vault/command/secrets_list.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package command

import (
	"fmt"
	"sort"
	"strconv"
	"strings"

	"github.com/hashicorp/vault/api"
	"github.com/mitchellh/cli"
	"github.com/posener/complete"
)

var (
	_ cli.Command             = (*SecretsListCommand)(nil)
	_ cli.CommandAutocomplete = (*SecretsListCommand)(nil)
)

type SecretsListCommand struct {
	*BaseCommand

	flagDetailed bool
}

func (c *SecretsListCommand) Synopsis() string {
	return "List enabled secrets engines"
}

func (c *SecretsListCommand) Help() string {
	helpText := `
Usage: vault secrets list [options]

  Lists the enabled secret engines on the Vault server. This command also
  outputs information about the enabled path including configured TTLs and
  human-friendly descriptions. A TTL of "system" indicates that the system
  default is in use.

  List all enabled secrets engines:

      $ vault secrets list

  List all enabled secrets engines with detailed output:

      $ vault secrets list -detailed

` + c.Flags().Help()

	return strings.TrimSpace(helpText)
}

func (c *SecretsListCommand) Flags() *FlagSets {
	set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat)

	f := set.NewFlagSet("Command Options")

	f.BoolVar(&BoolVar{
		Name:    "detailed",
		Target:  &c.flagDetailed,
		Default: false,
		Usage: "Print detailed information such as TTLs and replication status " +
			"about each secrets engine.",
	})

	return set
}

func (c *SecretsListCommand) AutocompleteArgs() complete.Predictor {
	return c.PredictVaultFiles()
}

func (c *SecretsListCommand) AutocompleteFlags() complete.Flags {
	return c.Flags().Completions()
}

func (c *SecretsListCommand) Run(args []string) int {
	f := c.Flags()

	if err := f.Parse(args); err != nil {
		c.UI.Error(err.Error())
		return 1
	}

	args = f.Args()
	if len(args) > 0 {
		c.UI.Error(fmt.Sprintf("Too many arguments (expected 0, got %d)", len(args)))
		return 1
	}

	client, err := c.Client()
	if err != nil {
		c.UI.Error(err.Error())
		return 2
	}

	mounts, err := client.Sys().ListMounts()
	if err != nil {
		c.UI.Error(fmt.Sprintf("Error listing secrets engines: %s", err))
		return 2
	}

	switch Format(c.UI) {
	case "table":
		if c.flagDetailed {
			c.UI.Output(tableOutput(c.detailedMounts(mounts), nil))
			return 0
		}
		c.UI.Output(tableOutput(c.simpleMounts(mounts), nil))
		return 0
	default:
		return OutputData(c.UI, mounts)
	}
}

func (c *SecretsListCommand) simpleMounts(mounts map[string]*api.MountOutput) []string {
	paths := make([]string, 0, len(mounts))
	for path := range mounts {
		paths = append(paths, path)
	}
	sort.Strings(paths)

	out := []string{"Path | Type | Accessor | Description"}
	for _, path := range paths {
		mount := mounts[path]
		out = append(out, fmt.Sprintf("%s | %s | %s | %s", path, mount.Type, mount.Accessor, mount.Description))
	}

	return out
}

func (c *SecretsListCommand) detailedMounts(mounts map[string]*api.MountOutput) []string {
	paths := make([]string, 0, len(mounts))
	for path := range mounts {
		paths = append(paths, path)
	}
	sort.Strings(paths)

	calcTTL := func(typ string, ttl int) string {
		switch {
		case typ == "system", typ == "cubbyhole":
			return ""
		case ttl != 0:
			return strconv.Itoa(ttl)
		default:
			return "system"
		}
	}

	out := []string{"Path | Plugin | Accessor | Default TTL | Max TTL | Force No Cache | Replication | Seal Wrap | External Entropy Access | Options | Description | UUID | Version | Running Version | Running SHA256 | Deprecation Status"}
	for _, path := range paths {
		mount := mounts[path]

		defaultTTL := calcTTL(mount.Type, mount.Config.DefaultLeaseTTL)
		maxTTL := calcTTL(mount.Type, mount.Config.MaxLeaseTTL)

		replication := "replicated"
		if mount.Local {
			replication = "local"
		}

		pluginName := mount.Type
		if pluginName == "plugin" {
			pluginName = mount.Config.PluginName
		}

		out = append(out, fmt.Sprintf("%s | %s | %s | %s | %s | %t | %s | %t | %v | %s | %s | %s | %s | %s | %s | %s",
			path,
			pluginName,
			mount.Accessor,
			defaultTTL,
			maxTTL,
			mount.Config.ForceNoCache,
			replication,
			mount.SealWrap,
			mount.ExternalEntropyAccess,
			mount.Options,
			mount.Description,
			mount.UUID,
			mount.PluginVersion,
			mount.RunningVersion,
			mount.RunningSha256,
			mount.DeprecationStatus,
		))
	}

	return out
}