We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: cdb8ea90b0
Branches Tags
moby
/
cli
/
command
/
swarm
/
unlock_key.go

unlock_key.go 2.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. package swarm
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 

  6. 	"github.com/spf13/cobra"
    7. 

  7. 

  8. 	"github.com/docker/docker/api/types/swarm"
    9. 

  9. 	"github.com/docker/docker/cli"
    10. 

  10. 	"github.com/docker/docker/cli/command"
    11. 

  11. 	"github.com/pkg/errors"
    12. 

  12. 	"golang.org/x/net/context"
    13. 

  13. )
    14. 

  14. 

  15. func newUnlockKeyCommand(dockerCli *command.DockerCli) *cobra.Command {
    16. 

  16. 	var rotate, quiet bool
    17. 

  17. 

  18. 	cmd := &cobra.Command{
    19. 

  19. 		Use:   "unlock-key [OPTIONS]",
    20. 

  20. 		Short: "Manage the unlock key",
    21. 

  21. 		Args:  cli.NoArgs,
    22. 

  22. 		RunE: func(cmd *cobra.Command, args []string) error {
    23. 

  23. 			client := dockerCli.Client()
    24. 

  24. 			ctx := context.Background()
    25. 

  25. 

  26. 			if rotate {
    27. 

  27. 				flags := swarm.UpdateFlags{RotateManagerUnlockKey: true}
    28. 

  28. 

  29. 				swarm, err := client.SwarmInspect(ctx)
    30. 

  30. 				if err != nil {
    31. 

  31. 					return err
    32. 

  32. 				}
    33. 

  33. 

  34. 				if !swarm.Spec.EncryptionConfig.AutoLockManagers {
    35. 

  35. 					return errors.New("cannot rotate because autolock is not turned on")
    36. 

  36. 				}
    37. 

  37. 

  38. 				err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, flags)
    39. 

  39. 				if err != nil {
    40. 

  40. 					return err
    41. 

  41. 				}
    42. 

  42. 				if !quiet {
    43. 

  43. 					fmt.Fprintf(dockerCli.Out(), "Successfully rotated manager unlock key.\n\n")
    44. 

  44. 				}
    45. 

  45. 			}
    46. 

  46. 

  47. 			unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
    48. 

  48. 			if err != nil {
    49. 

  49. 				return errors.Wrap(err, "could not fetch unlock key")
    50. 

  50. 			}
    51. 

  51. 

  52. 			if unlockKeyResp.UnlockKey == "" {
    53. 

  53. 				return errors.New("no unlock key is set")
    54. 

  54. 			}
    55. 

  55. 

  56. 			if quiet {
    57. 

  57. 				fmt.Fprintln(dockerCli.Out(), unlockKeyResp.UnlockKey)
    58. 

  58. 			} else {
    59. 

  59. 				printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
    60. 

  60. 			}
    61. 

  61. 			return nil
    62. 

  62. 		},
    63. 

  63. 	}
    64. 

  64. 

  65. 	flags := cmd.Flags()
    66. 

  66. 	flags.BoolVar(&rotate, flagRotate, false, "Rotate unlock key")
    67. 

  67. 	flags.BoolVarP(&quiet, flagQuiet, "q", false, "Only display token")
    68. 

  68. 

  69. 	return cmd
    70. 

  70. }
    71. 

  71. 

  72. func printUnlockCommand(ctx context.Context, dockerCli *command.DockerCli, unlockKey string) {
    73. 

  73. 	if len(unlockKey) == 0 {
    74. 

  74. 		return
    75. 

  75. 	}
    76. 

  76. 

  77. 	fmt.Fprintf(dockerCli.Out(), "To unlock a swarm manager after it restarts, run the `docker swarm unlock`\ncommand and provide the following key:\n\n    %s\n\nPlease remember to store this key in a password manager, since without it you\nwill not be able to restart the manager.\n", unlockKey)
    78. 

  78. 	return
    79. 

  79. }
    80.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5