:11:01 +00:00
// flagTLSServerName is the flag used in the base command to read in
// the TLS server name.
flagTLSServerName = "tls-server-name"
Audit HMAC values on AuthConfig (#4077) * Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs * docs: Add ttl params to auth enable endpoint * Rewording of go string to simply string * Add audit hmac keys as CLI flags on auth/secrets enable * Fix copypasta mistake * Add audit hmac keys to auth and secrets list * Only set config values if they exist * Fix http sys/auth tests * More auth plugin_name test fixes * Pass API values into MountEntry's config when creating auth/secrets mount * Update usage wording
2018-03-09 19:32:28 +00:00
// flagNameAuditNonHMACRequestKeys is the flag name used for auth/secrets enable
flagNameAuditNonHMACRequestKeys = "audit-non-hmac-request-keys"
// flagNameAuditNonHMACResponseKeys is the flag name used for auth/secrets enable
flagNameAuditNonHMACResponseKeys = "audit-non-hmac-response-keys"
Add description flag to secrets and auth tune subcommands (#4894) * Add description flag to secrets and auth tune subcommands * Allow empty description to be provided in secret and auth mount tune * Use flagNameDescription
2018-07-12 15:15:50 +00:00
// flagNameDescription is the flag name used for tuning the secret and auth mount description parameter
flagNameDescription = "description"
Unauthenticated endpoint to list secret and auth mounts (#4134) * Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs * docs: Add ttl params to auth enable endpoint * Rewording of go string to simply string * Add audit hmac keys as CLI flags on auth/secrets enable * Fix copypasta mistake * WIP on auth-list endpoint * Rename variable to be singular, add CLI flag, show value in auth and secrets list * Add audit hmac keys to auth and secrets list * Only set config values if they exist * Fix http sys/auth tests * More auth plugin_name test fixes * Rename tag internal_ui_show_mount to _ui_show_mount * Add tests * Make endpoint unauthed * Rename field to listing_visibility * Add listing-visibility to cli tune commands * Use ListingVisiblityType * Fix type conversion * Do not actually change token's value on testHttpGet * Remove unused ListingVisibilityAuth, use const in pathInternalUIMountsRead
2018-03-20 03:16:33 +00:00
// flagListingVisibility is the flag to toggle whether to show the mount in the UI-specific listing endpoint
flagNameListingVisibility = "listing-visibility"
Passthrough request headers (#4172) * Add passthrough request headers for secret/auth mounts * Update comments * Fix SyncCache deletion of passthrough_request_headers * Remove debug line * Case-insensitive header comparison * Remove unnecessary allocation * Short-circuit filteredPassthroughHeaders if there's nothing to filter * Add whitelistedHeaders list * Update router logic after merge * Add whitelist test * Add lowercase x-vault-kv-client to whitelist * Add back const * Refactor whitelist logic
2018-03-21 23:56:47 +00:00
// flagNamePassthroughRequestHeaders is the flag name used to set passthrough request headers to the backend
flagNamePassthroughRequestHeaders = "passthrough-request-headers"
Add allowed_response_headers (#6115)
2019-02-05 21:02:15 +00:00
// flagNameAllowedResponseHeaders is used to set allowed response headers from a plugin
flagNameAllowedResponseHeaders = "allowed-response-headers"
Batch tokens (#755)
2018-10-15 16:56:24 +00:00
// flagNameTokenType is the flag name used to force a specific token type
flagNameTokenType = "token-type"
CLI changes for new mount tune config parameter allowed_managed_keys (#13255) * CLI changes for new mount tune config parameter allowed_managed_keys * Correct allowed_managed_keys description in auth and secrets * Documentation update for secrets and removed changes for auth * Add changelog and remove documentation changes for auth * removed changelog * Correct the field description
2021-12-10 17:08:28 +00:00
// flagNameAllowedManagedKeys is the flag name used for auth/secrets enable
flagNameAllowedManagedKeys = "allowed-managed-keys"
CLI: Tune plugin version for auth/secret mounts (#17277) * Add -plugin-version flag to vault auth/secrets tune * CLI tests for auth/secrets tune * CLI test for plugin register * Plugin catalog listing bug where plugins of different type with the same name could be double counted * Use constant for -plugin-version flag name
2022-09-22 19:55:46 +00:00
// flagNamePluginVersion selects what version of a plugin should be used.
flagNamePluginVersion = "plugin-version"
Vault 8305 Prevent Brute Forcing in Auth methods : Setting user lockout configuration (#17338) * config file changes * lockout config changes * auth tune r/w and auth tune * removing changes at enable * removing q.Q * go mod tidy * removing comments * changing struct name for config file * fixing mount tune * adding test file for user lockout * fixing comments and add changelog * addressing comments * fixing mount table updates * updating consts in auth_tune * small fixes * adding hcl parse test * fixing config compare * fixing github comments * optimize userlockouts.go * fixing test * minor changes * adding comments * adding sort to flaky test * fix flaky test
2022-11-01 18:02:07 +00:00
// flagNameUserLockoutThreshold is the flag name used for tuning the auth mount lockout threshold parameter
flagNameUserLockoutThreshold = "user-lockout-threshold"
// flagNameUserLockoutDuration is the flag name used for tuning the auth mount lockout duration parameter
flagNameUserLockoutDuration = "user-lockout-duration"
// flagNameUserLockoutCounterResetDuration is the flag name used for tuning the auth mount lockout counter reset parameter
flagNameUserLockoutCounterResetDuration = "user-lockout-counter-reset-duration"
// flagNameUserLockoutDisable is the flag name used for tuning the auth mount disable lockout parameter
flagNameUserLockoutDisable = "user-lockout-disable"
Added flag and env var which will disable client redirection (#17352) * Added flag and env var which will disable client redirection * Added changelog * Docs fix for unsaved file, and test single request made * Updated test for case when redirect is enabled, updated docs based on suggestions
2022-09-30 08:29:37 +00:00
// flagNameDisableRedirects is used to prevent the client from honoring a single redirect as a response to a request
flagNameDisableRedirects = "disable-redirects"
VAULT-9900: Log rotation for 'agent' and 'server' commands (#18031) * Work to unify log-file for agent/server and add rotation * Updates to rotation code, tried to centralise the log config setup * logging + tests * Move LogFile to ShareConfig in test * Docs
2022-11-29 14:07:04 +00:00
// flagNameCombineLogs is used to specify whether log output should be combined and sent to stdout
flagNameCombineLogs = "combine-logs"
VAULT-8732: Add `log-file` to Vault Agent (#17841) * Started work on adding log-file support to Agent * Allow log file to be picked up and appended * Use NewLogFile everywhere * Tried to pull out the config aggregation from Agent.Run Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-11-11 10:59:16 +00:00
// flagNameLogFile is used to specify the path to the log file that Vault should use for logging
flagNameLogFile = "log-file"
VAULT-9900: Log rotation for 'agent' and 'server' commands (#18031) * Work to unify log-file for agent/server and add rotation * Updates to rotation code, tried to centralise the log config setup * logging + tests * Move LogFile to ShareConfig in test * Docs
2022-11-29 14:07:04 +00:00
// flagNameLogRotateBytes is the flag used to specify the number of bytes a log file should be before it is rotated.
flagNameLogRotateBytes = "log-rotate-bytes"
// flagNameLogRotateDuration is the flag used to specify the duration after which a log file should be rotated.
flagNameLogRotateDuration = "log-rotate-duration"
// flagNameLogRotateMaxFiles is the flag used to specify the maximum number of older/archived log files to keep.
flagNameLogRotateMaxFiles = "log-rotate-max-files"
// flagNameLogFormat is the flag used to specify the log format. Supported values are "standard" and "json"
flagNameLogFormat = "log-format"
VAULT-8732: Add `log-file` to Vault Agent (#17841) * Started work on adding log-file support to Agent * Allow log file to be picked up and appended * Use NewLogFile everywhere * Tried to pull out the config aggregation from Agent.Run Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-11-11 10:59:16 +00:00
// flagNameLogLevel is used to specify the log level applied to logging
// Supported log levels: Trace, Debug, Error, Warn, Info
flagNameLogLevel = "log-level"
CLI Enhancements (#3897) * Use Colored UI if stdout is a tty * Add format options to operator unseal * Add format test on operator unseal * Add -no-color output flag, and use BasicUi if no-color flag is provided * Move seal status formatting logic to OutputSealStatus * Apply no-color to warnings from DeprecatedCommands as well * Add OutputWithFormat to support arbitrary data, add format option to auth list * Add ability to output arbitrary list data on TableFormatter * Clear up switch logic on format * Add format option for list-related commands * Add format option to rest of commands that returns a client API response * Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead * Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead * Remove -no-color flag, use env var exclusively to toggle colored output * Fix compile * Remove -no-color flag in main.go * Add missing FlagSetOutputFormat * Fix generate-root/decode test * Migrate init functions to main.go * Add no-color flag back as hidden * Handle non-supported data types for TableFormatter.OutputList * Pull formatting much further up to remove the need to use c.flagFormat (#3950) * Pull formatting much further up to remove the need to use c.flagFormat Also remove OutputWithFormat as the logic can cause issues. * Use const for env var * Minor updates * Remove unnecessary check * Fix SSH output and some tests * Fix tests * Make race detector not run on generate root since it kills Travis these days * Update docs * Update docs * Address review feedback * Handle --format as well as -format
2018-02-12 23:12:16 +00:00
)
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
var (
auditBackends = map[string]audit.Factory{
"file": auditFile.Factory,
"socket": auditSocket.Factory,
"syslog": auditSyslog.Factory,
}
credentialBackends = map[string]logical.Factory{
Run all builtins as plugins (#5536)
2018-11-07 01:21:24 +00:00
"plugin": plugin.Factory,
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
}
logicalBackends = map[string]logical.Factory{
Run all builtins as plugins (#5536)
2018-11-07 01:21:24 +00:00
"plugin": plugin.Factory,
"database": logicalDb.Factory,
// This is also available in the plugin catalog, but is here due to the need to
// automatically mount it.
"kv": logicalKv.Factory,
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
}
physicalBackends = map[string]physical.Factory{
Aerospike storage backend (#10131) * add an Aerospike storage backend * go mod vendor * add Aerospike storage configuration docs * review fixes * bump aerospike client to v3.1.1 * rename the defaultHostname variable * relocate the docs page
2021-01-12 23:26:07 +00:00
"aerospike": physAerospike.NewAerospikeBackend,
Alibaba Object Storage support (#4783)
2018-08-13 21:03:24 +00:00
"alicloudoss": physAliCloudOSS.NewAliCloudOSSBackend,
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
"azure": physAzure.NewAzureBackend,
"cassandra": physCassandra.NewCassandraBackend,
"cockroachdb": physCockroachDB.NewCockroachDBBackend,
"consul": physConsul.NewConsulBackend,
"couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend,
"couchdb": physCouchDB.NewCouchDBBackend,
"dynamodb": physDynamoDB.NewDynamoDBBackend,
"etcd": physEtcd.NewEtcdBackend,
"file_transactional": physFile.NewTransactionalFileBackend,
"file": physFile.NewFileBackend,
FoundationDB physical backend (#4900)
2018-07-16 14:18:09 +00:00
"foundationdb": physFoundationDB.NewFDBBackend,
Add HA support to the Google Cloud Storage backend (#4226)
2018-03-30 16:36:37 +00:00
"gcs": physGCS.NewBackend,
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
"inmem_ha": physInmem.NewInmemHA,
"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
"inmem_transactional": physInmem.NewTransactionalInmem,
"inmem": physInmem.NewInmem,
Make fmt
2018-02-13 02:01:14 +00:00
"manta": physManta.NewMantaBackend,
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
"mssql": physMSSQL.NewMSSQLBackend,
"mysql": physMySQL.NewMySQLBackend,
Added OCI Object Storage Plugin (#6985)
2019-09-04 18:33:16 +00:00
"oci": physOCI.NewBackend,
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
"postgresql": physPostgreSQL.NewPostgreSQLBackend,
"s3": physS3.NewS3Backend,
Add support for Google Cloud Spanner (#3977)
2018-02-15 01:31:20 +00:00
"spanner": physSpanner.NewBackend,
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
"swift": physSwift.NewSwiftBackend,
Raft Storage Backend (#6888) * Work on raft backend * Add logstore locally * Add encryptor and unsealable interfaces * Add clustering support to raft * Remove client and handler * Bootstrap raft on init * Cleanup raft logic a bit * More raft work * Work on TLS config * More work on bootstrapping * Fix build * More work on bootstrapping * More bootstrapping work * fix build * Remove consul dep * Fix build * merged oss/master into raft-storage * Work on bootstrapping * Get bootstrapping to work * Clean up FMS and node-id * Update local node ID logic * Cleanup node-id change * Work on snapshotting * Raft: Add remove peer API (#906) * Add remove peer API * Add some comments * Fix existing snapshotting (#909) * Raft get peers API (#912) * Read raft configuration * address review feedback * Use the Leadership Transfer API to step-down the active node (#918) * Raft join and unseal using Shamir keys (#917) * Raft join using shamir * Store AEAD instead of master key * Split the raft join process to answer the challenge after a successful unseal * get the follower to standby state * Make unseal work * minor changes * Some input checks * reuse the shamir seal access instead of new default seal access * refactor joinRaftSendAnswer function * Synchronously send answer in auto-unseal case * Address review feedback * Raft snapshots (#910) * Fix existing snapshotting * implement the noop snapshotting * Add comments and switch log libraries * add some snapshot tests * add snapshot test file * add TODO * More work on raft snapshotting * progress on the ConfigStore strategy * Don't use two buckets * Update the snapshot store logic to hide the file logic * Add more backend tests * Cleanup code a bit * [WIP] Raft recovery (#938) * Add recovery functionality * remove fmt.Printfs * Fix a few fsm bugs * Add max size value for raft backend (#942) * Add max size value for raft backend * Include physical.ErrValueTooLarge in the message * Raft snapshot Take/Restore API (#926) * Inital work on raft snapshot APIs * Always redirect snapshot install/download requests * More work on the snapshot APIs * Cleanup code a bit * On restore handle special cases * Use the seal to encrypt the sha sum file * Add sealer mechanism and fix some bugs * Call restore while state lock is held * Send restore cb trigger through raft log * Make error messages nicer * Add test helpers * Add snapshot test * Add shamir unseal test * Add more raft snapshot API tests * Fix locking * Change working to initalize * Add underlying raw object to test cluster core * Move leaderUUID to core * Add raft TLS rotation logic (#950) * Add TLS rotation logic * Cleanup logic a bit * Add/Remove from follower state on add/remove peer * add comments * Update more comments * Update request_forwarding_service.proto * Make sure we populate all nodes in the followerstate obj * Update times * Apply review feedback * Add more raft config setting (#947) * Add performance config setting * Add more config options and fix tests * Test Raft Recovery (#944) * Test raft recovery * Leave out a node during recovery * remove unused struct * Update physical/raft/snapshot_test.go * Update physical/raft/snapshot_test.go * fix vendoring * Switch to new raft interface * Remove unused files * Switch a gogo -> proto instance * Remove unneeded vault dep in go.sum * Update helper/testhelpers/testhelpers.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update vault/cluster/cluster.go * track active key within the keyring itself (#6915) * track active key within the keyring itself * lookup and store using the active key ID * update docstring * minor refactor * Small text fixes (#6912) * Update physical/raft/raft.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * review feedback * Move raft logical system into separate file * Update help text a bit * Enforce cluster addr is set and use it for raft bootstrapping * Fix tests * fix http test panic * Pull in latest raft-snapshot library * Add comment
2019-06-20 19:14:58 +00:00
"raft": physRaft.NewRaftBackend,
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
"zookeeper": physZooKeeper.NewZooKeeperBackend,
}
Introduce optional service_registration stanza (#7887) * move ServiceDiscovery into methods * add ServiceDiscoveryFactory * add serviceDiscovery field to vault.Core * refactor ConsulServiceDiscovery into separate struct * cleanup * revert accidental change to go.mod * cleanup * get rid of un-needed struct tags in vault.CoreConfig * add service_discovery parser * add ServiceDiscovery to config * cleanup * cleanup * add test for ConfigServiceDiscovery to Core * unit testing for config service_discovery stanza * cleanup * get rid of un-needed redirect_addr stuff in service_discovery stanza * improve test suite * cleanup * clean up test a bit * create docs for service_discovery * check if service_discovery is configured, but storage does not support HA * tinker with test * tinker with test * tweak docs * move ServiceDiscovery into its own package * tweak a variable name * fix comment * rename service_discovery to service_registration * tweak service_registration config * Revert "tweak service_registration config" This reverts commit 5509920a8ab4c5a216468f262fc07c98121dce35. * simplify naming * refactor into ./serviceregistration/consul
2019-12-06 14:46:39 +00:00
serviceRegistrations = map[string]sr.Factory{
Add Kubernetes service registration (#8249)
2020-02-13 17:56:29 +00:00
"consul": csr.NewServiceRegistration,
"kubernetes": ksr.NewServiceRegistration,
Introduce optional service_registration stanza (#7887) * move ServiceDiscovery into methods * add ServiceDiscoveryFactory * add serviceDiscovery field to vault.Core * refactor ConsulServiceDiscovery into separate struct * cleanup * revert accidental change to go.mod * cleanup * get rid of un-needed struct tags in vault.CoreConfig * add service_discovery parser * add ServiceDiscovery to config * cleanup * cleanup * add test for ConfigServiceDiscovery to Core * unit testing for config service_discovery stanza * cleanup * get rid of un-needed redirect_addr stuff in service_discovery stanza * improve test suite * cleanup * clean up test a bit * create docs for service_discovery * check if service_discovery is configured, but storage does not support HA * tinker with test * tinker with test * tweak docs * move ServiceDiscovery into its own package * tweak a variable name * fix comment * rename service_discovery to service_registration * tweak service_registration config * Revert "tweak service_registration config" This reverts commit 5509920a8ab4c5a216468f262fc07c98121dce35. * simplify naming * refactor into ./serviceregistration/consul
2019-12-06 14:46:39 +00:00
}
Pull out license commands, and make the OSS changes needed for the license inspect PR in ent. (#11783)
2021-06-07 18:44:20 +00:00
Fix command.RunCustom(...) correctly (#18904) * Revert "Remove t.Parallel() due to initialization race (#18751)" This reverts commit ebcd65310221aff1dfcb94a571d70e38944006df. We're going to fix this properly, running initCommands exactly once. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Prevent parallel testing racing in initCommands(...) When running initCommands(...) from multiple tests, they can potentially race, causing a panic. Test callers needing to set formatting information must use RunCustom(...) instead of directly invoking the test backend directly. When using t.Parallel(...) in these top-level tests, we thus could race. This removes the Commands global variable, making it a local variable instead as nothing else appears to use it. We'll update Enterprise to add in the Enterprise-specific commands to the existing list. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-31 13:18:21 +00:00
initCommandsEnt = func(ui, serverCmdUi cli.Ui, runOpts *RunOptions, commands map[string]cli.CommandFactory) {}
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
)
Fix command.RunCustom(...) correctly (#18904) * Revert "Remove t.Parallel() due to initialization race (#18751)" This reverts commit ebcd65310221aff1dfcb94a571d70e38944006df. We're going to fix this properly, running initCommands exactly once. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Prevent parallel testing racing in initCommands(...) When running initCommands(...) from multiple tests, they can potentially race, causing a panic. Test callers needing to set formatting information must use RunCustom(...) instead of directly invoking the test backend directly. When using t.Parallel(...) in these top-level tests, we thus could race. This removes the Commands global variable, making it a local variable instead as nothing else appears to use it. We'll update Enterprise to add in the Enterprise-specific commands to the existing list. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-31 13:18:21 +00:00
func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.CommandFactory {
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
loginHandlers := map[string]LoginHandler{
Add alicloud auth (#5123) * add alicloud auth commands * add dependencies
2018-08-16 19:17:49 +00:00
"alicloud": &credAliCloud.CLIHandler{},
Add centrify CLI handler support
2018-02-05 15:56:57 +00:00
"aws": &credAws.CLIHandler{},
"centrify": &credCentrify.CLIHandler{},
"cert": &credCert.CLIHandler{},
Bundle OCI Auth method (#7422)
2019-09-04 23:46:00 +00:00
"cf": &credCF.CLIHandler{},
Add GCP auth helper (#4654) * update auth plugin vendoring * add GCP auth helper and docs
2018-05-30 00:36:24 +00:00
"gcp": &credGcp.CLIHandler{},
Add centrify CLI handler support
2018-02-05 15:56:57 +00:00
"github": &credGitHub.CLIHandler{},
Add Kerberos SPNEGO auth plugin (#7908)
2019-12-11 19:18:37 +00:00
"kerberos": &credKerb.CLIHandler{},
Add centrify CLI handler support
2018-02-05 15:56:57 +00:00
"ldap": &credLdap.CLIHandler{},
Bundle OCI Auth method (#7422)
2019-09-04 23:46:00 +00:00
"oci": &credOCI.CLIHandler{},
Create alias and command for OIDC (#6206)
2019-02-11 21:37:55 +00:00
"oidc": &credOIDC.CLIHandler{},
Add centrify CLI handler support
2018-02-05 15:56:57 +00:00
"okta": &credOkta.CLIHandler{},
rename pcf to cf maintaining backwards compat (#7346)
2019-08-26 16:55:08 +00:00
"pcf": &credCF.CLIHandler{}, // Deprecated.
Wire all commands together
2017-09-05 04:05:53 +00:00
"radius": &credUserpass.CLIHandler{
DefaultMount: "radius",
},
"token": &credToken.CLIHandler{},
"userpass": &credUserpass.CLIHandler{
DefaultMount: "userpass",
},
}
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
getBaseCommand := func() *BaseCommand {
return &BaseCommand{
UI: ui,
tokenHelper: runOpts.TokenHelper,
flagAddress: runOpts.Address,
Don't use environment as a mechanism for floating format around. (#4622) This turns out to not work very well for the demo server. Also, it's kinda hacky.
2018-05-23 20:45:17 +00:00
client: runOpts.Client,
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
}
}
Fix command.RunCustom(...) correctly (#18904) * Revert "Remove t.Parallel() due to initialization race (#18751)" This reverts commit ebcd65310221aff1dfcb94a571d70e38944006df. We're going to fix this properly, running initCommands exactly once. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Prevent parallel testing racing in initCommands(...) When running initCommands(...) from multiple tests, they can potentially race, causing a panic. Test callers needing to set formatting information must use RunCustom(...) instead of directly invoking the test backend directly. When using t.Parallel(...) in these top-level tests, we thus could race. This removes the Commands global variable, making it a local variable instead as nothing else appears to use it. We'll update Enterprise to add in the Enterprise-specific commands to the existing list. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-31 13:18:21 +00:00
commands := map[string]cli.CommandFactory{
VSI (#4985)
2018-07-25 02:02:27 +00:00
"agent": func() (cli.Command, error) {
return &AgentCommand{
BaseCommand: &BaseCommand{
UI: serverCmdUi,
},
ShutdownCh: MakeShutdownCh(),
VAULT-9883: Agent Reloadable Config (#18638) * Update command/agent.go * Attempt to only reload log level and certs * Mimicked 'server' test for cert reload in 'agent' Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com> Left out the `c.config` tweak that meant changes to lots of lines of code within the `Run` function of Agent command. :)
2023-01-10 17:45:34 +00:00
SighupCh: MakeSighupCh(),
VSI (#4985)
2018-07-25 02:02:27 +00:00
}, nil
},
cli: Add 'agent generate-config' sub-command (#20530)
2023-05-19 17:42:19 +00:00
"agent generate-config": func() (cli.Command, error) {
return &AgentGenerateConfigCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"audit": func() (cli.Command, error) {
return &AuditCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
"audit disable": func() (cli.Command, error) {
Wire all commands together
2017-09-05 04:05:53 +00:00
return &AuditDisableCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"audit enable": func() (cli.Command, error) {
Wire all commands together
2017-09-05 04:05:53 +00:00
return &AuditEnableCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"audit list": func() (cli.Command, error) {
Wire all commands together
2017-09-05 04:05:53 +00:00
return &AuditListCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"auth tune": func() (cli.Command, error) {
return &AuthTuneCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
Wire all commands together
2017-09-05 04:05:53 +00:00
"auth": func() (cli.Command, error) {
return &AuthCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"auth disable": func() (cli.Command, error) {
Wire all commands together
2017-09-05 04:05:53 +00:00
return &AuthDisableCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"auth enable": func() (cli.Command, error) {
Wire all commands together
2017-09-05 04:05:53 +00:00
return &AuthEnableCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"auth help": func() (cli.Command, error) {
Wire all commands together
2017-09-05 04:05:53 +00:00
return &AuthHelpCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Handlers: loginHandlers,
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"auth list": func() (cli.Command, error) {
Wire all commands together
2017-09-05 04:05:53 +00:00
return &AuthListCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
remount cli changes (#14159)
2022-02-18 16:50:05 +00:00
"auth move": func() (cli.Command, error) {
return &AuthMoveCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Vault Debug (#7375) * cli: initial work on debug; server-status target * debug: add metrics capture target (#7376) * check against DR secondary * debug: add compression * refactor check into preflight func * debug: set short test time on tests, fix exit code bug * debug: use temp dir for output on tests * debug: use mholt/archiver for compression * first pass on adding pprof * use logger for output * refactor polling target capture logic * debug: poll and collect replication status * debug: poll and collect host-info; rename output files and collection refactor * fix comments * add archive test; fix bugs found * rename flag name to singular target * add target output test; scaffold other tests cases * debug/test: add pprof and index file tests * debug/test: add min timing check tests * debug: fix index gen race and collection goroutine race * debug: extend archive tests, handle race between program exit and polling goroutines * update docstring * debug: correctly add to pollingWg * debug: add config target support * debug: don't wait on interrupt shutdown; add file exists unit tests * move pprof bits into its goroutine * debug: skip empty metrics and some pprof file creation if permission denied, add matching unit test * address comments and feedback * Vault debug using run.Group (#7658) * debug: switch to use oklog/run.Group * debug: use context to cancel requests and interrupt rungroups. * debug: trigger the first interval properly * debug: metrics collection should use metrics interval * debug: add missing continue on metrics error * debug: remove the use of buffered chan to trigger first interval * debug: don't shadow BaseCommand's client, properly block on interval capture failures * debug: actually use c.cachedClient everywhere * go mod vendor * debug: run all pprof in goroutines; bump pprof timings in tests to reduce flakiness * debug: update help text
2019-10-15 22:39:19 +00:00
"debug": func() (cli.Command, error) {
return &DebugCommand{
BaseCommand: getBaseCommand(),
ShutdownCh: MakeShutdownCh(),
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"delete": func() (cli.Command, error) {
return &DeleteCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
events: Add websockets and command (#19057) Also updates the event receieved to include a timestamp. Websockets support both JSON and protobuf binary formats. This can be used by either `wscat` or the new `vault events subscribe`: e.g., ```sh $ wscat -H "X-Vault-Token: $(vault print token)" --connect ws://127.0.0.1:8200/v1/sys/events/subscribe/abc?json=true {"event":{"id":"5c5c8c83-bf43-7da5-fe88-fc3cac814b2e", "note":"testing"}, "eventType":"abc", "timestamp":"2023-02-07T18:40:50.598408Z"} ... ``` and ```sh $ vault events subscribe abc {"event":{"id":"5c5c8c83-bf43-7da5-fe88-fc3cac814b2e", "note":"testing"}, "eventType":"abc", "timestamp":"2023-02-07T18:40:50.598408Z"} ... ``` Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-02-09 21:18:58 +00:00
"events subscribe": func() (cli.Command, error) {
return &EventsSubscribeCommands{
BaseCommand: getBaseCommand(),
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"lease": func() (cli.Command, error) {
return &LeaseCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"lease renew": func() (cli.Command, error) {
return &LeaseRenewCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Add command to look up a lease by ID (#11129) * snapshot * basic test * update command and add documentation * update help text * typo * add changelog for lease lookup command * run go mod vendor * remove tabs from help output
2021-03-18 16:11:09 +00:00
"lease lookup": func() (cli.Command, error) {
return &LeaseLookupCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"lease revoke": func() (cli.Command, error) {
return &LeaseRevokeCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"list": func() (cli.Command, error) {
return &ListCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"login": func() (cli.Command, error) {
return &LoginCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Handlers: loginHandlers,
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
Port over some ns stuff
2018-08-10 16:17:17 +00:00
"namespace": func() (cli.Command, error) {
return &NamespaceCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"namespace list": func() (cli.Command, error) {
return &NamespaceListCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"namespace lookup": func() (cli.Command, error) {
return &NamespaceLookupCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"namespace create": func() (cli.Command, error) {
return &NamespaceCreateCommand{
BaseCommand: getBaseCommand(),
}, nil
},
VAULT-7256: Add custom_metadata to namespaces (#16640) * add mapstructure tags to Namespace struct * add custom metadata Parse helper * add ns custom metadata and patch
2022-08-09 15:38:03 +00:00
"namespace patch": func() (cli.Command, error) {
return &NamespacePatchCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Port over some ns stuff
2018-08-10 16:17:17 +00:00
"namespace delete": func() (cli.Command, error) {
return &NamespaceDeleteCommand{
BaseCommand: getBaseCommand(),
}, nil
},
API Lock CLI OSS port (#12925) * api lock in oss * add namespace lock/unlock help
2021-10-26 16:52:29 +00:00
"namespace lock": func() (cli.Command, error) {
return &NamespaceAPILockCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"namespace unlock": func() (cli.Command, error) {
return &NamespaceAPIUnlockCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"operator": func() (cli.Command, error) {
return &OperatorCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
Expose unknown fields and duplicate sections as diagnose warnings (#11455) * Expose unknown fields and duplicate sections as diagnose warnings * section counts not needed, already handled * Address PR feedback * Prune more of the new fields before tests call deep.Equals * Update go.mod
2021-05-04 19:47:56 +00:00
"operator diagnose": func() (cli.Command, error) {
return &OperatorDiagnoseCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"operator generate-root": func() (cli.Command, error) {
return &OperatorGenerateRootCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
"operator init": func() (cli.Command, error) {
return &OperatorInitCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
"operator key-status": func() (cli.Command, error) {
return &OperatorKeyStatusCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
Add physical backend migrator command (#5143)
2018-09-25 23:18:22 +00:00
"operator migrate": func() (cli.Command, error) {
return &OperatorMigrateCommand{
BaseCommand: getBaseCommand(),
PhysicalBackends: physicalBackends,
ShutdownCh: MakeShutdownCh(),
}, nil
},
Added operator raft and operator raft snapshot descriptions (#7106)
2019-07-16 07:31:00 +00:00
"operator raft": func() (cli.Command, error) {
return &OperatorRaftCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Autopilot: Server Stabilization, State and Dead Server Cleanup (#10856) * k8s doc: update for 0.9.1 and 0.8.0 releases (#10825) * k8s doc: update for 0.9.1 and 0.8.0 releases * Update website/content/docs/platform/k8s/helm/configuration.mdx Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Autopilot initial commit * Move autopilot related backend implementations to its own file * Abstract promoter creation * Add nil check for health * Add server state oss no-ops * Config ext stub for oss * Make way for non-voters * s/health/state * s/ReadReplica/NonVoter * Add synopsis and description * Remove struct tags from AutopilotConfig * Use var for config storage path * Handle nin-config when reading * Enable testing autopilot by using inmem cluster * First passing test * Only report the server as known if it is present in raft config * Autopilot defaults to on for all existing and new clusters * Add locking to some functions * Persist initial config * Clarify the command usage doc * Add health metric for each node * Fix audit logging issue * Don't set DisablePerformanceStandby to true in test * Use node id label for health metric * Log updates to autopilot config * Less aggressively consume config loading failures * Return a mutable config * Return early from known servers if raft config is unable to be pulled * Update metrics name * Reduce log level for potentially noisy log * Add knob to disable autopilot * Don't persist if default config is in use * Autopilot: Dead server cleanup (#10857) * Dead server cleanup * Initialize channel in any case * Fix a bunch of tests * Fix panic * Add follower locking in heartbeat tracker * Add LastContactFailureThreshold to config * Add log when marking node as dead * Update follower state locking in heartbeat tracker * Avoid follower states being nil * Pull test to its own file * Add execution status to state response * Optionally enable autopilot in some tests * Updates * Added API function to fetch autopilot configuration * Add test for default autopilot configuration * Configuration tests * Add State API test * Update test * Added TestClusterOptions.PhysicalFactoryConfig * Update locking * Adjust locking in heartbeat tracker * s/last_contact_failure_threshold/left_server_last_contact_threshold * Add disabling autopilot as a core config option * Disable autopilot in some tests * s/left_server_last_contact_threshold/dead_server_last_contact_threshold * Set the lastheartbeat of followers to now when setting up active node * Don't use config defaults from CLI command * Remove config file support * Remove HCL test as well * Persist only supplied config; merge supplied config with default to operate * Use pointer to structs for storing follower information * Test update * Retrieve non voter status from configbucket and set it up when a node comes up * Manage desired suffrage * Consider bucket being created already * Move desired suffrage to its own entry * s/DesiredSuffrageKey/LocalNodeConfigKey * s/witnessSuffrage/recordSuffrage * Fix test compilation * Handle local node config post a snapshot install * Commit to storage first; then record suffrage in fsm * No need of local node config being nili case, post snapshot restore * Reconcile autopilot config when a new leader takes over duty * Grab fsm lock when recording suffrage * s/Suffrage/DesiredSuffrage in FollowerState * Instantiate autopilot only in leader * Default to old ways in more scenarios * Make API gracefully handle 404 * Address some feedback * Make IsDead an atomic.Value * Simplify follower hearbeat tracking * Use uber.atomic * Don't have multiple causes for having autopilot disabled * Don't remove node from follower states if we fail to remove the dead server * Autopilot server removals map (#11019) * Don't remove node from follower states if we fail to remove the dead server * Use map to track dead server removals * Use lock and map * Use delegate lock * Adjust when to remove entry from map * Only hold the lock while accessing map * Fix race * Don't set default min_quorum * Fix test * Ensure follower states is not nil before starting autopilot * Fix race Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-03-03 18:59:50 +00:00
"operator raft autopilot get-config": func() (cli.Command, error) {
return &OperatorRaftAutopilotGetConfigCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"operator raft autopilot set-config": func() (cli.Command, error) {
return &OperatorRaftAutopilotSetConfigCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"operator raft autopilot state": func() (cli.Command, error) {
return &OperatorRaftAutopilotStateCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Rename raft configuration command to list-peers and make output easier to read (#8484) * Make the output of raft configuration easier to read * Rename raft configuration sub command to list-peers * Update command/operator_raft_listpeers.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-03-06 22:40:50 +00:00
"operator raft list-peers": func() (cli.Command, error) {
return &OperatorRaftListPeersCommand{
Raft CLI (#6893) * raft cli * Reuse the command's client * Better response handling * minor touchups
2019-06-21 01:32:00 +00:00
BaseCommand: getBaseCommand(),
}, nil
},
"operator raft join": func() (cli.Command, error) {
return &OperatorRaftJoinCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"operator raft remove-peer": func() (cli.Command, error) {
return &OperatorRaftRemovePeerCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Added operator raft and operator raft snapshot descriptions (#7106)
2019-07-16 07:31:00 +00:00
"operator raft snapshot": func() (cli.Command, error) {
return &OperatorRaftSnapshotCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Raft CLI (#6893) * raft cli * Reuse the command's client * Better response handling * minor touchups
2019-06-21 01:32:00 +00:00
"operator raft snapshot restore": func() (cli.Command, error) {
return &OperatorRaftSnapshotRestoreCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"operator raft snapshot save": func() (cli.Command, error) {
return &OperatorRaftSnapshotSaveCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"operator rekey": func() (cli.Command, error) {
return &OperatorRekeyCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
"operator rotate": func() (cli.Command, error) {
return &OperatorRotateCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"operator seal": func() (cli.Command, error) {
return &OperatorSealCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"operator step-down": func() (cli.Command, error) {
return &OperatorStepDownCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
"vault operator usage" CLI for client count reporting (#10365) * Working draft of CLI command. * Sort order, robustness checking. * Text edits and check of queries_available. * Added changelog.
