We use cookies to ensure you get the best experience on our website
탐색 도움말
가입하기 로그인
0ct0pu5
/
moby
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 5d47cb901b
브랜치 태그
moby
/
cli
/
command
/
swarm
/
unlock_key.go

unlock_key.go 2.1 KB
히스토리 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. package swarm
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 

  6. 	"github.com/docker/docker/api/types/swarm"
    7. 

  7. 	"github.com/docker/docker/cli"
    8. 

  8. 	"github.com/docker/docker/cli/command"
    9. 

  9. 	"github.com/pkg/errors"
    10. 

  10. 	"github.com/spf13/cobra"
    11. 

  11. 	"golang.org/x/net/context"
    12. 

  12. )
    13. 

  13. 

  14. type unlockKeyOptions struct {
    15. 

  15. 	rotate bool
    16. 

  16. 	quiet  bool
    17. 

  17. }
    18. 

  18. 

  19. func newUnlockKeyCommand(dockerCli command.Cli) *cobra.Command {
    20. 

  20. 	opts := unlockKeyOptions{}
    21. 

  21. 

  22. 	cmd := &cobra.Command{
    23. 

  23. 		Use:   "unlock-key [OPTIONS]",
    24. 

  24. 		Short: "Manage the unlock key",
    25. 

  25. 		Args:  cli.NoArgs,
    26. 

  26. 		RunE: func(cmd *cobra.Command, args []string) error {
    27. 

  27. 			return runUnlockKey(dockerCli, opts)
    28. 

  28. 		},
    29. 

  29. 	}
    30. 

  30. 

  31. 	flags := cmd.Flags()
    32. 

  32. 	flags.BoolVar(&opts.rotate, flagRotate, false, "Rotate unlock key")
    33. 

  33. 	flags.BoolVarP(&opts.quiet, flagQuiet, "q", false, "Only display token")
    34. 

  34. 

  35. 	return cmd
    36. 

  36. }
    37. 

  37. 

  38. func runUnlockKey(dockerCli command.Cli, opts unlockKeyOptions) error {
    39. 

  39. 	client := dockerCli.Client()
    40. 

  40. 	ctx := context.Background()
    41. 

  41. 

  42. 	if opts.rotate {
    43. 

  43. 		flags := swarm.UpdateFlags{RotateManagerUnlockKey: true}
    44. 

  44. 

  45. 		sw, err := client.SwarmInspect(ctx)
    46. 

  46. 		if err != nil {
    47. 

  47. 			return err
    48. 

  48. 		}
    49. 

  49. 

  50. 		if !sw.Spec.EncryptionConfig.AutoLockManagers {
    51. 

  51. 			return errors.New("cannot rotate because autolock is not turned on")
    52. 

  52. 		}
    53. 

  53. 

  54. 		if err := client.SwarmUpdate(ctx, sw.Version, sw.Spec, flags); err != nil {
    55. 

  55. 			return err
    56. 

  56. 		}
    57. 

  57. 

  58. 		if !opts.quiet {
    59. 

  59. 			fmt.Fprintf(dockerCli.Out(), "Successfully rotated manager unlock key.\n\n")
    60. 

  60. 		}
    61. 

  61. 	}
    62. 

  62. 

  63. 	unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
    64. 

  64. 	if err != nil {
    65. 

  65. 		return errors.Wrap(err, "could not fetch unlock key")
    66. 

  66. 	}
    67. 

  67. 

  68. 	if unlockKeyResp.UnlockKey == "" {
    69. 

  69. 		return errors.New("no unlock key is set")
    70. 

  70. 	}
    71. 

  71. 

  72. 	if opts.quiet {
    73. 

  73. 		fmt.Fprintln(dockerCli.Out(), unlockKeyResp.UnlockKey)
    74. 

  74. 		return nil
    75. 

  75. 	}
    76. 

  76. 

  77. 	printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
    78. 

  78. 	return nil
    79. 

  79. }
    80. 

  80. 

  81. func printUnlockCommand(ctx context.Context, dockerCli command.Cli, unlockKey string) {
    82. 

  82. 	if len(unlockKey) > 0 {
    83. 

  83. 		fmt.Fprintf(dockerCli.Out(), "To unlock a swarm manager after it restarts, run the `docker swarm unlock`\ncommand and provide the following key:\n\n    %s\n\nPlease remember to store this key in a password manager, since without it you\nwill not be able to restart the manager.\n", unlockKey)
    84. 

  84. 	}
    85. 

  85. 	return
    86. 

  86. }
    87.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5