diff --git a/command/agent/config.go b/command/agent/config.go index 6f457aa054..d1cc57655c 100644 --- a/command/agent/config.go +++ b/command/agent/config.go @@ -318,6 +318,19 @@ type Config struct { // HTTPAPIResponseHeaders are used to add HTTP header response fields to the HTTP API responses. HTTPAPIResponseHeaders map[string]string `mapstructure:"http_api_response_headers"` + // AtlasCluster is the name of the cluster we belong to. e.g. hashicorp/stage + AtlasCluster string `mapstructure:"atlas_cluster"` + + // AtlasToken is our authentication token from Atlas + AtlasToken string `mapstructure:"atlas_token"` + + // AtlasACLToken is applied to inbound requests if no other token + // is provided. This takes higher precedence than the ACLToken. + // Without this, the ACLToken is used. If that is not specified either, + // then the 'anonymous' token is used. This can be set to 'anonymous' + // to reduce the Atlas privileges to below that of the ACLToken. + AtlasACLToken string `mapstructure:"atlas_acl_token"` + // AEInterval controls the anti-entropy interval. This is how often // the agent attempts to reconcile it's local state with the server' // representation of our state. Defaults to every 60s. @@ -941,6 +954,15 @@ func MergeConfig(a, b *Config) *Config { if b.UnixSockets.Perms != "" { result.UnixSockets.Perms = b.UnixSockets.Perms } + if b.AtlasCluster != "" { + result.AtlasCluster = b.AtlasCluster + } + if b.AtlasToken != "" { + result.AtlasToken = b.AtlasToken + } + if b.AtlasACLToken != "" { + result.AtlasACLToken = b.AtlasACLToken + } if len(b.HTTPAPIResponseHeaders) != 0 { if result.HTTPAPIResponseHeaders == nil { diff --git a/command/agent/config_test.go b/command/agent/config_test.go index 699f8de88c..3aaef21890 100644 --- a/command/agent/config_test.go +++ b/command/agent/config_test.go @@ -633,6 +633,23 @@ func TestDecodeConfig(t *testing.T) { if config.HTTPAPIResponseHeaders["X-XSS-Protection"] != "1; mode=block" { t.Fatalf("bad: %#v", config) } + + // Atlas configs + input = `{"atlas_cluster": "hashicorp/prod", "atlas_token": "abcdefg", "atlas_acl_token": "123456789"}` + config, err = DecodeConfig(bytes.NewReader([]byte(input))) + if err != nil { + t.Fatalf("err: %s", err) + } + + if config.AtlasCluster != "hashicorp/prod" { + t.Fatalf("bad: %#v", config) + } + if config.AtlasToken != "abcdefg" { + t.Fatalf("bad: %#v", config) + } + if config.AtlasACLToken != "123456789" { + t.Fatalf("bad: %#v", config) + } } func TestDecodeConfig_invalidKeys(t *testing.T) { @@ -1096,6 +1113,9 @@ func TestMergeConfig(t *testing.T) { Perms: "0700", }, }, + AtlasCluster: "hashicorp/prod", + AtlasToken: "123456789", + AtlasACLToken: "abcdefgh", } c := MergeConfig(a, b)