package command import ( "fmt" "strings" "time" "github.com/hashicorp/vault/api" ) // TokenRenewCommand is a Command that mounts a new mount. type TokenRenewCommand struct { Meta } func (c *TokenRenewCommand) Run(args []string) int { var format, increment string flags := c.Meta.FlagSet("token-renew", FlagSetDefault) flags.StringVar(&format, "format", "table", "") flags.StringVar(&increment, "increment", "", "") flags.Usage = func() { c.Ui.Error(c.Help()) } if err := flags.Parse(args); err != nil { return 1 } args = flags.Args() if len(args) > 2 { flags.Usage() c.Ui.Error(fmt.Sprintf( "\ntoken-renew expects at most two arguments")) return 1 } var token string if len(args) > 0 { token = args[0] } var inc int // If both are specified prefer the argument if len(args) == 2 { increment = args[1] } if increment != "" { dur, err := time.ParseDuration(increment) if err != nil { c.Ui.Error(fmt.Sprintf("Invalid increment: %s", err)) return 1 } inc = int(dur / time.Second) } client, err := c.Client() if err != nil { c.Ui.Error(fmt.Sprintf( "Error initializing client: %s", err)) return 2 } // If the given token is the same as the client's, use renew-self instead // as this is far more likely to be allowed via policy var secret *api.Secret if token == "" { secret, err = client.Auth().Token().RenewSelf(inc) } else { secret, err = client.Auth().Token().Renew(token, inc) } if err != nil { c.Ui.Error(fmt.Sprintf( "Error renewing token: %s", err)) return 1 } return OutputSecret(c.Ui, format, secret) } func (c *TokenRenewCommand) Synopsis() string { return "Renew an auth token if there is an associated lease" } func (c *TokenRenewCommand) Help() string { helpText := ` Usage: vault token-renew [options] [token] [increment] Renew an auth token, extending the amount of time it can be used. If a token is given to the command, '/auth/token/renew' will be called with the given token; otherwise, '/auth/token/renew-self' will be called with the client token. This command is similar to "renew", but "renew" is only for leases; this command is only for tokens. An optional increment can be given to request a certain number of seconds to increment the lease. This request is advisory; Vault may not adhere to it at all. If a token is being passed in on the command line, the increment can as well; otherwise it must be passed in via the '-increment' flag. General Options: ` + generalOptionsUsage() + ` Token Renew Options: -increment=3600 The desired increment. If not supplied, Vault will use the default TTL. If supplied, it may still be ignored. This can be submitted as an integer number of seconds or a string duration (e.g. "72h"). -format=table The format for output. By default it is a whitespace- delimited table. This can also be json or yaml. ` return strings.TrimSpace(helpText) }