agent/config: AllowManagedAPIRegistration

2025-02-23 02:48:19 +00:00 · 2018-06-12 15:54:17 +02:00 · 2018-06-12 15:54:17 +02:00 · f7fc026e18
commit f7fc026e18
parent ed98d65c2b
4 changed files with 133 additions and 103 deletions
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@ -665,6 +665,7 @@ func (b *Builder) Build() (rt RuntimeConfig, err error) {
 		ConnectCAProvider:                       connectCAProvider,
 		ConnectCAConfig:                         connectCAConfig,
 		ConnectProxyAllowManagedRoot:            b.boolVal(c.Connect.Proxy.AllowManagedRoot),
+		ConnectProxyAllowManagedAPIRegistration: b.boolVal(c.Connect.Proxy.AllowManagedAPIRegistration),
 		ConnectProxyBindMinPort:                 proxyMinPort,
 		ConnectProxyBindMaxPort:                 proxyMaxPort,
 		ConnectProxyDefaultExecMode:             proxyDefaultExecMode,
--- a/agent/config/config.go
+++ b/agent/config/config.go
@ -382,6 +382,11 @@ type ConnectProxy struct {
 	// If this is true, then Consul will execute proxies if Consul is
 	// running as root. This is not recommended.
 	AllowManagedRoot *bool `json:"allow_managed_root" hcl:"allow_managed_root" mapstructure:"allow_managed_root"`
+
+	// AllowManagedAPIRegistration enables managed proxy registration
+	// via the agent HTTP API. If this is false, only file configurations
+	// can be used.
+	AllowManagedAPIRegistration *bool `json:"allow_managed_api_registration" hcl:"allow_managed_api_registration" mapstructure:"allow_managed_api_registration"`
 }

 // ConnectProxyDefaults is the agent-global defaults for managed Connect proxies.
--- a/agent/config/runtime.go
+++ b/agent/config/runtime.go
@ -634,6 +634,11 @@ type RuntimeConfig struct {
 	// proxies when running as root (EUID == 0).
 	ConnectProxyAllowManagedRoot bool

+	// ConnectProxyAllowManagedAPIRegistration enables managed proxy registration
+	// via the agent HTTP API. If this is false, only file configurations
+	// can be used.
+	ConnectProxyAllowManagedAPIRegistration bool
+
 	// ConnectProxyDefaultExecMode is used where a registration doesn't include an
 	// exec_mode. Defaults to daemon.
 	ConnectProxyDefaultExecMode string
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@ -2174,6 +2174,23 @@ func TestConfigFlagsAndEdgecases(t *testing.T) {
 				rt.ConnectProxyAllowManagedRoot = true
 			},
 		},
+
+		{
+			desc: "enabling Connect allow_managed_api_registration",
+			args: []string{
+				`-data-dir=` + dataDir,
+			},
+			json: []string{
+				`{ "connect": { "proxy": { "allow_managed_api_registration": true } } }`,
+			},
+			hcl: []string{
+				`connect { proxy { allow_managed_api_registration = true } }`,
+			},
+			patch: func(rt *RuntimeConfig) {
+				rt.DataDir = dataDir
+				rt.ConnectProxyAllowManagedAPIRegistration = true
+			},
+		},
 	}

 	testConfig(t, tests, dataDir)
@ -3538,6 +3555,7 @@ func TestFullConfig(t *testing.T) {
 			"hyMy9Oxn": "XeBp4Sis",
 		},
 		ConnectProxyAllowManagedRoot:            false,
+		ConnectProxyAllowManagedAPIRegistration: false,
 		ConnectProxyDefaultExecMode:             "script",
 		ConnectProxyDefaultDaemonCommand:        []string{"consul", "connect", "proxy"},
 		ConnectProxyDefaultScriptCommand:        []string{"proxyctl.sh"},
@ -4219,6 +4237,7 @@ func TestSanitize(t *testing.T) {
    "ConnectCAConfig": {},
    "ConnectCAProvider": "",
    "ConnectEnabled": false,
+    "ConnectProxyAllowManagedAPIRegistration": false,
    "ConnectProxyAllowManagedRoot": false,
    "ConnectProxyBindMaxPort": 0,
    "ConnectProxyBindMinPort": 0,