mirror of https://github.com/hashicorp/consul
agent: disallow API registration with managed proxy if not enabled
parent
f7fc026e18
commit
0d6dcbd2f1
|
@ -623,6 +623,12 @@ func (s *HTTPServer) AgentRegisterService(resp http.ResponseWriter, req *http.Re
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
// If we have a proxy, verify that we're allowed to add a proxy via the API
|
||||
if proxy != nil && !s.agent.config.ConnectProxyAllowManagedAPIRegistration {
|
||||
return nil, &BadRequestError{
|
||||
Reason: "Managed proxy registration via the API is disallowed."}
|
||||
}
|
||||
|
||||
// Add the service.
|
||||
if err := s.agent.AddService(ns, chkTypes, true, token); err != nil {
|
||||
return nil, err
|
||||
|
|
|
@ -1396,7 +1396,13 @@ func TestAgent_RegisterService_ManagedConnectProxy(t *testing.T) {
|
|||
|
||||
assert := assert.New(t)
|
||||
require := require.New(t)
|
||||
a := NewTestAgent(t.Name(), "")
|
||||
a := NewTestAgent(t.Name(), `
|
||||
connect {
|
||||
proxy {
|
||||
allow_managed_api_registration = true
|
||||
}
|
||||
}
|
||||
`)
|
||||
defer a.Shutdown()
|
||||
|
||||
// Register a proxy. Note that the destination doesn't exist here on
|
||||
|
@ -1447,6 +1453,42 @@ func TestAgent_RegisterService_ManagedConnectProxy(t *testing.T) {
|
|||
assert.Equal("abc123", a.State.ServiceToken("web-proxy"))
|
||||
}
|
||||
|
||||
// This tests local agent service registration with a managed proxy with
|
||||
// API registration disabled (default).
|
||||
func TestAgent_RegisterService_ManagedConnectProxy_Disabled(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
assert := assert.New(t)
|
||||
a := NewTestAgent(t.Name(), ``)
|
||||
defer a.Shutdown()
|
||||
|
||||
// Register a proxy. Note that the destination doesn't exist here on
|
||||
// this agent or in the catalog at all. This is intended and part
|
||||
// of the design.
|
||||
args := &api.AgentServiceRegistration{
|
||||
Name: "web",
|
||||
Port: 8000,
|
||||
Connect: &api.AgentServiceConnect{
|
||||
Proxy: &api.AgentServiceConnectProxy{
|
||||
ExecMode: "script",
|
||||
Command: []string{"proxy.sh"},
|
||||
Config: map[string]interface{}{
|
||||
"foo": "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
req, _ := http.NewRequest("PUT", "/v1/agent/service/register?token=abc123", jsonReader(args))
|
||||
resp := httptest.NewRecorder()
|
||||
_, err := a.srv.AgentRegisterService(resp, req)
|
||||
assert.Error(err)
|
||||
|
||||
// Ensure the target service does not exist
|
||||
_, ok := a.State.Services()["web"]
|
||||
assert.False(ok, "does not has service")
|
||||
}
|
||||
|
||||
// This tests local agent service registration of a unmanaged connect proxy.
|
||||
// This verifies that it is put in the local state store properly for syncing
|
||||
// later. Note that _managed_ connect proxies are registered as part of the
|
||||
|
|
Loading…
Reference in New Issue