mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-08 07:37:01 +02:00
0b12cdcfd1
* Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
145 lines
3.5 KiB
Go
145 lines
3.5 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package command
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/hashicorp/vault/api"
|
|
"github.com/mitchellh/cli"
|
|
"github.com/posener/complete"
|
|
)
|
|
|
|
var (
|
|
_ cli.Command = (*TokenRenewCommand)(nil)
|
|
_ cli.CommandAutocomplete = (*TokenRenewCommand)(nil)
|
|
)
|
|
|
|
type TokenRenewCommand struct {
|
|
*BaseCommand
|
|
|
|
flagAccessor bool
|
|
flagIncrement time.Duration
|
|
}
|
|
|
|
func (c *TokenRenewCommand) Synopsis() string {
|
|
return "Renew a token lease"
|
|
}
|
|
|
|
func (c *TokenRenewCommand) Help() string {
|
|
helpText := `
|
|
Usage: vault token renew [options] [TOKEN]
|
|
|
|
Renews a token's lease, extending the amount of time it can be used. If a
|
|
TOKEN is not provided, the locally authenticated token is used. A token
|
|
accessor can be used as well. Lease renewal will fail if the token is not
|
|
renewable, the token has already been revoked, or if the token has already
|
|
reached its maximum TTL.
|
|
|
|
Renew a token (this uses the /auth/token/renew endpoint and permission):
|
|
|
|
$ vault token renew 96ddf4bc-d217-f3ba-f9bd-017055595017
|
|
|
|
Renew the currently authenticated token (this uses the /auth/token/renew-self
|
|
endpoint and permission):
|
|
|
|
$ vault token renew
|
|
|
|
Renew a token requesting a specific increment value:
|
|
|
|
$ vault token renew -increment=30m 96ddf4bc-d217-f3ba-f9bd-017055595017
|
|
|
|
For a full list of examples, please see the documentation.
|
|
|
|
` + c.Flags().Help()
|
|
|
|
return strings.TrimSpace(helpText)
|
|
}
|
|
|
|
func (c *TokenRenewCommand) Flags() *FlagSets {
|
|
set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat)
|
|
f := set.NewFlagSet("Command Options")
|
|
|
|
f.BoolVar(&BoolVar{
|
|
Name: "accessor",
|
|
Target: &c.flagAccessor,
|
|
Default: false,
|
|
EnvVar: "",
|
|
Completion: complete.PredictNothing,
|
|
Usage: "Treat the argument as an accessor instead of a token. When " +
|
|
"this option is selected, the output will NOT include the token.",
|
|
})
|
|
|
|
f.DurationVar(&DurationVar{
|
|
Name: "increment",
|
|
Aliases: []string{"i"},
|
|
Target: &c.flagIncrement,
|
|
Default: 0,
|
|
EnvVar: "",
|
|
Completion: complete.PredictAnything,
|
|
Usage: "Request a specific increment for renewal. This increment may " +
|
|
"not be honored, for instance in the case of periodic tokens. If not " +
|
|
"supplied, Vault will use the default TTL. This is specified as a " +
|
|
"numeric string with suffix like \"30s\" or \"5m\".",
|
|
})
|
|
|
|
return set
|
|
}
|
|
|
|
func (c *TokenRenewCommand) AutocompleteArgs() complete.Predictor {
|
|
return c.PredictVaultFiles()
|
|
}
|
|
|
|
func (c *TokenRenewCommand) AutocompleteFlags() complete.Flags {
|
|
return c.Flags().Completions()
|
|
}
|
|
|
|
func (c *TokenRenewCommand) Run(args []string) int {
|
|
f := c.Flags()
|
|
|
|
if err := f.Parse(args); err != nil {
|
|
c.UI.Error(err.Error())
|
|
return 1
|
|
}
|
|
|
|
token := ""
|
|
increment := c.flagIncrement
|
|
|
|
args = f.Args()
|
|
switch len(args) {
|
|
case 0:
|
|
// Use the local token
|
|
case 1:
|
|
token = strings.TrimSpace(args[0])
|
|
default:
|
|
c.UI.Error(fmt.Sprintf("Too many arguments (expected 1, got %d)", len(args)))
|
|
return 1
|
|
}
|
|
|
|
client, err := c.Client()
|
|
if err != nil {
|
|
c.UI.Error(err.Error())
|
|
return 2
|
|
}
|
|
|
|
var secret *api.Secret
|
|
inc := truncateToSeconds(increment)
|
|
switch {
|
|
case token == "":
|
|
secret, err = client.Auth().Token().RenewSelf(inc)
|
|
case c.flagAccessor:
|
|
secret, err = client.Auth().Token().RenewAccessor(token, inc)
|
|
default:
|
|
secret, err = client.Auth().Token().Renew(token, inc)
|
|
}
|
|
if err != nil {
|
|
c.UI.Error(fmt.Sprintf("Error renewing token: %s", err))
|
|
return 2
|
|
}
|
|
|
|
return OutputSecret(c.UI, secret)
|
|
}
|