Add Namespace support to the API module and the CLI commands

agent/acl_endpoint.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/lib"
 )
 
 // aclCreateResponse is used to wrap the ACL ID
@@ -186,7 +187,9 @@ func (s *HTTPServer) ACLPolicyList(resp http.ResponseWriter, req *http.Request)
 	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
 		return nil, nil
 	}
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	if args.Datacenter == "" {
 		args.Datacenter = s.agent.config.Datacenter
@@ -244,7 +247,9 @@ func (s *HTTPServer) ACLPolicyRead(resp http.ResponseWriter, req *http.Request,
 		return nil, nil
 	}
 
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	if args.Datacenter == "" {
 		args.Datacenter = s.agent.config.Datacenter
@@ -281,9 +286,11 @@ func (s *HTTPServer) aclPolicyWriteInternal(resp http.ResponseWriter, req *http.
 		Datacenter: s.agent.config.Datacenter,
 	}
 	s.parseToken(req, &args.Token)
-	s.parseEntMeta(req, &args.Policy.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.Policy.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
-	if err := decodeBody(req.Body, &args.Policy); err != nil {
+	if err := s.rewordUnknownEnterpriseFieldError(lib.DecodeJSON(req.Body, &args.Policy)); err != nil {
 		return nil, BadRequestError{Reason: fmt.Sprintf("Policy decoding failed: %v", err)}
 	}
 
@@ -315,7 +322,9 @@ func (s *HTTPServer) ACLPolicyDelete(resp http.ResponseWriter, req *http.Request
 		PolicyID:   policyID,
 	}
 	s.parseToken(req, &args.Token)
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	var ignored string
 	if err := s.agent.RPC("ACL.PolicyDelete", args, &ignored); err != nil {
@@ -338,7 +347,9 @@ func (s *HTTPServer) ACLTokenList(resp http.ResponseWriter, req *http.Request) (
 		return nil, nil
 	}
 
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	if args.Datacenter == "" {
 		args.Datacenter = s.agent.config.Datacenter
@@ -442,7 +453,9 @@ func (s *HTTPServer) ACLTokenGet(resp http.ResponseWriter, req *http.Request, to
 		return nil, nil
 	}
 
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	if args.Datacenter == "" {
 		args.Datacenter = s.agent.config.Datacenter
@@ -471,9 +484,11 @@ func (s *HTTPServer) aclTokenSetInternal(resp http.ResponseWriter, req *http.Req
 		Create:     create,
 	}
 	s.parseToken(req, &args.Token)
-	s.parseEntMeta(req, &args.ACLToken.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.ACLToken.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
-	if err := decodeBody(req.Body, &args.ACLToken); err != nil {
+	if err := s.rewordUnknownEnterpriseFieldError(lib.DecodeJSON(req.Body, &args.ACLToken)); err != nil {
 		return nil, BadRequestError{Reason: fmt.Sprintf("Token decoding failed: %v", err)}
 	}
 
@@ -499,7 +514,9 @@ func (s *HTTPServer) ACLTokenDelete(resp http.ResponseWriter, req *http.Request,
 		TokenID:    tokenID,
 	}
 	s.parseToken(req, &args.Token)
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	var ignored string
 	if err := s.agent.RPC("ACL.TokenDelete", args, &ignored); err != nil {
@@ -518,8 +535,10 @@ func (s *HTTPServer) ACLTokenClone(resp http.ResponseWriter, req *http.Request,
 		Create:     true,
 	}
 
-	s.parseEntMeta(req, &args.ACLToken.EnterpriseMeta)
-	if err := decodeBody(req.Body, &args.ACLToken); err != nil {
+	if err := s.parseEntMeta(req, &args.ACLToken.EnterpriseMeta); err != nil {
+		return nil, err
+	}
+	if err := s.rewordUnknownEnterpriseFieldError(lib.DecodeJSON(req.Body, &args.ACLToken)); err != nil {
 		return nil, BadRequestError{Reason: fmt.Sprintf("Token decoding failed: %v", err)}
 	}
 	s.parseToken(req, &args.Token)
@@ -544,7 +563,9 @@ func (s *HTTPServer) ACLRoleList(resp http.ResponseWriter, req *http.Request) (i
 	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
 		return nil, nil
 	}
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	if args.Datacenter == "" {
 		args.Datacenter = s.agent.config.Datacenter
@@ -621,7 +642,9 @@ func (s *HTTPServer) ACLRoleRead(resp http.ResponseWriter, req *http.Request, ro
 	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
 		return nil, nil
 	}
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	if args.Datacenter == "" {
 		args.Datacenter = s.agent.config.Datacenter
@@ -654,9 +677,11 @@ func (s *HTTPServer) ACLRoleWrite(resp http.ResponseWriter, req *http.Request, r
 		Datacenter: s.agent.config.Datacenter,
 	}
 	s.parseToken(req, &args.Token)
-	s.parseEntMeta(req, &args.Role.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.Role.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
-	if err := decodeBody(req.Body, &args.Role); err != nil {
+	if err := s.rewordUnknownEnterpriseFieldError(lib.DecodeJSON(req.Body, &args.Role)); err != nil {
 		return nil, BadRequestError{Reason: fmt.Sprintf("Role decoding failed: %v", err)}
 	}
 
@@ -680,7 +705,9 @@ func (s *HTTPServer) ACLRoleDelete(resp http.ResponseWriter, req *http.Request,
 		RoleID:     roleID,
 	}
 	s.parseToken(req, &args.Token)
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	var ignored string
 	if err := s.agent.RPC("ACL.RoleDelete", args, &ignored); err != nil {
@@ -700,7 +727,9 @@ func (s *HTTPServer) ACLBindingRuleList(resp http.ResponseWriter, req *http.Requ
 		return nil, nil
 	}
 
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	if args.Datacenter == "" {
 		args.Datacenter = s.agent.config.Datacenter
@@ -760,7 +789,9 @@ func (s *HTTPServer) ACLBindingRuleRead(resp http.ResponseWriter, req *http.Requ
 		return nil, nil
 	}
 
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	if args.Datacenter == "" {
 		args.Datacenter = s.agent.config.Datacenter
@@ -793,9 +824,11 @@ func (s *HTTPServer) ACLBindingRuleWrite(resp http.ResponseWriter, req *http.Req
 		Datacenter: s.agent.config.Datacenter,
 	}
 	s.parseToken(req, &args.Token)
-	s.parseEntMeta(req, &args.BindingRule.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.BindingRule.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
-	if err := decodeBody(req.Body, &args.BindingRule); err != nil {
+	if err := s.rewordUnknownEnterpriseFieldError(lib.DecodeJSON(req.Body, &args.BindingRule)); err != nil {
 		return nil, BadRequestError{Reason: fmt.Sprintf("BindingRule decoding failed: %v", err)}
 	}
 
@@ -819,7 +852,9 @@ func (s *HTTPServer) ACLBindingRuleDelete(resp http.ResponseWriter, req *http.Re
 		BindingRuleID: bindingRuleID,
 	}
 	s.parseToken(req, &args.Token)
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	var ignored bool
 	if err := s.agent.RPC("ACL.BindingRuleDelete", args, &ignored); err != nil {
@@ -838,7 +873,9 @@ func (s *HTTPServer) ACLAuthMethodList(resp http.ResponseWriter, req *http.Reque
 	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
 		return nil, nil
 	}
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	if args.Datacenter == "" {
 		args.Datacenter = s.agent.config.Datacenter
@@ -895,7 +932,9 @@ func (s *HTTPServer) ACLAuthMethodRead(resp http.ResponseWriter, req *http.Reque
 	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
 		return nil, nil
 	}
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	if args.Datacenter == "" {
 		args.Datacenter = s.agent.config.Datacenter
@@ -929,9 +968,11 @@ func (s *HTTPServer) ACLAuthMethodWrite(resp http.ResponseWriter, req *http.Requ
 		Datacenter: s.agent.config.Datacenter,
 	}
 	s.parseToken(req, &args.Token)
-	s.parseEntMeta(req, &args.AuthMethod.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.AuthMethod.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
-	if err := decodeBody(req.Body, &args.AuthMethod); err != nil {
+	if err := s.rewordUnknownEnterpriseFieldError(lib.DecodeJSON(req.Body, &args.AuthMethod)); err != nil {
 		return nil, BadRequestError{Reason: fmt.Sprintf("AuthMethod decoding failed: %v", err)}
 	}
 
@@ -958,7 +999,9 @@ func (s *HTTPServer) ACLAuthMethodDelete(resp http.ResponseWriter, req *http.Req
 		AuthMethodName: methodName,
 	}
 	s.parseToken(req, &args.Token)
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	var ignored bool
 	if err := s.agent.RPC("ACL.AuthMethodDelete", args, &ignored); err != nil {
@@ -978,10 +1021,12 @@ func (s *HTTPServer) ACLLogin(resp http.ResponseWriter, req *http.Request) (inte
 		Auth:       &structs.ACLLoginParams{},
 	}
 	s.parseDC(req, &args.Datacenter)
-	s.parseEntMeta(req, &args.Auth.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.Auth.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
-	if err := decodeBody(req.Body, &args.Auth); err != nil {
-		return nil, BadRequestError{Reason: fmt.Sprintf("Failed to decode request body: %v", err)}
+	if err := s.rewordUnknownEnterpriseFieldError(lib.DecodeJSON(req.Body, &args.Auth)); err != nil {
+		return nil, BadRequestError{Reason: fmt.Sprintf("Failed to decode request body:: %v", err)}
 	}
 
 	var out structs.ACLToken

agent/agent_endpoint_test.go

@@ -3055,7 +3055,7 @@ func testCreateToken(t *testing.T, a *TestAgent, rules string) string {
 	policyID := testCreatePolicy(t, a, policyName, rules)
 
 	args := map[string]interface{}{
-		"Name": "User Token",
+		"Description": "User Token",
 		"Policies": []map[string]interface{}{
 			map[string]interface{}{
 				"ID": policyID,

agent/discovery_chain_endpoint.go

@@ -1,7 +1,6 @@
 package agent
 
 import (
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"strings"
@@ -107,7 +106,7 @@ func (t *discoveryChainReadRequest) UnmarshalJSON(data []byte) (err error) {
 	}{
 		Alias: (*Alias)(t),
 	}
-	if err = json.Unmarshal(data, &aux); err != nil {
+	if err = lib.UnmarshalJSON(data, &aux); err != nil {
 		return err
 	}
 

agent/http.go

@@ -25,6 +25,7 @@ import (
 	"github.com/hashicorp/consul/agent/consul"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/go-cleanhttp"
 	"github.com/mitchellh/mapstructure"
 	"github.com/pkg/errors"
@@ -573,11 +574,7 @@ func (s *HTTPServer) Index(resp http.ResponseWriter, req *http.Request) {
 }
 
 func decodeBody(body io.Reader, out interface{}) error {
-	if body == nil {
-		return io.EOF
-	}
-
-	return json.NewDecoder(body).Decode(&out)
+	return lib.DecodeJSON(body, out)
 }
 
 // decodeBodyDeprecated is deprecated, please ues decodeBody above.

agent/http_oss.go

@@ -3,10 +3,38 @@
 package agent
 
 import (
+	"fmt"
 	"net/http"
+	"strings"
 
 	"github.com/hashicorp/consul/agent/structs"
 )
 
-func (s *HTTPServer) parseEntMeta(req *http.Request, entMeta *structs.EnterpriseMeta) {
+func (s *HTTPServer) parseEntMeta(req *http.Request, entMeta *structs.EnterpriseMeta) error {
+	if headerNS := req.Header.Get("X-Consul-Namespace"); headerNS != "" {
+		return BadRequestError{Reason: "Invalid header: \"X-Consul-Namespace\" - Namespaces is a Consul Enterprise feature"}
+	}
+	if queryNS := req.URL.Query().Get("ns"); queryNS != "" {
+		return BadRequestError{Reason: "Invalid query parameter: \"ns\" - Namespaces is a Consul Enterprise feature"}
+	}
+	return nil
+}
+
+func (s *HTTPServer) rewordUnknownEnterpriseFieldError(err error) error {
+	if err == nil {
+		return nil
+	}
+
+	msg := err.Error()
+
+	if strings.Contains(msg, "json: unknown field ") {
+		quotedField := strings.TrimPrefix(msg, "json: unknown field ")
+
+		switch quotedField {
+		case `"Namespace"`:
+			return fmt.Errorf("%v - Namespaces is a Consul Enterprise feature", err)
+		}
+	}
+
+	return err
 }

agent/kvs_endpoint.go

@@ -18,7 +18,9 @@ func (s *HTTPServer) KVSEndpoint(resp http.ResponseWriter, req *http.Request) (i
 	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
 		return nil, nil
 	}
-	s.parseEntMeta(req, &args.EnterpriseMeta)
+	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
+		return nil, err
+	}
 
 	// Pull out the key name, validation left to each sub-handler
 	args.Key = strings.TrimPrefix(req.URL.Path, "/v1/kv/")