diff --git a/command/agent/acl_endpoint.go b/command/agent/acl_endpoint.go index 4871307991..72ae4c20af 100644 --- a/command/agent/acl_endpoint.go +++ b/command/agent/acl_endpoint.go @@ -2,9 +2,10 @@ package agent import ( "fmt" - "github.com/hashicorp/consul/consul/structs" "net/http" "strings" + + "github.com/hashicorp/consul/consul/structs" ) // aclCreateResponse is used to wrap the ACL ID @@ -80,14 +81,8 @@ func (s *HTTPServer) aclSet(resp http.ResponseWriter, req *http.Request, update } } - // Ensure there is no ID set for create - if !update && args.ACL.ID != "" { - resp.WriteHeader(400) - resp.Write([]byte(fmt.Sprintf("ACL ID cannot be set"))) - return nil, nil - } - - // Ensure there is an ID set for update + // Ensure there is an ID set for update. ID is optional for + // create, as one will be generated if not provided. if update && args.ACL.ID == "" { resp.WriteHeader(400) resp.Write([]byte(fmt.Sprintf("ACL ID must be set"))) diff --git a/command/agent/acl_endpoint_test.go b/command/agent/acl_endpoint_test.go index 84af0604ac..b0dea0c9ba 100644 --- a/command/agent/acl_endpoint_test.go +++ b/command/agent/acl_endpoint_test.go @@ -3,10 +3,11 @@ package agent import ( "bytes" "encoding/json" - "github.com/hashicorp/consul/consul/structs" "net/http" "net/http/httptest" "testing" + + "github.com/hashicorp/consul/consul/structs" ) func makeTestACL(t *testing.T, srv *HTTPServer) string { @@ -62,6 +63,34 @@ func TestACLUpdate(t *testing.T) { }) } +func TestACLUpdate_Upsert(t *testing.T) { + httpTest(t, func(srv *HTTPServer) { + body := bytes.NewBuffer(nil) + enc := json.NewEncoder(body) + raw := map[string]interface{}{ + "ID": "my-old-id", + "Name": "User Token 2", + "Type": "client", + "Rules": "", + } + enc.Encode(raw) + + req, err := http.NewRequest("PUT", "/v1/acl/update?token=root", body) + if err != nil { + t.Fatalf("err: %v", err) + } + resp := httptest.NewRecorder() + obj, err := srv.ACLUpdate(resp, req) + if err != nil { + t.Fatalf("err: %v", err) + } + aclResp := obj.(aclCreateResponse) + if aclResp.ID != "my-old-id" { + t.Fatalf("bad: %v", aclResp) + } + }) +} + func TestACLDestroy(t *testing.T) { httpTest(t, func(srv *HTTPServer) { id := makeTestACL(t, srv)