diff --git a/api/auth_token.go b/api/auth_token.go index b892feae0..03581723b 100644 --- a/api/auth_token.go +++ b/api/auth_token.go @@ -52,6 +52,18 @@ func (c *TokenAuth) Lookup(token string) (*Secret, error) { return ParseSecret(resp.Body) } +func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error) { + r := c.c.NewRequest("POST", "/v1/auth/token/lookup-accessor/"+accessor) + + resp, err := c.c.RawRequest(r) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + return ParseSecret(resp.Body) +} + func (c *TokenAuth) LookupSelf() (*Secret, error) { r := c.c.NewRequest("GET", "/v1/auth/token/lookup-self") diff --git a/command/token_lookup.go b/command/token_lookup.go index 6443904d2..56cdd91be 100644 --- a/command/token_lookup.go +++ b/command/token_lookup.go @@ -2,8 +2,9 @@ package command import ( "fmt" - "github.com/hashicorp/vault/api" "strings" + + "github.com/hashicorp/vault/api" ) // TokenLookupCommand is a Command that outputs details about the @@ -14,7 +15,9 @@ type TokenLookupCommand struct { func (c *TokenLookupCommand) Run(args []string) int { var format string + var accessor bool flags := c.Meta.FlagSet("token-lookup", FlagSetDefault) + flags.BoolVar(&accessor, "accessor", false, "") flags.StringVar(&format, "format", "table", "") flags.Usage = func() { c.Ui.Error(c.Help()) } if err := flags.Parse(args); err != nil { @@ -32,14 +35,27 @@ func (c *TokenLookupCommand) Run(args []string) int { client, err := c.Client() if err != nil { c.Ui.Error(fmt.Sprintf( - "Error initializing client: %s", err)) + "error initializing client: %s", err)) return 2 } - secret, err := doTokenLookup(args, client) + var secret *api.Secret + switch { + case !accessor && len(args) == 0: + secret, err = client.Auth().Token().LookupSelf() + case !accessor && len(args) == 1: + secret, err = client.Auth().Token().Lookup(args[0]) + case accessor && len(args) == 1: + secret, err = client.Auth().Token().LookupAccessor(args[0]) + default: + // This happens only when accessor is set and no argument is passed + c.Ui.Error(fmt.Sprintf("token-lookup expects an argument when accessor flag is set")) + return 1 + } + if err != nil { c.Ui.Error(fmt.Sprintf( - "Error looking up token: %s", err)) + "error looking up token: %s", err)) return 1 } return OutputSecret(c.Ui, format, secret) @@ -62,15 +78,20 @@ func (c *TokenLookupCommand) Help() string { helpText := ` Usage: vault token-lookup [options] [token] - Displays information about the specified token. - If no token is specified, the operation is performed on the currently - authenticated token i.e. lookup-self. + Displays information about the specified token. If no token is specified, + the operation is performed on the currently authenticated token i.e. lookup-self. + Information about the token can also be retrieved using the token accessor + by setting the '-accessor' flag. General Options: ` + generalOptionsUsage() + ` Token Lookup Options: + -accessor A boolean flag, if set, treats the argument as an accessor of the token. + Note that the response of the command when this is set, will not contain + the token ID. Accessor is only meant for looking up the token properties + (and for revocation via '/auth/token/revoke-accessor/' endpoint). -format=table The format for output. By default it is a whitespace- delimited table. This can also be json or yaml.