open-consul/agent/acl_endpoint.go

package agent

import (
	"fmt"
	"net/http"
	"strings"

	"github.com/hashicorp/consul/agent/consul/structs"
)

// aclCreateResponse is used to wrap the ACL ID
type aclCreateResponse struct {
	ID string
}

// ACLDisabled handles if ACL datacenter is not configured
func ACLDisabled(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	resp.WriteHeader(401)
	fmt.Fprint(resp, "ACL support disabled")
	return nil, nil
}

// ACLBootstrap is used to perform a one-time ACL bootstrap operation on
// a cluster to get the first management token.
func (s *HTTPServer) ACLBootstrap(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	if req.Method != "PUT" {
		resp.WriteHeader(http.StatusMethodNotAllowed)
		return nil, nil
	}

	args := structs.DCSpecificRequest{
		Datacenter: s.agent.config.ACLDatacenter,
	}

	var out structs.ACL
	err := s.agent.RPC("ACL.Bootstrap", &args, &out)
	if err != nil {
		if strings.Contains(err.Error(), structs.ACLBootstrapNotAllowedErr.Error()) {
			resp.WriteHeader(http.StatusForbidden)
			fmt.Fprintf(resp, "Permission denied: %v", err)
			return nil, nil
		} else {
			return nil, err
		}
	}

	return aclCreateResponse{out.ID}, nil
}

func (s *HTTPServer) ACLDestroy(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	// Mandate a PUT request
	if req.Method != "PUT" {
		resp.WriteHeader(405)
		return nil, nil
	}

	args := structs.ACLRequest{
		Datacenter: s.agent.config.ACLDatacenter,
		Op:         structs.ACLDelete,
	}
	s.parseToken(req, &args.Token)

	// Pull out the acl id
	args.ACL.ID = strings.TrimPrefix(req.URL.Path, "/v1/acl/destroy/")
	if args.ACL.ID == "" {
		resp.WriteHeader(400)
		fmt.Fprint(resp, "Missing ACL")
		return nil, nil
	}

	var out string
	if err := s.agent.RPC("ACL.Apply", &args, &out); err != nil {
		return nil, err
	}
	return true, nil
}

func (s *HTTPServer) ACLCreate(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	return s.aclSet(resp, req, false)
}

func (s *HTTPServer) ACLUpdate(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	return s.aclSet(resp, req, true)
}

func (s *HTTPServer) aclSet(resp http.ResponseWriter, req *http.Request, update bool) (interface{}, error) {
	// Mandate a PUT request
	if req.Method != "PUT" {
		resp.WriteHeader(405)
		return nil, nil
	}

	args := structs.ACLRequest{
		Datacenter: s.agent.config.ACLDatacenter,
		Op:         structs.ACLSet,
		ACL: structs.ACL{
			Type: structs.ACLTypeClient,
		},
	}
	s.parseToken(req, &args.Token)

	// Handle optional request body
	if req.ContentLength > 0 {
		if err := decodeBody(req, &args.ACL, nil); err != nil {
			resp.WriteHeader(400)
			fmt.Fprintf(resp, "Request decode failed: %v", err)
			return nil, nil
		}
	}

	// Ensure there is an ID set for update. ID is optional for
	// create, as one will be generated if not provided.
	if update && args.ACL.ID == "" {
		resp.WriteHeader(400)
		fmt.Fprint(resp, "ACL ID must be set")
		return nil, nil
	}

	// Create the acl, get the ID
	var out string
	if err := s.agent.RPC("ACL.Apply", &args, &out); err != nil {
		return nil, err
	}

	// Format the response as a JSON object
	return aclCreateResponse{out}, nil
}

func (s *HTTPServer) ACLClone(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	// Mandate a PUT request
	if req.Method != "PUT" {
		resp.WriteHeader(405)
		return nil, nil
	}

	args := structs.ACLSpecificRequest{
		Datacenter: s.agent.config.ACLDatacenter,
	}
	var dc string
	if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
		return nil, nil
	}

