mirror of https://github.com/status-im/consul.git
command/keyring: cleanup
This commit is contained in:
parent
61b0908e3a
commit
daf77c3f5b
|
@ -13,12 +13,6 @@ import (
|
|||
"github.com/mitchellh/cli"
|
||||
)
|
||||
|
||||
const (
|
||||
installKeyCommand = "install"
|
||||
useKeyCommand = "use"
|
||||
removeKeyCommand = "remove"
|
||||
)
|
||||
|
||||
// KeyringCommand is a Command implementation that handles querying, installing,
|
||||
// and removing gossip encryption keys from a keyring.
|
||||
type KeyringCommand struct {
|
||||
|
@ -102,10 +96,10 @@ func (c *KeyringCommand) Run(args []string) int {
|
|||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||
return 1
|
||||
}
|
||||
if rval := c.handleResponse(r.Info, r.Messages, r.Keys); rval != 0 {
|
||||
if rval := c.handleResponse(r.Info, r.Messages); rval != 0 {
|
||||
return rval
|
||||
}
|
||||
c.handleList(r.Info, r.Messages, r.Keys)
|
||||
c.handleList(r.Info, r.Keys)
|
||||
return 0
|
||||
}
|
||||
|
||||
|
@ -116,7 +110,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
|||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||
return 1
|
||||
}
|
||||
return c.handleResponse(r.Info, r.Messages, r.Keys)
|
||||
return c.handleResponse(r.Info, r.Messages)
|
||||
}
|
||||
|
||||
if useKey != "" {
|
||||
|
@ -126,7 +120,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
|||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||
return 1
|
||||
}
|
||||
return c.handleResponse(r.Info, r.Messages, r.Keys)
|
||||
return c.handleResponse(r.Info, r.Messages)
|
||||
}
|
||||
|
||||
if removeKey != "" {
|
||||
|
@ -136,7 +130,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
|||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||
return 1
|
||||
}
|
||||
return c.handleResponse(r.Info, r.Messages, r.Keys)
|
||||
return c.handleResponse(r.Info, r.Messages)
|
||||
}
|
||||
|
||||
// Should never make it here
|
||||
|
@ -145,8 +139,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
|||
|
||||
func (c *KeyringCommand) handleResponse(
|
||||
info []agent.KeyringInfo,
|
||||
messages []agent.KeyringMessage,
|
||||
keys []agent.KeyringEntry) int {
|
||||
messages []agent.KeyringMessage) int {
|
||||
|
||||
var rval int
|
||||
|
||||
|
@ -179,7 +172,6 @@ func (c *KeyringCommand) handleResponse(
|
|||
|
||||
func (c *KeyringCommand) handleList(
|
||||
info []agent.KeyringInfo,
|
||||
messages []agent.KeyringMessage,
|
||||
keys []agent.KeyringEntry) {
|
||||
|
||||
installed := make(map[string]map[string][]int)
|
||||
|
@ -274,6 +266,8 @@ Options:
|
|||
-init=<key> Create the initial keyring files for Consul to use
|
||||
containing the provided key. The -data-dir argument
|
||||
is required with this option.
|
||||
-data-dir=<path> The path to the Consul agent's data directory. This
|
||||
argument is only needed for keyring initialization.
|
||||
-rpc-addr=127.0.0.1:8400 RPC address of the Consul agent.
|
||||
`
|
||||
return strings.TrimSpace(helpText)
|
||||
|
|
|
@ -551,6 +551,9 @@ type KeyringResponse struct {
|
|||
Error string
|
||||
}
|
||||
|
||||
// KeyringResponses holds multiple responses to keyring queries. Each
|
||||
// datacenter replies independently, and KeyringResponses is used as a
|
||||
// container for the set of all responses.
|
||||
type KeyringResponses struct {
|
||||
Responses []*KeyringResponse
|
||||
QueryMeta
|
||||
|
|
|
@ -22,6 +22,10 @@ responsibility of the operator to ensure that only the required encryption keys
|
|||
are installed on the cluster. You can ensure that a key is not installed using
|
||||
the `-list` and `-remove` options.
|
||||
|
||||
With the exception of the `-init` argument, all operations performed by this
|
||||
command can only be run against server nodes, and affect both the LAN and
|
||||
WAN keyrings in lock-step.
|
||||
|
||||
All variations of the `keyring` command, unless otherwise specified below, will
|
||||
return 0 if all nodes reply and there are no errors. If any node fails to reply
|
||||
or reports failure, the exit code will be 1.
|
||||
|
@ -38,13 +42,14 @@ The list of available flags are:
|
|||
* `-init` - Creates the keyring file(s). This is useful to configure initial
|
||||
encryption keyrings, which can later be mutated using the other arguments in
|
||||
this command. This argument accepts an ASCII key, which can be generated using
|
||||
the [keygen command](/docs/commands/keygen.html).
|
||||
the [keygen command](/docs/commands/keygen.html). Requires the `-data-dir`
|
||||
argument.
|
||||
|
||||
This operation can be run on both client and server nodes and requires no
|
||||
network connectivity.
|
||||
|
||||
Returns 0 if the key is successfully configured, or 1 if there were any
|
||||
problems.
|
||||
Returns 0 if the key is successfully configured, or 1 if there were any
|
||||
problems.
|
||||
|
||||
* `-install` - Install a new encryption key. This will broadcast the new key to
|
||||
all members in the cluster.
|
||||
|
@ -57,6 +62,6 @@ The list of available flags are:
|
|||
|
||||
* `-list` - List all keys currently in use within the cluster.
|
||||
|
||||
* `-wan` - Operate on the WAN keyring instead of the LAN keyring (default)
|
||||
* `-data-dir` - The path to Consul's data directory. Used with `-init` only.
|
||||
|
||||
* `-rpc-addr` - RPC address of the Consul agent.
|
||||
|
|
Loading…
Reference in New Issue