mirror of https://github.com/status-im/consul.git
command/keyring: cleanup
This commit is contained in:
Ryan Uber
parent
61b0908e3a
commit
daf77c3f5b
|
|
@ -13,12 +13,6 @@ import (
|
||||||
"github.com/mitchellh/cli"
|
"github.com/mitchellh/cli"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
|
||||||
installKeyCommand = "install"
|
|
||||||
useKeyCommand = "use"
|
|
||||||
removeKeyCommand = "remove"
|
|
||||||
)
|
|
||||||
|
|
||||||
// KeyringCommand is a Command implementation that handles querying, installing,
|
// KeyringCommand is a Command implementation that handles querying, installing,
|
||||||
// and removing gossip encryption keys from a keyring.
|
// and removing gossip encryption keys from a keyring.
|
||||||
type KeyringCommand struct {
|
type KeyringCommand struct {
|
||||||
|
|
@ -102,10 +96,10 @@ func (c *KeyringCommand) Run(args []string) int {
|
||||||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
if rval := c.handleResponse(r.Info, r.Messages, r.Keys); rval != 0 {
|
if rval := c.handleResponse(r.Info, r.Messages); rval != 0 {
|
||||||
return rval
|
return rval
|
||||||
}
|
}
|
||||||
c.handleList(r.Info, r.Messages, r.Keys)
|
c.handleList(r.Info, r.Keys)
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -116,7 +110,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
||||||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
return c.handleResponse(r.Info, r.Messages, r.Keys)
|
return c.handleResponse(r.Info, r.Messages)
|
||||||
}
|
}
|
||||||
|
|
||||||
if useKey != "" {
|
if useKey != "" {
|
||||||
|
|
@ -126,7 +120,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
||||||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
return c.handleResponse(r.Info, r.Messages, r.Keys)
|
return c.handleResponse(r.Info, r.Messages)
|
||||||
}
|
}
|
||||||
|
|
||||||
if removeKey != "" {
|
if removeKey != "" {
|
||||||
|
|
@ -136,7 +130,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
||||||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
return c.handleResponse(r.Info, r.Messages, r.Keys)
|
return c.handleResponse(r.Info, r.Messages)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Should never make it here
|
// Should never make it here
|
||||||
|
|
@ -145,8 +139,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
||||||
|
|
||||||
func (c *KeyringCommand) handleResponse(
|
func (c *KeyringCommand) handleResponse(
|
||||||
info []agent.KeyringInfo,
|
info []agent.KeyringInfo,
|
||||||
messages []agent.KeyringMessage,
|
messages []agent.KeyringMessage) int {
|
||||||
keys []agent.KeyringEntry) int {
|
|
||||||
|
|
||||||
var rval int
|
var rval int
|
||||||
|
|
||||||
|
|
@ -179,7 +172,6 @@ func (c *KeyringCommand) handleResponse(
|
||||||
|
|
||||||
func (c *KeyringCommand) handleList(
|
func (c *KeyringCommand) handleList(
|
||||||
info []agent.KeyringInfo,
|
info []agent.KeyringInfo,
|
||||||
messages []agent.KeyringMessage,
|
|
||||||
keys []agent.KeyringEntry) {
|
keys []agent.KeyringEntry) {
|
||||||
|
|
||||||
installed := make(map[string]map[string][]int)
|
installed := make(map[string]map[string][]int)
|
||||||
|
|
@ -274,6 +266,8 @@ Options:
|
||||||
-init=<key> Create the initial keyring files for Consul to use
|
-init=<key> Create the initial keyring files for Consul to use
|
||||||
containing the provided key. The -data-dir argument
|
containing the provided key. The -data-dir argument
|
||||||
is required with this option.
|
is required with this option.
|
||||||
|
-data-dir=<path> The path to the Consul agent's data directory. This
|
||||||
|
argument is only needed for keyring initialization.
|
||||||
-rpc-addr=127.0.0.1:8400 RPC address of the Consul agent.
|
-rpc-addr=127.0.0.1:8400 RPC address of the Consul agent.
|
||||||
`
|
`
|
||||||
return strings.TrimSpace(helpText)
|
return strings.TrimSpace(helpText)
|
||||||
|
|
|
||||||
|
|
@ -551,6 +551,9 @@ type KeyringResponse struct {
|
||||||
Error string
|
Error string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// KeyringResponses holds multiple responses to keyring queries. Each
|
||||||
|
// datacenter replies independently, and KeyringResponses is used as a
|
||||||
|
// container for the set of all responses.
|
||||||
type KeyringResponses struct {
|
type KeyringResponses struct {
|
||||||
Responses []*KeyringResponse
|
Responses []*KeyringResponse
|
||||||
QueryMeta
|
QueryMeta
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,10 @@ responsibility of the operator to ensure that only the required encryption keys
|
||||||
are installed on the cluster. You can ensure that a key is not installed using
|
are installed on the cluster. You can ensure that a key is not installed using
|
||||||
the `-list` and `-remove` options.
|
the `-list` and `-remove` options.
|
||||||
|
|
||||||
|
With the exception of the `-init` argument, all operations performed by this
|
||||||
|
command can only be run against server nodes, and affect both the LAN and
|
||||||
|
WAN keyrings in lock-step.
|
||||||
|
|
||||||
All variations of the `keyring` command, unless otherwise specified below, will
|
All variations of the `keyring` command, unless otherwise specified below, will
|
||||||
return 0 if all nodes reply and there are no errors. If any node fails to reply
|
return 0 if all nodes reply and there are no errors. If any node fails to reply
|
||||||
or reports failure, the exit code will be 1.
|
or reports failure, the exit code will be 1.
|
||||||
|
|
@ -38,13 +42,14 @@ The list of available flags are:
|
||||||
* `-init` - Creates the keyring file(s). This is useful to configure initial
|
* `-init` - Creates the keyring file(s). This is useful to configure initial
|
||||||
encryption keyrings, which can later be mutated using the other arguments in
|
encryption keyrings, which can later be mutated using the other arguments in
|
||||||
this command. This argument accepts an ASCII key, which can be generated using
|
this command. This argument accepts an ASCII key, which can be generated using
|
||||||
the [keygen command](/docs/commands/keygen.html).
|
the [keygen command](/docs/commands/keygen.html). Requires the `-data-dir`
|
||||||
|
argument.
|
||||||
|
|
||||||
This operation can be run on both client and server nodes and requires no
|
This operation can be run on both client and server nodes and requires no
|
||||||
network connectivity.
|
network connectivity.
|
||||||
|
|
||||||
Returns 0 if the key is successfully configured, or 1 if there were any
|
Returns 0 if the key is successfully configured, or 1 if there were any
|
||||||
problems.
|
problems.
|
||||||
|
|
||||||
* `-install` - Install a new encryption key. This will broadcast the new key to
|
* `-install` - Install a new encryption key. This will broadcast the new key to
|
||||||
all members in the cluster.
|
all members in the cluster.
|
||||||
|
|
@ -57,6 +62,6 @@ The list of available flags are:
|
||||||
|
|
||||||
* `-list` - List all keys currently in use within the cluster.
|
* `-list` - List all keys currently in use within the cluster.
|
||||||
|
|
||||||
* `-wan` - Operate on the WAN keyring instead of the LAN keyring (default)
|
* `-data-dir` - The path to Consul's data directory. Used with `-init` only.
|
||||||
|
|
||||||
* `-rpc-addr` - RPC address of the Consul agent.
|
* `-rpc-addr` - RPC address of the Consul agent.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue