krd/vault-redux
1
0
Fork 0
Code
c3f569436c
vault-redux/api/sys_generate_root.go

199 lines
7.1 KiB
Go
Raw Normal View History

adding copyright header (#19555) * adding copyright header * fix fmt and a test
2023-03-15 19:00:52 +03:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
package api
Replace http method strings with net/http constants (#14677)
2022-03-24 20:58:03 +03:00
import (
"context"
"net/http"
)
API: Add context to each raw request call (#4987)
2018-07-25 01:49:55 +03:00
RootGeneration->GenerateRoot
2016-01-15 18:55:35 +03:00
func (c *Sys) GenerateRootStatus() (*GenerateRootStatusResponse, error) {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateRootStatusWithContext(context.Background())
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565) * Add API and Command code for generating a DR Operation Token * Update generate root to accept different token strategies
2017-11-10 21:19:42 +03:00
}
func (c *Sys) GenerateDROperationTokenStatus() (*GenerateRootStatusResponse, error) {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateDROperationTokenStatusWithContext(context.Background())
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565) * Add API and Command code for generating a DR Operation Token * Update generate root to accept different token strategies
2017-11-10 21:19:42 +03:00
}
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 07:55:31 +03:00
func (c *Sys) GenerateRecoveryOperationTokenStatus() (*GenerateRootStatusResponse, error) {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateRecoveryOperationTokenStatusWithContext(context.Background())
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 07:55:31 +03:00
}
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
func (c *Sys) GenerateRootStatusWithContext(ctx context.Context) (*GenerateRootStatusResponse, error) {
return c.generateRootStatusCommonWithContext(ctx, "/v1/sys/generate-root/attempt")
}
API: Add context to each raw request call (#4987)
2018-07-25 01:49:55 +03:00
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
func (c *Sys) GenerateDROperationTokenStatusWithContext(ctx context.Context) (*GenerateRootStatusResponse, error) {
return c.generateRootStatusCommonWithContext(ctx, "/v1/sys/replication/dr/secondary/generate-operation-token/attempt")
}
func (c *Sys) GenerateRecoveryOperationTokenStatusWithContext(ctx context.Context) (*GenerateRootStatusResponse, error) {
return c.generateRootStatusCommonWithContext(ctx, "/v1/sys/generate-recovery-token/attempt")
}
func (c *Sys) generateRootStatusCommonWithContext(ctx context.Context, path string) (*GenerateRootStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
API: Add context to each raw request call (#4987)
2018-07-25 01:49:55 +03:00
defer cancelFunc()
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
Replace http method strings with net/http constants (#14677)
2022-03-24 20:58:03 +03:00
r := c.c.NewRequest(http.MethodGet, path)
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
resp, err := c.c.rawRequestWithContext(ctx, r)
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
if err != nil {
return nil, err
}
defer resp.Body.Close()
RootGeneration->GenerateRoot
2016-01-15 18:55:35 +03:00
var result GenerateRootStatusResponse
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
err = resp.DecodeJSON(&result)
return &result, err
}
Return status for rekey/root generation at init time. This mitigates a (very unlikely) potential timing attack between init-ing and fetching status. Fixes #1054
2016-02-12 22:24:36 +03:00
func (c *Sys) GenerateRootInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateRootInitWithContext(context.Background(), otp, pgpKey)
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565) * Add API and Command code for generating a DR Operation Token * Update generate root to accept different token strategies
2017-11-10 21:19:42 +03:00
}
func (c *Sys) GenerateDROperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateDROperationTokenInitWithContext(context.Background(), otp, pgpKey)
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565) * Add API and Command code for generating a DR Operation Token * Update generate root to accept different token strategies
2017-11-10 21:19:42 +03:00
}
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 07:55:31 +03:00
func (c *Sys) GenerateRecoveryOperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateRecoveryOperationTokenInitWithContext(context.Background(), otp, pgpKey)
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 07:55:31 +03:00
}
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
func (c *Sys) GenerateRootInitWithContext(ctx context.Context, otp, pgpKey string) (*GenerateRootStatusResponse, error) {
return c.generateRootInitCommonWithContext(ctx, "/v1/sys/generate-root/attempt", otp, pgpKey)
