Add non-hmac flags for cli secrets/auth tune commands (#4151)

* Add non-hmac params for cli secrets/auth tune

* Fix value assignment mismatch
This commit is contained in:
Calvin Leung Huang 2018-03-19 09:56:57 -04:00 committed by GitHub
parent 050a848cfb
commit edfe77ff85
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 72 additions and 12 deletions

View file

@ -206,7 +206,7 @@ func (c *AuthEnableCommand) Run(args []string) int {
}
if fl.Name == flagNameAuditNonHMACResponseKeys {
authOpts.Config.AuditNonHMACRequestKeys = c.flagAuditNonHMACResponseKeys
authOpts.Config.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys
}
})

View file

@ -1,6 +1,7 @@
package command
import (
"flag"
"fmt"
"strings"
"time"
@ -16,8 +17,10 @@ var _ cli.CommandAutocomplete = (*AuthTuneCommand)(nil)
type AuthTuneCommand struct {
*BaseCommand
flagDefaultLeaseTTL time.Duration
flagMaxLeaseTTL time.Duration
flagDefaultLeaseTTL time.Duration
flagMaxLeaseTTL time.Duration
flagAuditNonHMACRequestKeys []string
flagAuditNonHMACResponseKeys []string
}
func (c *AuthTuneCommand) Synopsis() string {
@ -68,6 +71,20 @@ func (c *AuthTuneCommand) Flags() *FlagSets {
"or a previously configured value for the auth method.",
})
f.StringSliceVar(&StringSliceVar{
Name: flagNameAuditNonHMACRequestKeys,
Target: &c.flagAuditNonHMACRequestKeys,
Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" +
"devices in the request data object.",
})
f.StringSliceVar(&StringSliceVar{
Name: flagNameAuditNonHMACResponseKeys,
Target: &c.flagAuditNonHMACResponseKeys,
Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" +
"devices in the response data object.",
})
return set
}
@ -103,14 +120,27 @@ func (c *AuthTuneCommand) Run(args []string) int {
return 2
}
mountConfigInput := api.MountConfigInput{
DefaultLeaseTTL: ttlToAPI(c.flagDefaultLeaseTTL),
MaxLeaseTTL: ttlToAPI(c.flagMaxLeaseTTL),
}
// Set these values only if they are provided in the CLI
f.Visit(func(fl *flag.Flag) {
if fl.Name == flagNameAuditNonHMACRequestKeys {
mountConfigInput.AuditNonHMACRequestKeys = c.flagAuditNonHMACRequestKeys
}
if fl.Name == flagNameAuditNonHMACResponseKeys {
mountConfigInput.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys
}
})
// Append /auth (since that's where auths live) and a trailing slash to
// indicate it's a path in output
mountPath := ensureTrailingSlash(sanitizePath(args[0]))
if err := client.Sys().TuneMount("/auth/"+mountPath, api.MountConfigInput{
DefaultLeaseTTL: ttlToAPI(c.flagDefaultLeaseTTL),
MaxLeaseTTL: ttlToAPI(c.flagMaxLeaseTTL),
}); err != nil {
if err := client.Sys().TuneMount("/auth/"+mountPath, mountConfigInput); err != nil {
c.UI.Error(fmt.Sprintf("Error tuning auth method %s: %s", mountPath, err))
return 2
}

View file

@ -226,7 +226,7 @@ func (c *SecretsEnableCommand) Run(args []string) int {
}
if fl.Name == flagNameAuditNonHMACResponseKeys {
mountInput.Config.AuditNonHMACRequestKeys = c.flagAuditNonHMACResponseKeys
mountInput.Config.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys
}
})

View file

@ -1,6 +1,7 @@
package command
import (
"flag"
"fmt"
"strings"
"time"
@ -16,8 +17,10 @@ var _ cli.CommandAutocomplete = (*SecretsTuneCommand)(nil)
type SecretsTuneCommand struct {
*BaseCommand
flagDefaultLeaseTTL time.Duration
flagMaxLeaseTTL time.Duration
flagDefaultLeaseTTL time.Duration
flagMaxLeaseTTL time.Duration
flagAuditNonHMACRequestKeys []string
flagAuditNonHMACResponseKeys []string
}
func (c *SecretsTuneCommand) Synopsis() string {
@ -68,6 +71,20 @@ func (c *SecretsTuneCommand) Flags() *FlagSets {
"TTL, or a previously configured value for the secrets engine.",
})
f.StringSliceVar(&StringSliceVar{
Name: flagNameAuditNonHMACRequestKeys,
Target: &c.flagAuditNonHMACRequestKeys,
Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" +
"devices in the request data object.",
})
f.StringSliceVar(&StringSliceVar{
Name: flagNameAuditNonHMACResponseKeys,
Target: &c.flagAuditNonHMACResponseKeys,
Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" +
"devices in the response data object.",
})
return set
}
@ -106,10 +123,23 @@ func (c *SecretsTuneCommand) Run(args []string) int {
// Append a trailing slash to indicate it's a path in output
mountPath := ensureTrailingSlash(sanitizePath(args[0]))
if err := client.Sys().TuneMount(mountPath, api.MountConfigInput{
mountConfigInput := api.MountConfigInput{
DefaultLeaseTTL: ttlToAPI(c.flagDefaultLeaseTTL),
MaxLeaseTTL: ttlToAPI(c.flagMaxLeaseTTL),
}); err != nil {
}
// Set these values only if they are provided in the CLI
f.Visit(func(fl *flag.Flag) {
if fl.Name == flagNameAuditNonHMACRequestKeys {
mountConfigInput.AuditNonHMACRequestKeys = c.flagAuditNonHMACRequestKeys
}
if fl.Name == flagNameAuditNonHMACResponseKeys {
mountConfigInput.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys
}
})
if err := client.Sys().TuneMount(mountPath, mountConfigInput); err != nil {
c.UI.Error(fmt.Sprintf("Error tuning secrets engine %s: %s", mountPath, err))
return 2
}