Some boilerplate to allow for ACL Bootstrap disabling configurability
This commit is contained in:
parent
49c90833ff
commit
901d6739ad
|
@ -1412,8 +1412,8 @@ func (a *Agent) consulConfig() (*consul.Config, error) {
|
|||
}
|
||||
|
||||
base.ConfigEntryBootstrap = a.config.ConfigEntryBootstrap
|
||||
|
||||
return base, nil
|
||||
|
||||
return a.enterpriseConsulConfig(base)
|
||||
}
|
||||
|
||||
// Setup the serf and memberlist config for any defined network segments.
|
||||
|
|
|
@ -32,6 +32,11 @@ func (a *Agent) reloadEnterprise(conf *config.RuntimeConfig) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// enterpriseConsulConfig is a noop stub for the func defined in agent_ent.go
|
||||
func (a *Agent) enterpriseConsulConfig(base *consul.Config) (*consul.Config, error) {
|
||||
return base, nil
|
||||
}
|
||||
|
||||
// WriteEvent is a noop stub for the func defined agent_ent.go
|
||||
func (a *Agent) WriteEvent(eventType string, payload interface{}) {
|
||||
}
|
||||
|
|
|
@ -713,6 +713,7 @@ type ACL struct {
|
|||
Tokens Tokens `json:"tokens,omitempty" hcl:"tokens" mapstructure:"tokens"`
|
||||
DisabledTTL *string `json:"disabled_ttl,omitempty" hcl:"disabled_ttl" mapstructure:"disabled_ttl"`
|
||||
EnableTokenPersistence *bool `json:"enable_token_persistence" hcl:"enable_token_persistence" mapstructure:"enable_token_persistence"`
|
||||
EnterpriseACLConfig `hcl:",squash" mapstructure:",squash"`
|
||||
}
|
||||
|
||||
type Tokens struct {
|
||||
|
|
|
@ -14,4 +14,8 @@ func (_ *EnterpriseMeta) ToStructs() structs.EnterpriseMeta {
|
|||
return *structs.DefaultEnterpriseMeta()
|
||||
}
|
||||
|
||||
// EnterpriseDNSConfig OSS stub
|
||||
type EnterpriseDNSConfig struct{}
|
||||
|
||||
// EnterpriseACLConfig OSS stub
|
||||
type EnterpriseACLConfig struct{}
|
||||
|
|
|
@ -24,6 +24,10 @@ func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) err
|
|||
return acl.ErrDisabled
|
||||
}
|
||||
|
||||
if err := a.srv.aclBootstrapAllowed(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// By doing some pre-checks we can head off later bootstrap attempts
|
||||
// without having to run them through Raft, which should curb abuse.
|
||||
state := a.srv.fsm.State()
|
||||
|
|
Loading…
Reference in New Issue