From 5cb733e04e943608793d9f503b2541e9b5e85036 Mon Sep 17 00:00:00 2001
From: Matthew Irish <matthew@hashicorp.com>
Date: Tue, 20 Nov 2018 11:15:37 -0600
Subject: [PATCH] plumb policy-override flag to the CLI

---
 command/base.go | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/command/base.go b/command/base.go
index d71c4a798516..d1773b067ed1 100644
--- a/command/base.go
+++ b/command/base.go
@@ -38,16 +38,17 @@ type BaseCommand struct {
 	flags     *FlagSets
 	flagsOnce sync.Once
 
-	flagAddress       string
-	flagCACert        string
-	flagCAPath        string
-	flagClientCert    string
-	flagClientKey     string
-	flagNamespace     string
-	flagNS            string
-	flagTLSServerName string
-	flagTLSSkipVerify bool
-	flagWrapTTL       time.Duration
+	flagAddress        string
+	flagCACert         string
+	flagCAPath         string
+	flagClientCert     string
+	flagClientKey      string
+	flagNamespace      string
+	flagNS             string
+	flagPolicyOverride bool
+	flagTLSServerName  string
+	flagTLSSkipVerify  bool
+	flagWrapTTL        time.Duration
 
 	flagFormat string
 	flagField  string
@@ -135,6 +136,9 @@ func (c *BaseCommand) Client() (*api.Client, error) {
 	if c.flagNamespace != notSetValue {
 		client.SetNamespace(namespace.Canonicalize(c.flagNamespace))
 	}
+	if c.flagPolicyOverride {
+		client.SetPolicyOverride(c.flagPolicyOverride)
+	}
 
 	c.client = client
 
@@ -293,6 +297,14 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets {
 					"transmissions to and from the Vault server.",
 			})
 
+			f.BoolVar(&BoolVar{
+				Name:    "policy-override",
+				Target:  &c.flagPolicyOverride,
+				Default: false,
+				Usage: "Override a Sentinel policy that has a soft-mandatory " +
+					"enforcement_level specified",
+			})
+
 			f.DurationVar(&DurationVar{
 				Name:       "wrap-ttl",
 				Target:     &c.flagWrapTTL,