Table Of Contents

Previous topic

SFLvaultClient object

Next topic

SFLvaultAccess object

This Page

SFLvaultCommand object

The SFLvaultCommand object is invoked by the shell manager, or when executing sflvault on the command line. All methods of the object will be used to generate help, and will parse command-line arguments on it’s own.

Note

To learn more of the security impact of these functions, please check sflvault.lib.vault.SFLvaultAccess which is the piece of code that does the actual work. This class only wraps calls to that library (directly by importing the Python class, or over the network via XML-RPC)

class sflvault.client.SFLvaultCommand(config=None, vault=None, parser=None)

Parse command line arguments, and call SFLvault commands on them.

Each method of this object are SFLvault commands. They are called when you run sflvault connect s#1 on the command line, or when you run connect s#1 from within the shell.

Create a SFLvaultCommand object

Parameters:
  • config – config filename to use, required if no vault specified
  • vault – an existing SFLvaultClient object, otherwise it will be created, using specified config
  • parser – an option parser, otherwise it will be created (recommended)
alias()

Set an alias, local shortcut to VaultIDs (s#123, m#87, etc..)

List, view or set an alias.

connect()

Connect to a remote SSH host, sending password on the way.

VaultID - service ID as ‘s#123’, ‘123’, or alias pointing to a service
ID.
customer_add()

Add a new customer.

customer_del()

Delete an existing customer, it’s machines and all services.

Make sure you have detached all services’ childs before removing a customer with machines which has services that are parents to other services.

customer_edit()

Edit customer informations.

customer_list()

List existing customers.

This option takes no argument, it just lists customers with their IDs.

group_add()

Add a group to the vault

This command accepts a group name (as string) as first and only parameter.

group_add_service()

Add a service to a group, doing necessary re-encryption

group_add_user()

Add a user to a group, doing necessary re-encryption

group_del()

Remove a group from the vault

For this to be successful, the group must have no more services associated with it.

group_del_service()

Remove a service from a group

group_del_user()

Remove a user from a group

group_edit()

Edit Group informations

group_list()

List existing groups.

help(cmd=None, error=None)

Print this help.

You can use:

help [command]

to get further help for command.

machine_add()

Add a new machine.

machine_del()

Delete an existing machine, including all services.

Make sure you have detached all services’ childs before removing a machine which has services that are parents to other services.

machine_edit()

Edit machine informations.

machine_list()

List existing machines.

This command will list all machines in the vault’s database.

search()

Search the vault for the specified keywords.

service_add()

Add a service to a particular machine.

The secret/password/authentication key will be asked in the interactive prompt.

Note : Passwords will never be taken from the URL when invoked on the
command-line, to prevent sensitive information being held in history.
service_del()

Delete an existing service. Make sure you have detached all childs before removing a parent service.

service_edit()

Edit service informations.

service_passwd()

Change the password for a service.

Do not specify password on command line, it will be asked on the next line.

show()

Show informations to connect to a particular service.

VaultID - service ID as ‘s#123’, ‘123’, or alias pointing to a service
ID.
user_add()

Add a user to the vault.

user_del()

Delete an existing user.

user_list()

List existing users.

This option takes no argument, it lists the current users and their privileges.

user_passwd()

Change the passphrase protecting your local private key

user_setup()

Setup a new user on the vault.

Call this after an admin has called user-add on the vault.

Arguments:

username: the username used in the user-add call.

vault_url: the URL (http://example.org:port/vault/rpc) to the vault.

wallet()

Put your SFLvault password in a wallet

SFLvaultShell object

This shell object wraps multiple SFLvaultCommand objects in a shell-like command-line prompt.

class sflvault.client.SFLvaultShell(config, vault=None)
exit()

Exit command, only available in the shell

quit()

Quit command, only available in the shell