mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-03 20:40:45 -05:00
d35be2d0de
* Fix Vault Transit BYOK helper argument parsing This commit fixes the following issues with the importer: - More than two arguments were not supported, causing the CLI to error out and resulting in a failure to import RSA keys. - The @file notation support was not accepted for KEY, meaning unencrypted keys had to be manually specified on the CLI. - Parsing of additional argument data was done in a non-standard way. - Fix parsing of command line options and ensure only relevant options are included. Additionally, some error messages and help text was clarified. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add missing documentation on Transit CLI to website Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add tests for Transit BYOK vault subcommand Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Appease CI Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
54 lines
1.6 KiB
Go
54 lines
1.6 KiB
Go
package command
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/mitchellh/cli"
|
|
"github.com/posener/complete"
|
|
)
|
|
|
|
var (
|
|
_ cli.Command = (*TransitImportVersionCommand)(nil)
|
|
_ cli.CommandAutocomplete = (*TransitImportVersionCommand)(nil)
|
|
)
|
|
|
|
type TransitImportVersionCommand struct {
|
|
*BaseCommand
|
|
}
|
|
|
|
func (c *TransitImportVersionCommand) Synopsis() string {
|
|
return "Import key material into a new key version in the Transit or Transform secrets engines."
|
|
}
|
|
|
|
func (c *TransitImportVersionCommand) Help() string {
|
|
helpText := `
|
|
Usage: vault transit import-version PATH KEY [...]
|
|
|
|
Using the Transit or Transform key wrapping system, imports key material from
|
|
the base64 encoded KEY (either directly on the CLI or via @path notation),
|
|
into a new key whose API path is PATH. To import a new transit/transform
|
|
key, use the import command instead. The remaining options after KEY
|
|
(key=value style) are passed on to the transit/transform create key endpoint.
|
|
If your system or device natively supports the RSA AES key wrap mechanism
|
|
(such as the PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP), you should use it
|
|
directly rather than this command.
|
|
` + c.Flags().Help()
|
|
|
|
return strings.TrimSpace(helpText)
|
|
}
|
|
|
|
func (c *TransitImportVersionCommand) Flags() *FlagSets {
|
|
return c.flagSet(FlagSetHTTP)
|
|
}
|
|
|
|
func (c *TransitImportVersionCommand) AutocompleteArgs() complete.Predictor {
|
|
return nil
|
|
}
|
|
|
|
func (c *TransitImportVersionCommand) AutocompleteFlags() complete.Flags {
|
|
return c.Flags().Completions()
|
|
}
|
|
|
|
func (c *TransitImportVersionCommand) Run(args []string) int {
|
|
return importKey(c.BaseCommand, "import_version", c.Flags(), args)
|
|
}
|