diff --git a/command/auth.go b/command/auth.go index 9319876471..b332a2ee49 100644 --- a/command/auth.go +++ b/command/auth.go @@ -88,8 +88,37 @@ func (c *AuthCommand) Run(args []string) int { return 1 } + // Build the client so we can verify that the token is valid + client, err := c.Client() + if err != nil { + c.Ui.Error(fmt.Sprintf( + "Error initializing client to verify the token: %s", err)) + return 1 + } + + // Verify the token + secret, err := client.Logical().Read("auth/token/lookup-self") + if err != nil { + c.Ui.Error(fmt.Sprintf( + "Error validating token: %s", err)) + return 1 + } + + // Get the policies we have + policiesRaw, ok := secret.Data["policies"] + if !ok { + policiesRaw = []string{"unknown"} + } + var policies []string + for _, v := range policiesRaw.([]interface{}) { + policies = append(policies, v.(string)) + } + c.Ui.Output(fmt.Sprintf( - "Successfully authenticated!")) + "Successfully authenticated! The policies that are associated\n"+ + "with this token are listed below:\n\n%s", + strings.Join(policies, ", "), + )) return 0 } diff --git a/command/auth_test.go b/command/auth_test.go index f3c48b3e24..138f13733f 100644 --- a/command/auth_test.go +++ b/command/auth_test.go @@ -9,10 +9,16 @@ import ( tokenDisk "github.com/hashicorp/vault/builtin/token/disk" "github.com/hashicorp/vault/command/token" + "github.com/hashicorp/vault/http" + "github.com/hashicorp/vault/vault" "github.com/mitchellh/cli" ) func TestAuth_token(t *testing.T) { + core, _, token := vault.TestCoreUnsealed(t) + ln, addr := http.TestServer(t, core) + defer ln.Close() + testAuthInit(t) ui := new(cli.MockUi) @@ -23,7 +29,8 @@ func TestAuth_token(t *testing.T) { } args := []string{ - "foo", + "-address", addr, + token, } if code := c.Run(args); code != 0 { t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String()) @@ -39,7 +46,7 @@ func TestAuth_token(t *testing.T) { t.Fatalf("err: %s", err) } - if actual != "foo" { + if actual != token { t.Fatalf("bad: %s", actual) } }