Some boilerplate to allow for ACL Bootstrap disabling configurability

This commit is contained in:
Matt Keeler 2020-04-28 09:42:46 -04:00
parent 8c545b5206
commit bec3fb7c18
No known key found for this signature in database
GPG Key ID: 04DBAE1857E0081B
5 changed files with 16 additions and 2 deletions

View File

@ -1412,8 +1412,8 @@ func (a *Agent) consulConfig() (*consul.Config, error) {
} }
base.ConfigEntryBootstrap = a.config.ConfigEntryBootstrap base.ConfigEntryBootstrap = a.config.ConfigEntryBootstrap
return base, nil return a.enterpriseConsulConfig(base)
} }
// Setup the serf and memberlist config for any defined network segments. // Setup the serf and memberlist config for any defined network segments.

View File

@ -32,6 +32,11 @@ func (a *Agent) reloadEnterprise(conf *config.RuntimeConfig) error {
return nil return nil
} }
// enterpriseConsulConfig is a noop stub for the func defined in agent_ent.go
func (a *Agent) enterpriseConsulConfig(base *consul.Config) (*consul.Config, error) {
return base, nil
}
// WriteEvent is a noop stub for the func defined agent_ent.go // WriteEvent is a noop stub for the func defined agent_ent.go
func (a *Agent) WriteEvent(eventType string, payload interface{}) { func (a *Agent) WriteEvent(eventType string, payload interface{}) {
} }

View File

@ -713,6 +713,7 @@ type ACL struct {
Tokens Tokens `json:"tokens,omitempty" hcl:"tokens" mapstructure:"tokens"` Tokens Tokens `json:"tokens,omitempty" hcl:"tokens" mapstructure:"tokens"`
DisabledTTL *string `json:"disabled_ttl,omitempty" hcl:"disabled_ttl" mapstructure:"disabled_ttl"` DisabledTTL *string `json:"disabled_ttl,omitempty" hcl:"disabled_ttl" mapstructure:"disabled_ttl"`
EnableTokenPersistence *bool `json:"enable_token_persistence" hcl:"enable_token_persistence" mapstructure:"enable_token_persistence"` EnableTokenPersistence *bool `json:"enable_token_persistence" hcl:"enable_token_persistence" mapstructure:"enable_token_persistence"`
EnterpriseACLConfig `hcl:",squash" mapstructure:",squash"`
} }
type Tokens struct { type Tokens struct {

View File

@ -14,4 +14,8 @@ func (_ *EnterpriseMeta) ToStructs() structs.EnterpriseMeta {
return *structs.DefaultEnterpriseMeta() return *structs.DefaultEnterpriseMeta()
} }
// EnterpriseDNSConfig OSS stub
type EnterpriseDNSConfig struct{} type EnterpriseDNSConfig struct{}
// EnterpriseACLConfig OSS stub
type EnterpriseACLConfig struct{}

View File

@ -24,6 +24,10 @@ func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) err
return acl.ErrDisabled return acl.ErrDisabled
} }
if err := a.srv.aclBootstrapAllowed(); err != nil {
return err
}
// By doing some pre-checks we can head off later bootstrap attempts // By doing some pre-checks we can head off later bootstrap attempts
// without having to run them through Raft, which should curb abuse. // without having to run them through Raft, which should curb abuse.
state := a.srv.fsm.State() state := a.srv.fsm.State()