v1.14.6/command/namespace_api_unlock.go - hashicorp/vault - Git at Google

 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0

 package command

 import (
 	"fmt"
 	"strings"

 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/mitchellh/cli"
 	"github.com/posener/complete"
 )

 var (
 	_ cli.Command             = (*NamespaceAPIUnlockCommand)(nil)
 	_ cli.CommandAutocomplete = (*NamespaceAPIUnlockCommand)(nil)
 )

 type NamespaceAPIUnlockCommand struct {
 	*BaseCommand
 }

 func (c *NamespaceAPIUnlockCommand) Synopsis() string {
 	return "Unlock the API for particular namespaces"
 }

 func (c *NamespaceAPIUnlockCommand) Help() string {
 	helpText := `
 Usage: vault namespace unlock [options] PATH

 	Unlock the current namespace, and all descendants, with unlock key:

 		$ vault namespace unlock -unlock-key=<key>

 	Unlock the current namespace, and all descendants (from a root token):

 		$ vault namespace unlock

 	Unlock a child namespace, and all of its descendants (e.g. ns1/ns2/):

 		$ vault namespace lock -unlock-key=<key> ns1/ns2

 ` + c.Flags().Help()

 	return strings.TrimSpace(helpText)
 }

 func (c *NamespaceAPIUnlockCommand) Flags() *FlagSets {
 	return c.flagSet(FlagSetHTTP | FlagSetOutputFormat)
 }

 func (c *NamespaceAPIUnlockCommand) AutocompleteArgs() complete.Predictor {
 	return c.PredictVaultNamespaces()
 }

 func (c *NamespaceAPIUnlockCommand) AutocompleteFlags() complete.Flags {
 	return c.Flags().Completions()
 }

 func (c *NamespaceAPIUnlockCommand) Run(args []string) int {
 	f := c.Flags()

 	if err := f.Parse(args); err != nil {
 		c.UI.Error(err.Error())
 		return 1
 	}

 	args = f.Args()
 	if len(args) > 1 {
 		c.UI.Error(fmt.Sprintf("Too many arguments (expected 0 or 1, got %d)", len(args)))
 		return 1
 	}

 	// current namespace is already encoded in the :client:
 	client, err := c.Client()
 	if err != nil {
 		c.UI.Error(err.Error())
 		return 2
 	}

 	optionalChildNSPath := ""
 	if len(args) == 1 {
 		optionalChildNSPath = fmt.Sprintf("/%s", namespace.Canonicalize(args[0]))
 	}

 	_, err = client.Logical().Write(fmt.Sprintf("sys/namespaces/api-lock/unlock%s", optionalChildNSPath), map[string]interface{}{
 		"unlock_key": c.flagUnlockKey,
 	})
 	if err != nil {
 		c.UI.Error(fmt.Sprintf("Error unlocking namespace: %v", err))
 		return 2
 	}

 	return 0
 }
	// Copyright (c) HashiCorp, Inc.
	// SPDX-License-Identifier: MPL-2.0

	package command

	import (
	"fmt"
	"strings"

	"github.com/hashicorp/vault/helper/namespace"
	"github.com/mitchellh/cli"
	"github.com/posener/complete"
	)

	var (
	_ cli.Command = (*NamespaceAPIUnlockCommand)(nil)
	_ cli.CommandAutocomplete = (*NamespaceAPIUnlockCommand)(nil)
	)

	type NamespaceAPIUnlockCommand struct {
	*BaseCommand
	}

	func (c *NamespaceAPIUnlockCommand) Synopsis() string {
	return "Unlock the API for particular namespaces"
	}

	func (c *NamespaceAPIUnlockCommand) Help() string {
	helpText := `
	Usage: vault namespace unlock [options] PATH

	Unlock the current namespace, and all descendants, with unlock key:

	$ vault namespace unlock -unlock-key=<key>

	Unlock the current namespace, and all descendants (from a root token):

	$ vault namespace unlock

	Unlock a child namespace, and all of its descendants (e.g. ns1/ns2/):

	$ vault namespace lock -unlock-key=<key> ns1/ns2

	` + c.Flags().Help()

	return strings.TrimSpace(helpText)
	}

	func (c NamespaceAPIUnlockCommand) Flags() FlagSets {
	return c.flagSet(FlagSetHTTP \| FlagSetOutputFormat)
	}

	func (c *NamespaceAPIUnlockCommand) AutocompleteArgs() complete.Predictor {
	return c.PredictVaultNamespaces()
	}

	func (c *NamespaceAPIUnlockCommand) AutocompleteFlags() complete.Flags {
	return c.Flags().Completions()
	}

	func (c *NamespaceAPIUnlockCommand) Run(args []string) int {
	f := c.Flags()

	if err := f.Parse(args); err != nil {
	c.UI.Error(err.Error())
	return 1
	}

	args = f.Args()
	if len(args) > 1 {
	c.UI.Error(fmt.Sprintf("Too many arguments (expected 0 or 1, got %d)", len(args)))
	return 1
	}

	// current namespace is already encoded in the :client:
	client, err := c.Client()
	if err != nil {
	c.UI.Error(err.Error())
	return 2
	}

	optionalChildNSPath := ""
	if len(args) == 1 {
	optionalChildNSPath = fmt.Sprintf("/%s", namespace.Canonicalize(args[0]))
	}

	_, err = client.Logical().Write(fmt.Sprintf("sys/namespaces/api-lock/unlock%s", optionalChildNSPath), map[string]interface{}{
	"unlock_key": c.flagUnlockKey,
	})
	if err != nil {
	c.UI.Error(fmt.Sprintf("Error unlocking namespace: %v", err))
	return 2
	}

	return 0
	}