diff --git a/command/auth_enable.go b/command/auth_enable.go index c6b7486bd..c99f693d0 100644 --- a/command/auth_enable.go +++ b/command/auth_enable.go @@ -206,7 +206,7 @@ func (c *AuthEnableCommand) Run(args []string) int { } if fl.Name == flagNameAuditNonHMACResponseKeys { - authOpts.Config.AuditNonHMACRequestKeys = c.flagAuditNonHMACResponseKeys + authOpts.Config.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys } }) diff --git a/command/auth_tune.go b/command/auth_tune.go index 958d11bd1..ab375b5d4 100644 --- a/command/auth_tune.go +++ b/command/auth_tune.go @@ -1,6 +1,7 @@ package command import ( + "flag" "fmt" "strings" "time" @@ -16,8 +17,10 @@ var _ cli.CommandAutocomplete = (*AuthTuneCommand)(nil) type AuthTuneCommand struct { *BaseCommand - flagDefaultLeaseTTL time.Duration - flagMaxLeaseTTL time.Duration + flagDefaultLeaseTTL time.Duration + flagMaxLeaseTTL time.Duration + flagAuditNonHMACRequestKeys []string + flagAuditNonHMACResponseKeys []string } func (c *AuthTuneCommand) Synopsis() string { @@ -68,6 +71,20 @@ func (c *AuthTuneCommand) Flags() *FlagSets { "or a previously configured value for the auth method.", }) + f.StringSliceVar(&StringSliceVar{ + Name: flagNameAuditNonHMACRequestKeys, + Target: &c.flagAuditNonHMACRequestKeys, + Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" + + "devices in the request data object.", + }) + + f.StringSliceVar(&StringSliceVar{ + Name: flagNameAuditNonHMACResponseKeys, + Target: &c.flagAuditNonHMACResponseKeys, + Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" + + "devices in the response data object.", + }) + return set } @@ -103,14 +120,27 @@ func (c *AuthTuneCommand) Run(args []string) int { return 2 } + mountConfigInput := api.MountConfigInput{ + DefaultLeaseTTL: ttlToAPI(c.flagDefaultLeaseTTL), + MaxLeaseTTL: ttlToAPI(c.flagMaxLeaseTTL), + } + + // Set these values only if they are provided in the CLI + f.Visit(func(fl *flag.Flag) { + if fl.Name == flagNameAuditNonHMACRequestKeys { + mountConfigInput.AuditNonHMACRequestKeys = c.flagAuditNonHMACRequestKeys + } + + if fl.Name == flagNameAuditNonHMACResponseKeys { + mountConfigInput.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys + } + }) + // Append /auth (since that's where auths live) and a trailing slash to // indicate it's a path in output mountPath := ensureTrailingSlash(sanitizePath(args[0])) - if err := client.Sys().TuneMount("/auth/"+mountPath, api.MountConfigInput{ - DefaultLeaseTTL: ttlToAPI(c.flagDefaultLeaseTTL), - MaxLeaseTTL: ttlToAPI(c.flagMaxLeaseTTL), - }); err != nil { + if err := client.Sys().TuneMount("/auth/"+mountPath, mountConfigInput); err != nil { c.UI.Error(fmt.Sprintf("Error tuning auth method %s: %s", mountPath, err)) return 2 } diff --git a/command/secrets_enable.go b/command/secrets_enable.go index ad464a5ef..8acc42d87 100644 --- a/command/secrets_enable.go +++ b/command/secrets_enable.go @@ -226,7 +226,7 @@ func (c *SecretsEnableCommand) Run(args []string) int { } if fl.Name == flagNameAuditNonHMACResponseKeys { - mountInput.Config.AuditNonHMACRequestKeys = c.flagAuditNonHMACResponseKeys + mountInput.Config.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys } }) diff --git a/command/secrets_tune.go b/command/secrets_tune.go index b2029b750..1ca50262e 100644 --- a/command/secrets_tune.go +++ b/command/secrets_tune.go @@ -1,6 +1,7 @@ package command import ( + "flag" "fmt" "strings" "time" @@ -16,8 +17,10 @@ var _ cli.CommandAutocomplete = (*SecretsTuneCommand)(nil) type SecretsTuneCommand struct { *BaseCommand - flagDefaultLeaseTTL time.Duration - flagMaxLeaseTTL time.Duration + flagDefaultLeaseTTL time.Duration + flagMaxLeaseTTL time.Duration + flagAuditNonHMACRequestKeys []string + flagAuditNonHMACResponseKeys []string } func (c *SecretsTuneCommand) Synopsis() string { @@ -68,6 +71,20 @@ func (c *SecretsTuneCommand) Flags() *FlagSets { "TTL, or a previously configured value for the secrets engine.", }) + f.StringSliceVar(&StringSliceVar{ + Name: flagNameAuditNonHMACRequestKeys, + Target: &c.flagAuditNonHMACRequestKeys, + Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" + + "devices in the request data object.", + }) + + f.StringSliceVar(&StringSliceVar{ + Name: flagNameAuditNonHMACResponseKeys, + Target: &c.flagAuditNonHMACResponseKeys, + Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" + + "devices in the response data object.", + }) + return set } @@ -106,10 +123,23 @@ func (c *SecretsTuneCommand) Run(args []string) int { // Append a trailing slash to indicate it's a path in output mountPath := ensureTrailingSlash(sanitizePath(args[0])) - if err := client.Sys().TuneMount(mountPath, api.MountConfigInput{ + mountConfigInput := api.MountConfigInput{ DefaultLeaseTTL: ttlToAPI(c.flagDefaultLeaseTTL), MaxLeaseTTL: ttlToAPI(c.flagMaxLeaseTTL), - }); err != nil { + } + + // Set these values only if they are provided in the CLI + f.Visit(func(fl *flag.Flag) { + if fl.Name == flagNameAuditNonHMACRequestKeys { + mountConfigInput.AuditNonHMACRequestKeys = c.flagAuditNonHMACRequestKeys + } + + if fl.Name == flagNameAuditNonHMACResponseKeys { + mountConfigInput.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys + } + }) + + if err := client.Sys().TuneMount(mountPath, mountConfigInput); err != nil { c.UI.Error(fmt.Sprintf("Error tuning secrets engine %s: %s", mountPath, err)) return 2 }