mirror of
https://github.com/status-im/consul.git
synced 2025-01-12 23:05:28 +00:00
5fb9df1640
* Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
147 lines
4.5 KiB
Go
147 lines
4.5 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package agenttokens
|
|
|
|
import (
|
|
"flag"
|
|
"fmt"
|
|
"io"
|
|
|
|
"github.com/hashicorp/consul/command/flags"
|
|
"github.com/hashicorp/consul/command/helpers"
|
|
"github.com/mitchellh/cli"
|
|
)
|
|
|
|
func New(ui cli.Ui) *cmd {
|
|
c := &cmd{UI: ui}
|
|
c.init()
|
|
return c
|
|
}
|
|
|
|
type cmd struct {
|
|
UI cli.Ui
|
|
flags *flag.FlagSet
|
|
http *flags.HTTPFlags
|
|
help string
|
|
|
|
testStdin io.Reader
|
|
}
|
|
|
|
func (c *cmd) init() {
|
|
c.flags = flag.NewFlagSet("", flag.ContinueOnError)
|
|
c.http = &flags.HTTPFlags{}
|
|
flags.Merge(c.flags, c.http.ClientFlags())
|
|
flags.Merge(c.flags, c.http.ServerFlags())
|
|
c.help = flags.Usage(help, c.flags)
|
|
}
|
|
func (c *cmd) Run(args []string) int {
|
|
if err := c.flags.Parse(args); err != nil {
|
|
return 1
|
|
}
|
|
|
|
tokenType, token, err := c.dataFromArgs(c.flags.Args())
|
|
if err != nil {
|
|
c.UI.Error(fmt.Sprintf("Error! %s", err))
|
|
return 1
|
|
}
|
|
|
|
client, err := c.http.APIClient()
|
|
if err != nil {
|
|
c.UI.Error(fmt.Sprintf("Error connecting to Consul Agent: %s", err))
|
|
return 1
|
|
}
|
|
|
|
switch tokenType {
|
|
case "default":
|
|
_, err = client.Agent().UpdateDefaultACLToken(token, nil)
|
|
case "agent":
|
|
_, err = client.Agent().UpdateAgentACLToken(token, nil)
|
|
case "recovery":
|
|
_, err = client.Agent().UpdateAgentRecoveryACLToken(token, nil)
|
|
case "replication":
|
|
_, err = client.Agent().UpdateReplicationACLToken(token, nil)
|
|
case "config_file_service_registration":
|
|
_, err = client.Agent().UpdateConfigFileRegistrationToken(token, nil)
|
|
default:
|
|
c.UI.Error(fmt.Sprintf("Unknown token type"))
|
|
return 1
|
|
}
|
|
|
|
if err != nil {
|
|
c.UI.Error(fmt.Sprintf("Failed to set ACL token %q: %v", tokenType, err))
|
|
return 1
|
|
}
|
|
|
|
c.UI.Info(fmt.Sprintf("ACL token %q set successfully", tokenType))
|
|
return 0
|
|
}
|
|
|
|
func (c *cmd) dataFromArgs(args []string) (string, string, error) {
|
|
switch len(args) {
|
|
case 0:
|
|
return "", "", fmt.Errorf("Missing TYPE and TOKEN arguments")
|
|
case 1:
|
|
switch args[0] {
|
|
case "default", "agent", "recovery", "replication":
|
|
return "", "", fmt.Errorf("Missing TOKEN argument")
|
|
default:
|
|
return "", "", fmt.Errorf("MISSING TYPE argument")
|
|
}
|
|
case 2:
|
|
data, err := helpers.LoadDataSource(args[1], c.testStdin)
|
|
if err != nil {
|
|
return "", "", err
|
|
}
|
|
|
|
return args[0], data, nil
|
|
default:
|
|
return "", "", fmt.Errorf("Too many arguments: expected 2 got %d", len(args))
|
|
}
|
|
}
|
|
|
|
func (c *cmd) Synopsis() string {
|
|
return synopsis
|
|
}
|
|
|
|
func (c *cmd) Help() string {
|
|
return flags.Usage(c.help, nil)
|
|
}
|
|
|
|
const synopsis = "Assign tokens for the Consul Agent's usage"
|
|
const help = `
|
|
Usage: consul acl set-agent-token [options] TYPE TOKEN
|
|
|
|
This command will set the corresponding token for the agent to use. If token
|
|
persistence is not enabled, then tokens uploaded this way are not persisted
|
|
and if the agent reloads then the tokens will need to be set again.
|
|
|
|
Token Types:
|
|
|
|
default The default token is the token that the agent will use for
|
|
both internal agent operations and operations initiated by
|
|
the HTTP and DNS interfaces when no specific token is provided.
|
|
If not set the agent will use the anonymous token.
|
|
|
|
agent The token that the agent will use for internal agent operations.
|
|
If not given then the default token is used for these operations.
|
|
|
|
recovery This sets the token that can be used to access the Agent APIs in
|
|
the event that the ACL datacenter cannot be reached.
|
|
|
|
replication This is the token that the agent will use for replication
|
|
operations. This token will need to be configured with read access
|
|
to whatever data is being replicated.
|
|
|
|
config_file_service_registration This is the token that the agent uses to register services
|
|
and checks defined in config files. This token needs to
|
|
be configured with permission for the service or checks
|
|
being registered. If not set, the default token is used.
|
|
If a service or check definition contains a 'token'
|
|
field, then that token is used instead.
|
|
|
|
Example:
|
|
|
|
$ consul acl set-agent-token default c4d0f8df-3aba-4ab6-a7a0-35b760dc29a1
|
|
`
|