Unverified Commit a8e7e287 authored by Derek Nola's avatar Derek Nola Committed by GitHub

Add `--json` flag for `k3s secrets-encrypt status` (#5127) (#5199)

* Add json flag for secrets-encrypt status Signed-off-by: 's avatarDerek Nola <derek.nola@suse.com>
parent b2222d0f
...@@ -38,7 +38,11 @@ func NewSecretsEncryptSubcommands(status, enable, disable, prepare, rotate, reen ...@@ -38,7 +38,11 @@ func NewSecretsEncryptSubcommands(status, enable, disable, prepare, rotate, reen
SkipFlagParsing: false, SkipFlagParsing: false,
SkipArgReorder: true, SkipArgReorder: true,
Action: status, Action: status,
Flags: EncryptFlags, Flags: append(EncryptFlags, &cli.StringFlag{
Name: "output,o",
Usage: "Status format. Default: text. Optional: json",
Destination: &ServerConfig.EncryptOutput,
}),
}, },
{ {
Name: "enable", Name: "enable",
......
...@@ -75,6 +75,7 @@ type Server struct { ...@@ -75,6 +75,7 @@ type Server struct {
ClusterResetRestorePath string ClusterResetRestorePath string
EncryptSecrets bool EncryptSecrets bool
EncryptForce bool EncryptForce bool
EncryptOutput string
EncryptSkip bool EncryptSkip bool
SystemDefaultRegistry string SystemDefaultRegistry string
StartupHooks []StartupHook StartupHooks []StartupHook
......
...@@ -7,12 +7,12 @@ import ( ...@@ -7,12 +7,12 @@ import (
"io/ioutil" "io/ioutil"
"os" "os"
"path/filepath" "path/filepath"
"strings"
"text/tabwriter" "text/tabwriter"
"github.com/erikdubbelboer/gspt" "github.com/erikdubbelboer/gspt"
"github.com/rancher/k3s/pkg/cli/cmds" "github.com/rancher/k3s/pkg/cli/cmds"
"github.com/rancher/k3s/pkg/clientaccess" "github.com/rancher/k3s/pkg/clientaccess"
"github.com/rancher/k3s/pkg/daemons/config"
"github.com/rancher/k3s/pkg/secretsencrypt" "github.com/rancher/k3s/pkg/secretsencrypt"
"github.com/rancher/k3s/pkg/server" "github.com/rancher/k3s/pkg/server"
"github.com/rancher/k3s/pkg/version" "github.com/rancher/k3s/pkg/version"
...@@ -20,35 +20,25 @@ import ( ...@@ -20,35 +20,25 @@ import (
"k8s.io/utils/pointer" "k8s.io/utils/pointer"
) )
func commandPrep(app *cli.Context, cfg *cmds.Server) (config.Control, *clientaccess.Info, error) { func commandPrep(app *cli.Context, cfg *cmds.Server) (*clientaccess.Info, error) {
var controlConfig config.Control
var err error
// hide process arguments from ps output, since they may contain // hide process arguments from ps output, since they may contain
// database credentials or other secrets. // database credentials or other secrets.
