diff --git a/command/agent/agent.go b/command/agent/agent.go index 9caf815474..456415f964 100644 --- a/command/agent/agent.go +++ b/command/agent/agent.go @@ -796,3 +796,22 @@ func (a *Agent) UseKeyLAN(key string) (*serf.KeyResponse, error) { km := a.client.KeyManagerLAN() return km.UseKey(key) } + +// RemoveKeyWAN removes a WAN gossip encryption key on server nodes +func (a *Agent) RemoveKeyWAN(key string) (*serf.KeyResponse, error) { + if a.server != nil { + km := a.server.KeyManagerWAN() + return km.RemoveKey(key) + } + return nil, fmt.Errorf("WAN keyring not available on client node") +} + +// RemoveKeyLAN removes a LAN gossip encryption key on all nodes +func (a *Agent) RemoveKeyLAN(key string) (*serf.KeyResponse, error) { + if a.server != nil { + km := a.server.KeyManagerLAN() + return km.RemoveKey(key) + } + km := a.client.KeyManagerLAN() + return km.RemoveKey(key) +} diff --git a/command/agent/rpc.go b/command/agent/rpc.go index 6c33a13d66..2382bee488 100644 --- a/command/agent/rpc.go +++ b/command/agent/rpc.go @@ -402,13 +402,8 @@ func (i *AgentRPC) handleRequest(client *rpcClient, reqHeader *requestHeader) er case useKeyLANCommand, useKeyWANCommand: return i.handleGossipKeyChange(client, seq, command) - /* - case removeKeyLANCommand: - return i.handleRemoveKeyLAN(client, seq) - - case removeKeyWANCommand: - return i.handleRemoveKeyWAN(client, seq) - */ + case removeKeyLANCommand, removeKeyWANCommand: + return i.handleGossipKeyChange(client, seq, command) default: respHeader := responseHeader{Seq: seq, Error: unsupportedCommand} @@ -666,6 +661,10 @@ func (i *AgentRPC) handleGossipKeyChange(client *rpcClient, seq uint64, cmd stri queryResp, err = i.agent.UseKeyWAN(req.Key) case useKeyLANCommand: queryResp, err = i.agent.UseKeyLAN(req.Key) + case removeKeyWANCommand: + queryResp, err = i.agent.RemoveKeyWAN(req.Key) + case removeKeyLANCommand: + queryResp, err = i.agent.RemoveKeyLAN(req.Key) } header := responseHeader{ diff --git a/command/agent/rpc_client.go b/command/agent/rpc_client.go index 5fe988b20a..5d82dc8fa8 100644 --- a/command/agent/rpc_client.go +++ b/command/agent/rpc_client.go @@ -214,6 +214,14 @@ func (c *RPCClient) UseKeyLAN(key string) (map[string]string, error) { return c.changeGossipKey(key, useKeyLANCommand) } +func (c *RPCClient) RemoveKeyWAN(key string) (map[string]string, error) { + return c.changeGossipKey(key, removeKeyWANCommand) +} + +func (c *RPCClient) RemoveKeyLAN(key string) (map[string]string, error) { + return c.changeGossipKey(key, removeKeyLANCommand) +} + func (c *RPCClient) changeGossipKey(key, cmd string) (map[string]string, error) { header := requestHeader{ Command: cmd, diff --git a/command/keys.go b/command/keys.go index e555517ea7..b998535763 100644 --- a/command/keys.go +++ b/command/keys.go @@ -149,11 +149,31 @@ func (c *KeysCommand) Run(args []string) int { } c.Ui.Info("Successfully changed primary key!") - return 0 } if removeKey != "" { + if wan { + c.Ui.Info("Removing key from WAN members...") + failures, err = client.RemoveKeyWAN(removeKey) + } else { + c.Ui.Info("Removing key from LAN members...") + failures, err = client.RemoveKeyLAN(removeKey) + } + + if err != nil { + if len(failures) > 0 { + for node, msg := range failures { + out = append(out, fmt.Sprintf("failed: %s | %s", node, msg)) + } + c.Ui.Error(columnize.SimpleFormat(out)) + } + c.Ui.Error("") + c.Ui.Error(fmt.Sprintf("Error removing key: %s", err)) + return 1 + } + + c.Ui.Info("Successfully removed key!") return 0 }