github.com/hernad/nomad@v1.6.112/command/operator_root_keyring_rotate.go

github.com/hernad/nomad@v1.6.112/command/operator_root_keyring_rotate.go (about)

     1  // Copyright (c) HashiCorp, Inc.
     2  // SPDX-License-Identifier: MPL-2.0
     3  
     4  package command
     5  
     6  import (
     7  	"fmt"
     8  	"strings"
     9  
    10  	"github.com/hernad/nomad/api"
    11  	"github.com/posener/complete"
    12  )
    13  
    14  // OperatorRootKeyringRotateCommand is a Command
    15  // implementation that rotates the variables encryption key.
    16  type OperatorRootKeyringRotateCommand struct {
    17  	Meta
    18  }
    19  
    20  func (c *OperatorRootKeyringRotateCommand) Help() string {
    21  	helpText := `
    22  Usage: nomad operator root keyring rotate [options]
    23  
    24    Generate a new encryption key for all future variables.
    25  
    26    If ACLs are enabled, this command requires a management token.
    27  
    28  General Options:
    29  
    30    ` + generalOptionsUsage(usageOptsDefault|usageOptsNoNamespace) + `
    31  
    32  Keyring Options:
    33  
    34    -full
    35      Decrypt all existing variables and re-encrypt with the new key. This command
    36      will immediately return and the re-encryption process will run
    37      asynchronously on the leader.
    38  
    39    -verbose
    40      Show full information.
    41  `
    42  
    43  	return strings.TrimSpace(helpText)
    44  }
    45  
    46  func (c *OperatorRootKeyringRotateCommand) Synopsis() string {
    47  	return "Rotates the root encryption key"
    48  }
    49  
    50  func (c *OperatorRootKeyringRotateCommand) AutocompleteFlags() complete.Flags {
    51  	return mergeAutocompleteFlags(c.Meta.AutocompleteFlags(FlagSetClient),
    52  		complete.Flags{
    53  			"-full":    complete.PredictNothing,
    54  			"-verbose": complete.PredictNothing,
    55  		})
    56  }
    57  
    58  func (c *OperatorRootKeyringRotateCommand) AutocompleteArgs() complete.Predictor {
    59  	return complete.PredictNothing
    60  }
    61  
    62  func (c *OperatorRootKeyringRotateCommand) Name() string {
    63  	return "root keyring rotate"
    64  }
    65  
    66  func (c *OperatorRootKeyringRotateCommand) Run(args []string) int {
    67  	var rotateFull, verbose bool
    68  
    69  	flags := c.Meta.FlagSet("root keyring rotate", FlagSetClient)
    70  	flags.Usage = func() { c.Ui.Output(c.Help()) }
    71  	flags.BoolVar(&rotateFull, "full", false, "full key rotation")
    72  	flags.BoolVar(&verbose, "verbose", false, "")
    73  
    74  	if err := flags.Parse(args); err != nil {
    75  		return 1
    76  	}
    77  
    78  	args = flags.Args()
    79  	if len(args) != 0 {
    80  		c.Ui.Error("This command requires no arguments.")
    81  		c.Ui.Error(commandErrorText(c))
    82  		return 1
    83  	}
    84  
    85  	client, err := c.Meta.Client()
    86  	if err != nil {
    87  		c.Ui.Error(fmt.Sprintf("Error creating nomad cli client: %s", err))
    88  		return 1
    89  	}
    90  
    91  	resp, _, err := client.Keyring().Rotate(
    92  		&api.KeyringRotateOptions{Full: rotateFull}, nil)
    93  	if err != nil {
    94  		c.Ui.Error(fmt.Sprintf("error: %s", err))
    95  		return 1
    96  	}
    97  	c.Ui.Output(renderVariablesKeysResponse([]*api.RootKeyMeta{resp}, verbose))
    98  	return 0
    99  }