475 lines
12 KiB
Go
475 lines
12 KiB
Go
package command
|
|
|
|
import (
|
|
"os"
|
|
"os/signal"
|
|
"syscall"
|
|
|
|
"github.com/hashicorp/vault/audit"
|
|
"github.com/hashicorp/vault/logical"
|
|
"github.com/hashicorp/vault/physical"
|
|
"github.com/hashicorp/vault/version"
|
|
"github.com/mitchellh/cli"
|
|
|
|
"github.com/hashicorp/vault/builtin/logical/aws"
|
|
"github.com/hashicorp/vault/builtin/logical/cassandra"
|
|
"github.com/hashicorp/vault/builtin/logical/consul"
|
|
"github.com/hashicorp/vault/builtin/logical/database"
|
|
"github.com/hashicorp/vault/builtin/logical/mongodb"
|
|
"github.com/hashicorp/vault/builtin/logical/mssql"
|
|
"github.com/hashicorp/vault/builtin/logical/mysql"
|
|
"github.com/hashicorp/vault/builtin/logical/pki"
|
|
"github.com/hashicorp/vault/builtin/logical/postgresql"
|
|
"github.com/hashicorp/vault/builtin/logical/rabbitmq"
|
|
"github.com/hashicorp/vault/builtin/logical/ssh"
|
|
"github.com/hashicorp/vault/builtin/logical/totp"
|
|
"github.com/hashicorp/vault/builtin/logical/transit"
|
|
"github.com/hashicorp/vault/builtin/plugin"
|
|
|
|
auditFile "github.com/hashicorp/vault/builtin/audit/file"
|
|
auditSocket "github.com/hashicorp/vault/builtin/audit/socket"
|
|
auditSyslog "github.com/hashicorp/vault/builtin/audit/syslog"
|
|
|
|
credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
|
|
credAppId "github.com/hashicorp/vault/builtin/credential/app-id"
|
|
credAppRole "github.com/hashicorp/vault/builtin/credential/approle"
|
|
credAws "github.com/hashicorp/vault/builtin/credential/aws"
|
|
credCert "github.com/hashicorp/vault/builtin/credential/cert"
|
|
credGitHub "github.com/hashicorp/vault/builtin/credential/github"
|
|
credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
|
|
credOkta "github.com/hashicorp/vault/builtin/credential/okta"
|
|
credRadius "github.com/hashicorp/vault/builtin/credential/radius"
|
|
credToken "github.com/hashicorp/vault/builtin/credential/token"
|
|
credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
|
|
|
|
physAzure "github.com/hashicorp/vault/physical/azure"
|
|
physCassandra "github.com/hashicorp/vault/physical/cassandra"
|
|
physCockroachDB "github.com/hashicorp/vault/physical/cockroachdb"
|
|
physConsul "github.com/hashicorp/vault/physical/consul"
|
|
physCouchDB "github.com/hashicorp/vault/physical/couchdb"
|
|
physDynamoDB "github.com/hashicorp/vault/physical/dynamodb"
|
|
physEtcd "github.com/hashicorp/vault/physical/etcd"
|
|
physFile "github.com/hashicorp/vault/physical/file"
|
|
physGCS "github.com/hashicorp/vault/physical/gcs"
|
|
physInmem "github.com/hashicorp/vault/physical/inmem"
|
|
physMSSQL "github.com/hashicorp/vault/physical/mssql"
|
|
physMySQL "github.com/hashicorp/vault/physical/mysql"
|
|
physPostgreSQL "github.com/hashicorp/vault/physical/postgresql"
|
|
physS3 "github.com/hashicorp/vault/physical/s3"
|
|
physSwift "github.com/hashicorp/vault/physical/swift"
|
|
physZooKeeper "github.com/hashicorp/vault/physical/zookeeper"
|
|
)
|
|
|
|
// Commands is the mapping of all the available commands.
|
|
var Commands map[string]cli.CommandFactory
|
|
|
|
func init() {
|
|
ui := &cli.ColoredUi{
|
|
ErrorColor: cli.UiColorRed,
|
|
WarnColor: cli.UiColorYellow,
|
|
Ui: &cli.BasicUi{
|
|
Writer: os.Stdout,
|
|
ErrorWriter: os.Stderr,
|
|
},
|
|
}
|
|
|
|
authHandlers := map[string]AuthHandler{
|
|
"aws": &credAws.CLIHandler{},
|
|
"cert": &credCert.CLIHandler{},
|
|
"github": &credGitHub.CLIHandler{},
|
|
"ldap": &credLdap.CLIHandler{},
|
|
"okta": &credOkta.CLIHandler{},
|
|
"radius": &credUserpass.CLIHandler{
|
|
DefaultMount: "radius",
|
|
},
|
|
"token": &credToken.CLIHandler{},
|
|
"userpass": &credUserpass.CLIHandler{
|
|
DefaultMount: "userpass",
|
|
},
|
|
}
|
|
|
|
Commands = map[string]cli.CommandFactory{
|
|
"audit-disable": func() (cli.Command, error) {
|
|
return &AuditDisableCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"audit-enable": func() (cli.Command, error) {
|
|
return &AuditEnableCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"audit-list": func() (cli.Command, error) {
|
|
return &AuditListCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"auth": func() (cli.Command, error) {
|
|
return &AuthCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
Handlers: authHandlers,
|
|
}, nil
|
|
},
|
|
"auth-disable": func() (cli.Command, error) {
|
|
return &AuthDisableCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"auth-enable": func() (cli.Command, error) {
|
|
return &AuthEnableCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"auth-help": func() (cli.Command, error) {
|
|
return &AuthHelpCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
Handlers: authHandlers,
|
|
}, nil
|
|
},
|
|
"auth-list": func() (cli.Command, error) {
|
|
return &AuthListCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"capabilities": func() (cli.Command, error) {
|
|
return &CapabilitiesCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"delete": func() (cli.Command, error) {
|
|
return &DeleteCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"generate-root": func() (cli.Command, error) {
|
|
return &GenerateRootCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"init": func() (cli.Command, error) {
|
|
return &InitCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"key-status": func() (cli.Command, error) {
|
|
return &KeyStatusCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"list": func() (cli.Command, error) {
|
|
return &ListCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"mount": func() (cli.Command, error) {
|
|
return &MountCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"mounts": func() (cli.Command, error) {
|
|
return &MountsCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"mount-tune": func() (cli.Command, error) {
|
|
return &MountTuneCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"path-help": func() (cli.Command, error) {
|
|
return &PathHelpCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"policies": func() (cli.Command, error) {
|
|
return &PolicyListCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"policy-delete": func() (cli.Command, error) {
|
|
return &PolicyDeleteCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"policy-write": func() (cli.Command, error) {
|
|
return &PolicyWriteCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"read": func() (cli.Command, error) {
|
|
return &ReadCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"rekey": func() (cli.Command, error) {
|
|
return &RekeyCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"remount": func() (cli.Command, error) {
|
|
return &RemountCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"renew": func() (cli.Command, error) {
|
|
return &RenewCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"revoke": func() (cli.Command, error) {
|
|
return &RevokeCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"rotate": func() (cli.Command, error) {
|
|
return &RotateCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"seal": func() (cli.Command, error) {
|
|
return &SealCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"server": func() (cli.Command, error) {
|
|
return &ServerCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
AuditBackends: map[string]audit.Factory{
|
|
"file": auditFile.Factory,
|
|
"socket": auditSocket.Factory,
|
|
"syslog": auditSyslog.Factory,
|
|
},
|
|
