command/keyring: cleanup

This commit is contained in:
Ryan Uber 2014-09-30 15:31:07 -07:00
parent 61b0908e3a
commit daf77c3f5b
3 changed files with 20 additions and 18 deletions

View File

@ -13,12 +13,6 @@ import (
"github.com/mitchellh/cli"
)
const (
installKeyCommand = "install"
useKeyCommand = "use"
removeKeyCommand = "remove"
)
// KeyringCommand is a Command implementation that handles querying, installing,
// and removing gossip encryption keys from a keyring.
type KeyringCommand struct {
@ -102,10 +96,10 @@ func (c *KeyringCommand) Run(args []string) int {
c.Ui.Error(fmt.Sprintf("error: %s", err))
return 1
}
if rval := c.handleResponse(r.Info, r.Messages, r.Keys); rval != 0 {
if rval := c.handleResponse(r.Info, r.Messages); rval != 0 {
return rval
}
c.handleList(r.Info, r.Messages, r.Keys)
c.handleList(r.Info, r.Keys)
return 0
}
@ -116,7 +110,7 @@ func (c *KeyringCommand) Run(args []string) int {
c.Ui.Error(fmt.Sprintf("error: %s", err))
return 1
}
return c.handleResponse(r.Info, r.Messages, r.Keys)
return c.handleResponse(r.Info, r.Messages)
}
if useKey != "" {
@ -126,7 +120,7 @@ func (c *KeyringCommand) Run(args []string) int {
c.Ui.Error(fmt.Sprintf("error: %s", err))
return 1
}
return c.handleResponse(r.Info, r.Messages, r.Keys)
return c.handleResponse(r.Info, r.Messages)
}
if removeKey != "" {
@ -136,7 +130,7 @@ func (c *KeyringCommand) Run(args []string) int {
c.Ui.Error(fmt.Sprintf("error: %s", err))
return 1
}
return c.handleResponse(r.Info, r.Messages, r.Keys)
return c.handleResponse(r.Info, r.Messages)
}
// Should never make it here
@ -145,8 +139,7 @@ func (c *KeyringCommand) Run(args []string) int {
func (c *KeyringCommand) handleResponse(
info []agent.KeyringInfo,
messages []agent.KeyringMessage,
keys []agent.KeyringEntry) int {
messages []agent.KeyringMessage) int {
var rval int
@ -179,7 +172,6 @@ func (c *KeyringCommand) handleResponse(
func (c *KeyringCommand) handleList(
info []agent.KeyringInfo,
messages []agent.KeyringMessage,
keys []agent.KeyringEntry) {
installed := make(map[string]map[string][]int)
@ -274,6 +266,8 @@ Options:
-init=<key> Create the initial keyring files for Consul to use
containing the provided key. The -data-dir argument
is required with this option.
-data-dir=<path> The path to the Consul agent's data directory. This
argument is only needed for keyring initialization.
-rpc-addr=127.0.0.1:8400 RPC address of the Consul agent.
`
return strings.TrimSpace(helpText)

View File

@ -551,6 +551,9 @@ type KeyringResponse struct {
Error string
}
// KeyringResponses holds multiple responses to keyring queries. Each
// datacenter replies independently, and KeyringResponses is used as a
// container for the set of all responses.
type KeyringResponses struct {
Responses []*KeyringResponse
QueryMeta

View File

@ -22,6 +22,10 @@ responsibility of the operator to ensure that only the required encryption keys
are installed on the cluster. You can ensure that a key is not installed using
the `-list` and `-remove` options.
With the exception of the `-init` argument, all operations performed by this
command can only be run against server nodes, and affect both the LAN and
WAN keyrings in lock-step.
All variations of the `keyring` command, unless otherwise specified below, will
return 0 if all nodes reply and there are no errors. If any node fails to reply
or reports failure, the exit code will be 1.
@ -38,13 +42,14 @@ The list of available flags are:
* `-init` - Creates the keyring file(s). This is useful to configure initial
encryption keyrings, which can later be mutated using the other arguments in
this command. This argument accepts an ASCII key, which can be generated using
the [keygen command](/docs/commands/keygen.html).
the [keygen command](/docs/commands/keygen.html). Requires the `-data-dir`
argument.
This operation can be run on both client and server nodes and requires no
network connectivity.
Returns 0 if the key is successfully configured, or 1 if there were any
problems.
Returns 0 if the key is successfully configured, or 1 if there were any
problems.
* `-install` - Install a new encryption key. This will broadcast the new key to
all members in the cluster.
@ -57,6 +62,6 @@ The list of available flags are:
* `-list` - List all keys currently in use within the cluster.
* `-wan` - Operate on the WAN keyring instead of the LAN keyring (default)
* `-data-dir` - The path to Consul's data directory. Used with `-init` only.
* `-rpc-addr` - RPC address of the Consul agent.