mirror of https://github.com/hashicorp/consul
agent: Use AtlasACLToken
Armon Dadgar
parent
8d184a241f
commit
c495a5434d
|
|
@ -19,6 +19,14 @@ import (
|
||||||
"github.com/mitchellh/mapstructure"
|
"github.com/mitchellh/mapstructure"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// scadaHTTPAddr is the address associated with the
|
||||||
|
// HTTPServer. When populating an ACL token for a request,
|
||||||
|
// this is checked to switch between the ACLToken and
|
||||||
|
// AtlasACLToken
|
||||||
|
scadaHTTPAddr = "SCADA"
|
||||||
|
)
|
||||||
|
|
||||||
// HTTPServer is used to wrap an Agent and expose various API's
|
// HTTPServer is used to wrap an Agent and expose various API's
|
||||||
// in a RESTful manner
|
// in a RESTful manner
|
||||||
type HTTPServer struct {
|
type HTTPServer struct {
|
||||||
|
|
@ -144,7 +152,7 @@ func NewHTTPServers(agent *Agent, config *Config, scada net.Listener, logOutput
|
||||||
listener: scada,
|
listener: scada,
|
||||||
logger: log.New(logOutput, "", log.LstdFlags),
|
logger: log.New(logOutput, "", log.LstdFlags),
|
||||||
uiDir: config.UiDir,
|
uiDir: config.UiDir,
|
||||||
addr: "SCADA",
|
addr: scadaHTTPAddr,
|
||||||
}
|
}
|
||||||
srv.registerHandlers(false) // Never allow debug for SCADA
|
srv.registerHandlers(false) // Never allow debug for SCADA
|
||||||
|
|
||||||
|
|
@ -439,9 +447,17 @@ func (s *HTTPServer) parseDC(req *http.Request, dc *string) {
|
||||||
func (s *HTTPServer) parseToken(req *http.Request, token *string) {
|
func (s *HTTPServer) parseToken(req *http.Request, token *string) {
|
||||||
if other := req.URL.Query().Get("token"); other != "" {
|
if other := req.URL.Query().Get("token"); other != "" {
|
||||||
*token = other
|
*token = other
|
||||||
} else if *token == "" {
|
return
|
||||||
*token = s.agent.config.ACLToken
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Set the AtlasACLToken if SCADA
|
||||||
|
if s.addr == scadaHTTPAddr && s.agent.config.AtlasACLToken != "" {
|
||||||
|
*token = s.agent.config.AtlasACLToken
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set the default ACLToken
|
||||||
|
*token = s.agent.config.ACLToken
|
||||||
}
|
}
|
||||||
|
|
||||||
// parse is a convenience method for endpoints that need
|
// parse is a convenience method for endpoints that need
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
@ -59,13 +60,14 @@ func NewProvider(c *Config, logOutput io.Writer) (*client.Provider, net.Listener
|
||||||
config := ProviderConfig(c)
|
config := ProviderConfig(c)
|
||||||
config.Logger = log.New(logOutput, "", log.LstdFlags)
|
config.Logger = log.New(logOutput, "", log.LstdFlags)
|
||||||
|
|
||||||
// TODO: REMOVE
|
// SCADA_INSECURE env variable is used for testing to disable
|
||||||
config.TLSConfig = &tls.Config{
|
// TLS certificate verification.
|
||||||
InsecureSkipVerify: true,
|
if os.Getenv("SCADA_INSECURE") != "" {
|
||||||
|
config.TLSConfig = &tls.Config{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: AtlasACLToken
|
|
||||||
|
|
||||||
// Create an HTTP listener and handler
|
// Create an HTTP listener and handler
|
||||||
list := newScadaListener(c.AtlasInfrastructure)
|
list := newScadaListener(c.AtlasInfrastructure)
|
||||||
config.Handlers["http"] = func(capability string, meta map[string]string,
|
config.Handlers["http"] = func(capability string, meta map[string]string,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue