mirror of
https://github.com/hashicorp/vault.git
synced 2026-04-22 14:48:40 -04:00
command/ssh: create and reuse the api client (#3909)
* pass around the api client * reuse the client object in the base command
This commit is contained in:
Vishal Nayak
GitHub
parent
f4f66a9779
commit
67cc60fbb6
2 changed files with 12 additions and 19 deletions
|
|
@ -45,7 +45,6 @@ type BaseCommand struct {
|
|||
|
||||
tokenHelper token.TokenHelper
|
||||
|
||||
// For testing
|
||||
client *api.Client
|
||||
}
|
||||
|
||||
|
|
@ -110,6 +109,8 @@ func (c *BaseCommand) Client() (*api.Client, error) {
|
|||
client.SetToken(token)
|
||||
}
|
||||
|
||||
c.client = client
|
||||
|
||||
return client, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -244,6 +244,13 @@ func (c *SSHCommand) Run(args []string) int {
|
|||
sshArgs = args[1:]
|
||||
}
|
||||
|
||||
// Set the client in the command
|
||||
_, err = c.Client()
|
||||
if err != nil {
|
||||
c.UI.Error(err.Error())
|
||||
return 1
|
||||
}
|
||||
|
||||
// Credentials are generated only against a registered role. If user
|
||||
// does not specify a role with the SSH command, then lookup API is used
|
||||
// to fetch all the roles with which this IP is associated. If there is
|
||||
|
|
@ -331,13 +338,7 @@ func (c *SSHCommand) handleTypeCA(username, ip string, sshArgs []string) int {
|
|||
return 1
|
||||
}
|
||||
|
||||
client, err := c.Client()
|
||||
if err != nil {
|
||||
c.UI.Error(err.Error())
|
||||
return 1
|
||||
}
|
||||
|
||||
sshClient := client.SSHWithMountPoint(c.flagMountPoint)
|
||||
sshClient := c.client.SSHWithMountPoint(c.flagMountPoint)
|
||||
|
||||
// Attempt to sign the public key
|
||||
secret, err := sshClient.SignKey(c.flagRole, map[string]interface{}{
|
||||
|
|
@ -611,12 +612,7 @@ func (c *SSHCommand) handleTypeDynamic(username, ip string, sshArgs []string) in
|
|||
// generateCredential generates a credential for the given role and returns the
|
||||
// decoded secret data.
|
||||
func (c *SSHCommand) generateCredential(username, ip string) (*api.Secret, *SSHCredentialResp, error) {
|
||||
client, err := c.Client()
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
sshClient := client.SSHWithMountPoint(c.flagMountPoint)
|
||||
sshClient := c.client.SSHWithMountPoint(c.flagMountPoint)
|
||||
|
||||
// Attempt to generate the credential.
|
||||
secret, err := sshClient.Credential(c.flagRole, map[string]interface{}{
|
||||
|
|
@ -683,11 +679,7 @@ func (c *SSHCommand) defaultRole(mountPoint, ip string) (string, error) {
|
|||
data := map[string]interface{}{
|
||||
"ip": ip,
|
||||
}
|
||||
client, err := c.Client()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
secret, err := client.Logical().Write(mountPoint+"/lookup", data)
|
||||
secret, err := c.client.Logical().Write(mountPoint+"/lookup", data)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Error finding roles for IP %q: %q", ip, err)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue