-
Notifications
You must be signed in to change notification settings - Fork 4.2k
/
auth.go
128 lines (106 loc) · 3.46 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package command
import (
"flag"
"io"
"io/ioutil"
"strings"
"github.com/mitchellh/cli"
)
var _ cli.Command = (*AuthCommand)(nil)
type AuthCommand struct {
*BaseCommand
Handlers map[string]LoginHandler
testStdin io.Reader // for tests
}
func (c *AuthCommand) Synopsis() string {
return "Interact with auth methods"
}
func (c *AuthCommand) Help() string {
return strings.TrimSpace(`
Usage: vault auth <subcommand> [options] [args]
This command groups subcommands for interacting with Vault's auth methods.
Users can list, enable, disable, and get help for different auth methods.
To authenticate to Vault as a user or machine, use the "vault login" command
instead. This command is for interacting with the auth methods themselves, not
authenticating to Vault.
List all enabled auth methods:
$ vault auth list
Enable a new auth method "userpass";
$ vault auth enable userpass
Get detailed help information about how to authenticate to a particular auth
method:
$ vault auth help github
Please see the individual subcommand help for detailed usage information.
`)
}
func (c *AuthCommand) Run(args []string) int {
// If we entered the run method, none of the subcommands picked up. This
// means the user is still trying to use auth as "vault auth TOKEN" or
// similar, so direct them to vault login instead.
//
// This run command is a bit messy to maintain BC for a bit. In the future,
// it will just be a tiny function, but for now we have to maintain bc.
//
// Deprecation
// TODO: remove in 0.9.0
if len(args) == 0 {
return cli.RunResultHelp
}
// Parse the args for our deprecations and defer to the proper areas.
for _, arg := range args {
switch {
case strings.HasPrefix(arg, "-methods"):
if Format(c.UI) == "table" {
c.UI.Warn(wrapAtLength(
"WARNING! The -methods flag is deprecated. Please use "+
"\"vault auth list\" instead. This flag will be removed in "+
"Vault 0.12.") + "\n")
}
return (&AuthListCommand{
BaseCommand: &BaseCommand{
UI: c.UI,
client: c.client,
},
}).Run(nil)
case strings.HasPrefix(arg, "-method-help"):
if Format(c.UI) == "table" {
c.UI.Warn(wrapAtLength(
"WARNING! The -method-help flag is deprecated. Please use "+
"\"vault auth help\" instead. This flag will be removed in "+
"Vault 0.12.") + "\n")
}
// Parse the args to pull out the method, suppressing any errors because
// there could be other flags that we don't care about.
f := flag.NewFlagSet("", flag.ContinueOnError)
f.Usage = func() {}
f.SetOutput(ioutil.Discard)
flagMethod := f.String("method", "", "")
f.Parse(args)
return (&AuthHelpCommand{
BaseCommand: &BaseCommand{
UI: c.UI,
client: c.client,
},
Handlers: c.Handlers,
}).Run([]string{*flagMethod})
}
}
// If we got this far, we have an arg or a series of args that should be
// passed directly to the new "vault login" command.
if Format(c.UI) == "table" {
c.UI.Warn(wrapAtLength(
"WARNING! The \"vault auth ARG\" command is deprecated and is now a "+
"subcommand for interacting with auth methods. To authenticate "+
"locally to Vault, use \"vault login\" instead. This backwards "+
"compatibility will be removed in Vault 0.12.") + "\n")
}
return (&LoginCommand{
BaseCommand: &BaseCommand{
UI: c.UI,
client: c.client,
tokenHelper: c.tokenHelper,
flagAddress: c.flagAddress,
},
Handlers: c.Handlers,
}).Run(args)
}