Make audit a subcommand

2017-09-07 21:57:32 -04:00 · 2017-09-07 21:57:32 -04:00 · 5aab30091e
parent 939495c7bb
commit 5aab30091e
6 changed files with 100 additions and 70 deletions
--- a/command/audit.go
+++ b/command/audit.go
@ -0,0 +1,42 @@
+package command
+
+import (
+	"strings"
+
+	"github.com/mitchellh/cli"
+)
+
+var _ cli.Command = (*AuditCommand)(nil)
+
+type AuditCommand struct {
+	*BaseCommand
+}
+
+func (c *AuditCommand) Synopsis() string {
+	return "Interact with audit devices"
+}
+
+func (c *AuditCommand) Help() string {
+	helpText := `
+Usage: vault audit <subcommand> [options] [args]
+
+  This command groups subcommands for interacting with Vault's audit devices.
+  Users can list, enable, and disable audit devices.
+
+  List all enabled audit devices:
+
+      $ vault audit list
+
+  Enable a new audit device "userpass";
+
+       $ vault audit enable file file_path=/var/log/audit.log
+
+  Please see the individual subcommand help for detailed usage information.
+`
+
+	return strings.TrimSpace(helpText)
+}
+
+func (c *AuditCommand) Run(args []string) int {
+	return cli.RunResultHelp
+}
--- a/command/audit_disable.go
+++ b/command/audit_disable.go
@ -8,32 +8,30 @@ import (
 	"github.com/posener/complete"
 )

-// Ensure we are implementing the right interfaces.
 var _ cli.Command = (*AuditDisableCommand)(nil)
 var _ cli.CommandAutocomplete = (*AuditDisableCommand)(nil)

-// AuditDisableCommand is a Command that mounts a new mount.
 type AuditDisableCommand struct {
 	*BaseCommand
 }

 func (c *AuditDisableCommand) Synopsis() string {
-	return "Disables an audit backend"
+	return "Disables an audit device"
 }

 func (c *AuditDisableCommand) Help() string {
 	helpText := `
-Usage: vault audit-disable [options] PATH
+Usage: vault audit disable [options] PATH

-  Disables an audit backend. Once an audit backend is disabled, no future
-  audit logs are dispatched to it. The data associated with the audit backend
-  is not affected.
+  Disables an audit device. Once an audit device is disabled, no future audit
+  logs are dispatched to it. The data associated with the audit device is not
+  affected.

-  The argument corresponds to the PATH of the mount, not the TYPE!
+  The argument corresponds to the PATH of audit device, not the TYPE!

-  Disable the audit backend at file/:
+  Disable the audit device enabled at "file/":

-      $ vault audit-disable file/
+      $ vault audit disable file/

 ` + c.Flags().Help()

@ -61,18 +59,17 @@ func (c *AuditDisableCommand) Run(args []string) int {
 	}

 	args = f.Args()
-	path, kvs, err := extractPath(args)
-	if err != nil {
-		c.UI.Error(err.Error())
+	switch {
+	case len(args) < 1:
+		c.UI.Error(fmt.Sprintf("Not enough arguments (expected 1, got %d)", len(args)))
 		return 1
-	}
-	path = ensureTrailingSlash(path)
-
-	if len(kvs) > 0 {
+	case len(args) > 1:
 		c.UI.Error(fmt.Sprintf("Too many arguments (expected 1, got %d)", len(args)))
 		return 1
 	}

+	path := ensureTrailingSlash(sanitizePath(args[0]))
+
 	client, err := c.Client()
 	if err != nil {
 		c.UI.Error(err.Error())
@ -80,11 +77,11 @@ func (c *AuditDisableCommand) Run(args []string) int {
 	}

 	if err := client.Sys().DisableAudit(path); err != nil {
-		c.UI.Error(fmt.Sprintf("Error disabling audit backend: %s", err))
+		c.UI.Error(fmt.Sprintf("Error disabling audit device: %s", err))
 		return 2
 	}