gspt.SetProcTitle(os.Args[0] + " secrets-encrypt") gspt.SetProcTitle(os.Args[0] + " secrets-encrypt")
controlConfig.DataDir, err = server.ResolveDataDir(cfg.DataDir) dataDir, err := server.ResolveDataDir(cfg.DataDir)
if err != nil { if err != nil {
return controlConfig, nil, err return nil, err
} }
if cfg.Token == "" { if cfg.Token == "" {
fp := filepath.Join(controlConfig.DataDir, "token") fp := filepath.Join(dataDir, "token")
tokenByte, err := ioutil.ReadFile(fp) tokenByte, err := ioutil.ReadFile(fp)
if err != nil { if err != nil {
return controlConfig, nil, err return nil, err
} }
controlConfig.Token = string(bytes.TrimRight(tokenByte, "\n")) cfg.Token = string(bytes.TrimRight(tokenByte, "\n"))
} else {
controlConfig.Token = cfg.Token
} }
controlConfig.EncryptForce = cfg.EncryptForce return clientaccess.ParseAndValidateTokenForUser(cmds.ServerConfig.ServerURL, cfg.Token, "server")
controlConfig.EncryptSkip = cfg.EncryptSkip
info, err := clientaccess.ParseAndValidateTokenForUser(cmds.ServerConfig.ServerURL, controlConfig.Token, "server")
if err != nil {
return controlConfig, nil, err
}
return controlConfig, info, nil
} }
func Enable(app *cli.Context) error { func Enable(app *cli.Context) error {
...@@ -56,7 +46,7 @@ func Enable(app *cli.Context) error { ...@@ -56,7 +46,7 @@ func Enable(app *cli.Context) error {
if err = cmds.InitLogging(); err != nil { if err = cmds.InitLogging(); err != nil {
return err return err
} }
_, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
...@@ -76,7 +66,7 @@ func Disable(app *cli.Context) error { ...@@ -76,7 +66,7 @@ func Disable(app *cli.Context) error {
if err := cmds.InitLogging(); err != nil { if err := cmds.InitLogging(); err != nil {
return err return err
} }
_, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
...@@ -95,7 +85,7 @@ func Status(app *cli.Context) error { ...@@ -95,7 +85,7 @@ func Status(app *cli.Context) error {
if err := cmds.InitLogging(); err != nil { if err := cmds.InitLogging(); err != nil {
return err return err
} }
_, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
...@@ -108,6 +98,15 @@ func Status(app *cli.Context) error { ...@@ -108,6 +98,15 @@ func Status(app *cli.Context) error {
return err return err
} }
if strings.ToLower(cmds.ServerConfig.EncryptOutput) == "json" {
json, err := json.MarshalIndent(status, "", "\t")
if err != nil {
return err
}
fmt.Println(string(json))
return nil
}
if status.Enable == nil { if status.Enable == nil {
fmt.Println("Encryption Status: Disabled, no configuration file found") fmt.Println("Encryption Status: Disabled, no configuration file found")
return nil return nil
...@@ -148,13 +147,13 @@ func Prepare(app *cli.Context) error { ...@@ -148,13 +147,13 @@ func Prepare(app *cli.Context) error {
if err = cmds.InitLogging(); err != nil { if err = cmds.InitLogging(); err != nil {
return err return err
} }
controlConfig, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
b, err := json.Marshal(server.EncryptionRequest{ b, err := json.Marshal(server.EncryptionRequest{
Stage: pointer.StringPtr(secretsencrypt.EncryptionPrepare), Stage: pointer.StringPtr(secretsencrypt.EncryptionPrepare),
Force: controlConfig.EncryptForce, Force: cmds.ServerConfig.EncryptForce,
}) })
if err != nil { if err != nil {
return err return err
...@@ -170,13 +169,13 @@ func Rotate(app *cli.Context) error { ...@@ -170,13 +169,13 @@ func Rotate(app *cli.Context) error {
if err := cmds.InitLogging(); err != nil { if err := cmds.InitLogging(); err != nil {
return err return err
} }
controlConfig, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
b, err := json.Marshal(server.EncryptionRequest{ b, err := json.Marshal(server.EncryptionRequest{
Stage: pointer.StringPtr(secretsencrypt.EncryptionRotate), Stage: pointer.StringPtr(secretsencrypt.EncryptionRotate),
Force: controlConfig.EncryptForce, Force: cmds.ServerConfig.EncryptForce,
}) })
if err != nil { if err != nil {
return err return err
...@@ -193,14 +192,14 @@ func Reencrypt(app *cli.Context) error { ...@@ -193,14 +192,14 @@ func Reencrypt(app *cli.Context) error {
if err = cmds.InitLogging(); err != nil { if err = cmds.InitLogging(); err != nil {
return err return err
} }
controlConfig, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
b, err := json.Marshal(server.EncryptionRequest{ b, err := json.Marshal(server.EncryptionRequest{
Stage: pointer.StringPtr(secretsencrypt.EncryptionReencryptActive), Stage: pointer.StringPtr(secretsencrypt.EncryptionReencryptActive),
Force: controlConfig.EncryptForce, Force: cmds.ServerConfig.EncryptForce,
Skip: controlConfig.EncryptSkip, Skip: cmds.ServerConfig.EncryptSkip,
}) })
if err != nil { if err != nil {
return err return err
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment