mvisonneau · Strangerxxx · Apr 13, 2023 · Apr 13, 2023 · Apr 17, 2023 · Apr 17, 2023
diff --git a/go.mod b/go.mod
diff --git a/go.sum b/go.sum
diff --git a/internal/base/helpers.go b/internal/base/helpers.go
@@ -0,0 +1,75 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package base
+
+import (
+	"strings"
+
+	"github.com/kr/text"
+)
+
+const (
+	// maxLineLength is the maximum width of any line.
+	maxLineLength int = 78
+)
+
+// SanitizePath removes any leading or trailing things from a "path".
+func SanitizePath(s string) string {
+	return EnsureNoTrailingSlash(EnsureNoLeadingSlash(s))
+}
+
+// EnsureTrailingSlash ensures the given string has a trailing slash.
+func EnsureTrailingSlash(s string) string {
+	s = strings.TrimSpace(s)
+	if s == "" {
+		return ""
+	}
+
+	for len(s) > 0 && s[len(s)-1] != '/' {
+		s = s + "/"
+	}
+	return s
+}
+
+// EnsureNoTrailingSlash ensures the given string does not have a trailing slash.
+func EnsureNoTrailingSlash(s string) string {
+	s = strings.TrimSpace(s)
+	if s == "" {
+		return ""
+	}
+
+	for len(s) > 0 && s[len(s)-1] == '/' {
+		s = s[:len(s)-1]
+	}
+	return s
+}
+
+// EnsureNoLeadingSlash ensures the given string does not have a leading slash.
+func EnsureNoLeadingSlash(s string) string {
+	s = strings.TrimSpace(s)
+	if s == "" {
+		return ""
+	}
+
+	for len(s) > 0 && s[0] == '/' {
+		s = s[1:]
+	}
+	return s
+}
+
+// WrapAtLengthWithPadding wraps the given text at the maxLineLength, taking
+// into account any provided left padding.
+func WrapAtLengthWithPadding(s string, pad int) string {
+	wrapped := text.Wrap(s, maxLineLength-pad)
+	lines := strings.Split(wrapped, "\n")
+	for i, line := range lines {
+		lines[i] = strings.Repeat(" ", pad) + line
+	}
+	return strings.Join(lines, "\n")
+}
+
+// WrapAtLength wraps the given text to maxLineLength.
+func WrapAtLength(s string) string {
+	return WrapAtLengthWithPadding(s, 0)
+}
diff --git a/internal/cli/cli.go b/internal/cli/cli.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"time"
 
-	cli "github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v2"
 
 	"github.com/mvisonneau/vac/internal/cli/flags"
 	"github.com/mvisonneau/vac/internal/cmd"
@@ -34,6 +34,10 @@ func NewApp(version string, start time.Time) (app *cli.App) {
 		flags.LogLevel,
 		flags.Role,
 		flags.State,
+		flags.AuthMethod,
+		flags.AuthMethodArgs,
+		flags.AuthPath,
+		flags.AuthNoStore,
 	}
 
 	app.Action = cmd.ExecWrapper(cmd.Switch)

diff --git a/internal/cli/flags/flags.go b/internal/cli/flags/flags.go
@@ -60,4 +60,30 @@ var (
 		Usage:   "ttl `duration`",
 		Value:   0,
 	}
+
+	AuthMethod = &cli.StringFlag{
+		Name:    "auth-method",
+		EnvVars: []string{"VAC_AUTH_METHOD"},
+		Usage:   "method `name` (token, oidc, write)",
+		Value:   "token",
+	}
+
+	AuthPath = &cli.StringFlag{
+		Name:    "auth-path",
+		EnvVars: []string{"VAC_AUTH_PATH"},
+		Usage:   "remote `path` (token/, oidc/, userpass/)",
+		Value:   "",
+	}
+
+	AuthNoStore = &cli.BoolFlag{
+		Name:    "auth-no-store",
+		EnvVars: []string{"VAC_AUTH_NO_STORE"},
+		Usage:   "prevent storing vault token on disk",
+	}
+
+	AuthMethodArgs = &cli.StringSliceFlag{
+		Name:    "auth-method-args",
+		EnvVars: []string{"VAC_AUTH_METHOD_ARGS"},
+		Usage:   "method `args` `=`(equals sign) delimited (listenaddress=0.0.0.0, port=8250)",
+	}
 )
diff --git a/internal/cmd/get.go b/internal/cmd/get.go
@@ -6,7 +6,7 @@ import (
 	"time"
 
 	log "github.com/sirupsen/logrus"
-	cli "github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v2"
 
 	"github.com/mvisonneau/vac/internal/cli/flags"
 	"github.com/mvisonneau/vac/pkg/client"
@@ -48,7 +48,7 @@ func Get(ctx *cli.Context) (int, error) {
 		return 1, fmt.Errorf("'min-ttl' cannot be longer than 'ttl'")
 	}
 
-	vac, err := client.New()
+	vac, err := client.New(cfg.AuthConfig)
 	if err != nil {
 		return 1, err
 	}

diff --git a/internal/cmd/status.go b/internal/cmd/status.go
@@ -1,12 +1,14 @@
 package cmd
 
 import (
+	"fmt"
 	"os"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/olekukonko/tablewriter"
-	cli "github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v2"
 	"github.com/xeonx/timeago"
 
 	"github.com/mvisonneau/vac/pkg/client"
@@ -20,7 +22,7 @@ func Status(ctx *cli.Context) (int, error) {
 		return 1, err
 	}
 
