cli: ensure acl token read -self works (#16445)

Fixes a regression in #16044

The consul acl token read -self cli command should not require an -accessor-id because typically the persona invoking this would not already know the accessor id of their own token.
This commit is contained in:
R.B. Boyer 2023-02-28 10:58:29 -06:00 committed by GitHub
parent 118ffb1e95
commit 7906f52b89
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 61 additions and 11 deletions

3
.changelog/16445.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
cli: ensure acl token read -self works
```

View File

@ -67,6 +67,15 @@ func (c *cmd) Run(args []string) int {
return 1
}
client, err := c.http.APIClient()
if err != nil {
c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))
return 1
}
var t *api.ACLToken
var expanded *api.ACLTokenExpanded
if !c.self {
tokenAccessor := c.tokenAccessorID
if tokenAccessor == "" {
if c.tokenID == "" {
@ -78,15 +87,6 @@ func (c *cmd) Run(args []string) int {
}
}
client, err := c.http.APIClient()
if err != nil {
c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))
return 1
}
var t *api.ACLToken
var expanded *api.ACLTokenExpanded
if !c.self {
tok, err := acl.GetTokenAccessorIDFromPartial(client, tokenAccessor)
if err != nil {
c.UI.Error(fmt.Sprintf("Error determining token ID: %v", err))

View File

@ -116,3 +116,50 @@ func TestTokenReadCommand_JSON(t *testing.T) {
err = json.Unmarshal([]byte(ui.OutputWriter.String()), &jsonOutput)
require.NoError(t, err, "token unmarshalling error")
}
func TestTokenReadCommand_Self(t *testing.T) {
if testing.Short() {
t.Skip("too slow for testing.Short")
}
t.Parallel()
a := agent.NewTestAgent(t, `
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
initial_management = "root"
}
}`)
defer a.Shutdown()
testrpc.WaitForLeader(t, a.RPC, "dc1")
ui := cli.NewMockUi()
cmd := New(ui)
// Create a token
client := a.Client()
token, _, err := client.ACL().TokenCreate(
&api.ACLToken{Description: "test"},
&api.WriteOptions{Token: "root"},
)
assert.NoError(t, err)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=" + token.SecretID,
"-self",
}
code := cmd.Run(args)
assert.Equal(t, code, 0)
assert.Empty(t, ui.ErrorWriter.String())
output := ui.OutputWriter.String()
assert.Contains(t, output, fmt.Sprintf("test"))
assert.Contains(t, output, token.AccessorID)
assert.Contains(t, output, token.SecretID)
}