From e8a974502f8b61e85281f212661822763bfe1623 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 4 Jul 2017 15:26:57 -0400 Subject: [PATCH 1/2] Add token-only. Fixes #2855 --- command/auth.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/command/auth.go b/command/auth.go index e8ef7e28371b..54c2d0c89039 100644 --- a/command/auth.go +++ b/command/auth.go @@ -37,12 +37,13 @@ type AuthCommand struct { func (c *AuthCommand) Run(args []string) int { var method, authPath string - var methods, methodHelp, noVerify, noStore bool + var methods, methodHelp, noVerify, noStore, tokenOnly bool flags := c.Meta.FlagSet("auth", meta.FlagSetDefault) flags.BoolVar(&methods, "methods", false, "") flags.BoolVar(&methodHelp, "method-help", false, "") flags.BoolVar(&noVerify, "no-verify", false, "") flags.BoolVar(&noStore, "no-store", false, "") + flags.BoolVar(&tokenOnly, "token-only", false, "") flags.StringVar(&method, "method", "", "method") flags.StringVar(&authPath, "path", "", "") flags.Usage = func() { c.Ui.Error(c.Help()) } @@ -128,8 +129,8 @@ func (c *AuthCommand) Run(args []string) int { } // Warn if the VAULT_TOKEN environment variable is set, as that will take - // precedence - if os.Getenv("VAULT_TOKEN") != "" { + // precedence. Don't output on token-only since we're likely piping output. + if os.Getenv("VAULT_TOKEN") != "" && !tokenOnly { c.Ui.Output("==> WARNING: VAULT_TOKEN environment variable set!\n") c.Ui.Output(" The environment variable takes precedence over the value") c.Ui.Output(" set by the auth command. Either update the value of the") @@ -190,6 +191,11 @@ func (c *AuthCommand) Run(args []string) int { } } + if tokenOnly { + c.Ui.Output(token) + return 0 + } + if noVerify { c.Ui.Output(fmt.Sprintf( "Authenticated - no token verification has been performed.", @@ -393,6 +399,8 @@ Auth Options: -no-store Do not store the token after creation; it will only be displayed in the command output. + -token-only Output only the token to stdout. This implies -no-verify. + -path The path at which the auth backend is enabled. If an auth backend is mounted at multiple paths, this option can be used to authenticate against specific paths. From cd21256fc574a3875f3214b7d113fb93392708af Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 5 Jul 2017 10:09:25 -0400 Subject: [PATCH 2/2] Also have -token-only imply -no-store --- command/auth.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/command/auth.go b/command/auth.go index 54c2d0c89039..1d9af5feb9b6 100644 --- a/command/auth.go +++ b/command/auth.go @@ -179,6 +179,11 @@ func (c *AuthCommand) Run(args []string) int { return 1 } + if tokenOnly { + c.Ui.Output(token) + return 0 + } + // Store the token! if !noStore { if err := tokenHelper.Store(token); err != nil { @@ -191,11 +196,6 @@ func (c *AuthCommand) Run(args []string) int { } } - if tokenOnly { - c.Ui.Output(token) - return 0 - } - if noVerify { c.Ui.Output(fmt.Sprintf( "Authenticated - no token verification has been performed.", @@ -399,7 +399,8 @@ Auth Options: -no-store Do not store the token after creation; it will only be displayed in the command output. - -token-only Output only the token to stdout. This implies -no-verify. + -token-only Output only the token to stdout. This implies -no-verify + and -no-store. -path The path at which the auth backend is enabled. If an auth backend is mounted at multiple paths, this option can be