oss components of vault-3372 (#12898)

This commit is contained in:
swayne275 2021-10-22 14:22:49 -06:00 committed by GitHub
parent 9c8fe62818
commit fe9da20d67
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 0 deletions

View file

@ -50,6 +50,7 @@ type BaseCommand struct {
flagTLSServerName string
flagTLSSkipVerify bool
flagWrapTTL time.Duration
flagUnlockKey string
flagFormat string
flagField string
@ -356,6 +357,14 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets {
"command string and exit.",
})
f.StringVar(&StringVar{
Name: "unlock-key",
Target: &c.flagUnlockKey,
Default: notSetValue,
Completion: complete.PredictNothing,
Usage: "Key to unlock a namespace API lock.",
})
}
if bit&(FlagSetOutputField|FlagSetOutputFormat) != 0 {

View file

@ -698,3 +698,28 @@ type GaugeJSON struct {
Value int `json:"Value"`
Labels map[string]interface{} `json:"Labels"`
}
// SetNonRootToken sets a token on :client: with a fairly generic policy.
// This is useful if a test needs to examine differing behavior based on if a
// root token is passed with the request.
func SetNonRootToken(client *api.Client) error {
policy := `path "*" { capabilities = ["create", "update", "read"] }`
if err := client.Sys().PutPolicy("policy", policy); err != nil {
return fmt.Errorf("error putting policy: %v", err)
}
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
Policies: []string{"policy"},
TTL: "30m",
})
if err != nil {
return fmt.Errorf("error creating token secret: %v", err)
}
if secret == nil || secret.Auth == nil || secret.Auth.ClientToken == "" {
return fmt.Errorf("missing token auth data")
}
client.SetToken(secret.Auth.ClientToken)
return nil
}