mirror of
https://github.com/status-im/consul.git
synced 2025-01-10 22:06:20 +00:00
Merge pull request #1318 from daveadams/f-http-header-token
Allow specifying Consul token in an HTTP request header
This commit is contained in:
commit
6a350d5d19
@ -463,13 +463,18 @@ func (s *HTTPServer) parseDC(req *http.Request, dc *string) {
|
||||
}
|
||||
}
|
||||
|
||||
// parseToken is used to parse the ?token query param
|
||||
// parseToken is used to parse the ?token query param or the X-Consul-Token header
|
||||
func (s *HTTPServer) parseToken(req *http.Request, token *string) {
|
||||
if other := req.URL.Query().Get("token"); other != "" {
|
||||
*token = other
|
||||
return
|
||||
}
|
||||
|
||||
if other := req.Header.Get("X-Consul-Token"); other != "" {
|
||||
*token = other
|
||||
return
|
||||
}
|
||||
|
||||
// Set the AtlasACLToken if SCADA
|
||||
if s.addr == scadaHTTPAddr && s.agent.config.AtlasACLToken != "" {
|
||||
*token = s.agent.config.AtlasACLToken
|
||||
|
@ -473,6 +473,22 @@ func TestACLResolution(t *testing.T) {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
// Request with header token only
|
||||
reqHeaderToken, err := http.NewRequest("GET",
|
||||
"/v1/catalog/nodes", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
reqHeaderToken.Header.Add("X-Consul-Token", "bar")
|
||||
|
||||
// Request with header and querystring tokens
|
||||
reqBothTokens, err := http.NewRequest("GET",
|
||||
"/v1/catalog/nodes?token=baz", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
reqBothTokens.Header.Add("X-Consul-Token", "zap")
|
||||
|
||||
httpTest(t, func(srv *HTTPServer) {
|
||||
// Check when no token is set
|
||||
srv.agent.config.ACLToken = ""
|
||||
@ -514,6 +530,18 @@ func TestACLResolution(t *testing.T) {
|
||||
if token != "foo" {
|
||||
t.Fatalf("bad: %s", token)
|
||||
}
|
||||
|
||||
// Header token has precedence over agent token
|
||||
srv.parseToken(reqHeaderToken, &token)
|
||||
if token != "bar" {
|
||||
t.Fatalf("bad: %s", token)
|
||||
}
|
||||
|
||||
// Querystring token has precendence over header and agent tokens
|
||||
srv.parseToken(reqBothTokens, &token)
|
||||
if token != "baz" {
|
||||
t.Fatalf("bad: %s", token)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -91,5 +91,6 @@ on the query string, formatted JSON will be returned.
|
||||
Several endpoints in Consul use or require ACL tokens to operate. An agent
|
||||
can be configured to use a default token in requests using the `acl_token`
|
||||
configuration option. However, the token can also be specified per-request
|
||||
by using the `token` query parameter. This will take precedent over the
|
||||
default token.
|
||||
by using the `X-Consul-Token` request header or the `token` querystring
|
||||
parameter. The request header takes precedence over the default token, and
|
||||
the querystring parameter takes precedence over everything.
|
||||
|
Loading…
x
Reference in New Issue
Block a user