command/seal-status
This commit is contained in:
Mitchell Hashimoto
parent
5c2915ba52
commit
c84a9bcaed
|
|
@ -0,0 +1,83 @@
|
|||
package command
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// SealStatusCommand is a Command that outputs the status of whether
|
||||
// Vault is sealed or not.
|
||||
type SealStatusCommand struct {
|
||||
Meta
|
||||
}
|
||||
|
||||
func (c *SealStatusCommand) Run(args []string) int {
|
||||
flags := c.Meta.FlagSet("seal-status", FlagSetDefault)
|
||||
flags.Usage = func() { c.Ui.Error(c.Help()) }
|
||||
if err := flags.Parse(args); err != nil {
|
||||
return 1
|
||||
}
|
||||
|
||||
client, err := c.Client()
|
||||
if err != nil {
|
||||
c.Ui.Error(fmt.Sprintf(
|
||||
"Error initializing client: %s", err))
|
||||
return 2
|
||||
}
|
||||
|
||||
status, err := client.Sys().SealStatus()
|
||||
if err != nil {
|
||||
c.Ui.Error(fmt.Sprintf(
|
||||
"Error checking seal status: %s", err))
|
||||
return 2
|
||||
}
|
||||
|
||||
c.Ui.Output(fmt.Sprintf(
|
||||
"Sealed: %v\n"+
|
||||
"Key Shares: %d\n"+
|
||||
"Key Threshold: %d\n"+
|
||||
"Unseal Progress: %d",
|
||||
status.Sealed,
|
||||
status.N,
|
||||
status.T,
|
||||
status.Progress,
|
||||
))
|
||||
|
||||
if status.Sealed {
|
||||
return 1
|
||||
} else {
|
||||
return 0
|
||||
}
|
||||
}
|
||||
|
||||
func (c *SealStatusCommand) Synopsis() string {
|
||||
return "Outputs status of whether Vault is sealed"
|
||||
}
|
||||
|
||||
func (c *SealStatusCommand) Help() string {
|
||||
helpText := `
|
||||
Usage: vault seal-status [options]
|
||||
|
||||
Outputs the state of the Vault, sealed or unsealed.
|
||||
|
||||
This command outputs whether or not the Vault is sealed. The exit
|
||||
code also reflects the seal status (0 unsealed, 1 sealed, 2+ error).
|
||||
|
||||
General Options:
|
||||
|
||||
-address=TODO The address of the Vault server.
|
||||
|
||||
-ca-cert=path Path to a PEM encoded CA cert file to use to
|
||||
verify the Vault server SSL certificate.
|
||||
|
||||
-ca-path=path Path to a directory of PEM encoded CA cert files
|
||||
to verify the Vault server SSL certificate. If both
|
||||
-ca-cert and -ca-path are specified, -ca-path is used.
|
||||
|
||||
-insecure Do not verify TLS certificate. This is highly
|
||||
not recommended. This is especially not recommended
|
||||
for unsealing a vault.
|
||||
|
||||
`
|
||||
return strings.TrimSpace(helpText)
|
||||
}
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
package command
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/vault/http"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
"github.com/mitchellh/cli"
|
||||
)
|
||||
|
||||
func TestSealStatus(t *testing.T) {
|
||||
ui := new(cli.MockUi)
|
||||
c := &SealStatusCommand{
|
||||
Meta: Meta{
|
||||
Ui: ui,
|
||||
},
|
||||
}
|
||||
|
||||
core := vault.TestCore(t)
|
||||
keys := vault.TestCoreInit(t, core)
|
||||
ln, addr := http.TestServer(t, core)
|
||||
defer ln.Close()
|
||||
|
||||
args := []string{"-address", addr}
|
||||
if code := c.Run(args); code != 1 {
|
||||
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
||||
}
|
||||
|
||||
for _, k := range keys {
|
||||
if _, err := core.Unseal(k); err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
if code := c.Run(args); code != 0 {
|
||||
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
||||
}
|
||||
}
|
||||
|
|
@ -42,6 +42,12 @@ func init() {
|
|||
}, nil
|
||||
},
|
||||
|
||||
"seal-status": func() (cli.Command, error) {
|
||||
return &command.SealStatusCommand{
|
||||
Meta: meta,
|
||||
}, nil
|
||||
},
|
||||
|
||||
"unseal": func() (cli.Command, error) {
|
||||
return &command.UnsealCommand{
|
||||
Meta: meta,
|
||||
|
|
|
|||
Loading…
Reference in New Issue