mirror of https://github.com/hashicorp/consul
agent: Adding ACL master token
parent
a8063457f8
commit
cae4b421a3
|
@ -184,6 +184,9 @@ func (a *Agent) consulConfig() *consul.Config {
|
|||
if a.config.ACLToken != "" {
|
||||
base.ACLToken = a.config.ACLToken
|
||||
}
|
||||
if a.config.ACLMasterToken != "" {
|
||||
base.ACLMasterToken = a.config.ACLMasterToken
|
||||
}
|
||||
if a.config.ACLDatacenter != "" {
|
||||
base.ACLDatacenter = a.config.ACLDatacenter
|
||||
}
|
||||
|
|
|
@ -198,6 +198,11 @@ type Config struct {
|
|||
// token is not provided. If not configured the 'anonymous' token is used.
|
||||
ACLToken string `mapstructure:"acl_token" json:"-"`
|
||||
|
||||
// ACLMasterToken is used to bootstrap the ACL system. It should be specified
|
||||
// on the servers in the ACLDatacenter. When the leader comes online, it ensures
|
||||
// that the Master token is available. This provides the initial token.
|
||||
ACLMasterToken string `mapstructure:"acl_master_token" json:"-"`
|
||||
|
||||
// ACLDatacenter is the central datacenter that holds authoritative
|
||||
// ACL records. This must be the same for the entire cluster.
|
||||
// If this is not set, ACLs are not enabled. Off by default.
|
||||
|
@ -627,6 +632,9 @@ func MergeConfig(a, b *Config) *Config {
|
|||
if b.ACLToken != "" {
|
||||
result.ACLToken = b.ACLToken
|
||||
}
|
||||
if b.ACLMasterToken != "" {
|
||||
result.ACLMasterToken = b.ACLMasterToken
|
||||
}
|
||||
if b.ACLDatacenter != "" {
|
||||
result.ACLDatacenter = b.ACLDatacenter
|
||||
}
|
||||
|
|
|
@ -360,7 +360,7 @@ func TestDecodeConfig(t *testing.T) {
|
|||
// ACLs
|
||||
input = `{"acl_token": "1234", "acl_datacenter": "dc2",
|
||||
"acl_ttl": "60s", "acl_down_policy": "deny",
|
||||
"acl_default_policy": "deny"}`
|
||||
"acl_default_policy": "deny", "acl_master_token": "2345"}`
|
||||
config, err = DecodeConfig(bytes.NewReader([]byte(input)))
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
|
@ -369,6 +369,9 @@ func TestDecodeConfig(t *testing.T) {
|
|||
if config.ACLToken != "1234" {
|
||||
t.Fatalf("bad: %#v", config)
|
||||
}
|
||||
if config.ACLMasterToken != "2345" {
|
||||
t.Fatalf("bad: %#v", config)
|
||||
}
|
||||
if config.ACLDatacenter != "dc2" {
|
||||
t.Fatalf("bad: %#v", config)
|
||||
}
|
||||
|
@ -529,6 +532,7 @@ func TestMergeConfig(t *testing.T) {
|
|||
CheckUpdateInterval: 8 * time.Minute,
|
||||
CheckUpdateIntervalRaw: "8m",
|
||||
ACLToken: "1234",
|
||||
ACLMasterToken: "2345",
|
||||
ACLDatacenter: "dc2",
|
||||
ACLTTL: 15 * time.Second,
|
||||
ACLTTLRaw: "15s",
|
||||
|
|
|
@ -133,6 +133,11 @@ type Config struct {
|
|||
// backwards compatibility as well.
|
||||
ACLToken string
|
||||
|
||||
// ACLMasterToken is used to bootstrap the ACL system. It should be specified
|
||||
// on the servers in the ACLDatacenter. When the leader comes online, it ensures
|
||||
// that the Master token is available. This provides the initial token.
|
||||
ACLMasterToken string
|
||||
|
||||
// ACLDatacenter provides the authoritative datacenter for ACL
|
||||
// tokens. If not provided, ACL verification is disabled.
|
||||
ACLDatacenter string
|
||||
|
|
Loading…
Reference in New Issue