Allow the bootstrap endpoint to be disabled in enterprise. (#7614)

agent/consul/acl_endpoint.go

@@ -115,6 +115,10 @@ func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.AC
 		return err
 	}
 
+	if err := a.srv.aclBootstrapAllowed(); err != nil {
+		return err
+	}
+
 	// Verify we are allowed to serve this request
 	if !a.srv.InACLDatacenter() {
 		return acl.ErrDisabled

agent/consul/acl_server_oss.go

@@ -16,3 +16,11 @@ func (s *Server) ResolveEntTokenToIdentityAndAuthorizer(token string) (structs.A
 func (s *Server) validateEnterpriseToken(identity structs.ACLIdentity) error {
 	return nil
 }
+
+// aclBootstrapAllowed returns whether the server's configuration would allow ACL bootstrapping
+//
+// This endpoint does not take into account whether bootstrapping has been performed previously
+// nor the bootstrap reset file.
+func (s *Server) aclBootstrapAllowed() error {
+	return nil
+}