-
Notifications
You must be signed in to change notification settings - Fork 4.4k
/
agent_tokens.go
134 lines (110 loc) · 3.49 KB
/
agent_tokens.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package agenttokens
import (
"flag"
"fmt"
"io"
"github.com/hashicorp/consul/command/flags"
"github.com/hashicorp/consul/command/helpers"
"github.com/mitchellh/cli"
)
func New(ui cli.Ui) *cmd {
c := &cmd{UI: ui}
c.init()
return c
}
type cmd struct {
UI cli.Ui
flags *flag.FlagSet
http *flags.HTTPFlags
help string
testStdin io.Reader
}
func (c *cmd) init() {
c.flags = flag.NewFlagSet("", flag.ContinueOnError)
c.http = &flags.HTTPFlags{}
flags.Merge(c.flags, c.http.ClientFlags())
flags.Merge(c.flags, c.http.ServerFlags())
c.help = flags.Usage(help, c.flags)
}
func (c *cmd) Run(args []string) int {
if err := c.flags.Parse(args); err != nil {
return 1
}
tokenType, token, err := c.dataFromArgs(c.flags.Args())
if err != nil {
c.UI.Error(fmt.Sprintf("Error! %s", err))
return 1
}
client, err := c.http.APIClient()
if err != nil {
c.UI.Error(fmt.Sprintf("Error connecting to Consul Agent: %s", err))
return 1
}
switch tokenType {
case "default":
_, err = client.Agent().UpdateDefaultACLToken(token, nil)
case "agent":
_, err = client.Agent().UpdateAgentACLToken(token, nil)
case "master":
_, err = client.Agent().UpdateAgentMasterACLToken(token, nil)
case "replication":
_, err = client.Agent().UpdateReplicationACLToken(token, nil)
default:
c.UI.Error(fmt.Sprintf("Unknown token type"))
return 1
}
if err != nil {
c.UI.Error(fmt.Sprintf("Failed to set ACL token %q: %v", tokenType, err))
return 1
}
c.UI.Info(fmt.Sprintf("ACL token %q set successfully", tokenType))
return 0
}
func (c *cmd) dataFromArgs(args []string) (string, string, error) {
switch len(args) {
case 0:
return "", "", fmt.Errorf("Missing TYPE and TOKEN arguments")
case 1:
switch args[0] {
case "default", "agent", "master", "replication":
return "", "", fmt.Errorf("Missing TOKEN argument")
default:
return "", "", fmt.Errorf("MISSING TYPE argument")
}
case 2:
data, err := helpers.LoadDataSource(args[1], c.testStdin)
if err != nil {
return "", "", err
}
return args[0], data, nil
default:
return "", "", fmt.Errorf("Too many arguments: expected 2 got %d", len(args))
}
}
func (c *cmd) Synopsis() string {
return synopsis
}
func (c *cmd) Help() string {
return flags.Usage(c.help, nil)
}
const synopsis = "Assign tokens for the Consul Agent's usage"
const help = `
Usage: consul acl set-agent-token [options] TYPE TOKEN
This command will set the corresponding token for the agent to use.
Note that the tokens uploaded this way are not persisted and if
the agent reloads then the tokens will need to be set again.
Token Types:
default The default token is the token that the agent will use for
both internal agent operations and operations initiated by
the HTTP and DNS interfaces when no specific token is provided.
If not set the agent will use the anonymous token.
agent The token that the agent will use for internal agent operations.
If not given then the default token is used for these operations.
master This sets the token that can be used to access the Agent APIs in
the event that the ACL datacenter cannot be reached.
replication This is the token that the agent will use for replication
operations. This token will need to be configured with read access
to whatever data is being replicated.
Example:
$ consul acl set-agent-token default c4d0f8df-3aba-4ab6-a7a0-35b760dc29a1
`