mirror of
https://github.com/kemko/nomad.git
synced 2026-01-02 16:35:44 +03:00
5c6ba1cce6
Split the flag options for the `secure-variables keyring` into their own subcommands. The gossip keyring CLI will be similarly refactored and the old version will be deprecated.
88 lines
2.3 KiB
Go
88 lines
2.3 KiB
Go
package command
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/mitchellh/cli"
|
|
"github.com/posener/complete"
|
|
|
|
"github.com/hashicorp/nomad/api"
|
|
)
|
|
|
|
// OperatorSecureVariablesKeyringCommand is a Command implementation
|
|
// that handles querying, installing, and removing secure variables
|
|
// encryption keys from a keyring.
|
|
type OperatorSecureVariablesKeyringCommand struct {
|
|
Meta
|
|
}
|
|
|
|
func (c *OperatorSecureVariablesKeyringCommand) Help() string {
|
|
helpText := `
|
|
Usage: nomad operator secure-variables keyring [options]
|
|
|
|
Manages encryption keys used for storing secure variables. This command may be
|
|
used to examine active encryption keys in the cluster, rotate keys, add new
|
|
keys from backups, or remove unused keys.
|
|
|
|
If ACLs are enabled, all subcommands requires a management token.
|
|
|
|
Rotate the encryption key:
|
|
|
|
$ nomad operator secure-variables keyring rotate
|
|
|
|
List all encryption key metadata:
|
|
|
|
$ nomad operator secure-variables keyring list
|
|
|
|
Remove an encryption key from the keyring:
|
|
|
|
$ nomad operator secure-variables keyring remove <key ID>
|
|
|
|
Install an encryption key from backup:
|
|
|
|
$ nomad operator secure-variables keyring install <path to .json file>
|
|
|
|
Please see individual subcommand help for detailed usage information.
|
|
`
|
|
return strings.TrimSpace(helpText)
|
|
}
|
|
|
|
func (c *OperatorSecureVariablesKeyringCommand) Synopsis() string {
|
|
return "Manages secure variables encryption keys"
|
|
}
|
|
|
|
func (c *OperatorSecureVariablesKeyringCommand) AutocompleteFlags() complete.Flags {
|
|
return c.Meta.AutocompleteFlags(FlagSetClient)
|
|
}
|
|
|
|
func (c *OperatorSecureVariablesKeyringCommand) AutocompleteArgs() complete.Predictor {
|
|
return complete.PredictNothing
|
|
}
|
|
|
|
func (c *OperatorSecureVariablesKeyringCommand) Name() string {
|
|
return "secure-variables keyring"
|
|
}
|
|
|
|
func (c *OperatorSecureVariablesKeyringCommand) Run(args []string) int {
|
|
return cli.RunResultHelp
|
|
}
|
|
|
|
// renderSecureVariablesKeysResponse is a helper for formatting the
|
|
// keyring API responses
|
|
func renderSecureVariablesKeysResponse(keys []*api.RootKeyMeta, verbose bool) string {
|
|
length := fullId
|
|
if !verbose {
|
|
length = 8
|
|
}
|
|
out := make([]string, len(keys)+1)
|
|
out[0] = "Key|Active|Create Time"
|
|
i := 1
|
|
for _, k := range keys {
|
|
out[i] = fmt.Sprintf("%s|%v|%s",
|
|
k.KeyID[:length], k.Active, formatTime(k.CreateTime))
|
|
i = i + 1
|
|
}
|
|
return formatList(out)
|
|
}
|