From 26820219cd7b448b10dc5d7f567b1a8857102f60 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 28 Feb 2023 10:58:29 -0600 Subject: [PATCH] cli: ensure acl token read -self works (#16445) Fixes a regression in #16044 The consul acl token read -self cli command should not require an -accessor-id because typically the persona invoking this would not already know the accessor id of their own token. --- .changelog/16445.txt | 3 ++ command/acl/token/read/token_read.go | 22 +++++------ command/acl/token/read/token_read_test.go | 47 +++++++++++++++++++++++ 3 files changed, 61 insertions(+), 11 deletions(-) create mode 100644 .changelog/16445.txt diff --git a/.changelog/16445.txt b/.changelog/16445.txt new file mode 100644 index 0000000000..19745c6df9 --- /dev/null +++ b/.changelog/16445.txt @@ -0,0 +1,3 @@ +```release-note:bug +cli: ensure acl token read -self works +``` diff --git a/command/acl/token/read/token_read.go b/command/acl/token/read/token_read.go index 79ee10f4f7..0554ccaccb 100644 --- a/command/acl/token/read/token_read.go +++ b/command/acl/token/read/token_read.go @@ -67,17 +67,6 @@ func (c *cmd) Run(args []string) int { return 1 } - tokenAccessor := c.tokenAccessorID - if tokenAccessor == "" { - if c.tokenID == "" { - c.UI.Error("Must specify the -accessor-id parameter") - return 1 - } else { - tokenAccessor = c.tokenID - c.UI.Warn("Use the -accessor-id parameter to specify token by Accessor ID") - } - } - client, err := c.http.APIClient() if err != nil { c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err)) @@ -87,6 +76,17 @@ func (c *cmd) Run(args []string) int { var t *api.ACLToken var expanded *api.ACLTokenExpanded if !c.self { + tokenAccessor := c.tokenAccessorID + if tokenAccessor == "" { + if c.tokenID == "" { + c.UI.Error("Must specify the -accessor-id parameter") + return 1 + } else { + tokenAccessor = c.tokenID + c.UI.Warn("Use the -accessor-id parameter to specify token by Accessor ID") + } + } + tok, err := acl.GetTokenAccessorIDFromPartial(client, tokenAccessor) if err != nil { c.UI.Error(fmt.Sprintf("Error determining token ID: %v", err)) diff --git a/command/acl/token/read/token_read_test.go b/command/acl/token/read/token_read_test.go index 505b15b02f..7988f9772a 100644 --- a/command/acl/token/read/token_read_test.go +++ b/command/acl/token/read/token_read_test.go @@ -116,3 +116,50 @@ func TestTokenReadCommand_JSON(t *testing.T) { err = json.Unmarshal([]byte(ui.OutputWriter.String()), &jsonOutput) require.NoError(t, err, "token unmarshalling error") } + +func TestTokenReadCommand_Self(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + + a := agent.NewTestAgent(t, ` + primary_datacenter = "dc1" + acl { + enabled = true + tokens { + initial_management = "root" + } + }`) + + defer a.Shutdown() + testrpc.WaitForLeader(t, a.RPC, "dc1") + + ui := cli.NewMockUi() + cmd := New(ui) + + // Create a token + client := a.Client() + + token, _, err := client.ACL().TokenCreate( + &api.ACLToken{Description: "test"}, + &api.WriteOptions{Token: "root"}, + ) + assert.NoError(t, err) + + args := []string{ + "-http-addr=" + a.HTTPAddr(), + "-token=" + token.SecretID, + "-self", + } + + code := cmd.Run(args) + assert.Equal(t, code, 0) + assert.Empty(t, ui.ErrorWriter.String()) + + output := ui.OutputWriter.String() + assert.Contains(t, output, fmt.Sprintf("test")) + assert.Contains(t, output, token.AccessorID) + assert.Contains(t, output, token.SecretID) +}