From 901d6739ad50ed327cfe865935e0c5b9f486e33a Mon Sep 17 00:00:00 2001 From: Matt Keeler Date: Tue, 28 Apr 2020 09:42:46 -0400 Subject: [PATCH] Some boilerplate to allow for ACL Bootstrap disabling configurability --- agent/agent.go | 4 ++-- agent/agent_oss.go | 5 +++++ agent/config/config.go | 1 + agent/config/config_oss.go | 4 ++++ agent/consul/acl_endpoint_legacy.go | 4 ++++ 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/agent/agent.go b/agent/agent.go index d46a4bcdd..805cdd1e4 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -1412,8 +1412,8 @@ func (a *Agent) consulConfig() (*consul.Config, error) { } base.ConfigEntryBootstrap = a.config.ConfigEntryBootstrap - - return base, nil + + return a.enterpriseConsulConfig(base) } // Setup the serf and memberlist config for any defined network segments. diff --git a/agent/agent_oss.go b/agent/agent_oss.go index ef6f69f1c..f5be5e59e 100644 --- a/agent/agent_oss.go +++ b/agent/agent_oss.go @@ -32,6 +32,11 @@ func (a *Agent) reloadEnterprise(conf *config.RuntimeConfig) error { return nil } +// enterpriseConsulConfig is a noop stub for the func defined in agent_ent.go +func (a *Agent) enterpriseConsulConfig(base *consul.Config) (*consul.Config, error) { + return base, nil +} + // WriteEvent is a noop stub for the func defined agent_ent.go func (a *Agent) WriteEvent(eventType string, payload interface{}) { } diff --git a/agent/config/config.go b/agent/config/config.go index 77b698dba..4da3834af 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -713,6 +713,7 @@ type ACL struct { Tokens Tokens `json:"tokens,omitempty" hcl:"tokens" mapstructure:"tokens"` DisabledTTL *string `json:"disabled_ttl,omitempty" hcl:"disabled_ttl" mapstructure:"disabled_ttl"` EnableTokenPersistence *bool `json:"enable_token_persistence" hcl:"enable_token_persistence" mapstructure:"enable_token_persistence"` + EnterpriseACLConfig `hcl:",squash" mapstructure:",squash"` } type Tokens struct { diff --git a/agent/config/config_oss.go b/agent/config/config_oss.go index 86dd7b221..c6d44b908 100644 --- a/agent/config/config_oss.go +++ b/agent/config/config_oss.go @@ -14,4 +14,8 @@ func (_ *EnterpriseMeta) ToStructs() structs.EnterpriseMeta { return *structs.DefaultEnterpriseMeta() } +// EnterpriseDNSConfig OSS stub type EnterpriseDNSConfig struct{} + +// EnterpriseACLConfig OSS stub +type EnterpriseACLConfig struct{} diff --git a/agent/consul/acl_endpoint_legacy.go b/agent/consul/acl_endpoint_legacy.go index 36b0fb2cc..890699b63 100644 --- a/agent/consul/acl_endpoint_legacy.go +++ b/agent/consul/acl_endpoint_legacy.go @@ -24,6 +24,10 @@ func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) err return acl.ErrDisabled } + if err := a.srv.aclBootstrapAllowed(); err != nil { + return err + } + // By doing some pre-checks we can head off later bootstrap attempts // without having to run them through Raft, which should curb abuse. state := a.srv.fsm.State()