-	c.UI.Output(fmt.Sprintf("Success! Disabled audit backend (if it was enabled) at: %s", path))
+	c.UI.Output(fmt.Sprintf("Success! Disabled audit device (if it was enabled) at: %s", path))

 	return 0
 }
--- a/command/audit_disable_test.go
+++ b/command/audit_disable_test.go
@ -29,27 +29,27 @@ func TestAuditDisableCommand_Run(t *testing.T) {
 		code int
 	}{
 		{
-			"empty",
+			"not_enough_args",
 			nil,
-			"Missing PATH!",
+			"Not enough arguments",
 			1,
 		},
 		{
-			"slash",
-			[]string{"/"},
-			"Missing PATH!",
+			"too_many_args",
+			[]string{"foo", "bar", "baz"},
+			"Too many arguments",
 			1,
 		},
 		{
 			"not_real",
 			[]string{"not_real"},
-			"Success! Disabled audit backend (if it was enabled) at: not_real/",
+			"Success! Disabled audit device (if it was enabled) at: not_real/",
 			0,
 		},
 		{
 			"default",
 			[]string{"file"},
-			"Success! Disabled audit backend (if it was enabled) at: file/",
+			"Success! Disabled audit device (if it was enabled) at: file/",
 			0,
 		},
 	}
@ -112,7 +112,7 @@ func TestAuditDisableCommand_Run(t *testing.T) {
 			t.Errorf("expected %d to be %d", code, exp)
 		}

-		expected := "Success! Disabled audit backend (if it was enabled) at: integration_audit_disable/"
+		expected := "Success! Disabled audit device (if it was enabled) at: integration_audit_disable/"
 		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
 		if !strings.Contains(combined, expected) {
 			t.Errorf("expected %q to contain %q", combined, expected)
@ -144,7 +144,7 @@ func TestAuditDisableCommand_Run(t *testing.T) {
 			t.Errorf("expected %d to be %d", code, exp)
 		}

-		expected := "Error disabling audit backend: "
+		expected := "Error disabling audit device: "
 		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
 		if !strings.Contains(combined, expected) {
 			t.Errorf("expected %q to contain %q", combined, expected)
--- a/command/audit_enable.go
+++ b/command/audit_enable.go
@ -11,11 +11,9 @@ import (
 	"github.com/posener/complete"
 )

-// Ensure we are implementing the right interfaces.
 var _ cli.Command = (*AuditEnableCommand)(nil)
 var _ cli.CommandAutocomplete = (*AuditEnableCommand)(nil)

-// AuditEnableCommand is a Command that mounts a new mount.
 type AuditEnableCommand struct {
 	*BaseCommand

@ -27,26 +25,23 @@ type AuditEnableCommand struct {
 }

 func (c *AuditEnableCommand) Synopsis() string {
-	return "Enables an audit backend"
+	return "Enables an audit device"
 }

 func (c *AuditEnableCommand) Help() string {
 	helpText := `
-Usage: vault audit-enable [options] TYPE [CONFIG K=V...]
+Usage: vault audit enable [options] TYPE [CONFIG K=V...]

-  Enables an audit backend at a given path.
+  Enables an audit device at a given path.

-  This command enables an audit backend of type "type". Additional
-  options for configuring the audit backend can be specified after the
-  type in the same format as the "vault write" command in key/value pairs.
+  This command enables an audit device of TYPE. Additional options for
+  configuring the audit device can be specified after the type in the same
+  format as the "vault write" command in key/value pairs.

-  For example, to configure the file audit backend to write audit logs at
-  the path /var/log/audit.log:
+  For example, to configure the file audit device to write audit logs at the
+  path "/var/log/audit.log":

-      $ vault audit-enable file file_path=/var/log/audit.log
-
-  For information on available configuration options, please see the
-  documentation.
+      $ vault audit enable file file_path=/var/log/audit.log

 ` + c.Flags().Help()

@ -65,7 +60,7 @@ func (c *AuditEnableCommand) Flags() *FlagSets {
 		EnvVar:     "",
 		Completion: complete.PredictAnything,
 		Usage: "Human-friendly description for the purpose of this audit " +
-			"backend.",
+			"device.",
 	})

 	f.StringVar(&StringVar{
@ -74,9 +69,9 @@ func (c *AuditEnableCommand) Flags() *FlagSets {
 		Default:    "", // The default is complex, so we have to manually document
 		EnvVar:     "",
 		Completion: complete.PredictAnything,
-		Usage: "Place where the audit backend will be accessible. This must be " +
-			"unique across all audit backends. This defaults to the \"type\" of the " +
-			"audit backend.",
+		Usage: "Place where the audit device will be accessible. This must be " +
+			"unique across all audit devices. This defaults to the \"type\" of the " +
+			"audit device.",
 	})

 	f.BoolVar(&BoolVar{
@ -84,8 +79,8 @@ func (c *AuditEnableCommand) Flags() *FlagSets {
 		Target:  &c.flagLocal,
 		Default: false,
 		EnvVar:  "",
-		Usage: "Mark the audit backend as a local-only backned. Local backends " +
-			"are not replicated nor removed by replication.",
+		Usage: "Mark the audit device as a local-only device. Local devices " +
+			"are not replicated or removed by replication.",
 	})

 	return set
@ -150,10 +145,10 @@ func (c *AuditEnableCommand) Run(args []string) int {
 		Options:     options,
 		Local:       c.flagLocal,
 	}); err != nil {
-		c.UI.Error(fmt.Sprintf("Error enabling audit backend: %s", err))
+		c.UI.Error(fmt.Sprintf("Error enabling audit device: %s", err))
 		return 2
 	}

