oss components of vault-3372 (#12898)
This commit is contained in:
parent
9c8fe62818
commit
fe9da20d67
|
@ -50,6 +50,7 @@ type BaseCommand struct {
|
|||
flagTLSServerName string
|
||||
flagTLSSkipVerify bool
|
||||
flagWrapTTL time.Duration
|
||||
flagUnlockKey string
|
||||
|
||||
flagFormat string
|
||||
flagField string
|
||||
|
@ -356,6 +357,14 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets {
|
|||
"command string and exit.",
|
||||
})
|
||||
|
||||
f.StringVar(&StringVar{
|
||||
Name: "unlock-key",
|
||||
Target: &c.flagUnlockKey,
|
||||
Default: notSetValue,
|
||||
Completion: complete.PredictNothing,
|
||||
Usage: "Key to unlock a namespace API lock.",
|
||||
})
|
||||
|
||||
}
|
||||
|
||||
if bit&(FlagSetOutputField|FlagSetOutputFormat) != 0 {
|
||||
|
|
|
@ -698,3 +698,28 @@ type GaugeJSON struct {
|
|||
Value int `json:"Value"`
|
||||
Labels map[string]interface{} `json:"Labels"`
|
||||
}
|
||||
|
||||
// SetNonRootToken sets a token on :client: with a fairly generic policy.
|
||||
// This is useful if a test needs to examine differing behavior based on if a
|
||||
// root token is passed with the request.
|
||||
func SetNonRootToken(client *api.Client) error {
|
||||
policy := `path "*" { capabilities = ["create", "update", "read"] }`
|
||||
if err := client.Sys().PutPolicy("policy", policy); err != nil {
|
||||
return fmt.Errorf("error putting policy: %v", err)
|
||||
}
|
||||
|
||||
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
|
||||
Policies: []string{"policy"},
|
||||
TTL: "30m",
|
||||
})
|
||||
if err != nil {
|
||||
return fmt.Errorf("error creating token secret: %v", err)
|
||||
}
|
||||
|
||||
if secret == nil || secret.Auth == nil || secret.Auth.ClientToken == "" {
|
||||
return fmt.Errorf("missing token auth data")
|
||||
}
|
||||
|
||||
client.SetToken(secret.Auth.ClientToken)
|
||||
return nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue