diff --git a/REFERENCE.md b/REFERENCE.md index 7305049e..5a52ecc0 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1110,7 +1110,7 @@ The following parameters are available in the `consul_acl` type. Token for accessing the ACL API -Default value: `''` +Default value: `anonymous` ##### `api_tries` @@ -1179,7 +1179,7 @@ The following parameters are available in the `consul_key_value` type. Token for accessing the ACL API -Default value: `''` +Default value: `anonymous` ##### `api_tries` @@ -1373,7 +1373,7 @@ The following parameters are available in the `consul_prepared_query` type. Token for accessing the ACL API -Default value: `''` +Default value: `anonymous` ##### `api_tries` diff --git a/lib/puppet/provider/consul_acl/default.rb b/lib/puppet/provider/consul_acl/default.rb index 2098bde6..82a1f3c5 100644 --- a/lib/puppet/provider/consul_acl/default.rb +++ b/lib/puppet/provider/consul_acl/default.rb @@ -41,8 +41,9 @@ def self.list_resources(acl_api_token, port, hostname, protocol, tries) http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true if uri.instance_of? URI::HTTPS - path = uri.request_uri + "/list?token=#{acl_api_token}" - req = Net::HTTP::Get.new(path) + path = "#{uri.request_uri}/list" + http_headers = { 'X-Consul-Token' => acl_api_token.to_s } + req = Net::HTTP::Get.new(path, http_headers) res = nil res_code = nil @@ -58,7 +59,7 @@ def self.list_resources(acl_api_token, port, hostname, protocol, tries) res_code = res.code break if res_code == '200' rescue Errno::ECONNREFUSED => e - Puppet.debug("#{uri}/list?token= #{e.class} #{e.message}") + Puppet.debug("#{uri}/list #{e.class} #{e.message}") res_code = e.class.to_s end end @@ -94,8 +95,9 @@ def put_acl(method, body) http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true if uri.instance_of? URI::HTTPS acl_api_token = @resource[:acl_api_token] - path = uri.request_uri + "/#{method}?token=#{acl_api_token}" - req = Net::HTTP::Put.new(path) + path = uri.request_uri + "/#{method}" + http_headers = { 'X-Consul-Token' => acl_api_token.to_s } + req = Net::HTTP::Put.new(path, http_headers) req.body = body.to_json if body res = http.request(req) raise(Puppet::Error, "Session #{name} create: invalid return code #{res.code} uri: #{path} body: #{req.body}") if res.code != '200' diff --git a/lib/puppet/provider/consul_key_value/default.rb b/lib/puppet/provider/consul_key_value/default.rb index 3faf7a92..c30548b9 100644 --- a/lib/puppet/provider/consul_key_value/default.rb +++ b/lib/puppet/provider/consul_key_value/default.rb @@ -38,9 +38,13 @@ def self.list_resources(acl_api_token, port, hostname, protocol, tries, datacent # this might be configurable by searching /etc/consul.d # but would break for anyone using nonstandard paths - consul_url = "#{protocol}://#{hostname}:#{port}/v1/kv/?dc=#{datacenter}&recurse&token=#{acl_api_token}" + consul_url = "#{protocol}://#{hostname}:#{port}/v1/kv/?dc=#{datacenter}&recurse" uri = URI(consul_url) + http = Net::HTTP.new(uri.host, uri.port) + http.use_ssl = true if uri.instance_of? URI::HTTPS + http_headers = { 'X-Consul-Token' => acl_api_token.to_s } + req = Net::HTTP::Get.new(uri.request_uri, http_headers) res = nil # retry Consul API query for ACLs, in case Consul has just started @@ -49,7 +53,7 @@ def self.list_resources(acl_api_token, port, hostname, protocol, tries, datacent Puppet.debug("retrying Consul API query in #{i} seconds") sleep i end - res = Net::HTTP.get_response(uri) + res = http.request(req) break if res.code == '200' end @@ -83,24 +87,25 @@ def self.reset end def get_path(name) - uri = URI("#{@resource[:protocol]}://#{@resource[:hostname]}:#{@resource[:port]}/v1/kv/#{name}?dc=#{@resource[:datacenter]}&token=#{@resource[:acl_api_token]}") + uri = URI("#{@resource[:protocol]}://#{@resource[:hostname]}:#{@resource[:port]}/v1/kv/#{name}?dc=#{@resource[:datacenter]}") http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true if uri.instance_of? URI::HTTPS acl_api_token = @resource[:acl_api_token] - [uri.request_uri, http] + http_headers = { 'X-Consul-Token' => acl_api_token.to_s } + [uri.request_uri, http, http_headers] end def create_or_update_key_value(name, value, flags) - path, http = get_path(name) - req = Net::HTTP::Put.new(path + "&flags=#{flags}") + path, http, http_headers = get_path(name) + req = Net::HTTP::Put.new(path + "&flags=#{flags}", http_headers) req.body = value res = http.request(req) raise(Puppet::Error, "Session #{name} create/update: invalid return code #{res.code} uri: #{path} body: #{req.body}") if res.code != '200' end def delete_key_value(name) - path, http = get_path(name) - req = Net::HTTP::Delete.new(path) + path, http, http_headers = get_path(name) + req = Net::HTTP::Delete.new(path, http_headers) res = http.request(req) raise(Puppet::Error, "Session #{name} delete: invalid return code #{res.code} uri: #{path} body: #{req.body}") if res.code != '200' end diff --git a/lib/puppet/provider/consul_prepared_query/default.rb b/lib/puppet/provider/consul_prepared_query/default.rb index 9164553b..07637075 100644 --- a/lib/puppet/provider/consul_prepared_query/default.rb +++ b/lib/puppet/provider/consul_prepared_query/default.rb @@ -38,9 +38,8 @@ def self.list_resources(acl_api_token, port, hostname, protocol, tries) uri = URI("#{protocol}://#{hostname}:#{port}/v1/query") http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true if uri.instance_of? URI::HTTPS - - path = uri.request_uri + "?token=#{acl_api_token}" - req = Net::HTTP::Get.new(path) + http_headers = { 'X-Consul-Token' => acl_api_token.to_s } + req = Net::HTTP::Get.new(uri.request_uri, http_headers) res = nil # retry Consul API query for ACLs, in case Consul has just started @@ -82,20 +81,21 @@ def get_path(id) http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true if uri.instance_of? URI::HTTPS acl_api_token = @resource[:acl_api_token] - [uri.request_uri + "?token=#{acl_api_token}", http] + http_headers = { 'X-Consul-Token' => acl_api_token.to_s } + [uri.request_uri, http, http_headers] end def create_prepared_query(body) - path, http = get_path(false) - req = Net::HTTP::Post.new(path) + path, http, http_headers = get_path(false) + req = Net::HTTP::Post.new(path, http_headers) req.body = body.to_json if body res = http.request(req) raise(Puppet::Error, "Session #{name} create: invalid return code #{res.code} uri: #{path} body: #{req.body}") if res.code != '200' end def update_prepared_query(id, body) - path, http = get_path(id) - req = Net::HTTP::Put.new(path) + path, http, http_headers = get_path(id) + req = Net::HTTP::Put.new(path, http_headers) if body body[:id] = id req.body = body.to_json @@ -105,8 +105,8 @@ def update_prepared_query(id, body) end def delete_prepared_query(id) - path, http = get_path(id) - req = Net::HTTP::Delete.new(path) + path, http, http_headers = get_path(id) + req = Net::HTTP::Delete.new(path, http_headers) res = http.request(req) raise(Puppet::Error, "Session #{name} delete: invalid return code #{res.code} uri: #{path} body: #{req.body}") if res.code != '200' end diff --git a/lib/puppet/type/consul_acl.rb b/lib/puppet/type/consul_acl.rb index b5546ee1..d97037aa 100644 --- a/lib/puppet/type/consul_acl.rb +++ b/lib/puppet/type/consul_acl.rb @@ -22,7 +22,7 @@ validate do |value| raise ArgumentError, 'ACL API token must be a string' unless value.is_a?(String) end - defaultto '' + defaultto 'anonymous' end newproperty(:rules) do diff --git a/lib/puppet/type/consul_key_value.rb b/lib/puppet/type/consul_key_value.rb index 091987e4..b8874113 100644 --- a/lib/puppet/type/consul_key_value.rb +++ b/lib/puppet/type/consul_key_value.rb @@ -31,7 +31,7 @@ validate do |value| raise ArgumentError, 'ACL API token must be a string' unless value.is_a?(String) end - defaultto '' + defaultto 'anonymous' end newparam(:datacenter) do diff --git a/lib/puppet/type/consul_prepared_query.rb b/lib/puppet/type/consul_prepared_query.rb index b4ddcc51..0a1c9966 100644 --- a/lib/puppet/type/consul_prepared_query.rb +++ b/lib/puppet/type/consul_prepared_query.rb @@ -26,7 +26,7 @@ validate do |value| raise ArgumentError, 'ACL API token must be a string' unless value.is_a?