command/keyring: cleanup

2014-09-30 15:31:07 -07:00 · 2014-09-30 15:31:07 -07:00 · daf77c3f5b
parent 61b0908e3a
commit daf77c3f5b
3 changed files with 20 additions and 18 deletions
--- a/command/keyring.go
+++ b/command/keyring.go
@ -13,12 +13,6 @@ import (
 	"github.com/mitchellh/cli"
 )

-const (
-	installKeyCommand = "install"
-	useKeyCommand     = "use"
-	removeKeyCommand  = "remove"
-)
-
 // KeyringCommand is a Command implementation that handles querying, installing,
 // and removing gossip encryption keys from a keyring.
 type KeyringCommand struct {
@ -102,10 +96,10 @@ func (c *KeyringCommand) Run(args []string) int {
 			c.Ui.Error(fmt.Sprintf("error: %s", err))
 			return 1
 		}
-		if rval := c.handleResponse(r.Info, r.Messages, r.Keys); rval != 0 {
+		if rval := c.handleResponse(r.Info, r.Messages); rval != 0 {
 			return rval
 		}
-		c.handleList(r.Info, r.Messages, r.Keys)
+		c.handleList(r.Info, r.Keys)
 		return 0
 	}

@ -116,7 +110,7 @@ func (c *KeyringCommand) Run(args []string) int {
 			c.Ui.Error(fmt.Sprintf("error: %s", err))
 			return 1
 		}
-		return c.handleResponse(r.Info, r.Messages, r.Keys)
+		return c.handleResponse(r.Info, r.Messages)
 	}

 	if useKey != "" {
@ -126,7 +120,7 @@ func (c *KeyringCommand) Run(args []string) int {
 			c.Ui.Error(fmt.Sprintf("error: %s", err))
 			return 1
 		}
-		return c.handleResponse(r.Info, r.Messages, r.Keys)
+		return c.handleResponse(r.Info, r.Messages)
 	}

 	if removeKey != "" {
@ -136,7 +130,7 @@ func (c *KeyringCommand) Run(args []string) int {
 			c.Ui.Error(fmt.Sprintf("error: %s", err))
 			return 1
 		}
-		return c.handleResponse(r.Info, r.Messages, r.Keys)
+		return c.handleResponse(r.Info, r.Messages)
 	}

 	// Should never make it here
@ -145,8 +139,7 @@ func (c *KeyringCommand) Run(args []string) int {

 func (c *KeyringCommand) handleResponse(
 	info []agent.KeyringInfo,
-	messages []agent.KeyringMessage,
-	keys []agent.KeyringEntry) int {
+	messages []agent.KeyringMessage) int {

 	var rval int

@ -179,7 +172,6 @@ func (c *KeyringCommand) handleResponse(

 func (c *KeyringCommand) handleList(
 	info []agent.KeyringInfo,
-	messages []agent.KeyringMessage,
 	keys []agent.KeyringEntry) {

 	installed := make(map[string]map[string][]int)
@ -274,6 +266,8 @@ Options:
  -init=<key>               Create the initial keyring files for Consul to use
                            containing the provided key. The -data-dir argument
                            is required with this option.
+  -data-dir=<path>          The path to the Consul agent's data directory. This
+                            argument is only needed for keyring initialization.
  -rpc-addr=127.0.0.1:8400  RPC address of the Consul agent.
 `
 	return strings.TrimSpace(helpText)
--- a/consul/structs/structs.go
+++ b/consul/structs/structs.go
@ -551,6 +551,9 @@ type KeyringResponse struct {
 	Error      string
 }

+// KeyringResponses holds multiple responses to keyring queries. Each
+// datacenter replies independently, and KeyringResponses is used as a
+// container for the set of all responses.
 type KeyringResponses struct {
 	Responses []*KeyringResponse
 	QueryMeta
--- a/website/source/docs/commands/keyring.html.markdown
+++ b/website/source/docs/commands/keyring.html.markdown
@ -22,6 +22,10 @@ responsibility of the operator to ensure that only the required encryption keys
 are installed on the cluster. You can ensure that a key is not installed using
 the `-list` and `-remove` options.

+With the exception of the `-init` argument, all operations performed by this
+command can only be run against server nodes, and affect both the LAN and
+WAN keyrings in lock-step.
+
 All variations of the `keyring` command, unless otherwise specified below, will
 return 0 if all nodes reply and there are no errors. If any node fails to reply
 or reports failure, the exit code will be 1.
@ -38,7 +42,8 @@ The list of available flags are:
 * `-init` - Creates the keyring file(s). This is useful to configure initial
  encryption keyrings, which can later be mutated using the other arguments in
  this command. This argument accepts an ASCII key, which can be generated using
-  the [keygen command](/docs/commands/keygen.html).
+  the [keygen command](/docs/commands/keygen.html). Requires the `-data-dir`
+  argument.

  This operation can be run on both client and server nodes and requires no
  network connectivity.
@ -57,6 +62,6 @@ The list of available flags are:

 * `-list` - List all keys currently in use within the cluster.

-* `-wan` - Operate on the WAN keyring instead of the LAN keyring (default)
+* `-data-dir` - The path to Consul's data directory. Used with `-init` only.

 * `-rpc-addr` - RPC address of the Consul agent.