登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
0 Star 1 Fork 0

蒋佳李 / vault

代码 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
secrets_tune.go 5.11 KB
一键复制 编辑 原始数据 按行查看 历史
蒋佳李 提交于 2021-03-25 16:28 . 更新
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
package command



import (

	"flag"

	"fmt"

	"strconv"

	"strings"

	"time"



	"gitee.com/jiangjiali/vault/api"

	"gitee.com/jiangjiali/vault/sdk/helper/complete"

	"gitee.com/jiangjiali/vault/sdk/helper/mitchellh/cli"

)



var _ cli.Command = (*SecretsTuneCommand)(nil)

var _ cli.CommandAutocomplete = (*SecretsTuneCommand)(nil)



type SecretsTuneCommand struct {

	*BaseCommand



	flagAuditNonHMACRequestKeys  []string

	flagAuditNonHMACResponseKeys []string

	flagDefaultLeaseTTL          time.Duration

	flagDescription              string

	flagListingVisibility        string

	flagMaxLeaseTTL              time.Duration

	flagOptions                  map[string]string

	flagVersion                  int

}



func (c *SecretsTuneCommand) Synopsis() string {

	return "调整机密引擎配置"

}



func (c *SecretsTuneCommand) Help() string {

	helpText := `

使用: vault secrets tune [选项] PATH



  在给定PATH上调整机密引擎的配置选项。

  参数对应于启用机密引擎的PATH,而不是TYPE!



  优化PKI机密引擎的默认租约:



      $ vault secrets tune -default-lease-ttl=72h pki/



` + c.Flags().Help()



	return strings.TrimSpace(helpText)

}



func (c *SecretsTuneCommand) Flags() *FlagSets {

	set := c.flagSet(FlagSetHTTP)



	f := set.NewFlagSet("命令选项")



	f.StringSliceVar(&StringSliceVar{

		Name:   flagNameAuditNonHMACRequestKeys,

		Target: &c.flagAuditNonHMACRequestKeys,

		Usage:  "逗号分隔的字符串或请求数据对象中的审核设备不会HMAC的键列表。",

	})



	f.StringSliceVar(&StringSliceVar{

		Name:   flagNameAuditNonHMACResponseKeys,

		Target: &c.flagAuditNonHMACResponseKeys,

		Usage:  "逗号分隔的字符串或键列表,这些键不会被响应数据对象中的审核设备HMAC。",

	})



	f.DurationVar(&DurationVar{

		Name:       "default-lease-ttl",

		Target:     &c.flagDefaultLeaseTTL,

		Default:    0,

		EnvVar:     "",

		Completion: complete.PredictAnything,

		Usage:      "此机密引擎的默认租约TTL。如果未指定,则默认为安全库服务器的全局配置的默认租约TTL,或先前为机密引擎配置的值。",

	})



	f.StringVar(&StringVar{

		Name:   flagNameDescription,

		Target: &c.flagDescription,

		Usage:  "对这个秘密引擎的人性化描述。这将覆盖当前存储的值(如果有)。",

	})



	f.StringVar(&StringVar{

		Name:   flagNameListingVisibility,

		Target: &c.flagListingVisibility,

		Usage:  "确定装载在特定于UI的列表终结点中的可见性。",

	})



	f.DurationVar(&DurationVar{

		Name:       "max-lease-ttl",

		Target:     &c.flagMaxLeaseTTL,

		Default:    0,

		EnvVar:     "",

		Completion: complete.PredictAnything,

		Usage:      "此机密引擎的最大租约TTL。如果未指定,则默认为安全库服务器的全局配置的最大租约TTL,或先前为机密引擎配置的值。",

	})



	f.StringMapVar(&StringMapVar{

		Name:       "options",

		Target:     &c.flagOptions,

		Completion: complete.PredictAnything,

		Usage:      "作为安装选项的Key=value提供的Key-value对。可以多次指定。",

	})



	f.IntVar(&IntVar{

		Name:    "version",

		Target:  &c.flagVersion,

		Default: 0,

		Usage:   "选择要运行的引擎版本。并非所有机密引擎都支持。",

	})



	return set

}



func (c *SecretsTuneCommand) AutocompleteArgs() complete.Predictor {

	return c.PredictVaultMounts()

}



func (c *SecretsTuneCommand) AutocompleteFlags() complete.Flags {

	return c.Flags().Completions()

}



func (c *SecretsTuneCommand) Run(args []string) int {

	f := c.Flags()



	if err := f.Parse(args); err != nil {

		c.UI.Error(err.Error())

		return 1

	}



	args = f.Args()

	switch {

	case len(args) < 1:

		c.UI.Error(fmt.Sprintf("Not enough arguments (expected 1, got %d)", len(args)))

		return 1

	case len(args) > 1:

		c.UI.Error(fmt.Sprintf("Too many arguments (expected 1, got %d)", len(args)))

		return 1

	}



	client, err := c.Client()

	if err != nil {

		c.UI.Error(err.Error())

		return 2

	}



	if c.flagVersion > 0 {

		if c.flagOptions == nil {

			c.flagOptions = make(map[string]string)

		}

		c.flagOptions["version"] = strconv.Itoa(c.flagVersion)

	}



	// Append a trailing slash to indicate it's a path in output

	mountPath := ensureTrailingSlash(sanitizePath(args[0]))



	mountConfigInput := api.MountConfigInput{

		DefaultLeaseTTL: ttlToAPI(c.flagDefaultLeaseTTL),

		MaxLeaseTTL:     ttlToAPI(c.flagMaxLeaseTTL),

		Options:         c.flagOptions,

	}



	// Set these values only if they are provided in the CLI

	f.Visit(func(fl *flag.Flag) {

		if fl.Name == flagNameAuditNonHMACRequestKeys {

			mountConfigInput.AuditNonHMACRequestKeys = c.flagAuditNonHMACRequestKeys

		}



		if fl.Name == flagNameAuditNonHMACResponseKeys {

			mountConfigInput.AuditNonHMACResponseKeys = c.flagAuditNonHMACResponseKeys

		}



		if fl.Name == flagNameDescription {

			mountConfigInput.Description = &c.flagDescription

		}



		if fl.Name == flagNameListingVisibility {

			mountConfigInput.ListingVisibility = c.flagListingVisibility

		}

	})



	if err := client.Sys().TuneMount(mountPath, mountConfigInput); err != nil {

		c.UI.Error(fmt.Sprintf("Error tuning secrets engine %s: %s", mountPath, err))

		return 2

	}



	c.UI.Output(fmt.Sprintf("Success! Tuned the secrets engine at: %s", mountPath))

	return 0

}
Go
1
https://gitee.com/jiangjiali/vault.git
git@gitee.com:jiangjiali/vault.git
jiangjiali
vault
vault
v1.1.11
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部