Add token as a subcommand

command/token.go

@@ -0,0 +1,46 @@
+package command
+
+import (
+	"strings"
+
+	"github.com/mitchellh/cli"
+)
+
+var _ cli.Command = (*TokenCommand)(nil)
+
+type TokenCommand struct {
+	*BaseCommand
+}
+
+func (c *TokenCommand) Synopsis() string {
+	return "Interact with tokens"
+}
+
+func (c *TokenCommand) Help() string {
+	helpText := `
+Usage: vault token <subcommand> [options] [args]
+
+  This command groups subcommands for interacting with tokens. Users can
+  create, lookup, renew, and revoke tokens.
+
+  Create a new token:
+
+      $ vault token create
+
+  Revoke a token:
+
+      $ vault token revoke 96ddf4bc-d217-f3ba-f9bd-017055595017
+
+  Renew a token:
+
+      $ vault token renew 96ddf4bc-d217-f3ba-f9bd-017055595017
+
+  Please see the individual subcommand help for detailed usage information.
+`
+
+	return strings.TrimSpace(helpText)
+}
+
+func (c *TokenCommand) Run(args []string) int {
+	return cli.RunResultHelp
+}

command/token_capabilities.go

@@ -9,35 +9,33 @@ import (
 	"github.com/posener/complete"
 )
 
-// Ensure we are implementing the right interfaces.
-var _ cli.Command = (*CapabilitiesCommand)(nil)
-var _ cli.CommandAutocomplete = (*CapabilitiesCommand)(nil)
+var _ cli.Command = (*TokenCapabilitiesCommand)(nil)
+var _ cli.CommandAutocomplete = (*TokenCapabilitiesCommand)(nil)
 
-// CapabilitiesCommand is a Command that enables a new endpoint.
-type CapabilitiesCommand struct {
+type TokenCapabilitiesCommand struct {
 	*BaseCommand
 }
 
-func (c *CapabilitiesCommand) Synopsis() string {
-	return "Fetchs the capabilities of a token"
+func (c *TokenCapabilitiesCommand) Synopsis() string {
+	return "Print capabilities of a token on a path"
 }
 
-func (c *CapabilitiesCommand) Help() string {
+func (c *TokenCapabilitiesCommand) Help() string {
 	helpText := `
-Usage: vault capabilities [options] [TOKEN] PATH
+Usage: vault token capabilities [options] [TOKEN] PATH
 
   Fetches the capabilities of a token for a given path. If a TOKEN is provided
   as an argument, the "/sys/capabilities" endpoint and permission is used. If
-  no TOKEN is  provided, the "/sys/capabilities-self" endpoint and permission
+  no TOKEN is provided, the "/sys/capabilities-self" endpoint and permission
   is used with the locally authenticated token.
 
   List capabilities for the local token on the "secret/foo" path:
 
-      $ vault capabilities secret/foo
+      $ vault token capabilities secret/foo
 
   List capabilities for a token on the "cubbyhole/foo" path:
 
-      $ vault capabilities 96ddf4bc-d217-f3ba-f9bd-017055595017 cubbyhole/foo
+      $ vault token capabilities 96ddf4bc-d217-f3ba-f9bd-017055595017 cubbyhole/foo
 
   For a full list of examples, please see the documentation.
 
@@ -46,19 +44,19 @@ Usage: vault capabilities [options] [TOKEN] PATH
 	return strings.TrimSpace(helpText)
 }
 
-func (c *CapabilitiesCommand) Flags() *FlagSets {
+func (c *TokenCapabilitiesCommand) Flags() *FlagSets {
 	return c.flagSet(FlagSetHTTP)
 }
 
-func (c *CapabilitiesCommand) AutocompleteArgs() complete.Predictor {
+func (c *TokenCapabilitiesCommand) AutocompleteArgs() complete.Predictor {
 	return nil
 }
 
-func (c *CapabilitiesCommand) AutocompleteFlags() complete.Flags {
+func (c *TokenCapabilitiesCommand) AutocompleteFlags() complete.Flags {
 	return c.Flags().Completions()
 }
 
-func (c *CapabilitiesCommand) Run(args []string) int {
+func (c *TokenCapabilitiesCommand) Run(args []string) int {
 	f := c.Flags()
 
 	if err := f.Parse(args); err != nil {

command/token_capabilities_test.go

@@ -8,18 +8,18 @@ import (
 	"github.com/mitchellh/cli"
 )
 
-func testCapabilitiesCommand(tb testing.TB) (*cli.MockUi, *CapabilitiesCommand) {
+func testTokenCapabilitiesCommand(tb testing.TB) (*cli.MockUi, *TokenCapabilitiesCommand) {
 	tb.Helper()
 
 	ui := cli.NewMockUi()
-	return ui, &CapabilitiesCommand{
+	return ui, &TokenCapabilitiesCommand{
 		BaseCommand: &BaseCommand{
 			UI: ui,
 		},
 	}
 }
 
