Add non-hmac flags for cli secrets/auth tune commands (#4151)
* Add non-hmac params for cli secrets/auth tune * Fix value assignment mismatch
This commit is contained in:
Calvin Leung Huang
GitHub
parent
1aef2cb1c5
commit
3bdc70b18f
@ -206,7 +206,7 @@ func (c *AuthEnableCommand) Run(args []string) int {
|
||||
}
|
||||
|
||||
if fl.Name == flagNameAuditNonHMACResponseKeys {
|
||||
authOpts.Config.AuditNonHMACRequestKeys = c.flagAuditNonHMACResponseKeys
|
||||
authOpts.Config.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys
|
||||
}
|
||||
})
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package command
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
@ -16,8 +17,10 @@ var _ cli.CommandAutocomplete = (*AuthTuneCommand)(nil)
|
||||
type AuthTuneCommand struct {
|
||||
*BaseCommand
|
||||
|
||||
flagDefaultLeaseTTL time.Duration
|
||||
flagMaxLeaseTTL time.Duration
|
||||
flagDefaultLeaseTTL time.Duration
|
||||
flagMaxLeaseTTL time.Duration
|
||||
flagAuditNonHMACRequestKeys []string
|
||||
flagAuditNonHMACResponseKeys []string
|
||||
}
|
||||
|
||||
func (c *AuthTuneCommand) Synopsis() string {
|
||||
@ -68,6 +71,20 @@ func (c *AuthTuneCommand) Flags() *FlagSets {
|
||||
"or a previously configured value for the auth method.",
|
||||
})
|
||||
|
||||
f.StringSliceVar(&StringSliceVar{
|
||||
Name: flagNameAuditNonHMACRequestKeys,
|
||||
Target: &c.flagAuditNonHMACRequestKeys,
|
||||
Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" +
|
||||
"devices in the request data object.",
|
||||
})
|
||||
|
||||
f.StringSliceVar(&StringSliceVar{
|
||||
Name: flagNameAuditNonHMACResponseKeys,
|
||||
Target: &c.flagAuditNonHMACResponseKeys,
|
||||
Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" +
|
||||
"devices in the response data object.",
|
||||
})
|
||||
|
||||
return set
|
||||
}
|
||||
|
||||
@ -103,14 +120,27 @@ func (c *AuthTuneCommand) Run(args []string) int {
|
||||
return 2
|
||||
}
|
||||
|
||||
mountConfigInput := api.MountConfigInput{
|
||||
DefaultLeaseTTL: ttlToAPI(c.flagDefaultLeaseTTL),
|
||||
MaxLeaseTTL: ttlToAPI(c.flagMaxLeaseTTL),
|
||||
}
|
||||
|
||||
// Set these values only if they are provided in the CLI
|
||||
f.Visit(func(fl *flag.Flag) {
|
||||
if fl.Name == flagNameAuditNonHMACRequestKeys {
|
||||
mountConfigInput.AuditNonHMACRequestKeys = c.flagAuditNonHMACRequestKeys
|
||||
}
|
||||
|
||||
if fl.Name == flagNameAuditNonHMACResponseKeys {
|
||||
mountConfigInput.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys
|
||||
}
|
||||
})
|
||||
|
||||
// Append /auth (since that's where auths live) and a trailing slash to
|
||||
// indicate it's a path in output
|
||||
mountPath := ensureTrailingSlash(sanitizePath(args[0]))
|
||||
|
||||
if err := client.Sys().TuneMount("/auth/"+mountPath, api.MountConfigInput{
|
||||
DefaultLeaseTTL: ttlToAPI(c.flagDefaultLeaseTTL),
|
||||
MaxLeaseTTL: ttlToAPI(c.flagMaxLeaseTTL),
|
||||
}); err != nil {
|
||||
if err := client.Sys().TuneMount("/auth/"+mountPath, mountConfigInput); err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Error tuning auth method %s: %s", mountPath, err))
|
||||
return 2
|
||||
}
|
||||
|
||||
@ -226,7 +226,7 @@ func (c *SecretsEnableCommand) Run(args []string) int {
|
||||
}
|
||||
|
||||
if fl.Name == flagNameAuditNonHMACResponseKeys {
|
||||
mountInput.Config.AuditNonHMACRequestKeys = c.flagAuditNonHMACResponseKeys
|
||||
mountInput.Config.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys
|
||||
}
|
||||
})
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package command
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
@ -16,8 +17,10 @@ var _ cli.CommandAutocomplete = (*SecretsTuneCommand)(nil)
|
||||
type SecretsTuneCommand struct {
|
||||
*BaseCommand
|
||||
|
||||
flagDefaultLeaseTTL time.Duration
|
||||
flagMaxLeaseTTL time.Duration
|
||||
flagDefaultLeaseTTL time.Duration
|
||||
flagMaxLeaseTTL time.Duration
|
||||
flagAuditNonHMACRequestKeys []string
|
||||
flagAuditNonHMACResponseKeys []string
|
||||
}
|
||||
|
||||
func (c *SecretsTuneCommand) Synopsis() string {
|
||||
@ -68,6 +71,20 @@ func (c *SecretsTuneCommand) Flags() *FlagSets {
|
||||
"TTL, or a previously configured value for the secrets engine.",
|
||||
})
|
||||
|
||||
f.StringSliceVar(&StringSliceVar{
|
||||
Name: flagNameAuditNonHMACRequestKeys,
|
||||
Target: &c.flagAuditNonHMACRequestKeys,
|
||||
Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" +
|
||||
"devices in the request data object.",
|
||||
})
|
||||
|
||||
f.StringSliceVar(&StringSliceVar{
|
||||
Name: flagNameAuditNonHMACResponseKeys,
|
||||
Target: &c.flagAuditNonHMACResponseKeys,
|
||||
Usage: "Comma-separated string or list of keys that will not be HMAC'd by audit" +
|
||||
"devices in the response data object.",
|
||||
})
|
||||
|
||||
return set
|
||||
}
|
||||
|
||||
@ -106,10 +123,23 @@ func (c *SecretsTuneCommand) Run(args []string) int {
|
||||
// Append a trailing slash to indicate it's a path in output
|
||||
mountPath := ensureTrailingSlash(sanitizePath(args[0]))
|
||||
|
||||
if err := client.Sys().TuneMount(mountPath, api.MountConfigInput{
|
||||
mountConfigInput := api.MountConfigInput{
|
||||
DefaultLeaseTTL: ttlToAPI(c.flagDefaultLeaseTTL),
|
||||
MaxLeaseTTL: ttlToAPI(c.flagMaxLeaseTTL),
|
||||
}); err != nil {
|
||||
}
|
||||
|
||||
// Set these values only if they are provided in the CLI
|
||||
f.Visit(func(fl *flag.Flag) {
|
||||
if fl.Name == flagNameAuditNonHMACRequestKeys {
|
||||
mountConfigInput.AuditNonHMACRequestKeys = c.flagAuditNonHMACRequestKeys
|
||||
}
|
||||
|
||||
if fl.Name == flagNameAuditNonHMACResponseKeys {
|
||||
mountConfigInput.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys
|
||||
}
|
||||
})
|
||||
|
||||
if err := client.Sys().TuneMount(mountPath, mountConfigInput); err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Error tuning secrets engine %s: %s", mountPath, err))
|
||||
return 2
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user