From 1b197d934aa32e483c6d99b099513eca7f5e8f6a Mon Sep 17 00:00:00 2001
From: Paul Banks <banks@banksco.de>
Date: Thu, 26 Apr 2018 18:06:26 +0100
Subject: [PATCH] Don't allow connect watches in agent/cli yet

---
 agent/agent.go              | 10 ++++++++++
 agent/agent_test.go         | 12 ++++++++++++
 command/watch/watch.go      |  5 +++++
 command/watch/watch_test.go | 20 ++++++++++++++++++++
 4 files changed, 47 insertions(+)

diff --git a/agent/agent.go b/agent/agent.go
index 8f7dd90439..f62495a01f 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -621,6 +621,16 @@ func (a *Agent) reloadWatches(cfg *config.RuntimeConfig) error {
 			return fmt.Errorf("Handler type '%s' not recognized", params["handler_type"])
 		}
 
+		// Don't let people use connect watches via this mechanism for now as it
+		// needs thought about how to do securely and shouldn't be necessary. Note
+		// that if the type assertion fails an type is not a string then
+		// ParseExample below will error so we don't need to handle that case.
+		if typ, ok := params["type"].(string); ok {
+			if strings.HasPrefix(typ, "connect_") {
+				return fmt.Errorf("Watch type %s is not allowed in agent config", typ)
+			}
+		}
+
 		// Parse the watches, excluding 'handler' and 'args'
 		wp, err := watch.ParseExempt(params, []string{"handler", "args"})
 		if err != nil {
diff --git a/agent/agent_test.go b/agent/agent_test.go
index c22ce56ba1..caa76a28dc 100644
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@@ -2259,6 +2259,18 @@ func TestAgent_reloadWatches(t *testing.T) {
 		t.Fatalf("bad: %s", err)
 	}
 
+	// Should fail to reload with connect watches
+	newConf.Watches = []map[string]interface{}{
+		{
+			"type": "connect_roots",
+			"key":  "asdf",
+			"args": []interface{}{"ls"},
+		},
+	}
+	if err := a.reloadWatches(&newConf); err == nil || !strings.Contains(err.Error(), "not allowed in agent config") {
+		t.Fatalf("bad: %s", err)
+	}
+
 	// Should still succeed with only HTTPS addresses
 	newConf.HTTPSAddrs = newConf.HTTPAddrs
 	newConf.HTTPAddrs = make([]net.Addr, 0)
diff --git a/command/watch/watch.go b/command/watch/watch.go
index 3b8c67836b..bf46914576 100644
--- a/command/watch/watch.go
+++ b/command/watch/watch.go
@@ -135,6 +135,11 @@ func (c *cmd) Run(args []string) int {
 		return 1
 	}
 
+	if strings.HasPrefix(wp.Type, "connect_") {
+		c.UI.Error(fmt.Sprintf("Type %s is not supported in the CLI tool", wp.Type))
+		return 1
+	}
+
 	// Create and test the HTTP client
 	client, err := c.http.APIClient()
 	if err != nil {
diff --git a/command/watch/watch_test.go b/command/watch/watch_test.go
index 153377f654..b1fed48c9a 100644
--- a/command/watch/watch_test.go
+++ b/command/watch/watch_test.go
@@ -33,3 +33,23 @@ func TestWatchCommand(t *testing.T) {
 		t.Fatalf("bad: %#v", ui.OutputWriter.String())
 	}
 }
+
+func TestWatchCommandNoConnect(t *testing.T) {
+	t.Parallel()
+	a := agent.NewTestAgent(t.Name(), ``)
+	defer a.Shutdown()
+
+	ui := cli.NewMockUi()
+	c := New(ui, nil)
+	args := []string{"-http-addr=" + a.HTTPAddr(), "-type=connect_leaf"}
+
+	code := c.Run(args)
+	if code != 1 {
+		t.Fatalf("bad: %d. %#v", code, ui.ErrorWriter.String())
+	}
+
+	if !strings.Contains(ui.ErrorWriter.String(),
+		"Type connect_leaf is not supported in the CLI tool") {
+		t.Fatalf("bad: %#v", ui.ErrorWriter.String())
+	}
+}