diff --git a/.changelog/19389.txt b/.changelog/19389.txt new file mode 100644 index 0000000000..1fe521b853 --- /dev/null +++ b/.changelog/19389.txt @@ -0,0 +1,3 @@ +```release-note:improvement +cli: stop simultaneous usage of -templated-policy and -templated-policy-file when creating a role or token. +``` \ No newline at end of file diff --git a/command/acl/role/create/role_create.go b/command/acl/role/create/role_create.go index b93d25548d..c6bc7330a9 100644 --- a/command/acl/role/create/role_create.go +++ b/command/acl/role/create/role_create.go @@ -94,6 +94,13 @@ func (c *cmd) Run(args []string) int { return 1 } + if len(c.templatedPolicyFile) != 0 && len(c.templatedPolicy) != 0 { + c.UI.Error("Cannot combine the use of templated-policy flag with templated-policy-file. " + + "To create a role with a single templated policy and simple use case, use -templated-policy. " + + "For multiple templated policies and more complicated use cases, use -templated-policy-file") + return 1 + } + client, err := c.http.APIClient() if err != nil { c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err)) diff --git a/command/acl/role/create/role_create_test.go b/command/acl/role/create/role_create_test.go index 7094a76e6c..55aebc13fa 100644 --- a/command/acl/role/create/role_create_test.go +++ b/command/acl/role/create/role_create_test.go @@ -115,6 +115,22 @@ func TestRoleCreateCommand_Pretty(t *testing.T) { require.Len(t, role.NodeIdentities, 1) }) + + t.Run("prevent templated-policy and templated-policy-file simultaneous use", func(t *testing.T) { + ui := cli.NewMockUi() + cmd := New(ui) + + code := cmd.Run([]string{ + "-http-addr=" + a.HTTPAddr(), + "-token=root", + "-name=role-with-node-identity", + "-templated-policy=builtin/node", + "-var=name:" + a.Config.NodeName, + "-templated-policy-file=test.hcl", + }) + require.Equal(t, 1, code) + require.Contains(t, ui.ErrorWriter.String(), "Cannot combine the use of templated-policy flag with templated-policy-file.") + }) } func TestRoleCreateCommand_JSON(t *testing.T) { diff --git a/command/acl/token/create/token_create.go b/command/acl/token/create/token_create.go index bb6e524167..b7a7b9eefa 100644 --- a/command/acl/token/create/token_create.go +++ b/command/acl/token/create/token_create.go @@ -105,6 +105,13 @@ func (c *cmd) Run(args []string) int { return 1 } + if len(c.templatedPolicyFile) != 0 && len(c.templatedPolicy) != 0 { + c.UI.Error("Cannot combine the use of templated-policy flag with templated-policy-file. " + + "To create a token with a single templated policy and simple use case, use -templated-policy. " + + "For multiple templated policies and more complicated use cases, use -templated-policy-file") + return 1 + } + client, err := c.http.APIClient() if err != nil { c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err)) diff --git a/command/acl/token/create/token_create_test.go b/command/acl/token/create/token_create_test.go index 90471b5a5b..55ced9a3d1 100644 --- a/command/acl/token/create/token_create_test.go +++ b/command/acl/token/create/token_create_test.go @@ -128,6 +128,21 @@ func TestTokenCreateCommand_Pretty(t *testing.T) { require.Equal(t, a.Config.NodeName, nodes[0].Node) }) + t.Run("prevent templated-policy and templated-policy-file simultaneous use", func(t *testing.T) { + ui := cli.NewMockUi() + cmd := New(ui) + + code := cmd.Run(append([]string{ + "-http-addr=" + a.HTTPAddr(), + "-token=root", + "-templated-policy=builtin/node", + "-var=name:" + a.Config.NodeName, + "-templated-policy-file=test.hcl", + }, "-format=json")) + require.Equal(t, 1, code) + require.Contains(t, ui.ErrorWriter.String(), "Cannot combine the use of templated-policy flag with templated-policy-file.") + }) + // create with accessor and secret t.Run("predefined-ids", func(t *testing.T) { token := run(t, []string{