-func TestCapabilitiesCommand_Run(t *testing.T) {
+func TestTokenCapabilitiesCommand_Run(t *testing.T) {
 	t.Parallel()
 
 	cases := []struct {
@@ -42,7 +42,7 @@ func TestCapabilitiesCommand_Run(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 
-			ui, cmd := testCapabilitiesCommand(t)
+			ui, cmd := testTokenCapabilitiesCommand(t)
 
 			code := cmd.Run(tc.args)
 			if code != tc.code {
@@ -79,7 +79,7 @@ func TestCapabilitiesCommand_Run(t *testing.T) {
 		}
 		token := secret.Auth.ClientToken
 
-		ui, cmd := testCapabilitiesCommand(t)
+		ui, cmd := testTokenCapabilitiesCommand(t)
 		cmd.client = client
 
 		code := cmd.Run([]string{
@@ -121,7 +121,7 @@ func TestCapabilitiesCommand_Run(t *testing.T) {
 
 		client.SetToken(token)
 
-		ui, cmd := testCapabilitiesCommand(t)
+		ui, cmd := testTokenCapabilitiesCommand(t)
 		cmd.client = client
 
 		code := cmd.Run([]string{
@@ -144,7 +144,7 @@ func TestCapabilitiesCommand_Run(t *testing.T) {
 		client, closer := testVaultServerBad(t)
 		defer closer()
 
-		ui, cmd := testCapabilitiesCommand(t)
+		ui, cmd := testTokenCapabilitiesCommand(t)
 		cmd.client = client
 
 		code := cmd.Run([]string{
@@ -164,7 +164,7 @@ func TestCapabilitiesCommand_Run(t *testing.T) {
 	t.Run("no_tabs", func(t *testing.T) {
 		t.Parallel()
 
-		_, cmd := testCapabilitiesCommand(t)
+		_, cmd := testTokenCapabilitiesCommand(t)
 		assertNoTabs(t, cmd)
 	})
 }

command/token_create.go

@@ -10,11 +10,9 @@ import (
 	"github.com/posener/complete"
 )
 
-// Ensure we are implementing the right interfaces.
 var _ cli.Command = (*TokenCreateCommand)(nil)
 var _ cli.CommandAutocomplete = (*TokenCreateCommand)(nil)
 
-// TokenCreateCommand is a Command that mounts a new mount.
 type TokenCreateCommand struct {
 	*BaseCommand
 
@@ -36,12 +34,12 @@ type TokenCreateCommand struct {
 }
 
 func (c *TokenCreateCommand) Synopsis() string {
-	return "Creates a new token"
+	return "Create a new token"
 }
 
 func (c *TokenCreateCommand) Help() string {
 	helpText := `
-Usage: vault token-create [options]
+Usage: vault token create [options]
 
   Creates a new token that can be used for authentication. This token will be
   created as a child of the currently authenticated token. The generated token
@@ -159,7 +157,7 @@ func (c *TokenCreateCommand) Flags() *FlagSets {
 		Name:       "metadata",
 		Target:     &c.flagMetadata,
 		Completion: complete.PredictAnything,
-		Usage: "Arbitary key=value metadata to associate with the token. " +
+		Usage: "Arbitrary key=value metadata to associate with the token. " +
 			"This metadata will show in the audit log when the token is used. " +
 			"This can be specified multiple times to add multiple pieces of " +
 			"metadata.",

command/token_lookup.go

@@ -9,11 +9,9 @@ import (
 	"github.com/posener/complete"
 )
 
-// Ensure we are implementing the right interfaces.
 var _ cli.Command = (*TokenLookupCommand)(nil)
 var _ cli.CommandAutocomplete = (*TokenLookupCommand)(nil)
 
-// TokenLookupCommand is a Command that outputs details about the provided.
 type TokenLookupCommand struct {
 	*BaseCommand
 
@@ -21,12 +19,12 @@ type TokenLookupCommand struct {
 }
 
 func (c *TokenLookupCommand) Synopsis() string {
-	return "Displays information about a token"
+	return "Display information about a token"
 }
 
 func (c *TokenLookupCommand) Help() string {
 	helpText := `
-Usage: vault token-lookup [options] [TOKEN | ACCESSOR]
+Usage: vault token lookup [options] [TOKEN | ACCESSOR]
 
   Displays information about a token or accessor. If a TOKEN is not provided,
   the locally authenticated token is used.
@@ -34,16 +32,16 @@ Usage: vault token-lookup [options] [TOKEN | ACCESSOR]
   Get information about the locally authenticated token (this uses the
   /auth/token/lookup-self endpoint and permission):
 
-      $ vault token-lookup
+      $ vault token lookup
 
   Get information about a particular token (this uses the /auth/token/lookup
   endpoint and permission):
 
-      $ vault token-lookup 96ddf4bc-d217-f3ba-f9bd-017055595017
+      $ vault token lookup 96ddf4bc-d217-f3ba-f9bd-017055595017
 
   Get information about a token via its accessor:
 
-      $ vault token-lookup -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da
+      $ vault token lookup -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da
 
   For a full list of examples, please see the documentation.
 
