github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/command/operator_root_keyring.go

github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/command/operator_root_keyring.go (about)

     1  package command
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  
     7  	"github.com/mitchellh/cli"
     8  	"github.com/posener/complete"
     9  
    10  	"github.com/hashicorp/nomad/api"
    11  )
    12  
    13  // OperatorRootKeyringCommand is a Command implementation
    14  // that handles querying, rotating, and removing root
    15  // encryption keys from a keyring.
    16  type OperatorRootKeyringCommand struct {
    17  	Meta
    18  }
    19  
    20  func (c *OperatorRootKeyringCommand) Help() string {
    21  	helpText := `
    22  Usage: nomad operator root keyring [options]
    23  
    24    Manages encryption keys used for storing variables and signing workload
    25    identities. This command may be used to examine active encryption keys
    26    in the cluster, rotate keys, add new keys from backups, or remove unused keys.
    27  
    28    If ACLs are enabled, all subcommands requires a management token.
    29  
    30    Rotate the encryption key:
    31  
    32        $ nomad operator root keyring rotate
    33  
    34    List all encryption key metadata:
    35  
    36        $ nomad operator root keyring list
    37  
    38    Remove an encryption key from the keyring:
    39  
    40        $ nomad operator root keyring remove <key ID>
    41  
    42    Please see individual subcommand help for detailed usage information.
    43  `
    44  	return strings.TrimSpace(helpText)
    45  }
    46  
    47  func (c *OperatorRootKeyringCommand) Synopsis() string {
    48  	return "Manages root encryption keys"
    49  }
    50  
    51  func (c *OperatorRootKeyringCommand) AutocompleteFlags() complete.Flags {
    52  	return c.Meta.AutocompleteFlags(FlagSetClient)
    53  }
    54  
    55  func (c *OperatorRootKeyringCommand) AutocompleteArgs() complete.Predictor {
    56  	return complete.PredictNothing
    57  }
    58  
    59  func (c *OperatorRootKeyringCommand) Name() string {
    60  	return "root keyring"
    61  }
    62  
    63  func (c *OperatorRootKeyringCommand) Run(args []string) int {
    64  	return cli.RunResultHelp
    65  }
    66  
    67  // renderVariablesKeysResponse is a helper for formatting the
    68  // keyring API responses
    69  func renderVariablesKeysResponse(keys []*api.RootKeyMeta, verbose bool) string {
    70  	length := fullId
    71  	if !verbose {
    72  		length = 8
    73  	}
    74  	out := make([]string, len(keys)+1)
    75  	out[0] = "Key|State|Create Time"
    76  	i := 1
    77  	for _, k := range keys {
    78  		out[i] = fmt.Sprintf("%s|%v|%s",
    79  			k.KeyID[:length], k.State, formatUnixNanoTime(k.CreateTime))
    80  		i = i + 1
    81  	}
    82  	return formatList(out)
    83  }