mirror of https://github.com/status-im/consul.git
118adbb123
This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs. |
||
---|---|---|
.. | ||
README.md | ||
acl.go | ||
acl_test.go | ||
agent.go | ||
agent_test.go | ||
api.go | ||
api_test.go | ||
catalog.go | ||
catalog_test.go | ||
connect.go | ||
connect_ca.go | ||
connect_ca_test.go | ||
connect_intention.go | ||
connect_intention_test.go | ||
coordinate.go | ||
coordinate_test.go | ||
debug.go | ||
debug_test.go | ||
event.go | ||
event_test.go | ||
health.go | ||
health_test.go | ||
kv.go | ||
kv_test.go | ||
lock.go | ||
lock_test.go | ||
operator.go | ||
operator_area.go | ||
operator_autopilot.go | ||
operator_autopilot_test.go | ||
operator_keyring.go | ||
operator_keyring_test.go | ||
operator_raft.go | ||
operator_raft_test.go | ||
operator_segment.go | ||
prepared_query.go | ||
prepared_query_test.go | ||
raw.go | ||
semaphore.go | ||
semaphore_test.go | ||
session.go | ||
session_test.go | ||
snapshot.go | ||
snapshot_test.go | ||
status.go | ||
status_test.go | ||
txn.go | ||
txn_test.go |
README.md
Consul API client
This package provides the api
package which attempts to
provide programmatic access to the full Consul API.
Currently, all of the Consul APIs included in version 0.6.0 are supported.
Documentation
The full documentation is available on Godoc
Usage
Below is an example of using the Consul client:
package main
import "github.com/hashicorp/consul/api"
import "fmt"
func main() {
// Get a new client
client, err := api.NewClient(api.DefaultConfig())
if err != nil {
panic(err)
}
// Get a handle to the KV API
kv := client.KV()
// PUT a new KV pair
p := &api.KVPair{Key: "REDIS_MAXCLIENTS", Value: []byte("1000")}
_, err = kv.Put(p, nil)
if err != nil {
panic(err)
}
// Lookup the pair
pair, _, err := kv.Get("REDIS_MAXCLIENTS", nil)
if err != nil {
panic(err)
}
fmt.Printf("KV: %v %s\n", pair.Key, pair.Value)
}
To run this example, start a Consul server:
consul agent -dev
Copy the code above into a file such as main.go
.
Install and run. You'll see a key (REDIS_MAXCLIENTS
) and value (1000
) printed.
$ go get
$ go run main.go
KV: REDIS_MAXCLIENTS 1000
After running the code, you can also view the values in the Consul UI on your local machine at http://localhost:8500/ui/dc1/kv