luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

command/token-create

This commit is contained in:
Mitchell Hashimoto 2015-04-07 14:20:18 -07:00
parent 9378d0388a
commit ee690ee3b3
3 changed files with 124 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
command/token_create.go Normal file
View File

@ -0,0 +1,115 @@
package command
import (
"fmt"
"strings"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/helper/flag-kv"
"github.com/hashicorp/vault/helper/flag-slice"
)
// TokenCreateCommand is a Command that mounts a new mount.
type TokenCreateCommand struct {
Meta
}
func (c *TokenCreateCommand) Run(args []string) int {
var lease string
var orphan bool
var metadata map[string]string
var policies []string
flags := c.Meta.FlagSet("mount", FlagSetDefault)
flags.StringVar(&lease, "lease", "", "")
flags.BoolVar(&orphan, "orphan", false, "")
flags.Var((*kvFlag.Flag)(&metadata), "metadata", "")
flags.Var((*sliceflag.StringFlag)(&policies), "policy", "")
flags.Usage = func() { c.Ui.Error(c.Help()) }
if err := flags.Parse(args); err != nil {
return 1
}
args = flags.Args()
if len(args) != 0 {
flags.Usage()
c.Ui.Error(fmt.Sprintf(
"\ntoken-create expects no arguments"))
return 1
}
client, err := c.Client()
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error initializing client: %s", err))
return 2
}
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
Policies: policies,
Metadata: metadata,
Lease: lease,
NoParent: orphan,
})
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error creating token: %s", err))
return 2
}
c.Ui.Output(secret.Auth.ClientToken)
return 0
}
func (c *TokenCreateCommand) Synopsis() string {
return "Create a new auth token"
}
func (c *TokenCreateCommand) Help() string {
helpText := `
Usage: vault token-create [options]
Create a new auth token.
This command creates a new token that can be used for authentication.
This token will be created as a child of your token. The created token
will inherit your policies, or can be assigned a subset of your policies.
A lease can also be associated with the token. If a lease is associated,
it will expire after that amount of time unless it is renewed.
Metadata associated with the token (specified with "-metadata") is
written to the audit log when the token is used.
General Options:
-address=TODO The address of the Vault server.
-ca-cert=path Path to a PEM encoded CA cert file to use to
verify the Vault server SSL certificate.
-ca-path=path Path to a directory of PEM encoded CA cert files
to verify the Vault server SSL certificate. If both
-ca-cert and -ca-path are specified, -ca-path is used.
-insecure Do not verify TLS certificate. This is highly
not recommended. This is especially not recommended
for unsealing a vault.
Token Options:
-lease="1h" Lease to associate with the token.
-metadata="key=value" Metadata to associate with the token. This shows
up in the audit log. This can be specified multiple
times.
-orphan If specified, the token will have no parent. Only
root tokens can create orphan tokens. This prevents
the new token from being revoked with your token.
-policy="name" Policy to associate with this token. This can be
specified multiple times.
`
return strings.TrimSpace(helpText)
}

6
commands.go
View File

@ -159,6 +159,12 @@ func init() {
}, nil
},
"token-create": func() (cli.Command, error) {
return &command.TokenCreateCommand{
Meta: meta,
}, nil
},
"version": func() (cli.Command, error) {
ver := Version
rel := VersionPrerelease

6
http/logical.go
View File

@ -59,11 +59,11 @@ func handleLogical(core *vault.Core) http.Handler {
ConnState: r.TLS,
},
}))
if err != nil {
respondError(w, http.StatusInternalServerError, err)
if respondCommon(w, resp) {
return
}
if respondCommon(w, resp) {
if err != nil {
respondError(w, http.StatusInternalServerError, err)
return
}
if op == logical.ReadOperation && resp == nil {