mirror of
https://github.com/hashicorp/vault.git
synced 2026-06-04 14:25:35 -04:00
self review rework
This commit is contained in:
vishalnayak
parent
f00261785a
commit
894f2ccef1
3 changed files with 39 additions and 22 deletions
|
|
@ -47,11 +47,11 @@ func (c *CapabilitiesCommand) Run(args []string) int {
|
|||
return 2
|
||||
}
|
||||
|
||||
var capabilities *api.CapabilitiesResponse
|
||||
var resp *api.CapabilitiesResponse
|
||||
if token == "" {
|
||||
capabilities, err = client.Sys().CapabilitiesSelf(path)
|
||||
resp, err = client.Sys().CapabilitiesSelf(path)
|
||||
} else {
|
||||
capabilities, err = client.Sys().Capabilities(token, path)
|
||||
resp, err = client.Sys().Capabilities(token, path)
|
||||
}
|
||||
if err != nil {
|
||||
c.Ui.Error(fmt.Sprintf(
|
||||
|
|
@ -59,7 +59,10 @@ func (c *CapabilitiesCommand) Run(args []string) int {
|
|||
return 1
|
||||
}
|
||||
|
||||
c.Ui.Output(fmt.Sprintf("Capabilities:%s\nMessage:%s\n", capabilities.Capabilities, capabilities.Message))
|
||||
c.Ui.Output(fmt.Sprintf("Capabilities: %s", resp.Capabilities))
|
||||
if resp.Message != "" {
|
||||
c.Ui.Output(fmt.Sprintf("Message: %s", resp.Message))
|
||||
}
|
||||
return 0
|
||||
}
|
||||
|
||||
|
|
@ -72,9 +75,9 @@ func (c *CapabilitiesCommand) Help() string {
|
|||
Usage: vault capabilities [options] [token] path
|
||||
|
||||
Fetch the capabilities of a token on a given path.
|
||||
If a token is given to the command '/sys/capabilities' will be called with
|
||||
the given token; otherwise '/sys/capabilities-self' will be called with the
|
||||
client token.
|
||||
If a token is provided to the command, API '/sys/capabilities' will be invoked
|
||||
with the given token; otherwise API '/sys/capabilities-self' will be invoked with
|
||||
the client token.
|
||||
|
||||
General Options:
|
||||
|
||||
|
|
|
|||
|
|
@ -32,28 +32,34 @@ func handleSysCapabilities(core *vault.Core) http.Handler {
|
|||
data.Token = req.ClientToken
|
||||
}
|
||||
|
||||
capabilities, err := core.Capabilities(data.Token, data.Path)
|
||||
resp, err := core.Capabilities(data.Token, data.Path)
|
||||
if err != nil {
|
||||
respondError(w, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
if capabilities == nil {
|
||||
respondOk(w, &capabilitiesResponse{Message: "Token has no capabilities on the given path"})
|
||||
if resp == nil {
|
||||
respondOk(w, &capabilitiesResponse{
|
||||
Message: "Token has no capabilities on the path",
|
||||
Capabilities: nil,
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
var response capabilitiesResponse
|
||||
switch capabilities.Root {
|
||||
var result capabilitiesResponse
|
||||
switch resp.Root {
|
||||
case true:
|
||||
response.Message = `Thij is a 'root' token. It has all the capabilities on all the paths.
|
||||
This token can be used on any valid path.`
|
||||
response.Capabilities = nil
|
||||
result.Message = "This is a 'root' token. It has all the capabilities on all the 'valid' paths."
|
||||
result.Capabilities = nil
|
||||
case false:
|
||||
response.Message = ""
|
||||
response.Capabilities = capabilities.Capabilities
|
||||
if len(resp.Capabilities) == 0 {
|
||||
result.Message = "Token has no capabilities on the path"
|
||||
} else {
|
||||
result.Message = ""
|
||||
}
|
||||
result.Capabilities = resp.Capabilities
|
||||
}
|
||||
|
||||
respondOk(w, response)
|
||||
respondOk(w, result)
|
||||
})
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,14 +6,14 @@ import (
|
|||
"strings"
|
||||
)
|
||||
|
||||
// CapabilitiesResult holds the result of fetching the capabilities of token on a path
|
||||
type CapabilitiesResult struct {
|
||||
// CapabilitiesResponse holds the result of fetching the capabilities of token on a path
|
||||
type CapabilitiesResponse struct {
|
||||
Root bool
|
||||
Capabilities []string
|
||||
}
|
||||
|
||||
// Capabilities is used to fetch the capabilities of the given token on the given path
|
||||
func (c *Core) Capabilities(token, path string) (*CapabilitiesResult, error) {
|
||||
func (c *Core) Capabilities(token, path string) (*CapabilitiesResponse, error) {
|
||||
if path == "" {
|
||||
return nil, fmt.Errorf("missing path")
|
||||
}
|
||||
|
|
@ -34,7 +34,7 @@ func (c *Core) Capabilities(token, path string) (*CapabilitiesResult, error) {
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
var result CapabilitiesResult
|
||||
var result CapabilitiesResponse
|
||||
capabilities := make(map[string]bool)
|
||||
for _, tePolicy := range te.Policies {
|
||||
if tePolicy == "root" {
|
||||
|
|
@ -45,6 +45,9 @@ func (c *Core) Capabilities(token, path string) (*CapabilitiesResult, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if policy == nil || policy.Paths == nil {
|
||||
continue
|
||||
}
|
||||
for _, pathCapability := range policy.Paths {
|
||||
switch pathCapability.Glob {
|
||||
case true:
|
||||
|
|
@ -67,6 +70,11 @@ func (c *Core) Capabilities(token, path string) (*CapabilitiesResult, error) {
|
|||
}
|
||||
}
|
||||
|
||||
if len(capabilities) == 0 {
|
||||
result.Capabilities = nil
|
||||
return &result, nil
|
||||
}
|
||||
|
||||
for capability, _ := range capabilities {
|
||||
result.Capabilities = append(result.Capabilities, capability)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue