From a05ea4720cc1131919c26eb177be63a08cf35c02 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 3 Mar 2016 10:23:43 -0500 Subject: [PATCH] Add ability to control dev root token id with VAULT_DEV_ROOT_TOKEN_ID env var, and change the CLI flag to match. Ping #1160 --- CHANGELOG.md | 3 ++- command/server.go | 37 +++++++++++++++++++++---------------- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 429512e16d..628450754b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,8 @@ IMPROVEMENTS: attributes. [GH-1153] * secret/ssh: Added documentation for `ssh/config/zeroaddress` endpoint. [GH-1154] * command/server: The initial root token ID when running in `-dev` mode can - now be specified via `-root-token-id` [GH-1162] + now be specified via `-dev-root-token-id` or the environment variable + `VAULT_DEV_ROOT_TOKEN_ID` [GH-1162] * command/token-renew: Allow no token to be passed in; use `renew-self` in this case. Change the behavior for any token being passed in to use `renew`. [GH-1150] diff --git a/command/server.go b/command/server.go index aa33a686d7..583d281537 100644 --- a/command/server.go +++ b/command/server.go @@ -41,10 +41,11 @@ type ServerCommand struct { func (c *ServerCommand) Run(args []string) int { var dev, verifyOnly bool var configPath []string - var logLevel, rootTokenID string + var logLevel, devRootTokenID, devAddress string flags := c.Meta.FlagSet("server", FlagSetDefault) flags.BoolVar(&dev, "dev", false, "") - flags.StringVar(&rootTokenID, "root-token-id", "", "") + flags.StringVar(&devRootTokenID, "dev-root-token-id", "", "") + flags.StringVar(&devAddress, "dev-address", "", "") flags.StringVar(&logLevel, "log-level", "info", "") flags.BoolVar(&verifyOnly, "verify-only", false, "") flags.Usage = func() { c.Ui.Error(c.Help()) } @@ -53,6 +54,10 @@ func (c *ServerCommand) Run(args []string) int { return 1 } + if len(os.Getenv("VAULT_DEV_ROOT_TOKEN_ID")) > 0 { + devRootTokenID = os.Getenv("VAULT_DEV_ROOT_TOKEN_ID") + } + // Validation if !dev { switch { @@ -60,7 +65,7 @@ func (c *ServerCommand) Run(args []string) int { c.Ui.Error("At least one config path must be specified with -config") flags.Usage() return 1 - case rootTokenID != "": + case devRootTokenID != "": c.Ui.Error("Root token ID can only be specified with -dev") flags.Usage() return 1 @@ -201,7 +206,7 @@ func (c *ServerCommand) Run(args []string) int { // If we're in dev mode, then initialize the core if dev { - init, err := c.enableDev(core, rootTokenID) + init, err := c.enableDev(core, devRootTokenID) if err != nil { c.Ui.Error(fmt.Sprintf( "Error initializing dev mode: %s", err)) @@ -536,21 +541,21 @@ Usage: vault server [options] General Options: - -config= Path to the configuration file or directory. This can be - specified multiple times. If it is a directory, all - files with a ".hcl" or ".json" suffix will be loaded. + -config= Path to the configuration file or directory. This can be + specified multiple times. If it is a directory, all + files with a ".hcl" or ".json" suffix will be loaded. - -dev Enables Dev mode. In this mode, Vault is completely - in-memory and unsealed. Do not run the Dev server in - production! + -dev Enables Dev mode. In this mode, Vault is completely + in-memory and unsealed. Do not run the Dev server in + production! - -log-level=info Log verbosity. Defaults to "info", will be outputted - to stderr. Supported values: "trace", "debug", "info", - "warn", "err" + -dev-root-token-id="" If set, the root token returned in Dev mode will have the + given ID. This *only* has an effect when running in Dev + mode. - -root-token-id="" If set, the root token returned in Dev mode will have the - given ID. This *only* has an effect when running in Dev - mode. + -log-level=info Log verbosity. Defaults to "info", will be outputted + to stderr. Supported values: "trace", "debug", "info", + "warn", "err" ` return strings.TrimSpace(helpText) }