mirror of https://github.com/status-im/consul.git
Some boilerplate to allow for ACL Bootstrap disabling configurability
This commit is contained in:
parent
8c545b5206
commit
bec3fb7c18
|
@ -1412,8 +1412,8 @@ func (a *Agent) consulConfig() (*consul.Config, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
base.ConfigEntryBootstrap = a.config.ConfigEntryBootstrap
|
base.ConfigEntryBootstrap = a.config.ConfigEntryBootstrap
|
||||||
|
|
||||||
return base, nil
|
return a.enterpriseConsulConfig(base)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Setup the serf and memberlist config for any defined network segments.
|
// Setup the serf and memberlist config for any defined network segments.
|
||||||
|
|
|
@ -32,6 +32,11 @@ func (a *Agent) reloadEnterprise(conf *config.RuntimeConfig) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// enterpriseConsulConfig is a noop stub for the func defined in agent_ent.go
|
||||||
|
func (a *Agent) enterpriseConsulConfig(base *consul.Config) (*consul.Config, error) {
|
||||||
|
return base, nil
|
||||||
|
}
|
||||||
|
|
||||||
// WriteEvent is a noop stub for the func defined agent_ent.go
|
// WriteEvent is a noop stub for the func defined agent_ent.go
|
||||||
func (a *Agent) WriteEvent(eventType string, payload interface{}) {
|
func (a *Agent) WriteEvent(eventType string, payload interface{}) {
|
||||||
}
|
}
|
||||||
|
|
|
@ -713,6 +713,7 @@ type ACL struct {
|
||||||
Tokens Tokens `json:"tokens,omitempty" hcl:"tokens" mapstructure:"tokens"`
|
Tokens Tokens `json:"tokens,omitempty" hcl:"tokens" mapstructure:"tokens"`
|
||||||
DisabledTTL *string `json:"disabled_ttl,omitempty" hcl:"disabled_ttl" mapstructure:"disabled_ttl"`
|
DisabledTTL *string `json:"disabled_ttl,omitempty" hcl:"disabled_ttl" mapstructure:"disabled_ttl"`
|
||||||
EnableTokenPersistence *bool `json:"enable_token_persistence" hcl:"enable_token_persistence" mapstructure:"enable_token_persistence"`
|
EnableTokenPersistence *bool `json:"enable_token_persistence" hcl:"enable_token_persistence" mapstructure:"enable_token_persistence"`
|
||||||
|
EnterpriseACLConfig `hcl:",squash" mapstructure:",squash"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Tokens struct {
|
type Tokens struct {
|
||||||
|
|
|
@ -14,4 +14,8 @@ func (_ *EnterpriseMeta) ToStructs() structs.EnterpriseMeta {
|
||||||
return *structs.DefaultEnterpriseMeta()
|
return *structs.DefaultEnterpriseMeta()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// EnterpriseDNSConfig OSS stub
|
||||||
type EnterpriseDNSConfig struct{}
|
type EnterpriseDNSConfig struct{}
|
||||||
|
|
||||||
|
// EnterpriseACLConfig OSS stub
|
||||||
|
type EnterpriseACLConfig struct{}
|
||||||
|
|
|
@ -24,6 +24,10 @@ func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) err
|
||||||
return acl.ErrDisabled
|
return acl.ErrDisabled
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err := a.srv.aclBootstrapAllowed(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// By doing some pre-checks we can head off later bootstrap attempts
|
// By doing some pre-checks we can head off later bootstrap attempts
|
||||||
// without having to run them through Raft, which should curb abuse.
|
// without having to run them through Raft, which should curb abuse.
|
||||||
state := a.srv.fsm.State()
|
state := a.srv.fsm.State()
|
||||||
|
|
Loading…
Reference in New Issue