command/auth: validate the token

command/auth.go

@@ -88,8 +88,37 @@ func (c *AuthCommand) Run(args []string) int {
 		return 1
 	}
 
+	// Build the client so we can verify that the token is valid
+	client, err := c.Client()
+	if err != nil {
+		c.Ui.Error(fmt.Sprintf(
+			"Error initializing client to verify the token: %s", err))
+		return 1
+	}
+
+	// Verify the token
+	secret, err := client.Logical().Read("auth/token/lookup-self")
+	if err != nil {
+		c.Ui.Error(fmt.Sprintf(
+			"Error validating token: %s", err))
+		return 1
+	}
+
+	// Get the policies we have
+	policiesRaw, ok := secret.Data["policies"]
+	if !ok {
+		policiesRaw = []string{"unknown"}
+	}
+	var policies []string
+	for _, v := range policiesRaw.([]interface{}) {
+		policies = append(policies, v.(string))
+	}
+
 	c.Ui.Output(fmt.Sprintf(
-		"Successfully authenticated!"))
+		"Successfully authenticated! The policies that are associated\n"+
+			"with this token are listed below:\n\n%s",
+		strings.Join(policies, ", "),
+	))
 
 	return 0
 }

command/auth_test.go

@@ -9,10 +9,16 @@ import (
 
 	tokenDisk "github.com/hashicorp/vault/builtin/token/disk"
 	"github.com/hashicorp/vault/command/token"
+	"github.com/hashicorp/vault/http"
+	"github.com/hashicorp/vault/vault"
 	"github.com/mitchellh/cli"
 )
 
 func TestAuth_token(t *testing.T) {
+	core, _, token := vault.TestCoreUnsealed(t)
+	ln, addr := http.TestServer(t, core)
+	defer ln.Close()
+
 	testAuthInit(t)
 
 	ui := new(cli.MockUi)
@@ -23,7 +29,8 @@ func TestAuth_token(t *testing.T) {
 	}
 
 	args := []string{
-		"foo",
+		"-address", addr,
+		token,
 	}
 	if code := c.Run(args); code != 0 {
 		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
@@ -39,7 +46,7 @@ func TestAuth_token(t *testing.T) {
 		t.Fatalf("err: %s", err)
 	}
 
-	if actual != "foo" {
+	if actual != token {
 		t.Fatalf("bad: %s", actual)
 	}
 }