-
Notifications
You must be signed in to change notification settings - Fork 4.2k
/
policy_write.go
127 lines (101 loc) · 2.86 KB
/
policy_write.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package command
import (
"bytes"
"fmt"
"io"
"os"
"strings"
"github.com/mitchellh/cli"
"github.com/posener/complete"
)
var _ cli.Command = (*PolicyWriteCommand)(nil)
var _ cli.CommandAutocomplete = (*PolicyWriteCommand)(nil)
type PolicyWriteCommand struct {
*BaseCommand
testStdin io.Reader // for tests
}
func (c *PolicyWriteCommand) Synopsis() string {
return "Uploads a named policy from a file"
}
func (c *PolicyWriteCommand) Help() string {
helpText := `
Usage: vault policy write [options] NAME PATH
Uploads a policy with name NAME from the contents of a local file PATH or
stdin. If PATH is "-", the policy is read from stdin. Otherwise, it is
loaded from the file at the given path on the local disk.
Upload a policy named "my-policy" from "/tmp/policy.hcl" on the local disk:
$ vault policy write my-policy /tmp/policy.hcl
Upload a policy from stdin:
$ cat my-policy.hcl | vault policy write my-policy -
` + c.Flags().Help()
return strings.TrimSpace(helpText)
}
func (c *PolicyWriteCommand) Flags() *FlagSets {
return c.flagSet(FlagSetHTTP)
}
func (c *PolicyWriteCommand) AutocompleteArgs() complete.Predictor {
return complete.PredictFunc(func(args complete.Args) []string {
// Predict the LAST argument hcl files - we don't want to predict the
// name argument as a filepath.
if len(args.All) == 3 {
return complete.PredictFiles("*.hcl").Predict(args)
}
return nil
})
}
func (c *PolicyWriteCommand) AutocompleteFlags() complete.Flags {
return c.Flags().Completions()
}
func (c *PolicyWriteCommand) Run(args []string) int {
f := c.Flags()
if err := f.Parse(args); err != nil {
c.UI.Error(err.Error())
return 1
}
args = f.Args()
switch {
case len(args) < 2:
c.UI.Error(fmt.Sprintf("Not enough arguments (expected 2, got %d)", len(args)))
return 1
case len(args) > 2:
c.UI.Error(fmt.Sprintf("Too many arguments (expected 2, got %d)", len(args)))
return 1
}
client, err := c.Client()
if err != nil {
c.UI.Error(err.Error())
return 2
}
// Policies are normalized to lowercase
name := strings.TrimSpace(strings.ToLower(args[0]))
path := strings.TrimSpace(args[1])
// Get the policy contents, either from stdin of a file
var reader io.Reader
if path == "-" {
reader = os.Stdin
if c.testStdin != nil {
reader = c.testStdin
}
} else {
file, err := os.Open(path)
if err != nil {
c.UI.Error(fmt.Sprintf("Error opening policy file: %s", err))
return 2
}
defer file.Close()
reader = file
}
// Read the policy
var buf bytes.Buffer
if _, err := io.Copy(&buf, reader); err != nil {
c.UI.Error(fmt.Sprintf("Error reading policy: %s", err))
return 2
}
rules := buf.String()
if err := client.Sys().PutPolicy(name, rules); err != nil {
c.UI.Error(fmt.Sprintf("Error uploading policy: %s", err))
return 2
}
c.UI.Output(fmt.Sprintf("Success! Uploaded policy: %s", name))
return 0
}