	// Pull out the acl id
	args.ACL = strings.TrimPrefix(req.URL.Path, "/v1/acl/clone/")
	if args.ACL == "" {
		resp.WriteHeader(400)
		fmt.Fprint(resp, "Missing ACL")
		return nil, nil
	}

	var out structs.IndexedACLs
	defer setMeta(resp, &out.QueryMeta)
	if err := s.agent.RPC("ACL.Get", &args, &out); err != nil {
		return nil, err
	}

	// Bail if the ACL is not found, this could be a 404 or a 403, so
	// always just return a 403.
	if len(out.ACLs) == 0 {
		return nil, errPermissionDenied
	}

	// Create a new ACL
	createArgs := structs.ACLRequest{
		Datacenter: args.Datacenter,
		Op:         structs.ACLSet,
		ACL:        *out.ACLs[0],
	}
	createArgs.ACL.ID = ""
	createArgs.Token = args.Token

	// Create the acl, get the ID
	var outID string
	if err := s.agent.RPC("ACL.Apply", &createArgs, &outID); err != nil {
		return nil, err
	}

	// Format the response as a JSON object
	return aclCreateResponse{outID}, nil
}

func (s *HTTPServer) ACLGet(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	args := structs.ACLSpecificRequest{
		Datacenter: s.agent.config.ACLDatacenter,
	}
	var dc string
	if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
		return nil, nil
	}

	// Pull out the acl id
	args.ACL = strings.TrimPrefix(req.URL.Path, "/v1/acl/info/")
	if args.ACL == "" {
		resp.WriteHeader(400)
		fmt.Fprint(resp, "Missing ACL")
		return nil, nil
	}

	var out structs.IndexedACLs
	defer setMeta(resp, &out.QueryMeta)
	if err := s.agent.RPC("ACL.Get", &args, &out); err != nil {
		return nil, err
	}

	// Use empty list instead of nil
	if out.ACLs == nil {
		out.ACLs = make(structs.ACLs, 0)
	}
	return out.ACLs, nil
}

func (s *HTTPServer) ACLList(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	args := structs.DCSpecificRequest{
		Datacenter: s.agent.config.ACLDatacenter,
	}
	var dc string
	if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
		return nil, nil
	}

	var out structs.IndexedACLs
	defer setMeta(resp, &out.QueryMeta)
	if err := s.agent.RPC("ACL.List", &args, &out); err != nil {
		return nil, err
	}

	// Use empty list instead of nil
	if out.ACLs == nil {
		out.ACLs = make(structs.ACLs, 0)
	}
	return out.ACLs, nil
}

func (s *HTTPServer) ACLReplicationStatus(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	// Note that we do not forward to the ACL DC here. This is a query for
	// any DC that's doing replication.
	args := structs.DCSpecificRequest{}
	s.parseSource(req, &args.Source)
	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
		return nil, nil
	}

	// Make the request.
	var out structs.ACLReplicationStatus
	if err := s.agent.RPC("ACL.ReplicationStatus", &args, &out); err != nil {
		return nil, err
	}
	return out, nil
}
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`package agent`

