Some boilerplate to allow for ACL Bootstrap disabling configurability

agent/agent.go

@@ -1412,8 +1412,8 @@ func (a *Agent) consulConfig() (*consul.Config, error) {
 	}
 
 	base.ConfigEntryBootstrap = a.config.ConfigEntryBootstrap
-
-	return base, nil
+	
+	return a.enterpriseConsulConfig(base)
 }
 
 // Setup the serf and memberlist config for any defined network segments.

agent/agent_oss.go

@@ -32,6 +32,11 @@ func (a *Agent) reloadEnterprise(conf *config.RuntimeConfig) error {
 	return nil
 }
 
+// enterpriseConsulConfig is a noop stub for the func defined in agent_ent.go
+func (a *Agent) enterpriseConsulConfig(base *consul.Config) (*consul.Config, error) {
+	return base, nil
+}
+
 // WriteEvent is a noop stub for the func defined agent_ent.go
 func (a *Agent) WriteEvent(eventType string, payload interface{}) {
 }

agent/config/config.go

@@ -713,6 +713,7 @@ type ACL struct {
 	Tokens                 Tokens  `json:"tokens,omitempty" hcl:"tokens" mapstructure:"tokens"`
 	DisabledTTL            *string `json:"disabled_ttl,omitempty" hcl:"disabled_ttl" mapstructure:"disabled_ttl"`
 	EnableTokenPersistence *bool   `json:"enable_token_persistence" hcl:"enable_token_persistence" mapstructure:"enable_token_persistence"`
+	EnterpriseACLConfig    `hcl:",squash" mapstructure:",squash"`
 }
 
 type Tokens struct {

agent/config/config_oss.go

@@ -14,4 +14,8 @@ func (_ *EnterpriseMeta) ToStructs() structs.EnterpriseMeta {
 	return *structs.DefaultEnterpriseMeta()
 }
 
+// EnterpriseDNSConfig OSS stub
 type EnterpriseDNSConfig struct{}
+
+// EnterpriseACLConfig OSS stub
+type EnterpriseACLConfig struct{}

agent/consul/acl_endpoint_legacy.go

@@ -24,6 +24,10 @@ func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) err
 		return acl.ErrDisabled
 	}
 
+	if err := a.srv.aclBootstrapAllowed(); err != nil {
+		return err
+	}
+
 	// By doing some pre-checks we can head off later bootstrap attempts
 	// without having to run them through Raft, which should curb abuse.
 	state := a.srv.fsm.State()