Backport of Stop use of templated-policy and templated-policy-file simultaneously into release/1.17.x (#19390)

backport of commit 2c5af2ffd8 Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-10-26 15:02:47 -04:00 · 2023-10-26 15:02:47 -04:00 · ebc7d4ee04
parent ae4d6577ca
commit ebc7d4ee04
5 changed files with 48 additions and 0 deletions
--- a/.changelog/19389.txt
+++ b/.changelog/19389.txt
@ -0,0 +1,3 @@
+```release-note:improvement
+cli: stop simultaneous usage of -templated-policy and -templated-policy-file when creating a role or token.
+```
--- a/command/acl/role/create/role_create.go
+++ b/command/acl/role/create/role_create.go
@ -94,6 +94,13 @@ func (c *cmd) Run(args []string) int {
 		return 1
 	}

+	if len(c.templatedPolicyFile) != 0 && len(c.templatedPolicy) != 0 {
+		c.UI.Error("Cannot combine the use of templated-policy flag with templated-policy-file. " +
+			"To create a role with a single templated policy and simple use case, use -templated-policy. " +
+			"For multiple templated policies and more complicated use cases, use -templated-policy-file")
+		return 1
+	}
+
 	client, err := c.http.APIClient()
 	if err != nil {
 		c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))
--- a/command/acl/role/create/role_create_test.go
+++ b/command/acl/role/create/role_create_test.go
@ -115,6 +115,22 @@ func TestRoleCreateCommand_Pretty(t *testing.T) {

 		require.Len(t, role.NodeIdentities, 1)
 	})
+
+	t.Run("prevent templated-policy and templated-policy-file simultaneous use", func(t *testing.T) {
+		ui := cli.NewMockUi()
+		cmd := New(ui)
+
+		code := cmd.Run([]string{
+			"-http-addr=" + a.HTTPAddr(),
+			"-token=root",
+			"-name=role-with-node-identity",
+			"-templated-policy=builtin/node",
+			"-var=name:" + a.Config.NodeName,
+			"-templated-policy-file=test.hcl",
+		})
+		require.Equal(t, 1, code)
+		require.Contains(t, ui.ErrorWriter.String(), "Cannot combine the use of templated-policy flag with templated-policy-file.")
+	})
 }

 func TestRoleCreateCommand_JSON(t *testing.T) {
--- a/command/acl/token/create/token_create.go
+++ b/command/acl/token/create/token_create.go
@ -105,6 +105,13 @@ func (c *cmd) Run(args []string) int {
 		return 1
 	}

+	if len(c.templatedPolicyFile) != 0 && len(c.templatedPolicy) != 0 {
+		c.UI.Error("Cannot combine the use of templated-policy flag with templated-policy-file. " +
+			"To create a token with a single templated policy and simple use case, use -templated-policy. " +
+			"For multiple templated policies and more complicated use cases, use -templated-policy-file")
+		return 1
+	}
+
 	client, err := c.http.APIClient()
 	if err != nil {
 		c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))
--- a/command/acl/token/create/token_create_test.go
+++ b/command/acl/token/create/token_create_test.go
@ -128,6 +128,21 @@ func TestTokenCreateCommand_Pretty(t *testing.T) {
 		require.Equal(t, a.Config.NodeName, nodes[0].Node)
 	})

+	t.Run("prevent templated-policy and templated-policy-file simultaneous use", func(t *testing.T) {
+		ui := cli.NewMockUi()
+		cmd := New(ui)
+
+		code := cmd.Run(append([]string{
+			"-http-addr=" + a.HTTPAddr(),
+			"-token=root",
+			"-templated-policy=builtin/node",
+			"-var=name:" + a.Config.NodeName,
+			"-templated-policy-file=test.hcl",
+		}, "-format=json"))
+		require.Equal(t, 1, code)
+		require.Contains(t, ui.ErrorWriter.String(), "Cannot combine the use of templated-policy flag with templated-policy-file.")
+	})
+
 	// create with accessor and secret
 	t.Run("predefined-ids", func(t *testing.T) {
 		token := run(t, []string{