Don't allow connect watches in agent/cli yet

7 years ago · 1b197d934a
parent 946e872f2f
commit 1b197d934a
4 changed files with 47 additions and 0 deletions
--- a/agent/agent.go
+++ b/agent/agent.go
@ -621,6 +621,16 @@ func (a *Agent) reloadWatches(cfg *config.RuntimeConfig) error {
 			return fmt.Errorf("Handler type '%s' not recognized", params["handler_type"])
 		}
 		// Don't let people use connect watches via this mechanism for now as it
 		// needs thought about how to do securely and shouldn't be necessary. Note
 		// that if the type assertion fails an type is not a string then
 		// ParseExample below will error so we don't need to handle that case.
 		if typ, ok := params["type"].(string); ok {
 			if strings.HasPrefix(typ, "connect_") {
 				return fmt.Errorf("Watch type %s is not allowed in agent config", typ)
 			}
 		}
 		// Parse the watches, excluding 'handler' and 'args'
 		wp, err := watch.ParseExempt(params, []string{"handler", "args"})
 		if err != nil {
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@ -2259,6 +2259,18 @@ func TestAgent_reloadWatches(t *testing.T) {
 		t.Fatalf("bad: %s", err)
 	}
 	// Should fail to reload with connect watches
 	newConf.Watches = []map[string]interface{}{
 		{
 			"type": "connect_roots",
 			"key":  "asdf",
 			"args": []interface{}{"ls"},
 		},
 	}
 	if err := a.reloadWatches(&newConf); err == nil || !strings.Contains(err.Error(), "not allowed in agent config") {
 		t.Fatalf("bad: %s", err)
 	}
 	// Should still succeed with only HTTPS addresses
 	newConf.HTTPSAddrs = newConf.HTTPAddrs
 	newConf.HTTPAddrs = make([]net.Addr, 0)
--- a/command/watch/watch.go
+++ b/command/watch/watch.go
@ -135,6 +135,11 @@ func (c *cmd) Run(args []string) int {
 		return 1
 	}
 	if strings.HasPrefix(wp.Type, "connect_") {
 		c.UI.Error(fmt.Sprintf("Type %s is not supported in the CLI tool", wp.Type))
 		return 1
 	}
 	// Create and test the HTTP client
 	client, err := c.http.APIClient()
 	if err != nil {
--- a/command/watch/watch_test.go
+++ b/command/watch/watch_test.go
@ -33,3 +33,23 @@ func TestWatchCommand(t *testing.T) {
 		t.Fatalf("bad: %#v", ui.OutputWriter.String())
 	}
 }
 func TestWatchCommandNoConnect(t *testing.T) {
 	t.Parallel()
 	a := agent.NewTestAgent(t.Name(), ``)
 	defer a.Shutdown()
 	ui := cli.NewMockUi()
 	c := New(ui, nil)
 	args := []string{"-http-addr=" + a.HTTPAddr(), "-type=connect_leaf"}
 	code := c.Run(args)
 	if code != 1 {
 		t.Fatalf("bad: %d. %#v", code, ui.ErrorWriter.String())
 	}
 	if !strings.Contains(ui.ErrorWriter.String(),
 		"Type connect_leaf is not supported in the CLI tool") {
 		t.Fatalf("bad: %#v", ui.ErrorWriter.String())
 	}
 }