Add -token-sink-file flag to acl-init

This will write the token to file.
hashicorp · Mar 11, 2020 · 99205be · 99205be
1 parent 19f8701
commit 99205be
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/subcommand/acl-init/command.go b/subcommand/acl-init/command.go
@@ -28,6 +28,7 @@ type Command struct {
 	flagInitType   string
 	flagNamespace  string
 	flagACLDir     string
+	flagTokenSinkFile string
 
 	k8sClient *kubernetes.Clientset
 
@@ -45,6 +46,8 @@ func (c *Command) init() {
 		"Name of Kubernetes namespace where the servers are deployed")
 	c.flags.StringVar(&c.flagACLDir, "acl-dir", "/consul/aclconfig",
 		"Directory name of shared volume where acl config will be output")
+	c.flags.StringVar(&c.flagTokenSinkFile, "token-sink-file", "",
+		"Filepath to write acl token to when -init-type is sync")
 
 	c.k8s = &k8sflags.K8SFlags{}
 	flags.Merge(c.flags, c.k8s.Flags())
@@ -107,6 +110,14 @@ func (c *Command) Run(args []string) int {
 		}
 	}
 
+	if c.flagInitType == "sync" && c.flagTokenSinkFile != "" {
+		err = ioutil.WriteFile(c.flagTokenSinkFile, []byte(secret), 0400)
+		if err != nil {
+			c.UI.Error(fmt.Sprintf("Error writing token to file %q: %s", c.flagTokenSinkFile, err))
+			return 1
+		}
+	}
+
 	return 0
 }