2020-11-23 20:57:35 +00:00
"operator usage": func() (cli.Command, error) {
return &OperatorUsageCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"operator unseal": func() (cli.Command, error) {
return &OperatorUnsealCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Add "operator members" command to list nodes in the cluster. (#13292)
2021-11-30 19:49:58 +00:00
"operator members": func() (cli.Command, error) {
return &OperatorMembersCommand{
Add PATCH support to Vault CLI (#17650) * Add patch support to CLI This is based off the existing write command, using the JSONMergePatch(...) API client method rather than Write(...), allowing us to update specific fields. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add documentation on PATCH support Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-10-26 18:30:40 +00:00
BaseCommand: getBaseCommand(),
}, nil
},
"patch": func() (cli.Command, error) {
return &PatchCommand{
Add "operator members" command to list nodes in the cluster. (#13292)
2021-11-30 19:49:58 +00:00
BaseCommand: getBaseCommand(),
}, nil
},
Wire all commands together
2017-09-05 04:05:53 +00:00
"path-help": func() (cli.Command, error) {
return &PathHelpCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Add PKI base command (#18512) Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-12-21 15:01:57 +00:00
"pki": func() (cli.Command, error) {
return &PKICommand{
BaseCommand: getBaseCommand(),
}, nil
},
"pki health-check": func() (cli.Command, error) {
return &PKIHealthCheckCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Vault 11798 vault cli issue intermediate (#18467) * The verify-sign command in it's cleanest existing form. * Working state * Updates to proper verification syntax Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com> * make fmt * Git CI caught some stuff. * Base functionality. * make fmt; changelog * pki issue command. * Make fmt. Changelog. * Error Handling Is Almost A Tutorial * What I thought empty issuers response fix would be. * Some tests * PR-review updates. * make fmt. * Fix null response data for listing empty issuers causing a crash. * Update command/pki_list_children_command.go Fix double specifier Co-authored-by: Steven Clark <steven.clark@hashicorp.com> * Add test for pki_list_children. * Fix tests. * Update descriptions for correctness based on PR reviews. * make fmt. * Updates based on PR feedback. * Allow multiple arguements (space separated) * Remove bad merge-thing. * White-space hell fix change. * Tests, and return information for issue ca * Fix make fmt error introduced here: https://github.com/hashicorp/vault/pull/18876 * Update command/pki_issue_intermediate.go Puncutation. Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com> * Remove smart quotes for standard quotes. * More information as part of the help text. * Better help text. * Add missing "/" into error message. --------- Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com> Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-01-27 21:41:16 +00:00
"pki issue": func() (cli.Command, error) {
return &PKIIssueCACommand{
BaseCommand: getBaseCommand(),
}, nil
},
Vault 11796 vault cli list intermediates (#18463) * Base functionality. * make fmt; changelog * What I thought empty issuers response fix would be. * Fix null response data for listing empty issuers causing a crash. * Update command/pki_list_children_command.go Fix double specifier Co-authored-by: Steven Clark <steven.clark@hashicorp.com> * Add test for pki_list_children. * Fix tests. * Update descriptions for correctness based on PR reviews. Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-01-27 15:34:31 +00:00
"pki list-intermediates": func() (cli.Command, error) {
Small cleanup pki commands (#18877) * Reflow pki list-intermediates help text, add args Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Reflow pki verify-sign help text, add args Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Simplify boolean checks across PKI commands Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Clean up pki list-intermediate arg text Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Rename list_children->list_intermediate to align with command Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-27 16:37:42 +00:00
return &PKIListIntermediateCommand{
Vault 11796 vault cli list intermediates (#18463) * Base functionality. * make fmt; changelog * What I thought empty issuers response fix would be. * Fix null response data for listing empty issuers causing a crash. * Update command/pki_list_children_command.go Fix double specifier Co-authored-by: Steven Clark <steven.clark@hashicorp.com> * Add test for pki_list_children. * Fix tests. * Update descriptions for correctness based on PR reviews. Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-01-27 15:34:31 +00:00
BaseCommand: getBaseCommand(),
}, nil
},
Vault 11799 Vault CLI Re-Issue (Templating based on existing certificate) (#18499) * The verify-sign command in it's cleanest existing form. * Working state * Updates to proper verification syntax Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com> * make fmt * Base functionality. * make fmt; changelog * pki issue command. * Make fmt. Changelog. * Error Handling Is Almost A Tutorial * Issue and ReIssue are Almost the Same Command * Make Fmt + Changelog. * Make some of the tests go. * make fmt * Merge fix (take 2) * Fix existing support, add support for use_pss, max_path_length, not_after, permitted_dns_domains and skid * Good Test which Fails * Test-correction. * Fix update to key_type key_bits; allow "," in OU or similar * More specific includeCNinSANs * Add tests around trying to use_pss on an ec key. * GoDoc Test Paragraph thing. --------- Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com>
2023-02-10 20:27:36 +00:00
"pki reissue": func() (cli.Command, error) {
return &PKIReIssueCACommand{
BaseCommand: getBaseCommand(),
}, nil
},
Vault 11795 vault cli verify s ign (#18437) * The verify-sign command in it's cleanest existing form. * Working state * Updates to proper verification syntax Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com> * make fmt * Git CI caught some stuff. * Some tests * PR-review updates. * make fmt. Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com>
2023-01-26 15:21:13 +00:00
"pki verify-sign": func() (cli.Command, error) {
return &PKIVerifySignCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Add plugin CLI for interacting with the plugin catalog (#4911) * Add 'plugin list' command * Add 'plugin register' command * Add 'plugin deregister' command * Use a shared plugin helper * Add 'plugin read' command * Rename to plugin info * Add base plugin for help text * Fix arg ordering * Add docs * Rearrange to alphabetize * Fix arg ordering in example * Don't use "sudo" in command description
2018-07-13 17:35:08 +00:00
"plugin": func() (cli.Command, error) {
return &PluginCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"plugin deregister": func() (cli.Command, error) {
return &PluginDeregisterCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"plugin info": func() (cli.Command, error) {
return &PluginInfoCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"plugin list": func() (cli.Command, error) {
return &PluginListCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"plugin register": func() (cli.Command, error) {
return &PluginRegisterCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Added plugin reload function to api (#8777) * Added plugin reload function to api * Apply suggestions from code review Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * go mod vendor * addressing comments * addressing comments * add docs Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-05-04 18:14:23 +00:00
"plugin reload": func() (cli.Command, error) {
return &PluginReloadCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Global Plugin Reload: OSS Changes Take II (#9347) * Carefully move changes from the plugin-cluster-reload branch into this clean branch off master. * Don't test this at this level, adequately covered in the api level tests * Change PR link * go.mod * Vendoring * Vendor api/sys_plugins.go