-	vac, err := client.New()
+	vac, err := client.New(cfg.AuthConfig)
 	if err != nil {
 		return 1, err
 	}
@@ -81,12 +83,39 @@ func Status(ctx *cli.Context) (int, error) {
 		return 1, err
 	}
 
+	// Vault token status
+	secret, err := vac.Auth().Token().LookupSelf()
+	if err != nil {
+		return 1, err
+	}
+
+	tokenId, _ := secret.TokenID()
+	tokenAccessor, _ := secret.TokenAccessor()
+
+	_, err = secret.TokenPolicies()
+	if err != nil {
+		return 1, fmt.Errorf("error accessing token policies: %w", err)
+	}
+	tokenPolicies := strings.Join(secret.Auth.Policies, ", ")
+	tokenTokenPolicies := strings.Join(secret.Auth.TokenPolicies, ", ")
+	tokenIdentityPolicies := strings.Join(secret.Auth.IdentityPolicies, ", ")
+
+	tokenDuration, _ := secret.TokenTTL()
+	tokenRenewable, _ := secret.TokenIsRenewable()
+
 	vaultOutput := [][]string{
 		{"ClusterID", health.ClusterID},
 		{"ClusterName", health.ClusterName},
 		{"Initialized", strconv.FormatBool(health.Initialized)},
 		{"Sealed", strconv.FormatBool(health.Sealed)},
 		{"Version", health.Version},
+		{"ClientToken", tokenId},
+		{"Accessor", tokenAccessor},
+		{"Policies", tokenPolicies},
+		{"TokenPolicies", tokenTokenPolicies},
+		{"IdentityPolicies", tokenIdentityPolicies},
+		{"LeaseDuration", tokenDuration.String()},
+		{"Renewable", strconv.FormatBool(tokenRenewable)},
 	}
 
 	vaultTable := tablewriter.NewWriter(os.Stdout)

diff --git a/internal/cmd/switch.go b/internal/cmd/switch.go
@@ -3,7 +3,7 @@ package cmd
 import (
 	"github.com/ktr0731/go-fuzzyfinder"
 	log "github.com/sirupsen/logrus"
-	cli "github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v2"
 
 	"github.com/mvisonneau/vac/pkg/client"
 	"github.com/mvisonneau/vac/pkg/state"
@@ -16,7 +16,7 @@ func Switch(ctx *cli.Context) (int, error) {
 		return 1, err
 	}
 
-	vac, err := client.New()
+	vac, err := client.New(cfg.AuthConfig)
 	if err != nil {
 		return 1, err
 	}

diff --git a/internal/cmd/utils.go b/internal/cmd/utils.go
@@ -4,14 +4,17 @@ import (
 	"fmt"
 	"time"
 
+	kvbuilder "github.com/hashicorp/go-secure-stdlib/kv-builder"
 	"github.com/hashicorp/vault/sdk/helper/mlock"
 	"github.com/mitchellh/go-homedir"
+	"github.com/mitchellh/mapstructure"
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 	cli "github.com/urfave/cli/v2"
 
 	"github.com/mvisonneau/go-helpers/logger"
 	"github.com/mvisonneau/vac/internal/cli/flags"
+	"github.com/mvisonneau/vac/pkg/client"
 )
 
 var start time.Time
@@ -21,6 +24,37 @@ type Config struct {
 	Engine    string
 	Role      string
 	StatePath string
+
+	*client.AuthConfig
+}
+
+// parseArgsData parses the given args in the format key=value into a map of
+// the provided arguments. The given reader can also supply key=value pairs.
+func parseArgsData(args []string) (map[string]interface{}, error) {
+	builder := &kvbuilder.Builder{}
+	if err := builder.Add(args...); err != nil {
+		return nil, err
+	}
+
+	return builder.Map(), nil
+}
+
+// parseArgsDataString parses the args data and returns the values as strings.
+// If the values cannot be represented as strings, an error is returned.
+func parseArgsDataString(args []string) (map[string]string, error) {
+	raw, err := parseArgsData(args)
+	if err != nil {
+		return nil, err
+	}
+
+	var result map[string]string
+	if err := mapstructure.WeakDecode(raw, &result); err != nil {
+		return nil, errors.Wrap(err, "failed to convert values to strings")
+	}
+	if result == nil {
+		result = make(map[string]string)
+	}
+	return result, nil
 }
 
 func configure(ctx *cli.Context) (*Config, error) {
@@ -38,10 +72,24 @@ func configure(ctx *cli.Context) (*Config, error) {
 		return nil, errors.Wrap(err, "expanding cache path value (go-homedir)")
 	}
 
+	authMethodArgs := flags.AuthMethodArgs.Get(ctx)
+
+	authMethodConfig, err := parseArgsDataString(authMethodArgs)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing auth method args: %s", err)
+	}
+
 	return &Config{
 		Engine:    flags.Engine.Get(ctx),
 		Role:      flags.Role.Get(ctx),
 		StatePath: statePath,
+
+		AuthConfig: &client.AuthConfig{
+			AuthMethod:     flags.AuthMethod.Get(ctx),
+			AuthPath:       flags.AuthPath.Get(ctx),
+			AuthNoStore:    flags.AuthNoStore.Get(ctx),
+			AuthMethodArgs: authMethodConfig,
+		},
 	}, nil
 }
 

diff --git a/internal/cmd/utils_test.go b/internal/cmd/utils_test.go
@@ -7,7 +7,7 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	cli "github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v2"
 )
 
 func NewTestContext() (ctx *cli.Context, flags, globalFlags *flag.FlagSet) {