github.1git.de/docker/cli@v26.1.3+incompatible/cli/command/swarm/unlock_key.go

github.1git.de/docker/cli@v26.1.3+incompatible/cli/command/swarm/unlock_key.go (about)

     1  package swarm
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  	"io"
     7  
     8  	"github.com/docker/cli/cli"
     9  	"github.com/docker/cli/cli/command"
    10  	"github.com/docker/cli/cli/command/completion"
    11  	"github.com/docker/docker/api/types/swarm"
    12  	"github.com/pkg/errors"
    13  	"github.com/spf13/cobra"
    14  )
    15  
    16  type unlockKeyOptions struct {
    17  	rotate bool
    18  	quiet  bool
    19  }
    20  
    21  func newUnlockKeyCommand(dockerCli command.Cli) *cobra.Command {
    22  	opts := unlockKeyOptions{}
    23  
    24  	cmd := &cobra.Command{
    25  		Use:   "unlock-key [OPTIONS]",
    26  		Short: "Manage the unlock key",
    27  		Args:  cli.NoArgs,
    28  		RunE: func(cmd *cobra.Command, args []string) error {
    29  			return runUnlockKey(cmd.Context(), dockerCli, opts)
    30  		},
    31  		Annotations: map[string]string{
    32  			"version": "1.24",
    33  			"swarm":   "manager",
    34  		},
    35  		ValidArgsFunction: completion.NoComplete,
    36  	}
    37  
    38  	flags := cmd.Flags()
    39  	flags.BoolVar(&opts.rotate, flagRotate, false, "Rotate unlock key")
    40  	flags.BoolVarP(&opts.quiet, flagQuiet, "q", false, "Only display token")
    41  
    42  	return cmd
    43  }
    44  
    45  func runUnlockKey(ctx context.Context, dockerCli command.Cli, opts unlockKeyOptions) error {
    46  	client := dockerCli.Client()
    47  
    48  	if opts.rotate {
    49  		flags := swarm.UpdateFlags{RotateManagerUnlockKey: true}
    50  
    51  		sw, err := client.SwarmInspect(ctx)
    52  		if err != nil {
    53  			return err
    54  		}
    55  
    56  		if !sw.Spec.EncryptionConfig.AutoLockManagers {
    57  			return errors.New("cannot rotate because autolock is not turned on")
    58  		}
    59  
    60  		if err := client.SwarmUpdate(ctx, sw.Version, sw.Spec, flags); err != nil {
    61  			return err
    62  		}
    63  
    64  		if !opts.quiet {
    65  			fmt.Fprintf(dockerCli.Out(), "Successfully rotated manager unlock key.\n\n")
    66  		}
    67  	}
    68  
    69  	unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
    70  	if err != nil {
    71  		return errors.Wrap(err, "could not fetch unlock key")
    72  	}
    73  
    74  	if unlockKeyResp.UnlockKey == "" {
    75  		return errors.New("no unlock key is set")
    76  	}
    77  
    78  	if opts.quiet {
    79  		fmt.Fprintln(dockerCli.Out(), unlockKeyResp.UnlockKey)
    80  		return nil
    81  	}
    82  
    83  	printUnlockCommand(dockerCli.Out(), unlockKeyResp.UnlockKey)
    84  	return nil
    85  }
    86  
    87  func printUnlockCommand(out io.Writer, unlockKey string) {
    88  	if len(unlockKey) > 0 {
    89  		fmt.Fprintf(out, "To unlock a swarm manager after it restarts, "+
    90  			"run the `docker swarm unlock`\ncommand and provide the following key:\n\n    %s\n\n"+
    91  			"Please remember to store this key in a password manager, since without it you\n"+
    92  			"will not be able to restart the manager.\n", unlockKey)
    93  	}
    94  }