}
func (c *Sys) GenerateDROperationTokenInitWithContext(ctx context.Context, otp, pgpKey string) (*GenerateRootStatusResponse, error) {
return c.generateRootInitCommonWithContext(ctx, "/v1/sys/replication/dr/secondary/generate-operation-token/attempt", otp, pgpKey)
}
func (c *Sys) GenerateRecoveryOperationTokenInitWithContext(ctx context.Context, otp, pgpKey string) (*GenerateRootStatusResponse, error) {
return c.generateRootInitCommonWithContext(ctx, "/v1/sys/generate-recovery-token/attempt", otp, pgpKey)
}
func (c *Sys) generateRootInitCommonWithContext(ctx context.Context, path, otp, pgpKey string) (*GenerateRootStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
body := map[string]interface{}{
"otp": otp,
"pgp_key": pgpKey,
}
Replace http method strings with net/http constants (#14677)
2022-03-24 20:58:03 +03:00
r := c.c.NewRequest(http.MethodPut, path)
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
if err := r.SetJSONBody(body); err != nil {
Return status for rekey/root generation at init time. This mitigates a (very unlikely) potential timing attack between init-ing and fetching status. Fixes #1054
2016-02-12 22:24:36 +03:00
return nil, err
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
}
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
resp, err := c.c.rawRequestWithContext(ctx, r)
Return status for rekey/root generation at init time. This mitigates a (very unlikely) potential timing attack between init-ing and fetching status. Fixes #1054
2016-02-12 22:24:36 +03:00
if err != nil {
return nil, err
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
}
Return status for rekey/root generation at init time. This mitigates a (very unlikely) potential timing attack between init-ing and fetching status. Fixes #1054
2016-02-12 22:24:36 +03:00
defer resp.Body.Close()
var result GenerateRootStatusResponse
err = resp.DecodeJSON(&result)
return &result, err
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
}
RootGeneration->GenerateRoot
2016-01-15 18:55:35 +03:00
func (c *Sys) GenerateRootCancel() error {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateRootCancelWithContext(context.Background())
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565) * Add API and Command code for generating a DR Operation Token * Update generate root to accept different token strategies
2017-11-10 21:19:42 +03:00
}
func (c *Sys) GenerateDROperationTokenCancel() error {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateDROperationTokenCancelWithContext(context.Background())
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565) * Add API and Command code for generating a DR Operation Token * Update generate root to accept different token strategies
2017-11-10 21:19:42 +03:00
}
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 07:55:31 +03:00
func (c *Sys) GenerateRecoveryOperationTokenCancel() error {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateRecoveryOperationTokenCancelWithContext(context.Background())
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 07:55:31 +03:00
}
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
func (c *Sys) GenerateRootCancelWithContext(ctx context.Context) error {
return c.generateRootCancelCommonWithContext(ctx, "/v1/sys/generate-root/attempt")
}
API: Add context to each raw request call (#4987)
2018-07-25 01:49:55 +03:00
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
func (c *Sys) GenerateDROperationTokenCancelWithContext(ctx context.Context) error {
return c.generateRootCancelCommonWithContext(ctx, "/v1/sys/replication/dr/secondary/generate-operation-token/attempt")
}
func (c *Sys) GenerateRecoveryOperationTokenCancelWithContext(ctx context.Context) error {
return c.generateRootCancelCommonWithContext(ctx, "/v1/sys/generate-recovery-token/attempt")
}
func (c *Sys) generateRootCancelCommonWithContext(ctx context.Context, path string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
API: Add context to each raw request call (#4987)
2018-07-25 01:49:55 +03:00
defer cancelFunc()
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
Replace http method strings with net/http constants (#14677)
2022-03-24 20:58:03 +03:00
r := c.c.NewRequest(http.MethodDelete, path)
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
resp, err := c.c.rawRequestWithContext(ctx, r)
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
if err == nil {
defer resp.Body.Close()
}
return err
}
RootGeneration->GenerateRoot
2016-01-15 18:55:35 +03:00
func (c *Sys) GenerateRootUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateRootUpdateWithContext(context.Background(), shard, nonce)
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565) * Add API and Command code for generating a DR Operation Token * Update generate root to accept different token strategies