-	c.UI.Output(fmt.Sprintf("Success! Enabled the %s audit backend at: %s", auditType, auditPath))
+	c.UI.Output(fmt.Sprintf("Success! Enabled the %s audit device at: %s", auditType, auditPath))
 	return 0
 }
--- a/command/audit_enable_test.go
+++ b/command/audit_enable_test.go
@ -42,7 +42,7 @@ func TestAuditEnableCommand_Run(t *testing.T) {
 		{
 			"enable",
 			[]string{"file", "file_path=discard"},
-			"Success! Enabled the file audit backend at: file/",
+			"Success! Enabled the file audit device at: file/",
 			0,
 		},
 		{
@ -52,7 +52,7 @@ func TestAuditEnableCommand_Run(t *testing.T) {
 				"file",
 				"file_path=discard",
 			},
-			"Success! Enabled the file audit backend at: audit_path/",
+			"Success! Enabled the file audit device at: audit_path/",
 			0,
 		},
 	}
@ -100,7 +100,7 @@ func TestAuditEnableCommand_Run(t *testing.T) {
 			t.Errorf("expected %d to be %d", code, exp)
 		}

-		expected := "Success! Enabled the file audit backend at: audit_enable_integration/"
+		expected := "Success! Enabled the file audit device at: audit_enable_integration/"
 		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
 		if !strings.Contains(combined, expected) {
 			t.Errorf("expected %q to contain %q", combined, expected)
@ -144,7 +144,7 @@ func TestAuditEnableCommand_Run(t *testing.T) {
 			t.Errorf("expected %d to be %d", code, exp)
 		}

-		expected := "Error enabling audit backend: "
+		expected := "Error enabling audit device: "
 		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
 		if !strings.Contains(combined, expected) {
 			t.Errorf("expected %q to contain %q", combined, expected)
--- a/command/audit_list.go
+++ b/command/audit_list.go
@ -10,11 +10,9 @@ import (
 	"github.com/posener/complete"
 )

-// Ensure we are implementing the right interfaces.
 var _ cli.Command = (*AuditListCommand)(nil)
 var _ cli.CommandAutocomplete = (*AuditListCommand)(nil)

-// AuditListCommand is a Command that lists the enabled audits.
 type AuditListCommand struct {
 	*BaseCommand

@ -22,25 +20,23 @@ type AuditListCommand struct {
 }

 func (c *AuditListCommand) Synopsis() string {
-	return "Lists enabled audit backends"
+	return "Lists enabled audit devices"
 }

 func (c *AuditListCommand) Help() string {
 	helpText := `
-Usage: vault audit-list [options]
+Usage: vault audit list [options]

-  Lists the enabled audit backends in the Vault server. The output lists
-  the enabled audit backends and the options for those backends.
+  Lists the enabled audit devices in the Vault server. The output lists the
+  enabled audit devices and the options for those devices.

-  List all audit backends:
+  List all audit devices:

-      $ vault audit-list
+      $ vault audit list

-  List detailed output about the audit backends:
+  List detailed output about the audit devices:

-      $ vault audit-list -detailed
-
-  For a full list of examples, please see the documentation.
+      $ vault audit list -detailed

 ` + c.Flags().Help()

@ -58,7 +54,7 @@ func (c *AuditListCommand) Flags() *FlagSets {
 		Default: false,
 		EnvVar:  "",
 		Usage: "Print detailed information such as options and replication " +
-			"status about each mount.",
+			"status about each auth device.",
 	})

 	return set
@ -99,16 +95,16 @@ func (c *AuditListCommand) Run(args []string) int {
 	}

 	if len(audits) == 0 {
-		c.UI.Error(fmt.Sprintf("No audit backends are enabled."))
+		c.UI.Output(fmt.Sprintf("No audit devices are enabled."))
 		return 0
 	}

 	if c.flagDetailed {
-		c.UI.Output(tableOutput(c.detailedAudits(audits)))
+		c.UI.Output(tableOutput(c.detailedAudits(audits), nil))
 		return 0
 	}

-	c.UI.Output(tableOutput(c.simpleAudits(audits)))
+	c.UI.Output(tableOutput(c.simpleAudits(audits), nil))
 	return 0
 }