upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-28 04:10:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add ability to control dev root token id with

Browse source 
VAULT_DEV_ROOT_TOKEN_ID env var, and change the CLI flag to match.

Ping #1160
This commit is contained in:
Jeff Mitchell 2016-03-03 10:23:43 -05:00
parent f88c6c16db
commit a05ea4720c
2 changed files with 23 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -7,7 +7,8 @@ IMPROVEMENTS:
attributes. [GH-1153]
* secret/ssh: Added documentation for `ssh/config/zeroaddress` endpoint. [GH-1154]
* command/server: The initial root token ID when running in `-dev` mode can
now be specified via `-root-token-id` [GH-1162]
now be specified via `-dev-root-token-id` or the environment variable
`VAULT_DEV_ROOT_TOKEN_ID` [GH-1162]
* command/token-renew: Allow no token to be passed in; use `renew-self` in
this case. Change the behavior for any token being passed in to use `renew`.
[GH-1150]

37
command/server.go
View file

@ -41,10 +41,11 @@ type ServerCommand struct {
func (c *ServerCommand) Run(args []string) int {
var dev, verifyOnly bool
var configPath []string
var logLevel, rootTokenID string
var logLevel, devRootTokenID, devAddress string
flags := c.Meta.FlagSet("server", FlagSetDefault)
flags.BoolVar(&dev, "dev", false, "")
flags.StringVar(&rootTokenID, "root-token-id", "", "")
flags.StringVar(&devRootTokenID, "dev-root-token-id", "", "")
flags.StringVar(&devAddress, "dev-address", "", "")
flags.StringVar(&logLevel, "log-level", "info", "")
flags.BoolVar(&verifyOnly, "verify-only", false, "")
flags.Usage = func() { c.Ui.Error(c.Help()) }
@ -53,6 +54,10 @@ func (c *ServerCommand) Run(args []string) int {
return 1
}
if len(os.Getenv("VAULT_DEV_ROOT_TOKEN_ID")) > 0 {
devRootTokenID = os.Getenv("VAULT_DEV_ROOT_TOKEN_ID")
}
// Validation
if !dev {
switch {
@ -60,7 +65,7 @@ func (c *ServerCommand) Run(args []string) int {
c.Ui.Error("At least one config path must be specified with -config")
flags.Usage()
return 1
case rootTokenID != "":
case devRootTokenID != "":
c.Ui.Error("Root token ID can only be specified with -dev")
flags.Usage()
return 1
@ -201,7 +206,7 @@ func (c *ServerCommand) Run(args []string) int {
// If we're in dev mode, then initialize the core
if dev {
init, err := c.enableDev(core, rootTokenID)
init, err := c.enableDev(core, devRootTokenID)
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error initializing dev mode: %s", err))
@ -536,21 +541,21 @@ Usage: vault server [options]
General Options:
-config=<path> Path to the configuration file or directory. This can be
specified multiple times. If it is a directory, all
files with a ".hcl" or ".json" suffix will be loaded.
-config=<path> Path to the configuration file or directory. This can be
specified multiple times. If it is a directory, all
files with a ".hcl" or ".json" suffix will be loaded.
-dev Enables Dev mode. In this mode, Vault is completely
in-memory and unsealed. Do not run the Dev server in
production!
-dev Enables Dev mode. In this mode, Vault is completely
in-memory and unsealed. Do not run the Dev server in
production!
-log-level=info Log verbosity. Defaults to "info", will be outputted
to stderr. Supported values: "trace", "debug", "info",
"warn", "err"
-dev-root-token-id="" If set, the root token returned in Dev mode will have the
given ID. This *only* has an effect when running in Dev
mode.
-root-token-id="" If set, the root token returned in Dev mode will have the
given ID. This *only* has an effect when running in Dev
mode.
-log-level=info Log verbosity. Defaults to "info", will be outputted
to stderr. Supported values: "trace", "debug", "info",
"warn", "err"
`
return strings.TrimSpace(helpText)
}