			`import (`
			`"fmt"`
			`"net/http"`
			`"strings"`
agent: Support ACL upserting 2015-05-06 02:25:10 +00:00
pkg refactor command/agent/* -> agent/* command/consul/* -> agent/consul/* command/agent/command{,_test}.go -> command/agent{,_test}.go command/base/command.go -> command/base.go command/base/* -> command/* commands.go -> command/commands.go The script which did the refactor is: ( cd $GOPATH/src/github.com/hashicorp/consul git mv command/agent/command.go command/agent.go git mv command/agent/command_test.go command/agent_test.go git mv command/agent/flag_slice_value{,_test}.go command/ git mv command/agent . git mv command/base/command.go command/base.go git mv command/base/config_util{,_test}.go command/ git mv commands.go command/ git mv consul agent rmdir command/base/ gsed -i -e 's\|package agent\|package command\|' command/agent{,_test}.go gsed -i -e 's\|package agent\|package command\|' command/flag_slice_value{,_test}.go gsed -i -e 's\|package base\|package command\|' command/base.go command/config_util{,_test}.go gsed -i -e 's\|package main\|package command\|' command/commands.go gsed -i -e 's\|base.Command\|BaseCommand\|' command/commands.go gsed -i -e 's\|agent.Command\|AgentCommand\|' command/commands.go gsed -i -e 's\|\tCommand:\|\tBaseCommand:\|' command/commands.go gsed -i -e 's\|base\.\|\|' command/commands.go gsed -i -e 's\|command\.\|\|' command/commands.go gsed -i -e 's\|command\|c\|' main.go gsed -i -e 's\|range Commands\|range command.Commands\|' main.go gsed -i -e 's\|Commands: Commands\|Commands: command.Commands\|' main.go gsed -i -e 's\|base\.BoolValue\|BoolValue\|' command/operator_autopilot_set.go gsed -i -e 's\|base\.DurationValue\|DurationValue\|' command/operator_autopilot_set.go gsed -i -e 's\|base\.StringValue\|StringValue\|' command/operator_autopilot_set.go gsed -i -e 's\|base\.UintValue\|UintValue\|' command/operator_autopilot_set.go gsed -i -e 's\|\bCommand\b\|BaseCommand\|' command/base.go gsed -i -e 's\|BaseCommand Options\|Command Options\|' command/base.go gsed -i -e 's\|base.Command\|BaseCommand\|' command/.go gsed -i -e 's\|c\.Command\|c.BaseCommand\|g' command/.go gsed -i -e 's\|\tCommand:\|\tBaseCommand:\|' command/_test.go gsed -i -e 's\|base\.\|\|' command/_test.go gsed -i -e 's\|\bCommand\b\|AgentCommand\|' command/agent{,_test}.go gsed -i -e 's\|cmd.AgentCommand\|cmd.BaseCommand\|' command/agent.go gsed -i -e 's\|cli.AgentCommand = new(Command)\|cli.Command = new(AgentCommand)\|' command/agent_test.go gsed -i -e 's\|exec.AgentCommand\|exec.Command\|' command/agent_test.go gsed -i -e 's\|exec.BaseCommand\|exec.Command\|' command/agent_test.go gsed -i -e 's\|NewTestAgent\|agent.NewTestAgent\|' command/agent_test.go gsed -i -e 's\|= TestConfig\|= agent.TestConfig\|' command/agent_test.go gsed -i -e 's\|: RetryJoin\|: agent.RetryJoin\|' command/agent_test.go gsed -i -e 's\|\.\./\.\./\|../\|' command/config_util_test.go gsed -i -e 's\|\bverifyUniqueListeners\|VerifyUniqueListeners\|' agent/config{,_test}.go command/agent.go gsed -i -e 's\|\bserfLANKeyring\b\|SerfLANKeyring\|g' agent/{agent,keyring,testagent}.go command/agent.go gsed -i -e 's\|\bserfWANKeyring\b\|SerfWANKeyring\|g' agent/{agent,keyring,testagent}.go command/agent.go gsed -i -e 's\|\bNewAgent\b\|agent.New\|g' command/agent{,_test}.go gsed -i -e 's\|\bNewAgent\|New\|' agent/{acl_test,agent,testagent}.go gsed -i -e 's\|\bAgent\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bBool\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bConfig\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bDefaultConfig\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bDevConfig\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bMergeConfig\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bReadConfigPaths\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bParseMetaPair\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bSerfLANKeyring\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bSerfWANKeyring\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|circonus\.agent\|circonus\|g' command/agent{,_test}.go gsed -i -e 's\|logger\.agent\|logger\|g' command/agent{,_test}.go gsed -i -e 's\|metrics\.agent\|metrics\|g' command/agent{,_test}.go gsed -i -e 's\|// agent.Agent\|// agent\|' command/agent{,_test}.go gsed -i -e 's\|a\.agent\.Config\|a.Config\|' command/agent{,_test}.go gsed -i -e 's\|agent\.AppendSliceValue\|AppendSliceValue\|' command/{configtest,validate}.go gsed -i -e 's\|consul/consul\|agent/consul\|' GNUmakefile gsed -i -e 's\|\.\./test\|../../test\|' agent/consul/server_test.go # fix imports f=$(grep -rl 'github.com/hashicorp/consul/command/agent' * \| grep '\.go') gsed -i -e 's\|github.com/hashicorp/consul/command/agent\|github.com/hashicorp/consul/agent\|' $f goimports -w $f f=$(grep -rl 'github.com/hashicorp/consul/consul' * \| grep '\.go') gsed -i -e 's\|github.com/hashicorp/consul/consul\|github.com/hashicorp/consul/agent/consul\|' $f goimports -w $f goimports -w command/*.go main.go ) 2017-06-09 22:28:28 +00:00			`"github.com/hashicorp/consul/agent/consul/structs"`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`)`

			`// aclCreateResponse is used to wrap the ACL ID`
			`type aclCreateResponse struct {`
			`ID string`
			`}`

Adds ACL management support to the agent. 2016-12-14 07:21:14 +00:00			`// ACLDisabled handles if ACL datacenter is not configured`
			`func ACLDisabled(resp http.ResponseWriter, req *http.Request) (interface{}, error) {`
agent: Special handler if ACL support is disabled 2014-08-12 18:34:58 +00:00			`resp.WriteHeader(401)`
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' .go 2017-04-20 14:07:42 +00:00			`fmt.Fprint(resp, "ACL support disabled")`
agent: Special handler if ACL support is disabled 2014-08-12 18:34:58 +00:00			`return nil, nil`
			`}`

Adds a new /v1/acl/bootstrap API (#3349) 2017-08-03 00:05:18 +00:00			`// ACLBootstrap is used to perform a one-time ACL bootstrap operation on`
			`// a cluster to get the first management token.`
			`func (s HTTPServer) ACLBootstrap(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
			`if req.Method != "PUT" {`
			`resp.WriteHeader(http.StatusMethodNotAllowed)`
			`return nil, nil`
			`}`

			`args := structs.DCSpecificRequest{`
			`Datacenter: s.agent.config.ACLDatacenter,`
			`}`

			`var out structs.ACL`
			`err := s.agent.RPC("ACL.Bootstrap", &args, &out)`
			`if err != nil {`
			`if strings.Contains(err.Error(), structs.ACLBootstrapNotAllowedErr.Error()) {`
			`resp.WriteHeader(http.StatusForbidden)`
			`fmt.Fprintf(resp, "Permission denied: %v", err)`
			`return nil, nil`
			`} else {`
			`return nil, err`
			`}`
			`}`

			`return aclCreateResponse{out.ID}, nil`
			`}`

agent: Rename acl delete to destroy 2014-08-18 19:05:01 +00:00			`func (s HTTPServer) ACLDestroy(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
agent: Strict PUT for modifying ACLs 2014-08-19 21:28:34 +00:00			`// Mandate a PUT request`
			`if req.Method != "PUT" {`
			`resp.WriteHeader(405)`
			`return nil, nil`
			`}`

agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`args := structs.ACLRequest{`
agent: Adding token parsing 2014-08-12 18:35:22 +00:00			`Datacenter: s.agent.config.ACLDatacenter,`
			`Op: structs.ACLDelete,`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`}`
agent: Adding token parsing 2014-08-12 18:35:22 +00:00			`s.parseToken(req, &args.Token)`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00
agent: ACL endpoint tests 2014-08-06 17:30:47 +00:00			`// Pull out the acl id`
agent: Rename acl delete to destroy 2014-08-18 19:05:01 +00:00			`args.ACL.ID = strings.TrimPrefix(req.URL.Path, "/v1/acl/destroy/")`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`if args.ACL.ID == "" {`
			`resp.WriteHeader(400)`
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' .go 2017-04-20 14:07:42 +00:00			`fmt.Fprint(resp, "Missing ACL")`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`return nil, nil`
			`}`

			`var out string`
			`if err := s.agent.RPC("ACL.Apply", &args, &out); err != nil {`
			`return nil, err`
			`}`
			`return true, nil`
			`}`

			`func (s HTTPServer) ACLCreate(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
			`return s.aclSet(resp, req, false)`
			`}`

			`func (s HTTPServer) ACLUpdate(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
			`return s.aclSet(resp, req, true)`
			`}`

			`func (s HTTPServer) aclSet(resp http.ResponseWriter, req http.Request, update bool) (interface{}, error) {`
			`// Mandate a PUT request`
			`if req.Method != "PUT" {`
			`resp.WriteHeader(405)`
			`return nil, nil`
			`}`

			`args := structs.ACLRequest{`
agent: Adding token parsing 2014-08-12 18:35:22 +00:00			`Datacenter: s.agent.config.ACLDatacenter,`
			`Op: structs.ACLSet,`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`ACL: structs.ACL{`
			`Type: structs.ACLTypeClient,`
			`},`
			`}`
agent: Adding token parsing 2014-08-12 18:35:22 +00:00			`s.parseToken(req, &args.Token)`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00
			`// Handle optional request body`
			`if req.ContentLength > 0 {`
			`if err := decodeBody(req, &args.ACL, nil); err != nil {`
			`resp.WriteHeader(400)`
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' .go 2017-04-20 14:07:42 +00:00			`fmt.Fprintf(resp, "Request decode failed: %v", err)`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`return nil, nil`
			`}`
			`}`

agent: Support ACL upserting 2015-05-06 02:25:10 +00:00			`// Ensure there is an ID set for update. ID is optional for`
			`// create, as one will be generated if not provided.`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`if update && args.ACL.ID == "" {`
			`resp.WriteHeader(400)`
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' .go 2017-04-20 14:07:42 +00:00			`fmt.Fprint(resp, "ACL ID must be set")`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`return nil, nil`
			`}`

			`// Create the acl, get the ID`
			`var out string`
			`if err := s.agent.RPC("ACL.Apply", &args, &out); err != nil {`
			`return nil, err`
			`}`

			`// Format the response as a JSON object`
			`return aclCreateResponse{out}, nil`
			`}`

			`func (s HTTPServer) ACLClone(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
agent: Strict PUT for modifying ACLs 2014-08-19 21:28:34 +00:00			`// Mandate a PUT request`
			`if req.Method != "PUT" {`
			`resp.WriteHeader(405)`
			`return nil, nil`
			`}`

agent: Adding token parsing 2014-08-12 18:35:22 +00:00			`args := structs.ACLSpecificRequest{`
			`Datacenter: s.agent.config.ACLDatacenter,`
			`}`
			`var dc string`
			`if done := s.parse(resp, req, &dc, &args.QueryOptions); done {`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`return nil, nil`
			`}`

agent: ACL endpoint tests 2014-08-06 17:30:47 +00:00			`// Pull out the acl id`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`args.ACL = strings.TrimPrefix(req.URL.Path, "/v1/acl/clone/")`
			`if args.ACL == "" {`
			`resp.WriteHeader(400)`
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' .go 2017-04-20 14:07:42 +00:00			`fmt.Fprint(resp, "Missing ACL")`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`return nil, nil`
			`}`

			`var out structs.IndexedACLs`
			`defer setMeta(resp, &out.QueryMeta)`
			`if err := s.agent.RPC("ACL.Get", &args, &out); err != nil {`
			`return nil, err`
			`}`

Changes ACL clone response to 403 if not authorized, or if token doesn't exist. (#3275) Fixes #1113 2017-07-15 03:43:30 +00:00			`// Bail if the ACL is not found, this could be a 404 or a 403, so`
			`// always just return a 403.`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`if len(out.ACLs) == 0 {`
Changes ACL clone response to 403 if not authorized, or if token doesn't exist. (#3275) Fixes #1113 2017-07-15 03:43:30 +00:00			`return nil, errPermissionDenied`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`}`

			`// Create a new ACL`
			`createArgs := structs.ACLRequest{`
			`Datacenter: args.Datacenter,`
			`Op: structs.ACLSet,`
			`ACL: *out.ACLs[0],`
			`}`
			`createArgs.ACL.ID = ""`
agent: Adding token parsing 2014-08-12 18:35:22 +00:00			`createArgs.Token = args.Token`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00
			`// Create the acl, get the ID`
			`var outID string`
			`if err := s.agent.RPC("ACL.Apply", &createArgs, &outID); err != nil {`
			`return nil, err`
			`}`

			`// Format the response as a JSON object`
			`return aclCreateResponse{outID}, nil`
			`}`

			`func (s HTTPServer) ACLGet(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
agent: Adding token parsing 2014-08-12 18:35:22 +00:00			`args := structs.ACLSpecificRequest{`
			`Datacenter: s.agent.config.ACLDatacenter,`
			`}`
			`var dc string`
			`if done := s.parse(resp, req, &dc, &args.QueryOptions); done {`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`return nil, nil`
			`}`

agent: ACL endpoint tests 2014-08-06 17:30:47 +00:00			`// Pull out the acl id`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`args.ACL = strings.TrimPrefix(req.URL.Path, "/v1/acl/info/")`
			`if args.ACL == "" {`
			`resp.WriteHeader(400)`
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' .go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' .go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' .go 2017-04-20 14:07:42 +00:00			`fmt.Fprint(resp, "Missing ACL")`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`return nil, nil`
			`}`

			`var out structs.IndexedACLs`
			`defer setMeta(resp, &out.QueryMeta)`
			`if err := s.agent.RPC("ACL.Get", &args, &out); err != nil {`
			`return nil, err`
			`}`
Fixes nil slices from HTTP endpoints. These would manifest in the HTTP output as Javascript nulls instead of empty lists, so we had unintentionally changed the interface while porting to the new state store. We added code to each HTTP endpoint to convert nil slices to empty ones so they JSON-ify properly, and we added tests to catch this in the future. 2015-11-15 05:05:37 +00:00
			`// Use empty list instead of nil`
			`if out.ACLs == nil {`
			`out.ACLs = make(structs.ACLs, 0)`
			`}`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`return out.ACLs, nil`
			`}`

			`func (s HTTPServer) ACLList(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
agent: Adding token parsing 2014-08-12 18:35:22 +00:00			`args := structs.DCSpecificRequest{`
			`Datacenter: s.agent.config.ACLDatacenter,`
			`}`
			`var dc string`
			`if done := s.parse(resp, req, &dc, &args.QueryOptions); done {`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`return nil, nil`
			`}`

			`var out structs.IndexedACLs`
			`defer setMeta(resp, &out.QueryMeta)`
			`if err := s.agent.RPC("ACL.List", &args, &out); err != nil {`
			`return nil, err`
			`}`
Fixes nil slices from HTTP endpoints. These would manifest in the HTTP output as Javascript nulls instead of empty lists, so we had unintentionally changed the interface while porting to the new state store. We added code to each HTTP endpoint to convert nil slices to empty ones so they JSON-ify properly, and we added tests to catch this in the future. 2015-11-15 05:05:37 +00:00
			`// Use empty list instead of nil`
			`if out.ACLs == nil {`
			`out.ACLs = make(structs.ACLs, 0)`
			`}`
agent: ACL endpoint 2014-08-06 00:50:36 +00:00			`return out.ACLs, nil`
			`}`
Adds an ACL replication status endpoint. 2016-08-05 04:32:36 +00:00
			`func (s HTTPServer) ACLReplicationStatus(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
			`// Note that we do not forward to the ACL DC here. This is a query for`
			`// any DC that's doing replication.`
			`args := structs.DCSpecificRequest{}`
			`s.parseSource(req, &args.Source)`
			`if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {`
			`return nil, nil`
			`}`

			`// Make the request.`
			`var out structs.ACLReplicationStatus`
			`if err := s.agent.RPC("ACL.ReplicationStatus", &args, &out); err != nil {`
			`return nil, err`
			`}`
			`return out, nil`
			`}`