(String) end - defaultto '' + defaultto 'anonymous' end newparam(:service_name) do diff --git a/spec/unit/puppet/provider/consul_key_value_spec.rb b/spec/unit/puppet/provider/consul_key_value_spec.rb index c7459b97..97232aca 100644 --- a/spec/unit/puppet/provider/consul_key_value_spec.rb +++ b/spec/unit/puppet/provider/consul_key_value_spec.rb @@ -27,8 +27,8 @@ 'ModifyIndex' => 1_350_503 }, ] - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 400, body: '', headers: {}).times(2).then. to_return(status: 200, body: JSON.dump(kv_content), headers: {}) @@ -40,8 +40,8 @@ context 'when the first three responses are unexpected' do it 'silentlies fail to prefetch' do - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 400, body: '', headers: {}) described_class.reset @@ -52,8 +52,8 @@ context 'when a timeout is received' do it 'does not handle the timeout' do - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_timeout described_class.reset @@ -98,12 +98,12 @@ 'ModifyIndex' => 1_350_503 }, ] - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 200, body: JSON.dump(kv_content), headers: {}) - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc2&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc2&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 404, body: '', headers: {}) described_class.reset @@ -117,8 +117,8 @@ describe '#exists?' do context 'when resource does not exists' do it 'returns false' do - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 404, body: '', headers: {}) described_class.reset @@ -138,8 +138,8 @@ 'ModifyIndex' => 1_350_503 }, ] - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 200, body: JSON.dump(kv_content), headers: {}) described_class.reset @@ -161,11 +161,11 @@ 'ModifyIndex' => 1_350_503 }, ] - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 200, body: JSON.dump(kv_content), headers: {}) - stub_request(:put, 'http://localhost:8500/v1/kv/sample/key?dc=dc1&flags=0&token=sampleToken'). + stub_request(:put, 'http://localhost:8500/v1/kv/sample/key?dc=dc1&flags=0'). with(body: 'sampleValue', headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). to_return(status: 200, body: '', headers: {}) @@ -188,11 +188,11 @@ 'ModifyIndex' => 1_350_503 }, ] - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 200, body: JSON.dump(kv_content), headers: {}) - stub_request(:put, 'http://localhost:8500/v1/kv/sample/key?dc=dc1&flags=0&token=sampleToken'). + stub_request(:put, 'http://localhost:8500/v1/kv/sample/key?dc=dc1&flags=0'). with(body: 'sampleValue', headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). to_return(status: 200, body: '', headers: {}) @@ -226,11 +226,11 @@ ) resources = { 'sample/key' => resource } - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 200, body: JSON.dump(kv_content), headers: {}) - stub_request(:put, 'http://localhost:8500/v1/kv/sample/key?dc=dc1&flags=2&token=sampleToken'). + stub_request(:put, 'http://localhost:8500/v1/kv/sample/key?dc=dc1&flags=2'). with(body: 'sampleValue', headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). to_return(status: 200, body: '', headers: {}) @@ -253,11 +253,11 @@ 'ModifyIndex' => 1_350_503 }, ] - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 200, body: JSON.dump(kv_content), headers: {}) - stub_request(:put, 'http://localhost:8500/v1/kv/sample/key?dc=dc1&flags=0&token=sampleToken'). + stub_request(:put, 'http://localhost:8500/v1/kv/sample/key?dc=dc1&flags=0'). with(body: 'sampleValue', headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). to_return(status: 400, body: '', headers: {}) @@ -282,12 +282,12 @@ 'ModifyIndex' => 1_350_503 }, ] - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 200, body: JSON.dump(kv_content), headers: {}) - stub_request(:delete, 'http://localhost:8500/v1/kv/sample/key?dc=dc1&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:delete, 'http://localhost:8500/v1/kv/sample/key?dc=dc1'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 200, body: '', headers: {}) described_class.reset @@ -308,12 +308,12 @@ 'ModifyIndex' => 1_350_503 }, ] - stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:get, 'http://localhost:8500/v1/kv/?dc=dc1&recurse'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 200, body: JSON.dump(kv_content), headers: {}) - stub_request(:delete, 'http://localhost:8500/v1/kv/sample/key?dc=dc1&token=sampleToken'). - with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby' }). + stub_request(:delete, 'http://localhost:8500/v1/kv/sample/key?dc=dc1'). + with(headers: { 'Accept' => '*/*', 'User-Agent' => 'Ruby', 'X-Consul-Token' => 'sampleToken' }). to_return(status: 400, body: '', headers: {}) described_class.reset