2020-06-30 15:26:52 +00:00
"plugin reload-status": func() (cli.Command, error) {
return &PluginReloadStatusCommand{
BaseCommand: getBaseCommand(),
}, nil
},
VAULT-15547 First pass at agent/proxy decoupling (#20548) * VAULT-15547 First pass at agent/proxy decoupling * VAULT-15547 Fix some imports * VAULT-15547 cases instead of string.Title * VAULT-15547 changelog * VAULT-15547 Fix some imports * VAULT-15547 some more dependency updates * VAULT-15547 More dependency paths * VAULT-15547 godocs for tests * VAULT-15547 godocs for tests * VAULT-15547 test package updates * VAULT-15547 test packages * VAULT-15547 add proxy to test packages * VAULT-15547 gitignore * VAULT-15547 address comments * VAULT-15547 Some typos and small fixes
2023-05-17 13:38:34 +00:00
"proxy": func() (cli.Command, error) {
return &ProxyCommand{
BaseCommand: &BaseCommand{
UI: serverCmdUi,
},
ShutdownCh: MakeShutdownCh(),
SighupCh: MakeSighupCh(),
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"policy": func() (cli.Command, error) {
return &PolicyCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"policy delete": func() (cli.Command, error) {
Wire all commands together
2017-09-05 04:05:53 +00:00
return &PolicyDeleteCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"policy fmt": func() (cli.Command, error) {
return &PolicyFmtCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
"policy list": func() (cli.Command, error) {
return &PolicyListCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
"policy read": func() (cli.Command, error) {
return &PolicyReadCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
}, nil
},
"policy write": func() (cli.Command, error) {
Wire all commands together
2017-09-05 04:05:53 +00:00
return &PolicyWriteCommand{
Add the ability to print curl commands from CLI (#6113)
2019-02-01 22:13:51 +00:00
BaseCommand: getBaseCommand(),
}, nil
},
remove panicking and added usage (#6208)
2019-02-11 19:19:08 +00:00
"print": func() (cli.Command, error) {
return &PrintCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Add the ability to print curl commands from CLI (#6113)
2019-02-01 22:13:51 +00:00
"print token": func() (cli.Command, error) {
return &PrintTokenCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
"read": func() (cli.Command, error) {
return &ReadCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"secrets": func() (cli.Command, error) {
return &SecretsCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"secrets disable": func() (cli.Command, error) {
return &SecretsDisableCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"secrets enable": func() (cli.Command, error) {
return &SecretsEnableCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"secrets list": func() (cli.Command, error) {
return &SecretsListCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"secrets move": func() (cli.Command, error) {
return &SecretsMoveCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"secrets tune": func() (cli.Command, error) {
return &SecretsTuneCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
"server": func() (cli.Command, error) {
return &ServerCommand{
BaseCommand: &BaseCommand{
Add RunCustom command to allow passing in a TokenHelper
2018-03-16 15:31:00 +00:00
UI: serverCmdUi,
Change base command template to runopts and allow specifying stdout/stderr
2018-03-16 16:31:26 +00:00
tokenHelper: runOpts.TokenHelper,
Allow sending address through RunCustom
2018-03-16 17:14:32 +00:00
flagAddress: runOpts.Address,
Wire all commands together
2017-09-05 04:05:53 +00:00
},
Adding tests to ensure all backends are mountable (#3861)
2018-02-01 16:30:04 +00:00
AuditBackends: auditBackends,
CredentialBackends: credentialBackends,
LogicalBackends: logicalBackends,
PhysicalBackends: physicalBackends,
Introduce optional service_registration stanza (#7887) * move ServiceDiscovery into methods * add ServiceDiscoveryFactory * add serviceDiscovery field to vault.Core * refactor ConsulServiceDiscovery into separate struct * cleanup * revert accidental change to go.mod * cleanup * get rid of un-needed struct tags in vault.CoreConfig * add service_discovery parser * add ServiceDiscovery to config * cleanup * cleanup * add test for ConfigServiceDiscovery to Core * unit testing for config service_discovery stanza * cleanup * get rid of un-needed redirect_addr stuff in service_discovery stanza * improve test suite * cleanup * clean up test a bit * create docs for service_discovery * check if service_discovery is configured, but storage does not support HA * tinker with test * tinker with test * tweak docs * move ServiceDiscovery into its own package * tweak a variable name * fix comment * rename service_discovery to service_registration * tweak service_registration config * Revert "tweak service_registration config" This reverts commit 5509920a8ab4c5a216468f262fc07c98121dce35. * simplify naming * refactor into ./serviceregistration/consul
2019-12-06 14:46:39 +00:00
ServiceRegistrations: serviceRegistrations,
ShutdownCh: MakeShutdownCh(),
SighupCh: MakeSighupCh(),
SigUSR2Ch: MakeSigUSR2Ch(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
"ssh": func() (cli.Command, error) {
return &SSHCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
"status": func() (cli.Command, error) {
return &StatusCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Fix PKI Synopsis, add Transit help text and casing fixes (#19395) * Fix synopsis for PKI subcommand Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add transit command for synopsis, help text Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Fix nits around spacing Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-28 14:43:05 +00:00
"transit": func() (cli.Command, error) {
return &TransitCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Transit Import Key CLI functionality (#18887) * wip * Transit byok cli * It works! * changelog * document return codes * Update command/transit_import_key.go Co-authored-by: Steven Clark <steven.clark@hashicorp.com> * make fmt --------- Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-01-30 18:46:57 +00:00
"transit import": func() (cli.Command, error) {
return &TransitImportCommand{
BaseCommand: getBaseCommand(),
}, nil
},
"transit import-version": func() (cli.Command, error) {
return &TransitImportVersionCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"token": func() (cli.Command, error) {
return &TokenCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"token create": func() (cli.Command, error) {
Wire all commands together
2017-09-05 04:05:53 +00:00
return &TokenCreateCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"token capabilities": func() (cli.Command, error) {
return &TokenCapabilitiesCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"token lookup": func() (cli.Command, error) {
return &TokenLookupCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"token renew": func() (cli.Command, error) {
return &TokenRenewCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Write all the deprecated commands together
2017-09-08 02:05:54 +00:00
"token revoke": func() (cli.Command, error) {
return &TokenRevokeCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
"unwrap": func() (cli.Command, error) {
return &UnwrapCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
"version": func() (cli.Command, error) {
return &VersionCommand{
VersionInfo: version.GetVersion(),
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
Add sys/version-history endpoint and associated command (#13766) * store version history as utc; add self-heal logic * add sys/version-history endpoint * change version history from GET to LIST, require auth * add "vault version-history" CLI command * add vault-version CLI error message for version string parsing * adding version-history API and CLI docs * add changelog entry * some version-history command fixes * remove extraneous cmd args * fix version-history command help text * specify in docs that endpoint was added in 1.10.0 Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com> * enforce UTC within storeVersionTimestamp directly * fix improper use of %w in logger.Warn * remove extra err check and erroneous return from loadVersionTimestamps * add >= 1.10.0 warning to version-history cmd * move sys/version-history tests Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-02-14 20:26:57 +00:00