CredentialBackends: map[string]logical.Factory{
|
|
"app-id": credAppId.Factory,
|
|
"approle": credAppRole.Factory,
|
|
"aws": credAws.Factory,
|
|
"cert": credCert.Factory,
|
|
"gcp": credGcp.Factory,
|
|
"github": credGitHub.Factory,
|
|
"ldap": credLdap.Factory,
|
|
"okta": credOkta.Factory,
|
|
"plugin": plugin.Factory,
|
|
"radius": credRadius.Factory,
|
|
"userpass": credUserpass.Factory,
|
|
},
|
|
LogicalBackends: map[string]logical.Factory{
|
|
"aws": aws.Factory,
|
|
"cassandra": cassandra.Factory,
|
|
"consul": consul.Factory,
|
|
"database": database.Factory,
|
|
"mongodb": mongodb.Factory,
|
|
"mssql": mssql.Factory,
|
|
"mysql": mysql.Factory,
|
|
"pki": pki.Factory,
|
|
"plugin": plugin.Factory,
|
|
"postgresql": postgresql.Factory,
|
|
"rabbitmq": rabbitmq.Factory,
|
|
"ssh": ssh.Factory,
|
|
"totp": totp.Factory,
|
|
"transit": transit.Factory,
|
|
},
|
|
PhysicalBackends: map[string]physical.Factory{
|
|
"azure": physAzure.NewAzureBackend,
|
|
"cassandra": physCassandra.NewCassandraBackend,
|
|
"cockroachdb": physCockroachDB.NewCockroachDBBackend,
|
|
"consul": physConsul.NewConsulBackend,
|
|
"couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend,
|
|
"couchdb": physCouchDB.NewCouchDBBackend,
|
|
"dynamodb": physDynamoDB.NewDynamoDBBackend,
|
|
"etcd": physEtcd.NewEtcdBackend,
|
|
"file_transactional": physFile.NewTransactionalFileBackend,
|
|
"file": physFile.NewFileBackend,
|
|
"gcs": physGCS.NewGCSBackend,
|
|
"inmem_ha": physInmem.NewInmemHA,
|
|
"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
|
|
"inmem_transactional": physInmem.NewTransactionalInmem,
|
|
"inmem": physInmem.NewInmem,
|
|
"mssql": physMSSQL.NewMSSQLBackend,
|
|
"mysql": physMySQL.NewMySQLBackend,
|
|
"postgresql": physPostgreSQL.NewPostgreSQLBackend,
|
|
"s3": physS3.NewS3Backend,
|
|
"swift": physSwift.NewSwiftBackend,
|
|
"zookeeper": physZooKeeper.NewZooKeeperBackend,
|
|
},
|
|
ShutdownCh: MakeShutdownCh(),
|
|
SighupCh: MakeSighupCh(),
|
|
}, nil
|
|
},
|
|
"ssh": func() (cli.Command, error) {
|
|
return &SSHCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"status": func() (cli.Command, error) {
|
|
return &StatusCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"step-down": func() (cli.Command, error) {
|
|
return &StepDownCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"token-create": func() (cli.Command, error) {
|
|
return &TokenCreateCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"token-lookup": func() (cli.Command, error) {
|
|
return &TokenLookupCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"token-renew": func() (cli.Command, error) {
|
|
return &TokenRenewCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"token-revoke": func() (cli.Command, error) {
|
|
return &TokenRevokeCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"unseal": func() (cli.Command, error) {
|
|
return &UnsealCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"unmount": func() (cli.Command, error) {
|
|
return &UnmountCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"unwrap": func() (cli.Command, error) {
|
|
return &UnwrapCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"version": func() (cli.Command, error) {
|
|
return &VersionCommand{
|
|
VersionInfo: version.GetVersion(),
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
"write": func() (cli.Command, error) {
|
|
return &WriteCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}, nil
|
|
},
|
|
}
|
|
}
|
|
|
|
// MakeShutdownCh returns a channel that can be used for shutdown
|
|
// notifications for commands. This channel will send a message for every
|
|
// SIGINT or SIGTERM received.
|
|
func MakeShutdownCh() chan struct{} {
|
|
resultCh := make(chan struct{})
|
|
|
|
shutdownCh := make(chan os.Signal, 4)
|
|
signal.Notify(shutdownCh, os.Interrupt, syscall.SIGTERM)
|
|
go func() {
|
|
<-shutdownCh
|
|
close(resultCh)
|
|
}()
|
|
return resultCh
|
|
}
|
|
|
|
// MakeSighupCh returns a channel that can be used for SIGHUP
|
|
// reloading. This channel will send a message for every
|
|
// SIGHUP received.
|
|
func MakeSighupCh() chan struct{} {
|
|
resultCh := make(chan struct{})
|
|
|
|
signalCh := make(chan os.Signal, 4)
|
|
signal.Notify(signalCh, syscall.SIGHUP)
|
|
go func() {
|
|
for {
|
|
<-signalCh
|
|
resultCh <- struct{}{}
|
|
}
|
|
}()
|
|
return resultCh
|
|
}
|