@@ -63,7 +61,7 @@ func (c *TokenLookupCommand) Flags() *FlagSets {
 		Default:    false,
 		EnvVar:     "",
 		Completion: complete.PredictNothing,
-		Usage: "Treat the argument as an accessor intead of a token. When " +
+		Usage: "Treat the argument as an accessor instead of a token. When " +
 			"this option is selected, the output will NOT include the token.",
 	})
 

command/token_renew.go

@@ -10,11 +10,9 @@ import (
 	"github.com/posener/complete"
 )
 
-// Ensure we are implementing the right interfaces.
 var _ cli.Command = (*TokenRenewCommand)(nil)
 var _ cli.CommandAutocomplete = (*TokenRenewCommand)(nil)
 
-// TokenRenewCommand is a Command that mounts a new mount.
 type TokenRenewCommand struct {
 	*BaseCommand
 
@@ -22,12 +20,12 @@ type TokenRenewCommand struct {
 }
 
 func (c *TokenRenewCommand) Synopsis() string {
-	return "Renews token leases"
+	return "Renew a token lease"
 }
 
 func (c *TokenRenewCommand) Help() string {
 	helpText := `
-Usage: vault token-renew [options] [TOKEN]
+Usage: vault token renew [options] [TOKEN]
 
   Renews a token's lease, extending the amount of time it can be used. If a
   TOKEN is not provided, the locally authenticated token is used. Lease renewal
@@ -36,16 +34,16 @@ Usage: vault token-renew [options] [TOKEN]
 
   Renew a token (this uses the /auth/token/renew endpoint and permission):
 
-      $ vault token-renew 96ddf4bc-d217-f3ba-f9bd-017055595017
+      $ vault token renew 96ddf4bc-d217-f3ba-f9bd-017055595017
 
   Renew the currently authenticated token (this uses the /auth/token/renew-self
   endpoint and permission):
 
-      $ vault token-renew
+      $ vault token renew
 
   Renew a token requesting a specific increment value:
 
-      $ vault token-renew -increment 30m 96ddf4bc-d217-f3ba-f9bd-017055595017
+      $ vault token renew -increment=30m 96ddf4bc-d217-f3ba-f9bd-017055595017
 
   For a full list of examples, please see the documentation.
 

command/token_revoke.go

@@ -8,11 +8,9 @@ import (
 	"github.com/posener/complete"
 )
 
-// Ensure we are implementing the right interfaces.
 var _ cli.Command = (*TokenRevokeCommand)(nil)
 var _ cli.CommandAutocomplete = (*TokenRevokeCommand)(nil)
 
-// TokenRevokeCommand is a Command that mounts a new mount.
 type TokenRevokeCommand struct {
 	*BaseCommand
 
@@ -22,12 +20,12 @@ type TokenRevokeCommand struct {
 }
 
 func (c *TokenRevokeCommand) Synopsis() string {
-	return "Revokes tokens and their children"
+	return "Revoke a token and its children"
 }
 
 func (c *TokenRevokeCommand) Help() string {
 	helpText := `
-Usage: vault token-revoke [options] [TOKEN | ACCESSOR]
+Usage: vault token revoke [options] [TOKEN | ACCESSOR]
 
   Revokes authentication tokens and their children. If a TOKEN is not provided,
   the locally authenticated token is used. The "-mode" flag can be used to
@@ -36,15 +34,15 @@ Usage: vault token-revoke [options] [TOKEN | ACCESSOR]
 
   Revoke a token and all the token's children:
 
-      $ vault token-revoke 96ddf4bc-d217-f3ba-f9bd-017055595017
+      $ vault token revoke 96ddf4bc-d217-f3ba-f9bd-017055595017
 
   Revoke a token leaving the token's children:
 
-      $ vault token-revoke -mode=orphan 96ddf4bc-d217-f3ba-f9bd-017055595017
+      $ vault token revoke -mode=orphan 96ddf4bc-d217-f3ba-f9bd-017055595017
 
   Revoke a token by accessor:
 
-      $ vault token-revoke -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da
+      $ vault token revoke -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da
 
   For a full list of examples, please see the documentation.