From 544299efa587434e96c486eba97ded8e8307951a Mon Sep 17 00:00:00 2001 From: Ryan Uber Date: Thu, 29 Jan 2015 10:30:58 -0800 Subject: [PATCH] agent: pass locally configured token during remote exec --- command/agent/remote_exec.go | 2 ++ command/agent/remote_exec_test.go | 32 +++++++++++++++++++++++++++++-- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/command/agent/remote_exec.go b/command/agent/remote_exec.go index e5022df9e0..a529bbecf4 100644 --- a/command/agent/remote_exec.go +++ b/command/agent/remote_exec.go @@ -242,6 +242,7 @@ func (a *Agent) remoteExecGetSpec(event *remoteExecEvent, spec *remoteExecSpec) AllowStale: true, // Stale read for scale! Retry on failure. }, } + get.Token = a.config.ACLToken var out structs.IndexedDirEntries QUERY: if err := a.RPC("KVS.Get", &get, &out); err != nil { @@ -308,6 +309,7 @@ func (a *Agent) remoteExecWriteKey(event *remoteExecEvent, suffix string, val [] Session: event.Session, }, } + write.Token = a.config.ACLToken var success bool if err := a.RPC("KVS.Apply", &write, &success); err != nil { return err diff --git a/command/agent/remote_exec_test.go b/command/agent/remote_exec_test.go index 5b69f97c7f..ea2abdef36 100644 --- a/command/agent/remote_exec_test.go +++ b/command/agent/remote_exec_test.go @@ -84,7 +84,20 @@ func TestRexecWriter(t *testing.T) { } func TestRemoteExecGetSpec(t *testing.T) { - dir, agent := makeAgent(t, nextConfig()) + config := nextConfig() + testRemoteExecGetSpec(t, config) +} + +func TestRemoteExecGetSpec_ACLToken(t *testing.T) { + config := nextConfig() + config.ACLDatacenter = "dc1" + config.ACLToken = "root" + config.ACLDefaultPolicy = "deny" + testRemoteExecGetSpec(t, config) +} + +func testRemoteExecGetSpec(t *testing.T, c *Config) { + dir, agent := makeAgent(t, c) defer os.RemoveAll(dir) defer agent.Shutdown() testutil.WaitForLeader(t, agent.RPC, "dc1") @@ -117,7 +130,20 @@ func TestRemoteExecGetSpec(t *testing.T) { } func TestRemoteExecWrites(t *testing.T) { - dir, agent := makeAgent(t, nextConfig()) + config := nextConfig() + testRemoteExecWrites(t, config) +} + +func TestRemoteExecWrites_ACLToken(t *testing.T) { + config := nextConfig() + config.ACLDatacenter = "dc1" + config.ACLToken = "root" + config.ACLDefaultPolicy = "deny" + testRemoteExecWrites(t, config) +} + +func testRemoteExecWrites(t *testing.T, c *Config) { + dir, agent := makeAgent(t, c) defer os.RemoveAll(dir) defer agent.Shutdown() testutil.WaitForLeader(t, agent.RPC, "dc1") @@ -275,6 +301,7 @@ func setKV(t *testing.T, agent *Agent, key string, val []byte) { Value: val, }, } + write.Token = agent.config.ACLToken var success bool if err := agent.RPC("KVS.Apply", &write, &success); err != nil { t.Fatalf("err: %v", err) @@ -286,6 +313,7 @@ func getKV(t *testing.T, agent *Agent, key string) *structs.DirEntry { Datacenter: agent.config.Datacenter, Key: key, } + req.Token = agent.config.ACLToken var out structs.IndexedDirEntries if err := agent.RPC("KVS.Get", &req, &out); err != nil { t.Fatalf("err: %v", err)