mirror of https://github.com/hashicorp/consul
agent: write-level keyring ACLs work
parent
bffc0861cc
commit
5c65bc7df2
|
@ -128,19 +128,22 @@ func (a *Agent) ListKeys(token string) (*structs.KeyringResponses, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// InstallKey installs a new gossip encryption key
|
// InstallKey installs a new gossip encryption key
|
||||||
func (a *Agent) InstallKey(key string) (*structs.KeyringResponses, error) {
|
func (a *Agent) InstallKey(key, token string) (*structs.KeyringResponses, error) {
|
||||||
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringInstall}
|
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringInstall}
|
||||||
|
args.Token = token
|
||||||
return a.keyringProcess(&args)
|
return a.keyringProcess(&args)
|
||||||
}
|
}
|
||||||
|
|
||||||
// UseKey changes the primary encryption key used to encrypt messages
|
// UseKey changes the primary encryption key used to encrypt messages
|
||||||
func (a *Agent) UseKey(key string) (*structs.KeyringResponses, error) {
|
func (a *Agent) UseKey(key, token string) (*structs.KeyringResponses, error) {
|
||||||
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringUse}
|
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringUse}
|
||||||
|
args.Token = token
|
||||||
return a.keyringProcess(&args)
|
return a.keyringProcess(&args)
|
||||||
}
|
}
|
||||||
|
|
||||||
// RemoveKey will remove a gossip encryption key from the keyring
|
// RemoveKey will remove a gossip encryption key from the keyring
|
||||||
func (a *Agent) RemoveKey(key string) (*structs.KeyringResponses, error) {
|
func (a *Agent) RemoveKey(key, token string) (*structs.KeyringResponses, error) {
|
||||||
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringRemove}
|
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringRemove}
|
||||||
|
args.Token = token
|
||||||
return a.keyringProcess(&args)
|
return a.keyringProcess(&args)
|
||||||
}
|
}
|
||||||
|
|
|
@ -636,11 +636,11 @@ func (i *AgentRPC) handleKeyring(client *rpcClient, seq uint64, cmd, token strin
|
||||||
case listKeysCommand:
|
case listKeysCommand:
|
||||||
queryResp, err = i.agent.ListKeys(token)
|
queryResp, err = i.agent.ListKeys(token)
|
||||||
case installKeyCommand:
|
case installKeyCommand:
|
||||||
queryResp, err = i.agent.InstallKey(req.Key)
|
queryResp, err = i.agent.InstallKey(req.Key, token)
|
||||||
case useKeyCommand:
|
case useKeyCommand:
|
||||||
queryResp, err = i.agent.UseKey(req.Key)
|
queryResp, err = i.agent.UseKey(req.Key, token)
|
||||||
case removeKeyCommand:
|
case removeKeyCommand:
|
||||||
queryResp, err = i.agent.RemoveKey(req.Key)
|
queryResp, err = i.agent.RemoveKey(req.Key, token)
|
||||||
default:
|
default:
|
||||||
respHeader := responseHeader{Seq: seq, Error: unsupportedCommand}
|
respHeader := responseHeader{Seq: seq, Error: unsupportedCommand}
|
||||||
client.Send(&respHeader, nil)
|
client.Send(&respHeader, nil)
|
||||||
|
|
|
@ -199,10 +199,11 @@ func (c *RPCClient) ListKeys(token string) (keyringResponse, error) {
|
||||||
return resp, err
|
return resp, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *RPCClient) InstallKey(key string) (keyringResponse, error) {
|
func (c *RPCClient) InstallKey(key, token string) (keyringResponse, error) {
|
||||||
header := requestHeader{
|
header := requestHeader{
|
||||||
Command: installKeyCommand,
|
Command: installKeyCommand,
|
||||||
Seq: c.getSeq(),
|
Seq: c.getSeq(),
|
||||||
|
Token: token,
|
||||||
}
|
}
|
||||||
req := keyringRequest{key}
|
req := keyringRequest{key}
|
||||||
var resp keyringResponse
|
var resp keyringResponse
|
||||||
|
@ -210,10 +211,11 @@ func (c *RPCClient) InstallKey(key string) (keyringResponse, error) {
|
||||||
return resp, err
|
return resp, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *RPCClient) UseKey(key string) (keyringResponse, error) {
|
func (c *RPCClient) UseKey(key, token string) (keyringResponse, error) {
|
||||||
header := requestHeader{
|
header := requestHeader{
|
||||||
Command: useKeyCommand,
|
Command: useKeyCommand,
|
||||||
Seq: c.getSeq(),
|
Seq: c.getSeq(),
|
||||||
|
Token: token,
|
||||||
}
|
}
|
||||||
req := keyringRequest{key}
|
req := keyringRequest{key}
|
||||||
var resp keyringResponse
|
var resp keyringResponse
|
||||||
|
@ -221,10 +223,11 @@ func (c *RPCClient) UseKey(key string) (keyringResponse, error) {
|
||||||
return resp, err
|
return resp, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *RPCClient) RemoveKey(key string) (keyringResponse, error) {
|
func (c *RPCClient) RemoveKey(key, token string) (keyringResponse, error) {
|
||||||
header := requestHeader{
|
header := requestHeader{
|
||||||
Command: removeKeyCommand,
|
Command: removeKeyCommand,
|
||||||
Seq: c.getSeq(),
|
Seq: c.getSeq(),
|
||||||
|
Token: token,
|
||||||
}
|
}
|
||||||
req := keyringRequest{key}
|
req := keyringRequest{key}
|
||||||
var resp keyringResponse
|
var resp keyringResponse
|
||||||
|
|
|
@ -80,7 +80,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
||||||
|
|
||||||
if installKey != "" {
|
if installKey != "" {
|
||||||
c.Ui.Info("Installing new gossip encryption key...")
|
c.Ui.Info("Installing new gossip encryption key...")
|
||||||
r, err := client.InstallKey(installKey)
|
r, err := client.InstallKey(installKey, token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||||
return 1
|
return 1
|
||||||
|
@ -90,7 +90,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
||||||
|
|
||||||
if useKey != "" {
|
if useKey != "" {
|
||||||
c.Ui.Info("Changing primary gossip encryption key...")
|
c.Ui.Info("Changing primary gossip encryption key...")
|
||||||
r, err := client.UseKey(useKey)
|
r, err := client.UseKey(useKey, token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||||
return 1
|
return 1
|
||||||
|
@ -100,7 +100,7 @@ func (c *KeyringCommand) Run(args []string) int {
|
||||||
|
|
||||||
if removeKey != "" {
|
if removeKey != "" {
|
||||||
c.Ui.Info("Removing gossip encryption key...")
|
c.Ui.Info("Removing gossip encryption key...")
|
||||||
r, err := client.RemoveKey(removeKey)
|
r, err := client.RemoveKey(removeKey, token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
c.Ui.Error(fmt.Sprintf("error: %s", err))
|
||||||
return 1
|
return 1
|
||||||
|
|
Loading…
Reference in New Issue