open-vault/command/token_lookup.go

134 lines
3.1 KiB
Go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package command
import (
"fmt"
"strings"
"github.com/hashicorp/vault/api"
"github.com/mitchellh/cli"
"github.com/posener/complete"
)
var (
_ cli.Command = (*TokenLookupCommand)(nil)
_ cli.CommandAutocomplete = (*TokenLookupCommand)(nil)
)
type TokenLookupCommand struct {
*BaseCommand
flagAccessor bool
}
func (c *TokenLookupCommand) Synopsis() string {
return "Display information about a token"
}
func (c *TokenLookupCommand) Help() string {
helpText := `
Usage: vault token lookup [options] [TOKEN | ACCESSOR]
Displays information about a token or accessor. If a TOKEN is not provided,
the locally authenticated token is used.
Get information about the locally authenticated token (this uses the
/auth/token/lookup-self endpoint and permission):
$ vault token lookup
Get information about a particular token (this uses the /auth/token/lookup
endpoint and permission):
$ vault token lookup 96ddf4bc-d217-f3ba-f9bd-017055595017
Get information about a token via its accessor:
$ vault token lookup -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da
For a full list of examples, please see the documentation.
` + c.Flags().Help()
return strings.TrimSpace(helpText)
}
func (c *TokenLookupCommand) Flags() *FlagSets {
set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat)
f := set.NewFlagSet("Command Options")
f.BoolVar(&BoolVar{
Name: "accessor",
Target: &c.flagAccessor,
Default: false,
EnvVar: "",
Completion: complete.PredictNothing,
Usage: "Treat the argument as an accessor instead of a token. When " +
"this option is selected, the output will NOT include the token.",
})
return set
}
func (c *TokenLookupCommand) AutocompleteArgs() complete.Predictor {
return c.PredictVaultFiles()
}
func (c *TokenLookupCommand) AutocompleteFlags() complete.Flags {
return c.Flags().Completions()
}
func (c *TokenLookupCommand) Run(args []string) int {
f := c.Flags()
if err := f.Parse(args); err != nil {
c.UI.Error(err.Error())
return 1
}
token := ""
args = f.Args()
switch {
case c.flagAccessor && len(args) < 1:
c.UI.Error(fmt.Sprintf("Not enough arguments with -accessor (expected 1, got %d)", len(args)))
return 1
case c.flagAccessor && len(args) > 1:
c.UI.Error(fmt.Sprintf("Too many arguments with -accessor (expected 1, got %d)", len(args)))
return 1
case len(args) == 0:
// Use the local token
case len(args) == 1:
token = strings.TrimSpace(args[0])
case len(args) > 1:
c.UI.Error(fmt.Sprintf("Too many arguments (expected 0-1, got %d)", len(args)))
return 1
}
client, err := c.Client()
if err != nil {
c.UI.Error(err.Error())
return 2
}
var secret *api.Secret
switch {
case token == "":
secret, err = client.Auth().Token().LookupSelf()
case c.flagAccessor:
secret, err = client.Auth().Token().LookupAccessor(token)
default:
secret, err = client.Auth().Token().Lookup(token)
}
if err != nil {
c.UI.Error(fmt.Sprintf("Error looking up token: %s", err))
return 2
}
return OutputSecret(c.UI, secret)
}