DockerCLI/cli/command/swarm/unlock_key.go

package swarm

import (
	"fmt"

	"github.com/docker/cli/cli"
	"github.com/docker/cli/cli/command"
	"github.com/docker/docker/api/types/swarm"
	"github.com/pkg/errors"
	"github.com/spf13/cobra"
	"golang.org/x/net/context"
)

type unlockKeyOptions struct {
	rotate bool
	quiet  bool
}

func newUnlockKeyCommand(dockerCli command.Cli) *cobra.Command {
	opts := unlockKeyOptions{}

	cmd := &cobra.Command{
		Use:   "unlock-key [OPTIONS]",
		Short: "Manage the unlock key",
		Args:  cli.NoArgs,
		RunE: func(cmd *cobra.Command, args []string) error {
			return runUnlockKey(dockerCli, opts)
		},
	}

	flags := cmd.Flags()
	flags.BoolVar(&opts.rotate, flagRotate, false, "Rotate unlock key")
	flags.BoolVarP(&opts.quiet, flagQuiet, "q", false, "Only display token")

	return cmd
}

func runUnlockKey(dockerCli command.Cli, opts unlockKeyOptions) error {
	client := dockerCli.Client()
	ctx := context.Background()

	if opts.rotate {
		flags := swarm.UpdateFlags{RotateManagerUnlockKey: true}

		sw, err := client.SwarmInspect(ctx)
		if err != nil {
			return err
		}

		if !sw.Spec.EncryptionConfig.AutoLockManagers {
			return errors.New("cannot rotate because autolock is not turned on")
		}

		if err := client.SwarmUpdate(ctx, sw.Version, sw.Spec, flags); err != nil {
			return err
		}

		if !opts.quiet {
			fmt.Fprintf(dockerCli.Out(), "Successfully rotated manager unlock key.\n\n")
		}
	}

	unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
	if err != nil {
		return errors.Wrap(err, "could not fetch unlock key")
	}

	if unlockKeyResp.UnlockKey == "" {
		return errors.New("no unlock key is set")
	}

	if opts.quiet {
		fmt.Fprintln(dockerCli.Out(), unlockKeyResp.UnlockKey)
		return nil
	}

	printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
	return nil
}

func printUnlockCommand(ctx context.Context, dockerCli command.Cli, unlockKey string) {
	if len(unlockKey) > 0 {
		fmt.Fprintf(dockerCli.Out(), "To unlock a swarm manager after it restarts, run the `docker swarm unlock`\ncommand and provide the following key:\n\n    %s\n\nPlease remember to store this key in a password manager, since without it you\nwill not be able to restart the manager.\n", unlockKey)
	}
	return
}
Revise swarm init/update flags, add unlocking capability - Neither swarm init or swarm update should take an unlock key - Add an autolock flag to turn on autolock - Make the necessary docker api changes - Add SwarmGetUnlockKey API call and use it when turning on autolock - Add swarm unlock-key subcommand Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2016-10-27 21:50:49 -04:00			`package swarm`

			`import (`
			`"fmt"`

Update imports. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2017-04-17 18:07:56 -04:00			`"github.com/docker/cli/cli"`
			`"github.com/docker/cli/cli/command"`
Add unlock key rotation Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2016-10-28 19:35:49 -04:00			`"github.com/docker/docker/api/types/swarm"`
Revise swarm init/update flags, add unlocking capability - Neither swarm init or swarm update should take an unlock key - Add an autolock flag to turn on autolock - Make the necessary docker api changes - Add SwarmGetUnlockKey API call and use it when turning on autolock - Add swarm unlock-key subcommand Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2016-10-27 21:50:49 -04:00			`"github.com/pkg/errors"`
Add some unit tests to the node and swarm cli code Start work on adding unit tests to our cli code in order to have to write less costly integration test. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2016-12-25 16:23:35 -05:00			`"github.com/spf13/cobra"`
Revise swarm init/update flags, add unlocking capability - Neither swarm init or swarm update should take an unlock key - Add an autolock flag to turn on autolock - Make the necessary docker api changes - Add SwarmGetUnlockKey API call and use it when turning on autolock - Add swarm unlock-key subcommand Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2016-10-27 21:50:49 -04:00			`"golang.org/x/net/context"`
			`)`

split function out of command description scope Signed-off-by: allencloud <allen.sun@daocloud.io> 2016-11-21 05:22:22 -05:00			`type unlockKeyOptions struct {`
			`rotate bool`
			`quiet bool`
			`}`