2017-11-10 21:19:42 +03:00
}
func (c *Sys) GenerateDROperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateDROperationTokenUpdateWithContext(context.Background(), shard, nonce)
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565) * Add API and Command code for generating a DR Operation Token * Update generate root to accept different token strategies
2017-11-10 21:19:42 +03:00
}
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 07:55:31 +03:00
func (c *Sys) GenerateRecoveryOperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) {
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
return c.GenerateRecoveryOperationTokenUpdateWithContext(context.Background(), shard, nonce)
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 07:55:31 +03:00
}
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
func (c *Sys) GenerateRootUpdateWithContext(ctx context.Context, shard, nonce string) (*GenerateRootStatusResponse, error) {
return c.generateRootUpdateCommonWithContext(ctx, "/v1/sys/generate-root/update", shard, nonce)
}
func (c *Sys) GenerateDROperationTokenUpdateWithContext(ctx context.Context, shard, nonce string) (*GenerateRootStatusResponse, error) {
return c.generateRootUpdateCommonWithContext(ctx, "/v1/sys/replication/dr/secondary/generate-operation-token/update", shard, nonce)
}
func (c *Sys) GenerateRecoveryOperationTokenUpdateWithContext(ctx context.Context, shard, nonce string) (*GenerateRootStatusResponse, error) {
return c.generateRootUpdateCommonWithContext(ctx, "/v1/sys/generate-recovery-token/update", shard, nonce)
}
func (c *Sys) generateRootUpdateCommonWithContext(ctx context.Context, path, shard, nonce string) (*GenerateRootStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
body := map[string]interface{}{
"key": shard,
"nonce": nonce,
}
Replace http method strings with net/http constants (#14677)
2022-03-24 20:58:03 +03:00
r := c.c.NewRequest(http.MethodPut, path)
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
if err := r.SetJSONBody(body); err != nil {
return nil, err
}
Add context-aware functions to vault/api (#14388)
2022-03-24 00:47:43 +03:00
resp, err := c.c.rawRequestWithContext(ctx, r)
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
if err != nil {
return nil, err
}
defer resp.Body.Close()
RootGeneration->GenerateRoot
2016-01-15 18:55:35 +03:00
var result GenerateRootStatusResponse
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
err = resp.DecodeJSON(&result)
return &result, err
}
RootGeneration->GenerateRoot
2016-01-15 18:55:35 +03:00
type GenerateRootStatusResponse struct {
CLI Enhancements (#3897) * Use Colored UI if stdout is a tty * Add format options to operator unseal * Add format test on operator unseal * Add -no-color output flag, and use BasicUi if no-color flag is provided * Move seal status formatting logic to OutputSealStatus * Apply no-color to warnings from DeprecatedCommands as well * Add OutputWithFormat to support arbitrary data, add format option to auth list * Add ability to output arbitrary list data on TableFormatter * Clear up switch logic on format * Add format option for list-related commands * Add format option to rest of commands that returns a client API response * Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead * Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead * Remove -no-color flag, use env var exclusively to toggle colored output * Fix compile * Remove -no-color flag in main.go * Add missing FlagSetOutputFormat * Fix generate-root/decode test * Migrate init functions to main.go * Add no-color flag back as hidden * Handle non-supported data types for TableFormatter.OutputList * Pull formatting much further up to remove the need to use c.flagFormat (#3950) * Pull formatting much further up to remove the need to use c.flagFormat Also remove OutputWithFormat as the logic can cause issues. * Use const for env var * Minor updates * Remove unnecessary check * Fix SSH output and some tests * Fix tests * Make race detector not run on generate root since it kills Travis these days * Update docs * Update docs * Address review feedback * Handle --format as well as -format
2018-02-13 02:12:16 +03:00
Nonce string `json:"nonce"`
Started bool `json:"started"`
Progress int `json:"progress"`
Required int `json:"required"`
Complete bool `json:"complete"`
generate token functions to share common names (#3576)
2017-11-13 23:44:26 +03:00
EncodedToken string `json:"encoded_token"`
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
EncodedRootToken string `json:"encoded_root_token"`
PGPFingerprint string `json:"pgp_fingerprint"`
Sync some ns stuff to api/command
2018-08-22 21:37:40 +03:00
OTP string `json:"otp"`
OTPLength int `json:"otp_length"`
Add the ability to generate root tokens via unseal keys.
2016-01-09 05:21:02 +03:00
}
Copy Permalink