"version-history": func() (cli.Command, error) {
return &VersionHistoryCommand{
BaseCommand: getBaseCommand(),
}, nil
},
Wire all commands together
2017-09-05 04:05:53 +00:00
"write": func() (cli.Command, error) {
return &WriteCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Wire all commands together
2017-09-05 04:05:53 +00:00
}, nil
},
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
"kv": func() (cli.Command, error) {
return &KVCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
"kv put": func() (cli.Command, error) {
return &KVPutCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
Kv preflight (#4430) * Update kv command to use a preflight check * Make the existing ui endpoint return the allowed mounts * Add kv subcommand tests * Enable `-field` in `vault kv get/put` (#4426) * Enable `-field` in `vault kv get/put` Fixes #4424 * Unify nil value handling * Use preflight helper * Update vkv plugin * Add all the mount info when authenticated * Add fix the error message on put * add metadata test * No need to sort the capabilities * Remove the kv client header * kv patch command (#4432) * Fix test * Fix tests * Use permission denied instead of entity disabled
2018-04-23 22:00:02 +00:00
"kv patch": func() (cli.Command, error) {
return &KVPatchCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
Kv preflight (#4430) * Update kv command to use a preflight check * Make the existing ui endpoint return the allowed mounts * Add kv subcommand tests * Enable `-field` in `vault kv get/put` (#4426) * Enable `-field` in `vault kv get/put` Fixes #4424 * Unify nil value handling * Use preflight helper * Update vkv plugin * Add all the mount info when authenticated * Add fix the error message on put * add metadata test * No need to sort the capabilities * Remove the kv client header * kv patch command (#4432) * Fix test * Fix tests * Use permission denied instead of entity disabled
2018-04-23 22:00:02 +00:00
}, nil
},
Add `kv rollback` (#4774) * Add `kv rollback` Like `kv patch` this is more of a helper than anything else; it provides a single command to fetch the current version (for CAS), read the version you want to roll back to, and set it as the new version (using CAS for safety).
2018-06-15 19:34:17 +00:00
"kv rollback": func() (cli.Command, error) {
return &KVRollbackCommand{
BaseCommand: getBaseCommand(),
}, nil
},
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
"kv get": func() (cli.Command, error) {
return &KVGetCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
"kv delete": func() (cli.Command, error) {
return &KVDeleteCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
"kv list": func() (cli.Command, error) {
return &KVListCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
"kv destroy": func() (cli.Command, error) {
return &KVDestroyCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
"kv undelete": func() (cli.Command, error) {
return &KVUndeleteCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
"kv enable-versioning": func() (cli.Command, error) {
return &KVEnableVersioningCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
"kv metadata": func() (cli.Command, error) {
return &KVMetadataCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
"kv metadata put": func() (cli.Command, error) {
return &KVMetadataPutCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
Add HTTP PATCH support for KV key metadata (#13215) * go get vault-plugin-secrets-kv@vault-4290-patch-metadata * add kv metadata patch command * add changelog entry * success tests for kv metadata patch flags * add more kv metadata patch flags tests * add kv metadata patch cas warning test * add kv-v2 key metadata patch API docs * add kv metadata patch to docs * prevent unintentional field overwriting in kv metadata put cmd * like create/update ops, prevent patch to paths ending in / * fix kv metadata patch cmd in docs * fix flag defaults for kv metadata put * go get vault-plugin-secrets-kv@vault-4290-patch-metadata * fix TestKvMetadataPatchCommand_Flags test * doc fixes * go get vault-plugin-secrets-kv@master; go mod tidy
2022-01-12 17:05:27 +00:00
"kv metadata patch": func() (cli.Command, error) {
return &KVMetadataPatchCommand{
BaseCommand: getBaseCommand(),
}, nil
},
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
"kv metadata get": func() (cli.Command, error) {
return &KVMetadataGetCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
"kv metadata delete": func() (cli.Command, error) {
return &KVMetadataDeleteCommand{
Add missing flags to KV commands and simplify boilerplate (#4617)
2018-05-23 13:56:47 +00:00
BaseCommand: getBaseCommand(),
command/kv: Add a "kv" subcommand for using the key-value store (#4168) * Add more cli subcommands * Add metadata commands * Add more subcommands * Update cli * Move archive commands to delete * Add helpers for making http calls to the kv backend * rename cli header * Format the various maps from kv * Add list command * Update help text * Add a command to enable versioning on a backend * Rename enable-versions command * Some review feedback * Fix listing of top level keys * Fix issue when metadata is nil * Add test for lising top level keys * Fix some typos * Add a note about deleting all versions
2018-03-21 22:02:41 +00:00
}, nil
},
Add a new "vault monitor" command (#8477) Add a new "vault monitor" command Co-authored-by: ncabatoff <ncabatoff@hashicorp.com> Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>
2020-05-21 20:07:50 +00:00
"monitor": func() (cli.Command, error) {
return &MonitorCommand{
BaseCommand: getBaseCommand(),
ShutdownCh: MakeShutdownCh(),
}, nil
},
Wire all commands together
2017-09-05 04:05:53 +00:00
}
`vault operator diagnose` stub command (#10819) * Stub "operator diagnose" command. * Parse configuration files. * Refactor storage setup to call from diagnose. * Add the ability to run Diagnose as a prequel to server start.
2021-02-02 20:15:10 +00:00
Fix command.RunCustom(...) correctly (#18904) * Revert "Remove t.Parallel() due to initialization race (#18751)" This reverts commit ebcd65310221aff1dfcb94a571d70e38944006df. We're going to fix this properly, running initCommands exactly once. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Prevent parallel testing racing in initCommands(...) When running initCommands(...) from multiple tests, they can potentially race, causing a panic. Test callers needing to set formatting information must use RunCustom(...) instead of directly invoking the test backend directly. When using t.Parallel(...) in these top-level tests, we thus could race. This removes the Commands global variable, making it a local variable instead as nothing else appears to use it. We'll update Enterprise to add in the Enterprise-specific commands to the existing list. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-31 13:18:21 +00:00
initCommandsEnt(ui, serverCmdUi, runOpts, commands)
return commands
Wire all commands together
2017-09-05 04:05:53 +00:00
}
// MakeShutdownCh returns a channel that can be used for shutdown
// notifications for commands. This channel will send a message for every
// SIGINT or SIGTERM received.
func MakeShutdownCh() chan struct{} {
resultCh := make(chan struct{})
shutdownCh := make(chan os.Signal, 4)
signal.Notify(shutdownCh, os.Interrupt, syscall.SIGTERM)
go func() {
<-shutdownCh
close(resultCh)
}()
return resultCh
}
// MakeSighupCh returns a channel that can be used for SIGHUP
// reloading. This channel will send a message for every
// SIGHUP received.
func MakeSighupCh() chan struct{} {
resultCh := make(chan struct{})
signalCh := make(chan os.Signal, 4)
signal.Notify(signalCh, syscall.SIGHUP)
go func() {
for {
<-signalCh
resultCh <- struct{}{}
}
}()
return resultCh
}