Add some unit tests to the node and swarm cli code Start work on adding unit tests to our cli code in order to have to write less costly integration test. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2016-12-25 16:23:35 -05:00			`func newUnlockKeyCommand(dockerCli command.Cli) *cobra.Command {`
split function out of command description scope Signed-off-by: allencloud <allen.sun@daocloud.io> 2016-11-21 05:22:22 -05:00			`opts := unlockKeyOptions{}`
Revise swarm init/update flags, add unlocking capability - Neither swarm init or swarm update should take an unlock key - Add an autolock flag to turn on autolock - Make the necessary docker api changes - Add SwarmGetUnlockKey API call and use it when turning on autolock - Add swarm unlock-key subcommand Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2016-10-27 21:50:49 -04:00
			`cmd := &cobra.Command{`
			`Use: "unlock-key [OPTIONS]",`
			`Short: "Manage the unlock key",`
			`Args: cli.NoArgs,`
			`RunE: func(cmd *cobra.Command, args []string) error {`
split function out of command description scope Signed-off-by: allencloud <allen.sun@daocloud.io> 2016-11-21 05:22:22 -05:00			`return runUnlockKey(dockerCli, opts)`
Revise swarm init/update flags, add unlocking capability - Neither swarm init or swarm update should take an unlock key - Add an autolock flag to turn on autolock - Make the necessary docker api changes - Add SwarmGetUnlockKey API call and use it when turning on autolock - Add swarm unlock-key subcommand Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2016-10-27 21:50:49 -04:00			`},`
			`}`

			`flags := cmd.Flags()`
split function out of command description scope Signed-off-by: allencloud <allen.sun@daocloud.io> 2016-11-21 05:22:22 -05:00			`flags.BoolVar(&opts.rotate, flagRotate, false, "Rotate unlock key")`
			`flags.BoolVarP(&opts.quiet, flagQuiet, "q", false, "Only display token")`
Revise swarm init/update flags, add unlocking capability - Neither swarm init or swarm update should take an unlock key - Add an autolock flag to turn on autolock - Make the necessary docker api changes - Add SwarmGetUnlockKey API call and use it when turning on autolock - Add swarm unlock-key subcommand Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2016-10-27 21:50:49 -04:00
			`return cmd`
			`}`

Add some unit tests to the node and swarm cli code Start work on adding unit tests to our cli code in order to have to write less costly integration test. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2016-12-25 16:23:35 -05:00			`func runUnlockKey(dockerCli command.Cli, opts unlockKeyOptions) error {`
split function out of command description scope Signed-off-by: allencloud <allen.sun@daocloud.io> 2016-11-21 05:22:22 -05:00			`client := dockerCli.Client()`
			`ctx := context.Background()`

			`if opts.rotate {`
			`flags := swarm.UpdateFlags{RotateManagerUnlockKey: true}`

			`sw, err := client.SwarmInspect(ctx)`
			`if err != nil {`
			`return err`
			`}`

			`if !sw.Spec.EncryptionConfig.AutoLockManagers {`
			`return errors.New("cannot rotate because autolock is not turned on")`
			`}`

			`if err := client.SwarmUpdate(ctx, sw.Version, sw.Spec, flags); err != nil {`
			`return err`
			`}`

			`if !opts.quiet {`
			`fmt.Fprintf(dockerCli.Out(), "Successfully rotated manager unlock key.\n\n")`
			`}`
			`}`

			`unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)`
			`if err != nil {`
			`return errors.Wrap(err, "could not fetch unlock key")`
			`}`

			`if unlockKeyResp.UnlockKey == "" {`
			`return errors.New("no unlock key is set")`
			`}`

			`if opts.quiet {`
			`fmt.Fprintln(dockerCli.Out(), unlockKeyResp.UnlockKey)`
			`return nil`
Revise swarm init/update flags, add unlocking capability - Neither swarm init or swarm update should take an unlock key - Add an autolock flag to turn on autolock - Make the necessary docker api changes - Add SwarmGetUnlockKey API call and use it when turning on autolock - Add swarm unlock-key subcommand Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2016-10-27 21:50:49 -04:00			`}`

split function out of command description scope Signed-off-by: allencloud <allen.sun@daocloud.io> 2016-11-21 05:22:22 -05:00			`printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)`
			`return nil`
			`}`

Add some unit tests to the node and swarm cli code Start work on adding unit tests to our cli code in order to have to write less costly integration test. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2016-12-25 16:23:35 -05:00			`func printUnlockCommand(ctx context.Context, dockerCli command.Cli, unlockKey string) {`
split function out of command description scope Signed-off-by: allencloud <allen.sun@daocloud.io> 2016-11-21 05:22:22 -05:00			`if len(unlockKey) > 0 {`
			fmt.Fprintf(dockerCli.Out(), "To unlock a swarm manager after it restarts, run the `docker swarm unlock`\ncommand and provide the following key:\n\n %s\n\nPlease remember to store this key in a password manager, since without it you\nwill not be able to restart the manager.\n", unlockKey)
			`}`
Revise swarm init/update flags, add unlocking capability - Neither swarm init or swarm update should take an unlock key - Add an autolock flag to turn on autolock - Make the necessary docker api changes - Add SwarmGetUnlockKey API call and use it when turning on autolock - Add swarm unlock-key subcommand Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2016-10-27 21:50:49 -04:00			`return`
			`}`